PRIVACY POLICY

 

This privacy policy applies to all data processing carried out by MOMA GROUP, its subsidiaries, and its endowment fund.

This privacy policy covers data collected online and offline, including information collected through MOMA GROUP and its subsidiaries’ websites, group and subsidiary applications, reservations made by clients and Users, as well as events, conferences, seminars, and operations organized at the request of clients, website users (hereinafter the “Users”), or directly by MOMA GROUP, its subsidiaries, or its endowment fund.

This privacy policy is updated on a regular basis, and MOMA GROUP recommends that each client and User consult it regularly.

MOMA GROUP attaches the utmost importance and care to protecting the personal data (hereinafter “Personal Data”) of its clients and Users.

 

PERSONAL DATA

WHAT IS PERSONAL DATA?

Personal Data means any information or set of information allowing the direct (e.g.: name, surname, email address, home address, etc.) or indirect identification of a person (e.g.: through pseudonymized data such as a unique identification number, etc.). Unique identifiers may also be considered Personal Data, such as your computer’s IP address.

It therefore includes all information concerning you as an individual that you voluntarily provide to us or that we collect during your browsing on our websites, mobile applications, or during your reservations and/or the services we provide to you and which, in any form, may directly or indirectly allow us to identify you.

DATA CONTROLLER

MOMA GROUP, its subsidiaries, and its endowment fund are responsible for the processing of Personal Data they collect, unless expressly stated otherwise.

Personal Data processed by MOMA GROUP’s partners, its subsidiaries, or its endowment fund are the responsibility of those third parties. No Personal Data collected by MOMA GROUP, its subsidiaries, or its endowment fund will be transferred to a third party without prior information and/or your consent, depending on the purposes.

METHODS OF COLLECTING PERSONAL DATA

We collect your Personal Data in several ways:
• directly from you when you use our websites, our online booking services, and our partner booking applications, when you apply for our job offers or subscribe to our newsletters, or when you interact with us (by filling out various forms made available, communicating directly with our teams, etc.);
• automatically when you access one of our websites, mobile applications, or one of our partner booking applications (technical data, IP address, browsing information, etc.).

CATEGORIES OF PERSONAL DATA COLLECTED

The categories of Personal Data we collect include:
• Identification and contact information: namely your name, surname, email address, and information necessary to identify you when you interact with us;
• Application-related information: namely your name, surname, email address, phone number, professional experience, and all information you provide when submitting your application and/or CV: photo, skills, education level, languages spoken, salary expectations, home address, hobbies, family status, etc. We collect and store this Personal Data only for the purpose of managing our own job offers and do not use it for any other purpose, including commercial purposes;
• Technical data: We collect information relating to the device you use to connect to our websites and mobile applications and your use of them (such as operating system version, type of browser used, use of a proxy or not, IP address, access times, pages visited, and the link that allowed you to access our websites).

LEGAL BASIS FOR COLLECTING PERSONAL DATA

In accordance with applicable European and French regulations on the protection of Personal Data, your Personal Data is collected either:
• on the basis of your consent;
• in our legitimate interest;
• to comply with our legal obligations.

PURPOSES OF COLLECTING PERSONAL DATA

We collect your Personal Data on the basis of your consent for the following purposes:
• Managing your requests and questions: We use your Personal Data to provide you with the information you request;
• Sending newsletters to which you have subscribed;
• Managing job applications you send us;
• Managing reservations for tables/events you request us to make and sending you confirmations/cancellations thereof;
• Sending you commercial information about our establishments and events, or the activities of our endowment fund.

We collect Personal Data on the basis of our legitimate interest for the following purposes:
• Defending our interests in case of dispute or legal action;
• Managing the cybersecurity of our websites;
• Preventing fraudulent activities to ensure the security of our assets and content.

We may also retain your Personal Data when required by law or in order to assert our rights under the law.

ACCESSIBILITY OF YOUR PERSONAL DATA

Your Personal Data is processed for the purposes mentioned above and is accessible only to MOMA GROUP staff, its subsidiaries, and its endowment fund who need to know it in the course of their duties.

Your Personal Data may also be made accessible to third parties, namely:
• Our subcontractors and service providers involved for technical and logistical reasons.

These may include hosting, security, and maintenance providers for our websites and mobile applications, fraud management providers, technical providers responsible for sending emails and newsletters, anti-spam and anti-bot service providers, recruitment agencies that may advise us on managing our candidate databases and help us select profiles within these databases, etc., as well as third-party banking and financial companies for your credit card payments.

These providers have limited access to the user’s data, strictly within the scope of performing their services, and are contractually obliged to use it in compliance with applicable personal data protection regulations. We impose on our providers or subcontractors with access to your Personal Data the same security and confidentiality requirements that we ourselves commit to.
• Our partners in connection with specific events, including those of our endowment fund.
• Any authority, jurisdiction, or other third party when such communication is required by law, a regulatory provision, or a court decision, or if such communication is necessary to protect and defend our rights.

TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION

The Personal Data we collect is hosted by a provider whose servers and backups are located within the European Union.

However, MOMA GROUP, its subsidiaries, and its endowment fund may use certain service providers located abroad or who themselves use subcontractors located abroad, including outside the European Union in countries where personal data protection regulations differ from those applicable within the EU.

Any transfer of Personal Data outside the European Union is carried out with appropriate safeguards in compliance with applicable personal data protection regulations (EU standard contractual clauses, BCRs, etc.).

Due to the international organization of MOMA GROUP, each client or User is informed of these possible transfers and authorizes MOMA GROUP, its subsidiaries, and its endowment fund to transfer, store, and process their Personal Data outside the European Union and particularly in the United States. The laws in force in this country may differ from the laws applicable in the User’s country of residence within the European Union.

PERSONAL DATA OF MINORS

MOMA GROUP, its subsidiaries, and its endowment fund collect Personal Data only from individuals of legal age. This is why we may ask for your age or date of birth.

Please contact us if you believe we are processing minors’ data so that we can delete it if necessary.

We may collect minors’ Personal Data when communicated by a legal representative of these minors, either to manage reservations, provide specific services to these minors, or respond to a particular request from you. By providing us with Personal Data about a minor, you guarantee that you are of legal age and the parent or legal representative of that minor.

SECURITY AND CONFIDENTIALITY

MOMA GROUP, its subsidiaries, and its endowment fund implement organizational, technical, software, and physical security measures to protect Personal Data collected against alteration, destruction, and unauthorized access. These measures ensure the security and confidentiality of your Personal Data.

MOMA GROUP, its subsidiaries, and its endowment fund also require their providers, subcontractors, and partners to provide guarantees and implement sufficient security measures to ensure the protection of the Personal Data they have undertaken to process, in compliance with applicable personal data protection regulations.

However, each client and User acknowledges that the Internet is not a completely secure environment and that our websites cannot guarantee the security of transmitting or storing information on the Internet.

LINKS TO THIRD-PARTY SITES

Our websites may offer links or features to other third-party sites that we do not own or control. If you click on one of these links or use these features, you do so at your own risk.

We are not responsible for the content or practices of any third-party site, application, or feature. This privacy policy therefore does not apply to those third-party sites. That is why we invite you to consult the privacy and personal data protection policies of those third-party sites.

STORAGE OF PERSONAL DATA

We store your Personal Data for a period proportionate and consistent with the stated purpose of the processing, in order to meet European and French legal and regulatory requirements and within the limits imposed by them.

For commercial and marketing communications, your data is stored for a maximum of three years from the end of our business relationship if you are a client of MOMA GROUP or one of its subsidiaries, or three years from your last contact if you are not a client but simply a User of our websites or a subscriber to our newsletters.

Personal Data you provide when applying for our job offers is stored for two (2) years from the communication of your Personal Data or your last contact with us. At the end of this two (2)-year period, we may contact you to ask whether you would like us to retain your Personal Data in order to inform you of any new opportunity that matches your career aspirations and professional skills.

Personal Data collected in response to a specific request from you is stored for the time necessary to manage your requests and questions. Your Personal Data will then be deleted or anonymized, unless we are required to keep it to meet legal obligations during the applicable retention period.

Video recordings made in our establishments are stored for a period of one month, unless extended due to investigations, particularly in cases of suspected fraud.

Your credit card data is deleted from our operational databases after the transaction is completed but may be kept in archive form to protect against possible transaction disputes for a period of 13 months after collection.

Except for technical cookies, the storage of cookies on your device (computer, tablet, mobile phone) is retained for a period of 13 months.

EXERCISING YOUR RIGHTS

In accordance with applicable regulations, you have the following rights:
• the right to access the Personal Data we hold about you;
• the right to ask us to update or correct any outdated or incorrect Personal Data about you;
• the right to object to receiving commercial communications;
• the right to erasure of your Personal Data where the conditions of Article 17 of the GDPR are met;
• the right to restriction of processing of your Personal Data where the conditions of Article 18 of the GDPR are met;
• the right to portability of your Personal Data where the conditions of Article 20 of the GDPR are met;
• the right to define directives relating to the fate of your Personal Data after your death;
• the right to object to the processing of your Personal Data, where the conditions of Article 21 of the GDPR are met; and
• the right to lodge a complaint with a supervisory authority, namely in France the CNIL (https://www.cnil.fr/en/home).

Where the processing of your Personal Data is based on your consent, you may withdraw it at any time without justification. This right may be exercised by changing your newsletter subscription options by clicking on the link provided for this purpose on our websites.

To respond to your requests, we may ask you to provide proof of identity. We may also ask you to provide additional information or supporting documents.

Please also note that despite exercising your right to erasure or restriction of processing, we will retain certain of your Personal Data where required by law or to exercise or defend our legal rights.

METHODS OF EXERCISING YOUR DATA PROTECTION RIGHTS

You can exercise your data protection rights as follows:

By mail to the following address:
Data Protection Officer, 12 rue de Presbourg 75116 Paris

By email to the following address:
dpo@moma-group.com

COOKIE MANAGEMENT POLICY

WHAT IS A COOKIE?

Your Internet browser has a function called “cookies.” A cookie is the equivalent of a small text file stored on your device. It allows information to be retained for the duration of the relevant cookie’s validity when a browser accesses different pages of a website or when the browser later returns to that website.

WHAT COOKIES DO WE USE?

The cookies we issue on our websites and social networks are used for the purposes described below, subject to your choices expressed during your visits and which you can modify at any time.
• Technical cookies: These cookies are necessary for browsing. Without them, our sites would not function properly. These cookies, for example, allow us to adapt the display of the sites to your device’s display preferences (language used, display resolution), remember passwords, and other information related to forms you have completed on the sites.
• Statistical cookies: These cookies allow us to generate statistics and measure traffic and use of various elements of our sites (sections and content visited, browsing paths, time spent), enabling us to improve the relevance and user-friendliness of our services.
• Social media cookies: These cookies allow our content to be shared with others on social networks such as Facebook, Twitter, LinkedIn, etc. Even if you have not used these sharing buttons or applications, it is possible that social networks track your browsing if your account or session is active on your device at that time. If you do not want the social network to link the information collected via our sites to your user account, you must log out of the social network beforehand.
• Advertising cookies: These cookies are used to present advertisements or send you information tailored to your interests on our sites or outside our sites while you browse the Internet. They are notably used to limit the number of times you see an ad and to help measure the effectiveness of an advertising campaign. These cookies are mainly dependent on advertising agencies.

PURPOSES OF USING COOKIES

When you visit our sites and social networks, depending on your browser settings, we may or may not install cookies on the hard drive of your computer, tablet, or phone.

We may read the cookies we have installed during their validity period or until you delete them.

We use cookies for the following purposes on our websites:
• Facilitate your browsing and allow correct display of our web pages (session cookies);
• Remember your preferences, display or configuration choices, or language settings;
• Identify if you come from another MOMA GROUP site or a partner site;
• Analyze our site’s performance based on anonymous browsing information (e.g.: pages viewed, number of visits, etc.). For this, we use the “Google Analytics” tool.

The cookies we use do not allow us to personally identify you and are designed to be used only by MOMA GROUP.

COOKIE CONSENT MANAGEMENT

Article 5(3) of Directive 2002/58/EC, amended in 2009 and transposed into French law in Article 82 of the Data Protection Act, establishes the principle:
• of prior consent of the user before storing information on their device or accessing information already stored there;
• unless such actions are strictly necessary for providing an online communication service expressly requested by the user or are solely intended to enable or facilitate electronic communication.

We comply with these provisions. That is why you are asked during your first visit to our websites and social networks to give your prior consent to the collections we propose for cookies relating to personalized advertising operations or social media cookies, notably generated by their sharing buttons.

Thereafter, you may at any time choose to disable these cookies.

However, please note that we do not require your prior consent to collect the following cookies:
• trackers retaining user choices regarding the deposit of trackers;
• trackers intended for authentication with a service, including those ensuring the security of the authentication mechanism, for example, by limiting automated or unexpected login attempts;
• trackers customizing the user interface (for example, for language or presentation of a service), where such customization is an intrinsic and expected element of the service;
• trackers enabling load balancing of equipment contributing to a communication service.

Your browser can be set to notify you when cookies are placed on your computer, tablet, and/or phone and to ask you whether to accept them.

You may also accept or refuse cookies on our websites and social networks on a case-by-case basis or systematically refuse them altogether. You may also choose which ones to accept and which ones to refuse.

You may change your mind at any time by clicking on the “cookie preferences” button available directly on our websites and social networks.