Agency Cult SASU (hereinafter "TCC", "we", "us" or "our") operates the digital platform known as The Club Cult (hereinafter "the Platform"), a private members network connecting Members, Experts and Curators within the luxury lifestyle sector.
We are committed to protecting the privacy and personal data of all individuals who interact with our Platform. This Privacy Policy describes how we collect, use, store, share and protect personal data in accordance with:
This Privacy Policy applies to all Users of the Platform, including Members, Experts, Curators, Delegates, applicants and visitors to our website.
The data controller for personal data processed in connection with the Platform is:
Company: Agency Cult SASU
Share Capital: 300 EUR
SIRET: 937 700 474 00011
RCS: Paris 937 700 474
Registered Office: 44 Rue du Bac, 75007 Paris, Paris, France
Email: Info@theclubcult.com
Experts who provide services through the Platform act as separate data controllers for personal data they collect and process in connection with the delivery of their services to Members. TCC is not responsible for Experts' data processing activities in their capacity as service providers.
TCC has designated a Data Protection Officer (DPO) who can be contacted at:
Email: Info@theclubcult.com
Postal Address: Agency Cult SASU, Attn: Data Protection Officer, 44 Rue du Bac, 75007 Paris, Paris, France
The DPO is available to respond to enquiries regarding the processing of personal data, the exercise of data subject rights and any concerns relating to data protection.
We collect and process the following categories of personal data:
4.1. Identification Data
4.2. Professional Data (Experts and Curators)
4.3. Financial and Transaction Data
4.4. Communication Data
4.5. Usage and Technical Data
4.6. Location Data
4.7. TCC does not collect special categories of personal data (Article 9 GDPR), including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification purposes, health data or data concerning sexual orientation.
The following table sets out each processing activity, its purpose and the corresponding legal basis under Article 6(1) GDPR:
5.2. Legitimate Interest Assessments. Where we rely on legitimate interest (Article 6(1)(f) GDPR) as the legal basis for processing, we have conducted a balancing test to ensure that our interests do not override the fundamental rights and freedoms of the data subject. Details of these assessments are available upon request to Info@theclubcult.com.
6.1. Personal data may be shared with the following categories of recipients in the course of Platform operations:
6.2. Sub-Processor Register:
6.3. TCC will notify Users of any addition or replacement of sub-processors with a minimum of thirty (30) calendar days' advance notice. Users may object to a new sub-processor on reasonable grounds related to data protection.
7.1. TCC stores all personal data within the European Union (Supabase EU region, Frankfurt, Germany). Stripe processes payment data within its EU infrastructure (Ireland).
7.2. In the event that a sub-processor transfers personal data outside the European Economic Area (EEA), such transfers are governed by:
7.3. Details of international transfer safeguards are available upon request to Info@theclubcult.com.
Personal data is retained only for as long as necessary for the purposes for which it was collected, or as required by applicable law:
At the end of the applicable retention period, personal data is either anonymised or securely deleted.
Under the GDPR and applicable French law, you have the following rights regarding your personal data:
Right of access (Article 15). You may request confirmation of whether personal data concerning you is being processed and, if so, obtain a copy of such data together with information about the processing.
Right to rectification (Article 16). You may request the correction of inaccurate personal data or the completion of incomplete data.
Right to erasure (Article 17). You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where the data has been unlawfully processed. This right is subject to legal retention obligations.
Right to restriction of processing (Article 18). You may request restriction of processing where the accuracy of data is contested, where processing is unlawful, where we no longer need the data but you require it for legal claims, or where you have objected to processing pending verification.
Right to data portability (Article 20). You may request to receive your personal data in a structured, commonly used and machine-readable format (JSON or CSV), and to have it transmitted to another controller where technically feasible.
Right to object (Article 21). You may object to processing based on legitimate interest or for direct marketing purposes. For direct marketing, the objection is absolute and will be implemented without delay.
Right regarding automated decision-making (Article 22). TCC does not use automated decision-making that produces legal effects or similarly significantly affects individuals. Membership applications are reviewed by a human commission.
Right to withdraw consent. Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
9.2. How to Exercise Your Rights
Requests may be submitted to Info@theclubcult.com or by post to the registered office. For security purposes, we may request identity verification before processing a request. We will respond to all valid requests within one (1) month of receipt. This period may be extended by two (2) additional months for complex or numerous requests, in which case we will inform you of the extension within the initial one-month period.
9.3. All requests are handled free of charge, unless they are manifestly unfounded or excessive, in which case a reasonable administrative fee may be charged.
10.1. TCC does not engage in automated decision-making that produces legal effects concerning individuals or similarly significantly affects them, within the meaning of Article 22 GDPR.
10.2. Membership applications are reviewed exclusively by a human Admissions Commission. No automated system is used to approve or deny applications. Applications that are not approved remain on hold indefinitely and are never automatically rejected.
10.3. The Platform may use algorithmic features for service matching, search results ranking or content personalisation. These features do not constitute automated decision-making under Article 22 GDPR as they do not produce legal effects or similarly significant effects on individuals.
In accordance with Article 32 GDPR, TCC implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk:
Technical Measures:
Organisational Measures:
12.1. In accordance with Articles 33 and 34 GDPR, in the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, TCC will notify the CNIL within seventy-two (72) hours of becoming aware of the breach.
12.2. Where the breach is likely to result in a high risk to the rights and freedoms of affected individuals, TCC will notify those individuals without undue delay, providing clear information about the nature of the breach, the likely consequences and the measures taken to address it.
12.3. All data breaches are documented in an internal breach register, regardless of whether notification to the CNIL or to data subjects is required.
13.1. The Platform uses cookies and similar tracking technologies. Detailed information about the types of cookies used, their purposes and your choices is provided in our separate Cookie Policy.
13.2. In accordance with CNIL guidelines (Deliberation n. 2020-091 of 17 September 2020), non-essential cookies are only placed after the User has provided informed, specific and unambiguous consent. Users may withdraw cookie consent at any time through the cookie preference centre accessible from every page of the Platform.
13.3. Strictly necessary cookies (essential for Platform functionality) do not require consent and cannot be disabled.
The Platform is not intended for use by individuals under the age of eighteen (18). TCC does not knowingly collect personal data from minors. If we become aware that personal data has been collected from a minor without appropriate parental consent, we will take steps to delete such data promptly.
15.1. TCC reserves the right to update this Privacy Policy to reflect changes in our data processing activities, legal requirements or regulatory guidance.
15.2. Users will be notified of material changes by email and through the Platform at least thirty (30) calendar days before the changes take effect. Non-material editorial changes may be made without prior notice.
15.3. The date of the last update is indicated at the top of this Privacy Policy. Previous versions are archived and available upon request.
For any questions or concerns regarding this Privacy Policy or the processing of your personal data, please contact:
Data Protection Officer
Agency Cult SASU
44 Rue du Bac, 75007 Paris, Paris, France
Email: Info@theclubcult.com
You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data infringes the GDPR or applicable French law:
Commission Nationale de l'Informatique et des Libertes (CNIL)
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07, France
Website: www.cnil.fr
Telephone: +33 (0)1 53 73 22 22
We encourage you to contact us first so that we may attempt to resolve any concerns directly.