01.Our GDPR Commitment
WezBook is committed to complying with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and the amended French Data Protection Act of January 6, 1978.
As a SaaS platform for beauty and wellness professionals (including the WezPay module compliant with art. 286-I-3°bis of the French CGI), we process sensitive personal data and take this responsibility very seriously.
02.Applied Principles
We apply the fundamental principles of the GDPR:
- Lawfulness, fairness and transparency : we process your data lawfully and transparently
- Purpose limitation : your data is collected for specified and legitimate purposes
- Minimization : we only collect strictly necessary data
- Accuracy : we ensure your data is kept up to date
- Storage limitation : your data is retained only for the necessary duration (except legal obligations such as the 6-year cash register data retention)
- Integrity and confidentiality : we protect your data through appropriate technical measures (encryption, RBAC, audit trail)
03.Your Rights
Right of access (Article 15)
You may request a copy of all personal data we hold about you. We will respond within 1 month (article 12.3 GDPR).
Right to rectification (Article 16)
You may correct your data directly from your account or contact us for any modification.
Right to erasure (Article 17)
You may request the deletion of your data, unless retention is necessary to comply with a legal obligation.
Important exception — WezPay cash register data: in accordance with article 17.3(b) of the GDPR, the right to erasure does not apply to data recorded via WezPay, subject to a legal retention obligation of 6 years (article L.102 B of the LPF) and unalterability (article 286-I-3°bis of the French CGI).
Right to portability (Article 20)
You may receive your data in a structured, commonly used and machine-readable format (JSON/CSV).
Right to object (Article 21)
You may object to the processing of your data for reasons related to your particular situation, notably for direct marketing.
Right to restriction (Article 18)
You may request restriction of processing in certain cases (contesting accuracy, unlawful processing, etc.).
04.Sub-processors
We use the following sub-processors, all GDPR-compliant:
| Sub-processor | Role | Location | Safeguards |
|---|---|---|---|
| AWS | Hosting, storage, backup | Europe (Ireland / Frankfurt) | Data in EU |
| Firebase (Google) | Authentication | USA | DPF + SCC |
| Stripe | Payments and subscriptions | USA | DPF + SCC |
| Twilio | SMS sending | USA | DPF + SCC |
| Resend | Email sending | USA | SCC |
| SumUp | Payment terminal payments | Europe (Ireland) | Data in EU |
| Google Places | Salon geolocation | USA | DPF + SCC |
Each sub-processor is bound by a Data Processing Agreement (DPA) guaranteeing a level of protection equivalent to the GDPR.
05.Data Breach
In the event of a personal data breach, we commit to notifying the CNIL within 72 hours of discovering the incident, in accordance with article 33 of the GDPR. If the breach is likely to result in a high risk to your rights and freedoms, you will also be informed directly.
06.Contact Our DPO
For any question regarding the protection of your data or to exercise your rights, contact our Data Protection Officer (DPO):
- Email : contact@wezbook.com
- Mail : [TO BE COMPLETED]
Supervisory authority: French Data Protection Authority (CNIL) — https://www.cnil.fr
Other legal pages
Have questions about our terms?
Our team is here to help you understand your rights and our responsibilities.