PRIVACY POLICY
As an e-commerce platform service provider, we consider
protection of our users’ personal data is crucial.
Here is our Privacy Policy, i.e. the explanation of our practices and
commitments in terms of protection of personal data, in
compliance with the General Data Protection Regulation (“GDPR”).
As we think clear and transparent information is key, we have
included several tables to help you better understand and exercise
your rights.
Section 5 especially describes which cookies are used on the app and
allows you to manage your preferences in this respect.
This Privacy Policy was last updated on 27/03/2024.Important: To simplify your reading of this Policy, we are using here certain terms and
expressions that are defined in the Terms and Conditions of the App. These terms and
expressions start with a capital letter; please refer to article 1 of the T&Cs to find their
respective definitions. �
Table of contents
1. Who’s the data controller on the Private Gallery app? ................................................................... 3
2. What data is collected, and why? ....................................................................................................... 3
2.1. Buyers .......................................................................................................................................................... 3
2.1.1. Data collected by our web hosting server ............................................................................... 3
2.1.2. Signing in and paying the Subscription .................................................................................... 4
2.1.3. Marketplace Service ....................................................................................................................... 4
2.1.4. Concierge Service ........................................................................................................................... 5
2.1.5. Saving your credit card details for future Sales ...................................................................... 5
2.1.6. Reporting contents ......................................................................................................................... 5
2.1.7. Retention of certain data as proof ............................................................................................. 5
2.2. Sellers ............................................................................................................................................................7
2.2.1. Management of business relationships .....................................................................................7
2.2.2. Data collected by our web hosting server ................................................................................7
2.2.3. Compliance with PRIVATE GALLERY’s legal obligations ...........................................................7
2.2.4. Retention of certain data as proof ............................................................................................. 8
3. Who may access data? Whom is it shared with? ............................................................................. 9
3.1. Web hosting server and internal recipients ...................................................................................... 9
3.2. Sellers and users of the App ................................................................................................................. 9
3.3. PRIVATE GALLERY’s service providers and subcontractors.......................................................... 9
3.4. Authorities, jurisdictions and parties to a dispute ........................................................................... 9
3.5. Buyout and capital operations................................................................ Erreur ! Signet non défini.
4. What are data subjects’ rights on their data? ................................................................................. 10
4.1. Right of access ......................................................................................................................................... 10
4.2. Right to rectification ............................................................................................................................... 10
4.3. Right to withdraw consent .................................................................................................................... 10
4.4. Right to object ...........................................................................................................................................11
4.5. Right to erasure ........................................................................................................................................11
4.6. Right to restriction of processing ........................................................................................................ 12
4.7. Right to data portability ......................................................................................................................... 12
4.8. Right to provide directives as to the use of data after data subject’s death .......................... 12
5. Does the Private Gallery app use cookies or other similar technologies? .................................. 14
�
1.Who’s the data controller on the Private Gallery app?The Private Gallery web and mobile app is published and managed by PRIVATE GALLERY
GROUP, a SAS (French Simplified Joint Stock Company) established under the laws of
France and registered at the Paris Commercial and Companies Registry trade register
under no. 895 068 187 (VAT no. FR36895068187), with its head office at 1 Place Paul
Verlaine, 92100 Boulogne-Billancourt - France (“PRIVATE GALLERY”)
When you browse the App and use its various features, some data may be collected that
relates to you. As the publisher of the App, PRIVATE GALLERY is the data controller in
relation to the processing of that data, as per the GDPR.
This means that we are your privileged contact for all and any question or concern relating
to our collection and processing of your data in the context of the App. You may contact
us in this respect using our email address contact@privategallery.fr Important: Sellers may collect and process various data relating to Users they deal with
through the App for their own purposes (such as management of deliveries, billing,
processing of claims, etc). For such situations, the respective Seller is the data controller of
your data, so that you must contact them to learn more about their own privacy policy. 2.What data is collected, and why?To simplify your reading, we have distinguished processing of data relating to Buyers on
the App (section 2.1) and processing of data relating to Sellers (section 2.2). Please refer directly to the section that relates to you! 2.1. Buyers 2.1.1. Data collected by our web hosting server When you connect to the App, certain data are automatically collected by the web hosting
server of the App. This data relates to your device (computer, tablet, smartphone) and
includes your IP address. This data is collected so as to allow your device to connect to the web hosting server, and
also to detect bugs and attempts of cyber attacks and to get statistics regarding the
audience of the App. Collection and processing of this data is justified by our legitimate interest in making the
App accessible in a well-functioning, secure and accurate manner from the various types
of devices and web browsers on the market, in compliance with article 6.1.f) of GDPR. �
2.1.2. Signing in and paying the Subscription Creating a User Account in accordance with our T&Cs require that you provide certain
information in the dedicated sign in form. This information is used to create and maintain your User Account in our user database
and to allow you to use the various features of the App. Collection and processing of this data is justified as it is necessary for the performance of
an agreement between you and PRIVATE GALLERY, i.e. our T&Cs (article 6.1.b) of GDPR). Also, when you pay a Subscription, we collect certain data relating to your payment
through the dedicated payment module of the app store (in-app purchase), including the
IP address of the device used for the payment, the reason for the payment, your user ID,
details of the credit card used for the payment and the amount, date and hour of the
payment. This data is necessary to activate your Subscription, to collect the price thereof on a
monthly basis and to maintain our bookkeeping records. Collection and retention of this data is justified both by our T&Cs (article 6.1.b) of GDPR)
and legal obligations imposed on PRIVATE GALLERY (article 6.1.c) of GDPR). 2.1.3. Marketplace Service When you use the payment service module on the App to pay a Sale you have concluded
with a Marketplace Seller, the payment service provider will collect, on behalf of PRIVATE
GALLERY and the Seller, certain data relating to the payment including the IP address of
the device used for the payment, the reason for the payment, your user ID, details of the
credit card used for the payment and the amount, date and hour of the payment. Important: Collection and processing of this data is managed by PRIVATE GALLERY for the
benefit of the respective Seller, so as to allow him to receive your payment; however, as
the publisher of the App, PRIVATE GALLERY shares a joint responsibility with the Seller in
relation to that processing of personal data. Still, PRIVATE GALLERY remains your
privileged contact for any question relating to that processing of your data. Collection and processing of this data are justified as they are necessary to carry out your
payment for the benefit of the respective Seller, as contemplated in our T&Cs and for the
purpose of the Sale concluded with that Seller (article 6.1.b) of GDPR). Data relating to payments are also necessary for PRIVATE GALLERY to comply with its
obligations under article 242 bis of the French Tax Code and article 23 L sexies of annex IV
of this Code (article 6.1.c) of GDPR). �
2.1.4. Concierge Service When you contact PRIVATE GALLERY in the context of the Concierge Service, we collect
and process data contained in your request and our written correspondence, so as to
answer your request. If you instruct us to buy a product/service on your behalf, we will also collect payment
data through the payment service module on the App, including the IP address of the
device used for the payment, the reason for the payment, your user ID, details of the
credit card used for the payment and the amount, date and hour of the payment. This
data is collected so as to receive funds you entrust us with to buy the requested
product/service and our mandate commission. Collection and processing of this data is justified as it is necessary to provide you with the
Concierge Service, in accordance with our T&Cs (article 6.1.b) of GDPR). Also, we will retain payment receipts in order to maintain our bookkeeping records, as
required by our legal bookkeeping obligations (article 6.1.c) of GDPR). 2.1.5. Saving your credit card details for future Sales You may save credit card details on the App so as to facilitate payments in the context of
future Sales. This feature is purely optional. The resulting retention of your credit card details is therefore based on your consent
(article 6.1.a) of GDPR). You may withdraw this consent at any time by cancelling the
respective credit card details on the App. 2.1.6. Reporting contents When you report a content published by a Marketplace Seller through the reporting
procedure described in our T&Cs, we will collect your name, surname and email address
and the reasons, date and hour of your reporting. Collection of this data is necessary for us to process your reporting and revert to you, as
relevant, to inform you of our decision. Such collection is justified by our legal obligations as an hosting service provider in relation
to contents published by Marketplace Sellers, as per article 6 of the French Loi n°2004-575
du 21 juin 2004 pour la confiance dans l’économie numérique (article 6.1.c) GDPR). 2.1.7. Retention of certain data as proof We may retain all or part of data referred to hereabove for the applicable statute of
limitation as a proof to prevent any claim, dispute or control relating to the execution of
our legal and contractual duties, and more generally to defend PRIVATE GALLERY’s rights
and interests. �
Such retention is justified by our legitimate interest in defending PRIVATE GALLERY’s rights
and interests, as necessary before courts and authorities, in compliance with article 6.1.f) of
GDPR. Summary table Collected data Purpose (the reason why
data is collected) Justification of processing
under GDPR Maximum retention period of
data in an identifying form Information relating to your
device and browsing on the
App Allowing you to connect to
the App, detect bugs and
attemps of cyber attacks PRIVATE GALLERY’s legitimate
interest (article 6.1.f) of GDPR) Until deletion of your User
Account Data you provide when
signing in on the App and in
our correspondence relating
to your use of the Services
(e.g. requests for technical
support) Allowing you to use the App
in accordance with our T&Cs Performance of an agreement
between you and PRIVATE
GALLERY (article 6.1.b) of
GDPR) Until deletion of your User
Account Data relating to the payment
of your Subscription
(payment information) Activating and managing
your Subscription and
collecting the monthly price
through your credit card Performance of an agreement
between you and PRIVATE
GALLERY (article 6.1.b) of
GDPR) Credit card details: 15 months
starting from the last collection
of the price of the Subscription Other data: 10 years Managing our bookkeeping
records Compliance with PRIVATE
GALLERY’s legal obligations
(article 6.1.c) of GDPR) Data relating to Marketplace
Sales (including payment
information) Carrying out your payment
to the Seller and managing
your Sales history Performance of an agreement
between you and PRIVATE
GALLERY and of an agreement
between you and a Seller
(article 6.1.b) of GDPR) Credit card details: 15 months
starting from the payment Other data: until completion of
PRIVATE GALLERY’s fiscal
declarative obligations Executing PRIVATE
GALLERY’s fiscal declarative
obligations Compliance with PRIVATE
GALLERY’s legal obligations
(article 6.1.c) of GDPR) Data relating to acquisitions
performed on the User’s
behalf in the context of the
Concierge Service Answering your request and
proceeding with the
acquisition on your behalf Performance of an agreement
between you and PRIVATE
GALLERY (article 6.1.b) of
GDPR) Credit card details: 15 months
starting from the payment Payment receipts and data
relating to our mandate
commission: 10 years Other data: until completion of
the execution of the mandate
granted by the User Managing our bookkeeping
records Compliance with PRIVATE
GALLERY’s legal obligations
(article 6.1.c) of GDPR) Credit card details saved for
future Sales Facilitating payments in the
context of future Sales Your consent (article 6.1.a) of
GDPR) Until withdrawal of your
consent �
Collected data Purpose (the reason why
data is collected) Justification of processing
under GDPR Maximum retention period of
data in an identifying form Data contained in content
reporting Process the reporting in
accordance with our T&Cs
and legal obligations Compliance with PRIVATE
GALLERY’s legal obligations
(article 6.1.c) of GDPR) Duration necessary for our
review and decision on the
reporting Data relevant as a proof of
PRIVATE GALLERY’s
compliance with its legal and
contractual obligations Allowing PRIVATE GALLERY’s
to defend its rights and
interests, if necessary before
a court PRIVATE GALLERY’s legitimate
interest (article 6.1.f) of GDPR) Applicable statute of limitation
(in principle 5 years) 2.2. Sellers 2.2.1. Management of business relationships We collect certain data relating to Sellers whom we work with in the context of our
Services (both the Marketplace Service and the Concierge Service), so as to manage our
business relationships with these Sellers. This data includes identification data, financial data and (as applicable) information relating
to the Sellers’ business and use of the marketplace. Collection and processing of this data are justified by PRIVATE GALLERY’s legitimate
interest in providing its services to Sellers and users of the App (article 6.1.f) of GDPR). 2.2.2. Data collected by our web hosting server When you connect to the App, certain data are automatically collected by the web hosting
server of the App. This data relates to your device (computer, tablet, smartphone) and
includes your IP address. This data is collected so as to allow your device to connect to the web hosting server, and
also to detect bugs and attempts of cyber-attacks and to get statistics regarding the
audience of the App. Collection and processing of this data is justified by our legitimate interest in making the
App accessible in a well-functioning, secure and accurate manner from the various types
of devices and web browsers on the market, in compliance with article 6.1.f) of GDPR. 2.2.3. Compliance with PRIVATE GALLERY’s legal obligations We collect and process certain data relating to Sellers’ use of the App and payments
received by Sellers through our services so as to comply with our bookkeeping and tax
obligations and our obligations in relation to moderation of third-party contents on the
App. �
This data includes identification data (as imposed by tax regulations and our moderation
obligations), information relating to contents you publish on your Shop and Listings, and
information relating to payments carried out through our services. Collection and processing of this data are justified by its necessity for PRIVATE GALLERY to
comply with its legal and regulatory obligations, as per article 6.1.c) of GDPR. 2.2.4. Retention of certain data as proof We may retain all or part of data referred to hereabove for the applicable statute of
limitation as a proof to prevent any claim, dispute or control relating to the execution of
our legal and contractual duties, and more generally to defend PRIVATE GALLERY’s rights
and interests. Such retention is justified by our legitimate interest in defending PRIVATE GALLERY’s rights
and interests, as necessary before courts and authorities, in compliance with article 6.1.f) of
GDPR. Summary table Collected data Purpose (the reason why
data is collected) Justification of processing
under GDPR Maximum retention
period of data in an
identifying form Identification data, financial
data and information relating
to Seller’s use of our services Managing our business
relationship with Sellers in the
context of our services PRIVATE GALLERY’s legitimate
interest (article 6.1.f) of GDPR) Duration of our business
relationship with Seller Information relating to your
device and browsing on the
App Allowing you to connect to the
App, detect bugs and attemps
of cyber attacks PRIVATE GALLERY’s legitimate
interest (article 6.1.f) of GDPR) Until deletion of your User
Account Data relating to contents you
publish on the App and
payments you receive
through our services
(identification data and
financial data) Identifying Sellers who publish
contents on the App and
managing an history of
payments carried out through
the Services Compliance with PRIVATE
GALLERY’s legal obligations
(article 6.1.c) of GDPR) Data relating to contents
published on the App: 12
months Data relating to payments:
10 years Data relevant as a proof of
PRIVATE GALLERY’s
compliance with its legal and
contractual obligations Allowing PRIVATE GALLERY’s
to defend its rights and
interests, if necessary before a
court PRIVATE GALLERY’s legitimate
interest (article 6.1.f) of GDPR) Applicable statute of
limitation (in principle 5
years) �
3. Who may access data? Whom is it shared with? 3.1. Web hosting server and internal recipients Your data is hosted by a professional, secure web hosting service provider (Google
Firebase, a service provided by Google Ireland Ltd), on servers located within the
European Union. PRIVATE GALLERY’s teams may access it to perform their respective
duties, within the limits of these duties. 3.2. Sellers and users of the App Sellers (both in the Marketplace Service and in the Concierge Service) and, as accessible,
their own subcontractors, service providers and processors, may receive data relating to
buyers in the context of negotiating, organizing, paying and executing Sales. Conversely, information published by Sellers on the App may be consulted by any user of
the App. 3.3. PRIVATE GALLERY’s service providers and subcontractors Certain data may also be consulted or hosted by the following persons and entities: ▪ Third party service providers who assist PRIVATE GALLERY in the maintenance and
evolution of the App;
▪ App stores from which you have downloaded the mobile version of the App, as for the
payment of the Subscription (which is performed as an in-app purchase);
▪ The provider of the payment service module used on the App (Stripe), as for payments
relating to Sales;
▪ Legal counsels, accountants and banks whose services are used by PRIVATE GALLERY
in the context of its activities.
These service providers are all located within the European Economic Area. Occasionally, app stores and the provider of the payment service module used on the App
may transfer certain data to countries outside of the European Economic Area; in such
cases, additional guarantees are applied to secure protection of your data, such as
contractual clauses validated by competent authorities. 3.4. Authorities, jurisdictions and parties to a dispute Occasionally, we may be required to share all or part of the data above with authorities
and jurisdictions which are competent to require communication of this data, and with the �
authorities, jurisdictions and parties (and their counsels) to the disputes and proceedings
we may intervene in for the defence of our rights and interests. We are especially obliged to provide certain data relating to Sales to the French tax
administration, as per our declarative obligations under article 242 bis of the French Tax
Code and article 23 L sexies of annex IV of this Code. 3.5. Mergers and acquisitions In case of a merger or acquisition involving our company or any equivalent operation, we
may need to transfer your data to the respective buyer or seller. In such a case we will
inform you of the identity thereof and the reasons for the transfer. 4.What are data subjects’ rights on their data?You have a certain number of rights determined by applicable laws and regulations. You
will find details for each of those rights below. A summary table is provided at the end of
this section.
You may exercise those rights by writing an email to PRIVATE GALLERY at
contact@privategallery.fr. Please make sure you mention clearly the nature of the right
you wish to exercise and the reasons which justify your request, as applicable.
4.1. Right of access
You have the right to request a copy of all personal data we have that relates to you, in a
legible, understandable format, and a copy of this Privacy Policy.
4.2. Right to rectification
You have the right to ask us to rectify, complete or update personal data we have that
relates to you, in case it appears inaccurate, incomplete or obsolete.
In such case, please make sure you provide us spontaneously, as possible, with all
information necessary to proceed with the requested rectification, completion or update.
4.3. Right to withdraw consent
You have a right to withdraw your consent at any time, where such consent is the
justification of the processing of your data (see the summary tables under section 2).
Withdrawing your consent to a processing will result in PRIVATE GALLERY ceasing to
process your data with the respective purpose, but it will not necessarily result in the
deletion of that data. To obtain such deletion of your data, you must exercise your right to �
erasure (see below), which also comes with a series of conditions and limitations relating,
for instance, to PRIVATE GALLERY’s right to retain data to defend its rights and interests
against claims and disputes. 4.4. Right to object You have a right to object to those processing activities above that are based on PRIVATE
GALLERY’s legitimate interests (see the summary tables under section 2) on grounds
relating to your particular situation. In other words, you may ask PRIVATE GALLERY to stop processing your personal for a
given purpose that is based on a PRIVATE GALLERY’s legitimate interest, by explaining the
particular reasons that justify this objection. It is possible however that we refuse to comply with your request if the processing of your
data is still necessary, according to us, for compelling reasons that override the grounds
relating to your particular situation (e.g. use of said data as proof in an actual dispute). If it is grounded and no compelling reason goes against it, your objection will result in us
ceasing the respective processing activities, but not necessarily deleting the data; to obtain
deletion of your data, you must exercise your right to erasure (see below), which also
comes with a series of conditions and limitations. 4.5. Right to erasure You may ask us to delete all or part of the data we have that relates to you, where one at
least of the conditions below is met: ▪ You have withdrawn your consent to the processing as per point 4.3 above and you
wish that PRIVATE GALLERY delete the respective data.
▪ You objected to the processing of your data as per point 4.4 above and you wish that
PRIVATE GALLERY delete the respective data.
▪ It is not necessary anymore for PRIVATE GALLERY to retain the respective data for the
purposes described in this Privacy Policy.
▪ You consider that PRIVATE GALLERY collected and/or processed the data in an
unlawful manner.
▪ Deletion of the data is imposed as a legal obligation.
▪ The respective data was collected when you where less than 15 years old.
Please be aware that PRIVATE GALLERY may refuse to delete certain data where it is
required to retain it for important reasons such as defending PRIVATE GALLERY’s interests
before a court. �
Also, please note that we may choose to anonymize the data instead of deleting it. In this
case, we will be able to retain the data in a format that does not allow to identify you
anymore (for instance for statistical purposes). 4.6. Right to restriction of processing You may ask us to limit the processing of your data, i.e. to retain it without using it (except
for legal obligations). You may especially ask this instead of asking for deletion of that
data. You may exercise this right where one at least of the following conditions is met: ▪ The respective data appears inaccurate and you prefer that we stop using it for the
time necessary to verify and rectify it as applicable.
▪ You objected to the processing of your data as per point 4.4 above, and you wish that
we stop using it for the time necessary to verify the grounds for that objection.
▪ You consider that PRIVATE GALLERY collected and/or processed your data in an
unlawful manner, but still you prefer that we retain that data instead of deleting it.
▪ It is not necessary anymore for PRIVATE GALLERY to retain the respective data for the
purposes described in this Privacy Policy, but still you wish that we retain that data for
you to be able to use it before a court.
In such a case, we will stop using the respective data and will retain it for the appropriate
duration. 4.7. Right to data portability You may ask us to give you a machine-readable copy of personal data you uploaded on
the App, so that you may reuse that data yourself or with another service provider. This right to data portability is not the same as the right of access above, as it is about
obtaining not a legible copy of the data, but a machine-readable copy that may be reused
by you or another service provider. 4.8. Right to provide directives as to the use of data after data subject’s
death You may provide us with directives as to how you want PRIVATE GALLERY to proceed with
your data after your death. For instance, you may ask that we delete all of your personal data (except as needed for
PRIVATE GALLERY to defend its rights before a court) or to transfer it to a recipient of your
choice. �
You may also designate any person of your choice to control our respect of those “last
wishes”. That person does not need to be your heir or your testamentary executor. Summary table Your rights What they are about What data/processing they
apply to Conditions, exceptions and
limitations Right of access A legible and understandable
copy of all personal data we
have that relates to you, and a
copy of this Privacy Policy All personal data None Right to rectification Rectification, update or
completion of the personal data
we have that relates to you All personal data Clearly identify data which
needs rectification, update or
completion and provide the
appropriate additional/new
data Right to withdraw consent To stop the processing of your
personal data Processing based on your
consent (see summary tables
under section 2) None Right to object To stop the processing of your
personal data Processing based on PRIVATE
GALLERY’s legitimate interest
(see summary tables under
section 2) Clearly state the grounds
relating to your particular
situation which justify the
objection Right to erasure Erasure or complete
anonymization of your personal
data All personal data See conditions above
(point 4.5) Right to restriction of
processing Retention of your personal data
by PRIVATE GALLERY without
using it All personal data See conditions above
(point 4.6) Right to data portability A reusable, machine-readable
copy of your personal data Data you uploaded on the App As applicable, clearly state the
identity and contact details of
the person or organization to
which you wish your data be
transferred Right to provide directives
regarding your personal
data after your death Respect of your “last wishes”
regarding the retention, use,
transfer or deletion of your
personal data All personal data Clearly state the identity and
contact details of the persons
who will control the respect of
your directives after your death You consider that we did not provide a satisfactory answer to your request or that we
process your personal data in an unlawful manner? We invite you to first contact us so that we discuss the issue together and try to find a way
to solve it efficiently. �
If you wish, you have the right to lodge a complaint with the competent data protection
supervisory authority, such as the French Commission Nationale de l’Informatique et des
Libertés (CNIL), through its website cnil.fr or by postal mail at CNIL – 3, place de Fontenoy
– TSA 80715 – 75334 PARIS CEDEX 07 (FRANCE). This right to lodge a complaint may be exercised at any time and free of charge, except
for (as applicable) postal fees and legal counsel fees (if you choose to get assistance from
a legal counsel). 5. Does the Private Gallery app use cookies or other similar
technologies? When you browse the App (whether on its web or mobile version), some cookies may be
stored on your device (i.e. computer, tablet or smartphone). Cookies, in an extended meaning, refer to technologies consisting in storing and/or
reading information on your device; they may be used for various reasons, which are
described below. Name of cookie Purpose (the reason why
the cookie is used) Name of the entity which
stores the cookie on your
device Cookie lifetime (the period during which the
cookie remains on your device before being
automatically erased) Cookie strictly
necessary These cookies are essential
to enable you to browse
the Application and use its
features. Without these
cookies, the services you
request, such as
remembering your login
information or the products
in your shopping cart,
could not be provided.
These cookies will inform
us, based on your behavior
as a user of the Application,
whether we can do
business with you, in order
to protect Private Gallery
and its customers from any
fraudulent activity. Google Firebase Until deletion of your User Account Certain cookies are necessary to the well-functioning of the App and/or the provision of
Services thereon; storing and reading of such cookies on your device therefore cannot be
avoided.
