Privacy policy
At Phenomen’âme, we value your privacy. This privacy policy provides clear, transparent and concise information about how your personal data is collected, used and protected. All personal data is processed lawfully, transparently, and fairly by your service provider, who is the data controller responsible for processing personal data on this website.
Article 1. Applicable law – legal basis
This privacy policy complies with the following legal requirements:
Articles 12, 13 and 14 of the General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council.
French Data Protection Act No.78-17 of January 6, 1978, on information technology, data files, and freedoms, as amended by Act No. 2018-493 of June 20,2018, relating to personal data protection for personal data processing matters.
Act No. 2004-575 of June 21, 2004 on confidence in the digital economy: for the removal of contentious content.
The legal bases are as follows:
Consent (for newsletter subscriptions)
Execution of a contract (for the service performance)
Legal obligation (for billing purposes)
Article 2. Collection of personal data
Personal data is collected automatically, for commercial, statistical and prospecting purposes, when a contact form is filled in, an appointment is made, an online quotation is requested or an invoice is issued, whenever necessary.
The processing of personal data does not concern:
Racial or ethnic origin
Political opinions
Religious or philosophical convictions
Union membership
Genetic data
Biometric data for the purpose of uniquely identifying a natural person
Data concerning health or sex life
The sexual orientation of an individual
Criminal convictions and offenses.
Data is processed, transferred and stored outside the European Union using the following tools:
Brevo
Canva
Gmail
Google Analytics
Google Drive
Google Forms
Google Meet
Google Search Console
Infomaniak
Instagram
LinkedIn
Notion
Pinterest
Tl;dv
WhatsApp
WordPress
Zoom
The collected data are:
Last name
First name
Company name
Siret number
Billing address
Postal code
Mobile phone number
Email address
Birthday (day and month)
Profession
Clothing preferences (colors, cuts, patterns, style, type of clothing…)
Physical characteristics (morphological analysis of face and/or body, diagnosis of hair and eye color)
Clothing size
Taste preferences (animal, sport, musical instrument, music style, flower, decoration, food, vacation destination…)
Article 3. Purpose of personal data processing
The processing of personal data is deemed lawful when at least one of the following conditions is met:
The user of this website has consented to the processing of his/her personal data in order to have access to the free services of Phenomen’âme.
The processing is necessary for the performance of a contract with Phenomen’âme.
Processing is necessary for Phenomen’âme to comply with a legal obligation, to protect the vital interests of the data subject or of another natural person, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
Collected data | Purpose |
Last name | Client identification – quotes – invoices – contracts |
First name | Client identification – quotes – invoices – contracts |
Company name | Client identification – quotes – invoices – contracts |
Siret number | Client identification – quotes – invoices – contracts |
Postal address | Client identification – quotes – invoices – contracts |
Postal code | Client identification – quotes – invoices – contracts |
Mobile phone number | Client identification – quotes – invoices – contracts – mission follow-up |
Email address | Client identification – sending quotes + invoices + contracts + newsletters – mission follow-up |
Birthday (day and month) | Client care |
Profession | Mission follow-up |
Clothing preferences | Mission follow-up |
Physical characteristics | Mission follow-up |
Clothing size | Mission follow-up |
Taste preferences | Mission follow-up |
Article 4. Consent to the collection of personal data
The user must consent to the collection of personal data in order to benefit from Phenomen’âme’s services. This consent may be withdrawn at any time by contacting Phenomen’âme in writing. The user acknowledges that withdrawing consent doesn’t affect the lawfulness of the processing of her or his personal data prior to the withdrawal.
In accordance with Article 9 of the French Civil Code, all customers have the right to the protection of their image, including their voice, and their privacy. The use of photographs, audios and videos concerning them must be the subject of a transfer of image rights agreed in writing, by acceptance of this legal document. The transfer of image rights granted by the customer is valid for 5 years from the date of written authorization. This also includes the right to collect the customer’s personal data as part of a collective event (masterclasses, workshops, training courses). The image rights transferred apply to all written, audio and video media necessary to promote the services provided by Phenomen’âme, to produce advertising or prospecting content, in any medium whatsoever. The use of the media concerned by the image right is restricted to the European Union.
The recipient of personal data is Phenomen’âme, which is responsible for processing personal data on this website. No personal data is transmitted, sold or rented to third parties. Phenomen’âme does not use subcontractors to process personal data.
Article 6. Register of processing activities
In principle, each data controller must keep a register of the processing activities carried out under their responsibility, mentioning :
The name and contact details of the data controller
Processing purposes
A description of the categories of data subjects and categories of personal data
The categories of recipients to whom the personal data has been disclosed or the procedures for transferring personal data to a third country or to an international organization.
Deletion deadlines for different categories of data
General description of technical and organizational security measures
This register takes the form of a written document, which can be in electronic or paper form.
The CNIL supervisory authority must have access to this data on request, particularly if the company has more than 250 employees, or if its activities entail a recurring risk for the rights and freedoms of the persons concerned.
Article 7. Right of access to data
Any person concerned by the processing of his or her personal data has the right to obtain from the data controller confirmation of the following information:
The purposes of the processing;
The categories of personal data concerned;
The recipients or categories of recipients to whom the personal data has been or will be communicated, in particular recipients established in third countries or international organizations;
Where possible, the length of time for which personal data will be kept or, where this is not possible, the criteria used to determine this length of time;
The existence of the right to request from the data controller the rectification or erasure of personal data, or a restriction on the processing of personal data relating to the data subject, or the right to object to such processing;
The right to lodge a complaint with a supervisory authority;
Where personal data are not collected from the data subject, any available information as to their source
The existence of automated decision-making, including profiling.
Phenomen’âme must provide a copy upon written request.
Article 8. Right to modify personal data
Any person concerned may ask Phenomen’âme to rectify any personal data concerning him or her that is inaccurate. They may also request, in writing, that the personal data collected by the service provider be completed.
Article 9. Right to delete personal data
Every user or client has the right to be forgotten. Persons concerned by the processing of their personal data may request the deletion of the data if one of the following cases arises:
Personal data is no longer required for the purposes for which it was collected or otherwise processed;
The data subject withdraws the consent on which the processing is based,
The data subject objects to the processing;
Personal data has been processed unlawfully;
Personal data must be erased to comply with a legal obligation laid down by Union law or by the law of the Member State to which the data controller is subject;
Personal data have been collected in connection with the offering of information society services.
The personal data collected is automatically deleted after 3 years from the date of collection by the service provider.
Collected sensitive data is deleted after one year.
Article 10. Right of opposition and limitation
Any person concerned by the processing of personal data may refuse to consent to it, or freely limit its scope, where one element applies:
The accuracy of the personal data is contested by the data subject, for a period allowing the data controller to verify the accuracy of the personal data;
The processing is unlawful and the data subject object opposes the erasure of the data and instead requests the limitation of its use;
The data controller no longer needs the personal data for processing purposes, but the data is still necessary for the data subject to establish, exercise or defend legal claims;
The data subject has objected to the processing while a verification is carried out to determine whether the legitimate grounds pursued by the data controller override those of the data subject.
Article 11. Right of portability
The portability of personal data is a right for any person concerned who wishes to transfer their data to another data controller, without opposition from the service provider, when technically feasible and when it does not infringe on the rights of third parties.
Any such request must be made in writing to the service provider.
Article 12. Security of processing
To maintain a low risk of personal data leakage, the company can reinforce its data retention measures: implement pseudonyms, encryption, a crisis protocol or re-evaluate the degrees of the protocol in force.
The risks to be assessed in the context of processing are of several kinds, such as the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access to such data, whether accidental or unlawful.
In the event of a proven risk of personal data breach, the data controller must communicate to the data subject, in clear and simple terms, all information and measures concerning the resolution of the problem.
Article 13. Person responsible for the processing of personal data
The person responsible for processing personal data is: Sophie Petithomme, who can be contacted by email (contact@phenomename.com) or by mail (Phenomen’âme 58 rue de Monceau 75008 Paris).
The data controller implements technical, organizational and professional measures to effectively review and update the collection and processing of your personal data. In doing so, it takes into account the nature, scope, context and purposes of the processing, as well as the risks, which vary in likelihood and severity, to the rights and freedoms of individuals.
It undertakes to cooperate and work intelligently with the supervisory authority, at the latter’s request, in the performance of its duties.
Article 14. Moderation of comments
All comments and opinions left on this website may be subject to moderation, and any abusive comments will be removed by means of a report or directly by the service provider.
Comments may be subject to moderation by the service provider, upon notification or in the event of non-compliance, in accordance with Law No. 2004-575 of June 21, 2004 on confidence in the digital economy, concerning the deletion of contentious content.
Article 15. Cookies
By browsing this website, you accept that the website may install cookies in your browser, in order to benefit from the service provider’s services.
Users have the right to access, rectify, port and delete their data, or to limit the processing thereof, in accordance with the French Data Protection Act of January 6, 1978, as amended, and European Regulation No. 2016/679/EU of April 27, 2016.
Any complaints in this regard should be addressed to the service provider.
You can freely refuse the use of cookies via your browser’s settings menu.
If you refuse cookies via your browser settings, some features of the website may not work properly, such as submitting contact requests or subscribing to newsletters. The information collected through cookies is used exclusively for internal analytics to improve your experience. It may include data such as your IP address, browser type, access times, and automatic form pre-filling.
The information collected via cookies is used exclusively for internal analytics to improve your experience.
The information collected by this website is used exclusively for internal statistical purposes, in order to improve the quality of the services offered to you.
Databases are protected by the provisions of the law of July 1, 1998, transposing directive 96/9 of March 11, 1996, on the legal protection of databases.
Cookies are used to:
Enhance your browsing experience.
Remember your login information.
Monitor and analyze website performance, operation and efficiency.
Ensure platform security.
Article 16. Complaints – CNIL
In accordance with Article 55 of the General Personal Data Regulation, if you believe that Phenomen’âme has violated your rights concerning the processing of personal data, you may write a complaint to the CNIL as soon as possible, ideally no later than 72 hours after becoming aware of it. Notification of the violation must :
Describe the nature of the personal data breach including, if possible, the categories and approximate number of persons affected by the breach and the categories and approximate number of personal data records affected;
Identify the name and contact details of the Data Protection Officer or other point of contact from whom further information can be obtained;
Describe the likely consequences of the personal data breach;
Describe the measures taken or proposed to be taken by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any negative consequences.
Date of last update: July 28th, 2025
Model issued by SAS Legal Peach (https://www.legalpeach.fr/)