Legal
Privacy
Personal data protection (GDPR) — updated: June 2026.
The Chuppah by Ventisei places particular importance on your privacy. This policy describes the data we process, why, for how long, and the rights available to you. We apply the principle of minimization : we collect only what is strictly necessary.
1. Data controller
The data collected on this site is processed by The Chuppah by Ventisei (Ventisei Management), whose details appear in the legal notice. For any question regarding your data: [email protected].
2. Data processed and purposes
| Context | Data | Purpose | Legal basis (GDPR) |
|---|---|---|---|
| Brief form | First names, e-mail, telephone (optional), envisaged date and venue, indicative budget, aesthetic preferences and information shared freely. | Studying your project and preparing a proposal. | Pre-contractual measures taken at your request (art. 6.1.b). |
| Client account / editor | E-mail address and password (kept encrypted, never in plain text); content of the site you create. | Create your space, save and publish your site. | Performance of the contract (art. 6.1.b). |
| Payment | Payment handled directly by a certified provider PCI-DSS. Your card details never pass through our servers and are never stored there. | Collecting the deposit or the balance of the service. | Contract and accounting obligation (art. 6.1.b and 6.1.c). |
| RSVP space of sites delivered | Entered by guests: name, attendance, number in party, optional contact details, preferences (meal, allergies), message. | Allowing the couple to collect and manage responses. | Legitimate interest of the couple in organising their event (art. 6.1.f). |
| Technical data | Connection logs necessary for operation and security; audience measurement cookie-free and anonymized. | Ensuring security, preventing fraud, improving the service. | Legitimate interest (art. 6.1.f). |
For RSVP spaces, the couple is the data controller for the list of their guests; The Chuppah by Ventisei acts solely as technical sub-processor, on its behalf and under its instructions.
3. Recipients and sub-processors
Your data is not never sold, rented or transferred for commercial purposes. It is accessible only to technical providers selected for their security guarantees, acting on our behalf under contract. For security reasons, they are designated by category:
- Hosting infrastructure — delivering the site and server functions.
- Managed database — storing accounts, sites and RSVP responses.
- Transactional email service — sending notifications and confirmations.
- PCI-DSS certified payment provider — secure processing of payments.
When a provider processes data outside the European Union, this transfer is governed by appropriate safeguards within the meaning of the GDPR (in particular the European Commission's standard contractual clauses). The named, up-to-date list of our processors can be communicated upon legitimate written request.
4. Retention periods
- Prospect (a brief left without follow-up): up to 3 years after the last contact.
- Client : for the duration of the contractual relationship, then archiving of invoices and accounting records for the statutory period (10 years).
- Account and site content : until you request deletion.
- RSVP responses : deleted after the event, or at the couple's request.
5. Security
Data is encrypted in transit (HTTPS/TLS). Access is protected by authentication and strictly partitioned by account : each couple accesses only their own data, and no guest list is readable without authorised login. Passwords are stored in encrypted form. We apply the principle of least privilege and limit access to data to the strict minimum.
6. Your rights
In accordance with the GDPR, you have the rights ofaccess, rectification, erasure, restriction, objection and portability, as well as the right to withdraw your consent at any time, and to set directives on the fate of your data after your death. To exercise them, write to [email protected] : proof of identity may be requested, and we respond within one month. In the event of a disagreement, you may lodge a complaint with the CNIL.
7. Cookies and local storage
This site does not use no advertising cookies, no trackers, and audience measurement is carried out without cookies. The brief form and the editor keep a temporary backup of your entries in your browser's local storage, for your convenience alone: this data stays on your device.
8. Minors
The site is intended for adults. Any data concerning children (for example a minor guest indicated in an RSVP response) is provided by the guests, under the responsibility of the hosting couple.
9. Amendments
This policy may evolve to reflect changes to the service or to regulations. The date of last update appears at the top of the page.