This Privacy Policy describes how Special Guest SAS collects, uses, stores, and protects your personal data when you visit www.special-guest.eu or communicate with us. It is established in compliance with the General Data Protection Regulation (GDPR — EU 2016/679), the EU Directive Omnibus (2019/2161) as transposed into French law, and the EU Data Act (2023/2854), applicable since September 2025. Please read it carefully. For any questions, contact us at jm@special-guest.eu.
The entity responsible for the processing of your personal data, within the meaning of Article 4(7) GDPR, is:
Special Guest SAS
SIRET: 10150709300017
Registered in France — Republic of France
Website: www.special-guest.eu
Data Protection Contact: jm@special-guest.eu
Special Guest SAS does not appoint a Data Protection Officer (DPO), as it does not engage in large-scale systematic monitoring of individuals or large-scale processing of special categories of data within the meaning of Article 37 GDPR. The contact identified above assumes data protection responsibilities and will respond to all related requests.
When you contact us by email, through a contact form, or by any other means, we may collect the following personal data:
When you browse our website, certain technical data may be collected automatically, including:
We do not collect sensitive data (special categories within the meaning of Article 9 GDPR), such as health data, ethnic or racial origin, religious beliefs, political opinions, or biometric data. We will never collect such data without your explicit and informed consent, and only where strictly necessary for service delivery.
Special Guest does not deploy third-party advertising networks, social media tracking pixels, or behavioural profiling tools. Our website does not integrate Facebook Pixel, Google Ads conversion tags, TikTok Pixel, or equivalent commercial tracking technologies.
In accordance with Article 6 GDPR, each processing activity carried out by Special Guest SAS rests on one of the following legal bases:
Where processing is based on consent, you have the right to withdraw it at any time by contacting us at jm@special-guest.eu. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
Your personal data is used exclusively for the following purposes. Any new purpose incompatible with those listed below will be communicated to you prior to processing, in accordance with Article 13(3) GDPR.
To respond to messages received through our website or by email, prepare bespoke experience proposals, and manage our client relationship with precision and discretion.
To provide, coordinate, and improve the bespoke services you have commissioned, including private guided tours, concierge services, and escorting engagements.
To understand how our website is used, diagnose technical issues, and improve content and user experience. Where third-party analytics tools are used, they are configured to anonymise IP addresses and prevent cross-site tracking. No analytics data is shared with advertising networks.
To comply with French and European legal obligations, including accounting, invoicing, anti-money laundering (AML) requirements, and responses to lawful judicial or administrative requests.
To send you information about our services, destinations, or events — exclusively where you have expressly consented. Each communication includes an unsubscribe link. Withdrawal of consent takes effect immediately and without charge.
We retain your personal data only for as long as strictly necessary for the purposes described in this Policy and in compliance with applicable legal retention requirements. The following periods apply:
| Category of Data | Retention Period | Legal Basis |
|---|---|---|
| Pre-contractual enquiries & correspondence | 3 years from last contact | Legitimate interest / Pre-contractual measures (Art. 6.1.b) |
| Contractual client data | 5 years from end of service | Legal obligation — French Commercial Code |
| Accounting & invoicing records | 10 years | Legal obligation — Art. L123-22 French Commercial Code |
| Cookie consent records | 13 months from consent | Legal obligation — CNIL Guidelines (2020, updated 2023) |
| Website connection logs (IP address, access) | 12 months | Legal obligation — French Law for Digital Confidence (LCEN) |
| Newsletter & marketing data | 3 years from last interaction, or until consent is withdrawn | Consent (Art. 6.1.a) |
Upon expiry of the applicable retention period, data is securely deleted or irreversibly anonymised for statistical purposes. You may request early deletion subject to Article 8 (Right to Erasure), provided no overriding legal retention obligation applies.
In accordance with Article 5(3) of the ePrivacy Directive (2002/58/EC) and the CNIL Guidelines on Cookies and Trackers (updated 2020 and 2023), we inform you of the following practices on www.special-guest.eu:
These cookies are essential for the website to function correctly and cannot be disabled without impairing core functionality. They do not require your consent. They include session management, security tokens, and load balancing. No personal data is transmitted to third parties through these cookies.
Subject to your prior, freely given, and specific consent, we may use privacy-preserving analytics tools to measure how our website is used. Any such tool is configured to: anonymise IP addresses before storage, disable cross-site tracking, and refrain from sharing data with advertising networks. You may refuse or withdraw this consent at any time via our cookie preference interface.
We do not use advertising cookies, retargeting pixels, social media tracking scripts, or any technology designed to construct a behavioural profile of you across websites or over time.
Upon your first visit, a consent banner presents you with a clear and granular choice to accept or refuse non-essential cookies. Refusing cookies does not degrade access to any content on our website. Your preference is recorded and stored for a maximum of 13 months. You may change your preferences at any time.
Consent to cookies must be freely given, specific, informed, and unambiguous (Article 4(11) GDPR). Pre-ticked boxes, "consent by scrolling," or cookie walls conditioning site access on consent are not lawful under GDPR and CNIL guidance. Our website does not employ any such practices.
Special Guest SAS does not sell, rent, exchange, or otherwise commercialise your personal data to any third party, under any circumstances whatsoever.
We may share your data with carefully selected technical service providers acting as data processors on our behalf (e.g. web hosting providers, email infrastructure). All such providers:
We may disclose personal data where required by law, court order, or a competent public authority (e.g. CNIL, judicial authorities, tax administration). In all such cases, we disclose only the minimum data strictly required and, where legally permitted, will notify you of such a request.
Where personal data is transferred to a country outside the European Economic Area (EEA), Special Guest SAS ensures that such transfer is protected by appropriate safeguards in accordance with Chapter V GDPR, namely:
You may request specific information about the safeguards applicable to any international transfer of your personal data by contacting us at jm@special-guest.eu.
As a data subject under Articles 15 to 22 GDPR, you hold the following rights with respect to your personal data. To exercise any of them, please contact us at jm@special-guest.eu. We will respond within one calendar month of receipt, as required by Article 12 GDPR. Where requests are complex or numerous, this period may be extended by a further two months, with prior notice.
You may request a copy of the personal data we hold about you, the purposes of processing, the categories of data concerned, retention periods, and recipients.
You may request correction of inaccurate or incomplete personal data without undue delay. Where data has been shared with processors, we will notify them of the correction.
You may request deletion of your data where it is no longer necessary for its original purpose, where you withdraw consent, or where processing is unlawful — subject to applicable legal retention obligations.
You may request that we restrict processing of your data in certain circumstances, for example while the accuracy of data you have contested is being verified.
Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
You may object at any time to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your rights.
Where processing rests on your consent, you may withdraw it at any time with immediate effect. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
You have the right to lodge a complaint with the CNIL or any competent supervisory authority in your EU member state of habitual residence, without prejudice to any other administrative or judicial remedy.
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07, France
Website: www.cnil.fr — Tel: +33 (0)1 53 73 22 22
In accordance with Article 22 GDPR and the EU Artificial Intelligence Act (Regulation 2024/1689, provisions applicable from 2 August 2026), we inform you of the following:
Special Guest SAS does not subject any individual to a decision based solely on automated processing — including profiling — which produces legal effects or similarly significantly affects that person. All decisions regarding the provision of our services involve meaningful human review and oversight.
Where AI-assisted tools are used internally (e.g. for drafting, research, or workflow management), such tools operate under human supervision and do not autonomously process clients' personal data for decision-making purposes. No personal data is transmitted to AI systems without a lawful basis and appropriate contractual safeguards with the relevant provider.
We do not conduct behavioural profiling of website visitors, nor do we build personal profiles for the purpose of targeting, scoring, predicting, or influencing individual behaviour, preferences, or decisions.
Special Guest SAS complies with the EU Directive Omnibus (2019/2161), transposed into French law by Ordinance No. 2021-1734 of 22 December 2021 (in force since 28 May 2022), and with the Digital Services Act (DSA — EU 2022/2065, fully applicable since 17 February 2024). The following disclosures apply:
In accordance with Article 6a of Directive 2011/83/EU (as amended by the Omnibus Directive), if a price or proposal presented to you is personalised on the basis of automated processing or profiling, you will be explicitly and prominently informed before any engagement. Special Guest SAS does not currently employ automated personalised pricing mechanisms on its website.
Our website does not operate a marketplace, search engine, or algorithmic ranking system. The presentation of destinations, services, and editorial content on www.special-guest.eu reflects the independent editorial judgement of our team and is not influenced by paid placement, undisclosed commercial relationships, or algorithmic ranking based on personal data.
In accordance with Article 7a of the Unfair Commercial Practices Directive (2005/29/EC, as amended by Directive Omnibus), any client references or testimonials appearing on our website relate exclusively to genuine engagements with real clients. We do not fabricate, commission, manipulate, or artificially inflate consumer reviews. Where client references are published, reasonable and proportionate verification steps have been taken to confirm their authenticity.
As a provider of online information services, Special Guest SAS complies with the applicable provisions of the DSA. Our website does not function as a very large online platform (VLOP) within the meaning of Article 33 DSA. We do not host user-generated content at scale, operate recommendation algorithms, or place targeted advertisements.
The EU Data Act establishes rights of access, portability, and sharing with respect to data generated through the use of connected products or related services. As a service provider, Special Guest SAS ensures that:
In accordance with Article 32 GDPR, Special Guest SAS implements technical and organisational measures appropriate to the level of risk, including:
In the event of a personal data breach likely to result in a risk to your rights and freedoms, Special Guest SAS will notify the CNIL within 72 hours of becoming aware of it, in accordance with Article 33 GDPR. Where the breach presents a high risk to you personally, we will also notify you directly and without undue delay, as required by Article 34 GDPR, including the nature of the breach, the categories of data affected, and the measures taken or proposed to address it.
No method of transmission over the internet is entirely secure. While we maintain robust and regularly reviewed security measures, we cannot guarantee absolute security against all threats. We encourage you to exercise appropriate caution when sharing personal information online.
We reserve the right to update this Privacy Policy at any time to reflect changes in applicable law, regulatory guidance (including CNIL recommendations), or our data processing practices. Any revised version will be published on this page bearing the updated date.
Where changes are material and affect your rights or the manner in which we process your personal data, we will take reasonable steps to notify you in advance of the changes taking effect — for example, by email where we hold your contact details. The revised Policy will specify its effective date.
If you do not agree with any changes, you may exercise your rights as described in Article 8 of this Policy, including the right to withdraw consent or request erasure of your data.
For any question relating to this Privacy Policy, to exercise your rights under the GDPR, or to report a concern about the processing of your personal data, please contact us directly:
We will acknowledge receipt of your request within 5 business days and provide a substantive response within one calendar month (Article 12 GDPR). Where your request is complex, this period may be extended by a further two months; in such cases, we will inform you of the extension within the first month, stating the reasons for the delay.
If you remain unsatisfied with our response, or believe that your personal data has been processed in violation of the GDPR, you have the right to lodge a complaint with the CNIL (see Article 8 above) without prejudice to any other administrative or judicial remedy.
Send an enquiry