Skip to content
TGZ Conciergerie

Legal

Privacy Policy

How TGZ Conciergerie collects, safeguards and uses your personal data — written plainly, held to the standard our clients expect, and fully compliant with the GDPR and French law.

Last updated: 29 June 2026

1. Introduction

At TGZ Conciergerie, discretion is not a feature of our service — it is its foundation. The individuals and families who entrust us with their travel, their celebrations and their most personal requests do so knowing that their privacy will be protected without compromise.

This Privacy Policy explains, transparently and without jargon, what personal data we collect, why we collect it, how we protect it, and the rights you hold over it. It applies to every interaction you have with us: our website, our concierge services, and every channel through which we communicate.

We have written it to be read, not merely filed. Should anything here be unclear, our team will gladly explain it.

2. Data Controller

For the purposes of the GDPR, the data controller responsible for your personal data is TGZ Conciergerie, a company incorporated in France, with its registered office at 50 avenue des Champs-Élysées, 75008 Paris, France.

  • Registered with the Paris Trade and Companies Register (RCS) under no. 933 609 935
  • Email: [email protected]
  • Telephone: +33 7 82 29 51 21
  • Postal address: 50 avenue des Champs-Élysées, 75008 Paris, France

Data protection contact

Given the nature and scale of our activities, TGZ Conciergerie is not legally required to appoint a Data Protection Officer under Article 37 of the GDPR. We have nonetheless designated a dedicated point of contact for all privacy matters, reachable at [email protected].

3. Personal Data We Collect

We collect only the data we genuinely need to serve you well and to meet our legal obligations. Depending on how you engage with us, this may include the following categories.

Identity information

Your full name, title, nationality and, where a booking requires it, date of birth or travel-document details.

Contact information

Your email address, telephone and WhatsApp numbers, and postal address.

Billing information

Your billing name and address, and the details required to issue invoices and receipts.

Payment information

The transaction data required to process a payment. Card numbers are entered directly with our payment provider and are never stored on our systems (see Payment Processing).

Booking and travel information

Details necessary to arrange your requests — travel dates and itineraries, accommodation, transport, dietary requirements, accessibility needs, guest lists and similar preferences.

Concierge requests

The substance of what you ask us to arrange, together with the preferences and notes that allow us to anticipate and personalise our service over time.

Communication history

A record of our correspondence with you — email, telephone, WhatsApp and messaging — kept so that any member of our team can serve you seamlessly.

Website usage and technical data

When you visit our website, we may collect your IP address, browser and device type, language preference, and information about how you navigate the site — primarily to keep it secure and functioning correctly.

Cookies and marketing preferences

The small files placed on your device, governed by your choices and described in our Cookie Policy, together with whether you have chosen to receive communications from us and the topics that interest you.

We do not seek to collect special categories of data (such as health information). Where a request makes certain details relevant — a dietary restriction or accessibility requirement, for instance — we process them only to fulfil that request, and only with your agreement.

4. How We Collect Your Data

We collect personal data only through channels you choose to use:

  • Directly from you, when you complete our contact form, write to us, or speak with our team.
  • Through messaging channels such as WhatsApp, email and telephone, when you reach out to us.
  • When you make a booking or request a service, and as we carry it out on your behalf.
  • Through our payment provider, when you settle an invoice.
  • Automatically, through cookies and analytics, when you browse our website — subject to your consent where required.

On occasion, and only with your knowledge, we may receive details from someone acting on your behalf — a family member, assistant or travelling companion arranging a request for you.

5. Why We Process Your Data

We process your personal data only where the law allows. Each purpose below is matched to its legal basis under Article 6 of the GDPR:

  • Responding to your enquiries — to take steps at your request before entering into a contract (Art. 6(1)(b)), and our legitimate interest in answering you (Art. 6(1)(f)).
  • Delivering our concierge services — performance of our contract with you (Art. 6(1)(b)).
  • Processing payments — performance of our contract (Art. 6(1)(b)) and compliance with our accounting obligations (Art. 6(1)(c)).
  • Managing our client relationship — our legitimate interest in maintaining an attentive, personalised service (Art. 6(1)(f)).
  • Preventing fraud and protecting our clients — our legitimate interest in the security of our services (Art. 6(1)(f)).
  • Meeting our legal obligations — including accounting, tax and regulatory duties (Art. 6(1)(c)).
  • Keeping our website secure — our legitimate interest in protecting our systems and visitors (Art. 6(1)(f)).
  • Understanding website performance — with your consent, where analytics are used (Art. 6(1)(a)).
  • Sending you marketing communications — with your consent, which you may withdraw at any time (Art. 6(1)(a)).
  • Improving our services — our legitimate interest in refining and elevating what we offer (Art. 6(1)(f)).

Where we rely on legitimate interest, we have carefully weighed it against your rights and freedoms, and you may object at any time (see Your Rights).

6. Payment Processing

All payments are handled by Stripe, a global payment provider certified to the highest industry standard, PCI-DSS Level 1.

When you pay, your card details are transmitted directly to Stripe over an encrypted connection and are processed entirely within their secure environment. TGZ Conciergerie never sees, handles or stores your full card number.

We retain only the information we need to manage your account and meet our accounting obligations — such as the billing name, amount, date and a transaction reference. This separation of duties means your most sensitive financial data is protected by infrastructure built and audited specifically for that purpose.

7. Our Trusted Partners

Delivering a seamless service relies on a small, carefully chosen set of specialist providers. Each acts as a processor on our behalf, is bound by a contract that holds it to GDPR-grade obligations, and may access your data only to perform the role we have entrusted to it — never for its own purposes.

Stripe

Processes payments securely and guards against fraud, so that settling an invoice is effortless and protected.

Cloudflare

Delivers and shields our website, filtering malicious traffic and ensuring the site remains fast, available and secure wherever you are in the world.

Railway

Hosts the application that powers our website and the systems behind it, within a managed, secured environment.

Google Workspace

Provides the professional email and productivity tools our team uses to correspond with you and coordinate your requests.

Resend

Delivers the transactional emails you would expect to receive from us, such as confirmations and replies to your enquiries.

Discord

Carries secure internal notifications that alert our team to your requests, so that none goes unanswered.

Twilio

Enables optional SMS notifications, where messaging is the most convenient way to reach you.

We keep this circle deliberately small and review it regularly. We do not sell your personal data, and we never will.

8. International Data Transfers

Several of our providers are based in, or transfer data to, the United States. Whenever your personal data leaves the European Economic Area, we ensure it remains protected to the standard guaranteed by European law, through the following safeguards:

  • Standard Contractual Clauses — the European Commission's approved contractual safeguards are in place with the relevant providers.
  • EU–US Data Privacy Framework — where a provider is certified under the Framework, your data benefits from its recognised adequacy protections.
  • Supplementary measures — including encryption in transit and at rest, and strict access controls, to reinforce these safeguards.

You may request further detail on the safeguards applying to any specific transfer by writing to [email protected].

9. How Long We Keep Your Data

We keep your personal data only for as long as it is needed for the purpose for which it was collected, or for as long as the law requires. The principal periods are set out below:

Category of dataRetention periodReason
Enquiries from prospective clientsUp to 3 years from our last contactManaging and following up your enquiry
Client relationship and concierge recordsDuration of the relationship, then up to 3 yearsServing you and maintaining our shared history
Billing and accounting records10 yearsFrench Commercial Code (Art. L123-22)
Contractual and booking documentsUp to 5 years after the serviceStatutory limitation period (Art. 2224, Civil Code)
Records of consent3 years from collection or withdrawalEvidencing the choices you have made
Website and security logsUp to 12 monthsSite security and legal obligations
Cookies13 months maximumConsent-based cookies (CNIL guidance)

Once these periods expire, your data is securely deleted or irreversibly anonymised.

10. Cookies

Our website uses cookies to function reliably, to remember your preferences and, subject to your consent, to help us understand how the site is used. Full detail is set out in our dedicated Cookie Policy.

  • Essential cookies — necessary for the site to work, including security and language preference; these do not require consent.
  • Analytics cookies — help us understand how the site performs, and are used only with your consent.
  • Preference cookies — remember choices you have made, to personalise your experience.
  • Marketing cookies — used only with your consent, to make any communication more relevant.

You may review and change your choices at any time through your browser settings and our consent tools.

11. Your Rights

The GDPR grants you meaningful control over your personal data. You have the right to:

  • Access — obtain confirmation of, and a copy of, the data we hold about you.
  • Rectification — have inaccurate or incomplete data corrected.
  • Erasure — ask us to delete your data, where no legal obligation requires us to keep it.
  • Restriction — ask us to limit how we use your data in certain circumstances.
  • Objection — object to processing based on our legitimate interests, including direct marketing.
  • Portability — receive the data you have provided in a structured, machine-readable format, or have it transmitted to another controller.
  • Withdraw consent — withdraw any consent you have given, at any time, without affecting processing carried out beforehand.
  • Post-mortem directives — define how your data should be handled after your death.

To exercise any of these rights, simply write to [email protected]. We will respond within one month, and we may ask you to confirm your identity in order to protect your account.

If you believe we have not handled your data properly, you are entitled to lodge a complaint with the French data protection authority, the Commission Nationale de l'Informatique et des Libertés (CNIL — www.cnil.fr) — though we would always welcome the opportunity to resolve your concern directly first.

12. Data Security

Protecting your data is inseparable from protecting your privacy, and we treat both with the seriousness our clients deserve. Our safeguards include:

  • Encryption in transit — our website and services are served exclusively over HTTPS, secured with SSL/TLS.
  • Network protection — Cloudflare shields our infrastructure against malicious traffic and intrusion.
  • Secure hosting — our systems run within managed, access-controlled environments.
  • Encrypted communications — sensitive exchanges are protected in transit and at rest.
  • Restricted access — only authorised members of our team may access your data, strictly on a need-to-know basis.
  • Payment security — card data is isolated within Stripe's PCI-DSS Level 1 environment and never touches our systems.
  • Internal procedures — confidentiality obligations, access controls and ongoing review govern how we handle your information.

No system can promise absolute security, but we hold ourselves to a standard worthy of the trust placed in us, and we keep our measures under continual review.

13. Confidentiality

Beyond our legal obligations, discretion is a defining principle of how we work. The travel, events, reservations and personal requests our clients entrust to us are treated as strictly confidential.

Information about your movements, your guests, your celebrations and your private arrangements is shared only with the team members and partners directly involved in fulfilling your request, and only to the extent necessary to do so impeccably. We do not discuss our clients, and we do not trade on their names.

For clients who require it, additional confidentiality arrangements can be put in place on request.

14. Children's Privacy

Our services are intended for adults. We do not knowingly collect personal data from minors, and our website is not directed at children.

Where a booking or experience includes a minor — a family holiday or a celebration, for example — their details are provided and managed by a parent or legal guardian, who is responsible for that information. If you believe a minor has provided us with data without such authority, please contact us and we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, our providers, or the law. Any revision takes effect as soon as it is published on this page, and the date of the most recent update is always shown at the top.

Where a change is significant, we will take reasonable steps to bring it to your attention. We encourage you to review this page periodically.

16. Contact

We welcome your questions about this policy and about how we handle your personal data. You can reach us through any of the following:

  • Email: [email protected]
  • Telephone: +33 7 82 29 51 21
  • Post: TGZ Conciergerie, 50 avenue des Champs-Élysées, 75008 Paris, France

Whether your enquiry concerns a single detail or your data as a whole, our team will be glad to assist with the same care we bring to every request.