Privacy Policy
Legal Notices
Last updated: 17 March 2026
1. Who we are
PARIS DECOR & PROPS, trading as “Events in Paris” (“we”, “us”, “our”), is the data controller for personal data collected through eventsinparis.com and through the contact channels described in Section 2.
Legal entity: PARIS DECOR & PROPS
SIRET: 918 659 301 00017
Registered address: 34 Avenue des Champs-Élysées, 75008 Paris, France
Data protection contact: Vincent Lillo
Privacy email: privacy@eventsinparis.com
2. Data we collect
We collect personal data through the following channels and activities.
Enquiries and bookings
Name, email address, phone or WhatsApp number, event details (date, location, type of event, partner’s name), travel dates, and any other information you include in a message or booking request. You may contact us via our website contact form, email, WhatsApp, or Instagram direct message.
Payments
We do not take payments directly on the Events in Paris website. Most clients pay via a secure payment link generated through our bank, Société Générale; card details are processed entirely by Société Générale and we do not see or store card numbers or security codes. Some clients pay by bank or wire transfer. Transfer details (account holder name and IBAN) appear in our accounting records for the period described in Section 4.
Website use
IP address, browser type, pages visited, and general device information, collected automatically via Google Analytics 4. If you give consent, additional data is collected via the Meta/Facebook Pixel for advertising and measurement.
Communications
Records of correspondence between us, including email threads, WhatsApp messages, and Instagram direct messages.
Trade clients (B2B)
When Events in Paris is engaged by another business — a planner, photographer, hotel, or other supplier — we may receive personal data about the end client from that business. Depending on the engagement, we may act as a data processor (following that business’s documented instructions) or as an independent or joint controller. Our role and responsibilities are defined in our agreement with the engaging business.
If you choose not to provide the personal data we need to prepare or carry out your booking, we may not be able to deliver the services you request.
3. Why we process your data
The table below shows each purpose and its lawful basis under GDPR Article 6.
| Purpose | Lawful basis |
| Responding to enquiries | Contract performance (Art. 6(1)(b)) / Legitimate interest (Art. 6(1)(f)) — running our business and replying to potential clients. |
| Managing bookings and event logistics | Contract performance (Art. 6(1)(b)) |
| Sharing data with suppliers to deliver booked services (see Section 5) | Contract performance (Art. 6(1)(b)) |
| Processing payments via Société Générale payment link or bank transfer | Contract performance (Art. 6(1)(b)) |
| Analytics — Google Analytics 4 | Consent (Art. 6(1)(a)) — measuring how our site is used. |
| Advertising and measurement — Meta/Facebook Pixel | Consent (Art. 6(1)(a)) — measuring and improving our advertising. |
| Compliance with French accounting and tax law | Legal obligation (Art. 6(1)(c)) |
We do not make automated decisions about you that produce legal or similarly significant effects.
4. How long we keep your data
| Category | Retention period |
| Enquiry and contact records (no booking) | 3 years from last contact (meaning the last time you actively contacted us or responded to us). |
| Client booking and event records | 10 years from the end of the financial year in which the event took place (French accounting requirements — Code de commerce Art. L. 123-22). |
| Analytics data | 14 months (Google Analytics 4 retention setting). |
| Payment and invoicing records | 10 years, in line with French accounting and tax requirements. |
5. Who we share your data with
Technology providers (data processors)
These providers process personal data on our behalf; each is bound by a Data Processing Agreement or equivalent instrument.
| Provider | Service | Location | Transfer mechanism |
| Liquid Web, LLC | Website hosting — dedicated server | Michigan, USA | EU Standard Contractual Clauses |
| Google LLC | Analytics — Google Analytics 4 | USA | EU–US Data Privacy Framework (if certified) or EU Standard Contractual Clauses. |
| Société Générale S.A. | Payment processing (payment links and bank account) | France | N/A — data remains within the EU. |
| Meta Platforms, Inc. | Advertising and measurement — Meta Pixel | USA | EU Standard Contractual Clauses. |
We also use Google Search Console (aggregated property-level data only) and a WordPress contact form plugin to process enquiries on our server. We do not operate a CRM, email marketing platform, or mailing list, and we do not sell or share visitor data for commercial purposes.
Event suppliers (service delivery)
To deliver your event, we work with third-party suppliers: photographers and videographers, florists and décor suppliers, venue operators, musicians and entertainers, and transportation providers.
Stage 1 — Enquiry and availability check. We contact suppliers to check availability using only non-personal information (service type, date, time).
Stage 2 — Confirmed booking. Once you confirm a booking, we share the personal data needed to deliver the service: typically your name, WhatsApp or phone number, event date, location, and service details; sometimes your email address.
The lawful basis for these transfers is Article 6(1)(b) GDPR — processing necessary to perform our contract with you.
Other recipients
Where appropriate, we may also share data with:
• Our accountants and statutory auditors
• Our bank and payment providers
• Our insurers and legal advisers
• Public authorities or courts, when required by law
These recipients act as independent controllers and process data under their own legal obligations.
6. International transfers
Our website is hosted in the United States. When personal data is transferred from the EU/EEA to the US, it is protected by the mechanisms described in Section 5 — the EU–US Data Privacy Framework where the specific provider is certified, or EU Standard Contractual Clauses and, where required, appropriate supplementary measures. We assess international transfers and apply safeguards in line with GDPR requirements.
7. How we protect your data
We take appropriate technical and organisational measures to protect personal data, including:
• Limiting access to personal data to staff and suppliers who need it to perform their role
• Using strong passwords and, where available, multi-factor authentication for key tools
• Encrypting data in transit using HTTPS/TLS
• Using reputable providers for hosting, analytics, and payments, each under a written data protection agreement
• Regularly updating software and applying security patches
• Maintaining backups of key business data
No online system can be 100% secure, but we work to keep risks proportionate to the size and nature of our business.
8. Your rights
Under GDPR, you have the right to:
• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request erasure of your data (“right to be forgotten”), in certain circumstances
• Restrict or object to processing, in certain circumstances
• Receive your data in a portable format
• Withdraw consent at any time where processing is based on consent (this does not affect processing that has already taken place)
You may also define instructions on the retention, deletion, and communication of your personal data after your death, in accordance with French law (loi Informatique et Libertés, Art. 85).
To exercise any of these rights, contact privacy@eventsinparis.com. We will respond within one month and may extend this by up to two further months for complex or numerous requests; if we do, we will tell you why within the first month.
You also have the right to lodge a complaint with the French data protection authority: Commission Nationale de l’Informatique et des Libertés (CNIL) — www.cnil.fr
9. Cookies
We use cookies for website functionality, analytics, and advertising.
Strictly necessary cookies run without consent. Analytics cookies (Google Analytics 4) and advertising cookies (Meta/Facebook Pixel) require your consent, which you can give or withdraw via the consent banner shown on your first visit. Refusing must be as easy as accepting, and your choice is remembered for a defined period.
A full list of cookies and their purposes is set out in our Cookie Policy.
10. WhatsApp and Instagram
If you contact us via WhatsApp or Instagram, your messages are processed by those platforms under their own terms and privacy policies, which may involve transfers outside the EU. We recommend reviewing those policies if you have concerns.
11. Changes to this policy
We update this policy when our practices change. The current version is always available at eventsinparis.com/privacy-policy/; the date at the top shows when it was last revised.
12. Contact
PARIS DECOR & PROPS
Trading as “Events in Paris”
34 Avenue des Champs-Élysées, 75008 Paris, France