Maison Lusignac
Sign in

Privacy Policy

Effective 26 May 2025 — latest version

Maison Lusignac ("we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit maisonlusignac.com or use related Services. We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the French Data-Protection Act, and other applicable laws.

1. Data Controller

[Company Name]

[Company Address]

Email: [privacy email]

2. What Personal Data We Collect

CategoryExamplesLegal Basis*
Identity & ContactName, email address, telephone (optional)Contract; Legitimate Interest
Booking & Stay DetailsTravel dates, guest numbers, special requestsContract
Account CredentialsEmail, hashed login tokenContract
CommunicationsMessages sent via forms or emailLegitimate Interest
Technical DataIP address, browser type, device identifiers, time zoneLegitimate Interest
Usage DataPage views, clicks, referral URLsConsent (cookies)
Marketing PreferencesNewsletter opt-in statusConsent

*Legal bases under Art. 6 GDPR.

3. How We Collect Data

  • Directly from you when you create an account, submit an enquiry, or contact us
  • Automatically via cookies, server logs, and similar technologies
  • From third-party authentication (e.g., magic-link sign-in through Resend)

4. Purposes of Processing

We use your data to:

  • Provide and operate the Services (set up accounts, respond to enquiries, display availability)
  • Communicate with you about your enquiry or stay
  • Maintain security and prevent fraud or abuse
  • Analyse usage to improve the Website and user experience
  • Send service-related emails (transactional). Marketing emails are sent only with your explicit consent (opt-in), and you may unsubscribe at any time.

5. Cookies & Similar Technologies

Our Website uses first-party and third-party cookies and local-storage objects to:

  • Authenticate sessions (NextAuth.js cookies)
  • Remember language or date-picker preferences
  • Produce aggregated, anonymised analytics (e.g., Vercel Web Analytics)
You can control cookies in your browser settings and via the on-site cookie banner. Essential cookies are required for core functionality and may not be disabled.

6. Data Sharing & International Transfers

We share data only when necessary for the purposes above, and only with:

RecipientRoleSafeguards
MongoDB AtlasCloud database providerData centres in EU—DPA & SCCs
VercelHosting platformEU or US data centres—SCCs & ISO 27001
ResendEmail deliveryUS—SCCs & DPA
Payment providers (future)If payments are integratedDPA & PCI-DSS compliance
We do not sell or rent your personal data. Where data is transferred outside the EEA it is protected by Standard Contractual Clauses or equivalent mechanisms.

7. Data Retention

  • Accounts & booking records: 6 years after your last interaction (legal obligation under French commercial law)
  • Contact enquiries: 2 years
  • Cookies & analytics identifiers: 13 months (France CNIL recommendation)

We may keep data longer if required to establish, exercise, or defend legal claims.

8. Security

We employ industry-standard technical and organisational measures: encryption in transit (HTTPS/TLS 1.2+), access controls, least-privilege database roles, regular backups, and vulnerability monitoring. No Internet transmission is 100% secure; you acknowledge residual risks.

9. Your Rights (GDPR/UK GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase data ("right to be forgotten")
  • Restrict or object to processing under certain conditions
  • Port data to another provider
  • Withdraw consent at any time (for marketing or analytics cookies)
  • Lodge a complaint with your supervisory authority

Supervisory authorities: in France: CNIL; in the UK: ICO; elsewhere: your local DPA.

To exercise rights, email [privacy email]. We may verify your identity before fulfilling a request.

10. Children

Our Services are not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided data, contact us and we will delete it promptly.

11. Changes to this Policy

We may update this Privacy Policy periodically. Material changes will be announced via the Website or by email. The "Effective Date" will always indicate the latest revision.

12. Contact

For privacy questions or requests, email [privacy email]

or write to:

[Company Name]
[Company Address]