Privacy policy

Identity

Directoffice.fr (Société par actions simplifiée à associé unique (SASU))

Trade name

Directoffice

SIREN

103 663 597

RCS

RCS Paris 103 663 597

Address

66 avenue des Champs-Élysées, 75008 Paris, France

Email

contact@directoffice.fr

Legal representative

Raphaël Jean-Claude RICCI (President)

We collect only the data strictly necessary for the purposes described below. Depending on your use of the site, the following may be collected:

• Identification data: first name, last name, company name, email address, password (hashed), user role.
• Contact data: phone number, postal address, shipping address.
• Billing data: amount, taxes, payment method (without the full card number), any promo code, Stripe identifiers.
• Technical data: IP address, session identifiers, event logs, user agent.
• User-generated content: listings, photos, descriptions, generated QR codes.

• Creation and management of the user account (contract performance, art. 6.1.b GDPR).
• Order processing, payments, and invoice delivery (contract performance and legal obligation, art. 6.1.b and 6.1.c GDPR).
• Retention of invoices for 10 years (legal obligation, art. L123-22 of the French Commercial Code).
• Moderation and fraud prevention (legitimate interest, art. 6.1.f GDPR).
• Sending account- or order-related emails (contract performance).
• Anonymous audience measurement and service improvement (legitimate interest).

• User account: for the entire duration of the contractual relationship, then 3 years archived for commercial prospecting.
• Invoicing data: 10 years from the closing of the financial year (accounting and tax obligation).
• Technical logs: 12 months maximum (LCEN-mandated period for operators).
• Non-strictly-necessary cookies: 13 months maximum, in line with the French CNIL guidelines.

Your data is never sold or rented. It is only accessible to authorised persons (internal administrators) and to a limited number of processors strictly bound by contract pursuant to article 28 GDPR:

• OVH SAS — hosting and backups (Roubaix, France).
• Stripe Payments Europe Ltd — payment processing (Ireland, European Union).
• Ionos / 1&1 (SMTP) — transactional email delivery.

No data is transferred outside the European Union. If such a transfer were to occur, it would be governed by the standard contractual clauses adopted by the European Commission.

In accordance with articles 12 to 23 GDPR and the French Data Protection Act, you may exercise the following rights at any time:

• Right of access and right to portability.
• Right to rectification.
• Right to erasure ("right to be forgotten").
• Right to restriction of processing.
• Right to object on legitimate grounds.
• Right to set instructions regarding the fate of your data after your death.

To exercise these rights, contact contact@directoffice.fr with proof of identity. You also have the right to lodge a complaint with the French Data Protection Authority (CNIL, www.cnil.fr).

We implement appropriate technical and organisational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access: TLS encryption on network exchanges, robust password hashing, database isolation, automated backups, access logging, least-privilege principle for administrators.

The site only uses cookies strictly necessary for operation (session, cart, authentication). No advertising or third-party audience measurement cookies are dropped without your prior consent.

This policy may evolve to reflect regulatory or technical changes. The last-updated date is shown at the top of the page. Substantial changes will be notified by email or via a visible banner on the site.