The purpose of this policy is to inform users of the website: https://www.wearescene.com/fr (hereinafter referred to as "the website") of how data is collected and processed by the data controller, We Are Scene.
This policy reflects the data controller's commitment to act with full transparency, in compliance with national provisions and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation").
The data controller pays particular attention to the protection of its users' privacy and therefore undertakes to take the reasonable precautions required to protect the personal data collected against loss, theft, disclosure or unauthorized use.
"Personal data" is defined as all personal data relating to the user, i.e. any information that makes it possible to identify them directly or indirectly as a natural person.
If the user wishes to object to any of the practices described below, they may contact the data controller at the postal or email address specified in the "contact details" section of this Policy.
The data controller collects and processes, in accordance with the methods and principles described below, the following personal data about users:
The data controller may also collect non-personal data. This data is qualified as non-personal because it does not make it possible to identify a particular person directly or indirectly. It may therefore be used for any purpose, for example to improve the website, the products and services offered or the data controller's advertising.
In the event that non-personal data were to be combined with personal data in such a way that identification of the persons concerned would be possible, this data would be processed as personal data until such time as it can no longer be linked to a particular person.
The data controller may process personal data in the following ways:
Personal data is collected and processed only for the purposes mentioned below:
| Processing | Data category | Purposes | Legal bases | Retention period |
|---|---|---|---|---|
| Creation of "Client" account (User) | Professional email address Password First name Last name Company name (SIREN number, Registered office address) Information concerning space booking (location, workspace, date, price, status) | Allow the user to manage their account online on the Site. | The legal basis for processing is the performance of the contract between the User and We Are Scene, which involves the provision of the Site. | As a general rule, Personal Data processed by We Are Scene under the Contract is retained for the duration of the commercial relationship and then deleted. Certain Personal Data may be retained in intermediate storage following the end of the commercial relationship, in accordance with legal obligations to which We Are Scene is subject (e.g. retention of accounting documents), or because this Personal Data has a legitimate administrative interest for We Are Scene (e.g. retention for evidential purposes for legal limitation periods). |
| Creation of "Host" account (Partners) | Email address Phone number Password First name Last name Date of birth Place of birth Professional or non-professional status Personal address Tax reference number Country of issue of tax number Company name (SIREN number, Registered office address) VAT number VAT rate IBAN - BIC/SWIFT Information concerning the space | Allow the Host to manage their account online on the Site and administer their listings and bookings. | The legal basis for processing is the performance of the contract between the Host and We Are Scene, which involves the provision of the Site. | As a general rule, Personal Data processed by We Are Scene under the Contract is retained for the duration of the commercial relationship and then deleted. Certain Personal Data may be retained in intermediate storage following the end of the commercial relationship, in accordance with legal obligations to which We Are Scene is subject (e.g. retention of accounting documents), or because this Personal Data has a legitimate administrative interest for We Are Scene (e.g. retention for evidential purposes for legal limitation periods). |
| Contact form – Request for information | First name Last name Professional email address Phone number Company name Job title Free message | Respond to user requests | The legal basis is We Are Scene's legitimate interest, namely to respond to user requests. | - 3 years from the last contact with the user; - Mandatory request to the user to extend the retention period of collected data by 3 years. |
| Contact form – Referral of future Host | First name Last name Email address Booking already made on the site or not | Respond to referral requests from potential Hosts | The legal basis is We Are Scene's legitimate interest, namely to respond to user requests | - 3 years from the last contact with the user; - Mandatory request to the user to extend the retention period of collected data by 3 years. |
| Contact form – Referral of future client | First name Last name Email address First and last name of person to be referred Email address of person to be referred Phone number of person to be referred Acceptance of T&Cs | Respond to referral requests from potential clients | The legal basis is We Are Scene's legitimate interest, namely to respond to user requests | - 3 years from the last contact with the user; - Mandatory request to the user to extend the retention period of collected data by 3 years. |
| Contact form – Become a partner | Company name Email address Website URL | Respond to requests from potential partners | The legal basis is We Are Scene's legitimate interest, namely to respond to requests from potential partners. | - 3 years from the last contact with the user. - Mandatory request to the user to extend the retention period of collected data by 3 years. |
| Cookies | IP and connection data | - site operation - keep the user logged in - audience analysis - conversion tracking | The legal basis is consent | Maximum 13 months |
The data controller may be required to carry out processing that is not yet provided for in this Policy. In such a case, they will contact the user before reusing their personal data, to inform them of the changes and give them the opportunity, where applicable, to refuse such reuse.
The recipients of the data are only the personnel authorized by the data controller to process personal data.
| Third party | Data transmitted |
|---|---|
| Digital Ocean (Website host) | All data stored on the server. |
In the event that data were to be disclosed to third parties for direct marketing or commercial prospecting purposes, the user would be informed in advance so that they can choose to accept the transfer of their data to third parties. Since this transfer is based on the user's consent, they may at any time withdraw their consent for this specific purpose.
The data controller complies with applicable legal and regulatory provisions and will in all cases ensure that its partners, agents, subcontractors or other third parties with access to this personal data comply with this Policy.
The data controller discloses the user's personal data where a law, legal process or order from a public authority would make such disclosure necessary.
The data controller reserves the right to verify the user's identity for the exercise of the rights set out below.
This request for additional information will be made within one month of the user's request.
The user may obtain free written communication or a copy of the personal data concerning them that has been collected.
The data controller may require payment of reasonable fees based on administrative costs for any additional copy requested by the user. When the user makes this request by electronic means, the information is provided in a commonly used electronic form, unless the user requests otherwise.
Subject to exceptions provided for in the General Data Protection Regulation, the copy of their data will be communicated to the user no later than one month after receipt of the request.
For all processing based on consent, in this case cookies, the data subject has the right to withdraw their consent at any time, in particular directly at the bottom of the email.
The user may obtain, free of charge, as soon as possible and no later than one month, the rectification of their personal data that is inaccurate, incomplete or irrelevant, and to have it completed if it is incomplete.
Subject to exceptions provided for in the General Data Protection Regulation, the request to exercise the right to rectification is processed within one month of its submission.
The user may at any time, for reasons relating to their particular situation, object free of charge to the processing of their personal data, except when:
The data controller may refuse to implement the user's right to object when they establish the existence of compelling legitimate grounds for the processing which override the interests or rights and freedoms of the user, or for the establishment, exercise or defence of legal claims. In the event of a dispute, the user may lodge a complaint in accordance with the "complaint" section of this Policy.
The user may also, at any time, object, without justification and free of charge, to the processing of personal data concerning them when their data is collected for commercial prospecting purposes (including profiling).
When personal data is processed for scientific or historical research purposes or for statistical purposes in accordance with the General Data Protection Regulation, the user has the right to object, for reasons relating to their particular situation, to the processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out in the public interest.
Subject to exceptions provided for in the General Data Protection Regulation, the data controller must respond to the user's request as soon as possible and no later than one month and justify their response when they intend not to comply with such a request.
The user may obtain restriction of the processing of their personal data in the following cases:
The data controller will inform the user when the restriction of processing is lifted.
The user may obtain the erasure of personal data concerning them when one of the following grounds applies:
Erasure of data is not applicable in the following cases:
Subject to exceptions provided for in the General Data Protection Regulation, the data controller must respond to the user's request as soon as possible and no later than one month and justify their response when they intend not to comply with such a request.
The user may at any time request to receive their personal data free of charge in a structured, commonly used and machine-readable format, in particular for the purpose of transmitting it to another data controller, when:
Under the same conditions and in the same way, the user has the right to have the data controller transmit the personal data concerning them directly to another personal data controller, insofar as this is technically feasible.
The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
The data controller implements appropriate technical and organizational measures to ensure a level of security of the processing and the data collected appropriate to the risks presented by the processing and the nature of the data to be protected. They take into account the state of knowledge, implementation costs and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of users.
The data controller has implemented appropriate security measures to protect and prevent the loss, misuse or alteration of information received on the website. In the event that the personal data controlled by the data controller were to be compromised, they would act quickly to identify the cause of this breach and take adequate remedial measures.
The data controller informs the user of this incident if the law so requires.
If the user wishes to object to any of the practices described in this Policy, they are advised to contact the data controller directly.
The user may also lodge a complaint with their national supervisory authority. You can lodge a complaint online with the CNIL or by post:
Commission nationale de l'informatique et des libertés (CNIL) 3 Place de Fontenoy TSA 80715 75334 Paris cedex 07 Tel: +33 1 53 73 22 22
In addition, the user has the possibility to bring proceedings before the competent national courts.
For any questions and/or complaints relating to this Policy, the user may contact the data controller at the following email address: [email protected] or by post at:
We Are Scene 66 RUE DES ARCHIVES 75003 PARIS
The data controller reserves the right to modify the provisions of this Policy at any time. Amendments will be published directly on the data controller's website.
This Policy is governed by the national law of the place of the data controller's main establishment.
Any dispute relating to the interpretation or performance of this Policy shall be submitted to the courts of this national law.
This version of the Policy is dated 06/02/2025.