Privacy Policy
Updated on 04/11/2025
This Privacy Policy aims to inform users of the 10-Chairs website (hereinafter referred to as “the Site”) about how 10-Chairs Innovations (hereinafter referred to as “we” or “the Company”) collects and processes their personal data, in accordance with the Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and French law on Data Protection and Freedom.
By using the Site and providing us with your personal data, you agree to the terms of this Policy. We are committed to ensuring the confidentiality and security of your data.
1. Identity of the Data Controller
The data controller for the data collected on the Site is the company 10-Chairs Innovations, SAS registered with the Epinal Trade and Companies Register No. 931 685 317[1], whose headquarters is at 6 C Rue du Grand Breuil, 88200 Remiremont, France.
You can contact us for any questions regarding data protection: - By email: contact@10-chairs.com - By mail: 10-Chairs Innovations, 6 C Rue du Grand Breuil, 88200 Remiremont, France.
We only collect personal data necessary for the purposes described in Article 3. This data may be provided directly by you via the forms on the Site or collected automatically during your browsing.
2.1. Data You Provide Voluntarily: - Submitting a letter of intent: full name, email address, possibly postal address (if requested for billing), payment amount, transaction date. Please note that payment information (credit card number, PayPal identifiers) is not transmitted directly to us: it is processed securely by payment providers (PayPal, Stripe). We do retain a transaction ID and the payment status. - Investment intent form: if you express interest in investing, we may collect your contact details (name, email, phone if applicable) and some information about your investor profile (expected amount, etc.) as you provide it in the dedicated Typeform. - Email/contact support: if you contact us directly (via the mailto link or any other means), we will retain your email address and the content of your message in order to respond and ensure follow-up on your request.
2.2. Automatically Collected Data: - Browsing Data: during your visit to the Site, we may collect information such as your IP address, technical data about your browser and device (browser type and version, operating system, screen resolution), the browsing path on our Site (pages viewed, duration of visit, etc.), as well as the cookies deposited (see Article 6 on Cookies).
We do not collect so-called “sensitive” data as defined by the GDPR (health data, racial origin, political opinions, etc.), nor data related to payment cards (managed by third parties as indicated).
3. Purposes and Legal Bases for Processing
We process your personal data for various explicit and legitimate purposes. For each processing, we ensure we have an adequate legal basis (consent, contract, legitimate interest, legal obligation).
3.1. Management of Letters of Intent and Pre-sales
- Purposes: Process your €1 intention deposit payments; record these deposits in our customer database; issue you a payment confirmation; include you in the priority list of future buyers. Refund the deposit if the products do not release on time or at your request within the allotted timeframe).
- Legal basis: Processing based on the execution of a contract (our General Terms and Conditions of Sale which you accept by making the deposit). Necessary refund operations also respect a legal obligation when related to the withdrawal right.
3.2. Investment Requests
- Purposes: Collect expressions of interest for investment in 10-Chairs; compile a list of people to contact when the investment operation (via holding in BSA AIR or in BSA AIR) is launched; potentially filter these investment prospects based on criteria (e.g., expected amount) to adhere to the limit of 45 persons.
- Legal basis: Consent. By filling out the investment intent form, you consent to share this information for the purpose of being contacted regarding an investment opportunity. You may withdraw your consent at any time (for example, by writing to us to request deletion of your potential investor data).
3.3. Communication and Marketing (newsletter)
- Purposes: Inform members of the project's news, advances (e.g., finalization of the prototype, upcoming opening of pre-orders...), possibly send general newsletters about project progress or promotional offers related to the launch.
- Legal basis: Consent or legitimate interest (prospecting for similar products/services). At the time of your registration, we may explicitly ask you if you wish to receive our newsletters or communications (opt-in checkbox). If you are already a customer (e.g., you have made a deposit), we may send you communications regarding products or services similar to those already provided, based on our legitimate interest in keeping you informed, in accordance with Article L.34-5 of the Postal and Electronic Communications Code. In any case, you will have the option to object at any time to receiving these emails (via the unsubscribe link included in each message or by contacting us).
3.4. Responses to Contact/Support Requests
- Purposes: Respond to questions you have asked us, assist you in case of problems (e.g., difficulty registering, questions regarding the deposit, etc.), and generally communicate with you following your request.
- Legal basis: Legitimate interest of the Company in responding to users' requests on the Site. When it concerns requests related to the execution of a contract (e.g., refund requests, exercise of a right), the basis may be the execution of the contract or compliance with a legal obligation.
3.5. Operation and Security of the Site
- Purposes: Ensure the proper technical functioning of the Site and its functionalities (waiting list, payment modules, etc.); produce anonymous attendance statistics to improve our services; ensure the security of the Site and your data (preventing attacks, detecting bugs).
- Legal basis: Legitimate interest of the Company in maintaining its Site operational and secure. Certain necessary technical cookies are placed on this legal basis (see Article 6). Audience measurement, when done anonymously or respectfully of privacy (without invasive tracking), may also fall under legitimate interest.
4.1. Internally: The personal data collected is accessible to authorized members of the Company, only to the extent necessary for the execution of their tasks. For example, customer support staff will have access to contact data to respond to requests, the technical team will access registration information to manage the waiting list, etc. Given the small size of our start-up, it is possible that these roles are held by a limited number of people (founders notably may have access to all data in compliance with the mentioned purposes).
4.2. Service Providers and Subcontractors: We rely on trusted third-party companies to help us provide our services, for example: - Viral Loops (or equivalent service) – management of the viral referral program: this service processes email addresses of sign-ups and tracks referrals (who referred whom) on our behalf. It helps us establish rankings and assign rewards. - Typeform – online form platform: used to collect certain information (e.g., investment intents via a questionnaire, or surveys). The responses you submit via Typeform are transferred to us and stored securely on their servers. - Payment services (PayPal, Stripe): handle financial transactions related to the letter of intent deposit. PayPal is used for payments through PayPal accounts; Stripe (integrated with Typeform) may be used for credit card payments. These providers collect your payment data directly. We only receive a payment confirmation (amount, date, payer's email, transaction ID) and do not have access to your complete banking details. - Host (Framer): the Site is hosted on Framer B.V.'s infrastructure. Based in the Netherlands, Framer potentially stores certain technical data or content from the Site (including possibly part of the user data entered in integrated forms). Framer acts as a technical subcontractor ensuring the storage and availability of the Site. - Analytics and Communication Tools: we may use third-party tools such as Google Analytics (configured with IP anonymization) for audience statistics, or email services (e.g., Mailchimp, Sendinblue, Lemlist) for our newsletters. These tools will only receive the strictly necessary data (e.g., your email for sending a newsletter). We ensure that our service providers provide adequate compliance guarantees (data processing agreements, server location, etc.).
All these providers are bound to us by a subcontracting contract requiring them to protect your data, to process them only on our behalf and according to our instructions, and not to use them for other purposes.
4.3. Legal Obligations and Special Cases: Outside of these providers, we do not share your personal data with any third parties, unless required or mandated by law (for example, court order, legal obligation to transmit invoices to the tax administration containing your details if you have made a payment). Similarly, in case of litigation, we may communicate certain information to legal advisors or competent authorities to defend our rights.
4.4. Transfers Outside of the European Union: Generally, we prefer providers that host data within the EU or in countries deemed adequate by the European Commission. However, some providers (e.g., PayPal, Google) may be located or store data in the United States or elsewhere. In such cases, we ensure that appropriate safeguards are in place to regulate these transfers, such as the standard contractual clauses of the European Commission or any other measures required by the GDPR. You can contact us for more details on this matter.
We keep your personal data only for the duration necessary for the purposes for which they were collected and in accordance with applicable legal requirements.
For example: - Data for registration on the waiting list (referral): kept as long as the referral program is ongoing and then for 2 years after the end of the competition or after your last activity, unless you request deletion before. If you do not become a customer after this period, your data may be deleted or anonymized. (Exception: if you have consented to receive our marketing communications, your email address will be retained until unsubscribed or at most 3 years after your last active contact). - Data related to the letter of intent (pre-order): retained until the product is marketed and the credit or commercial privilege is used, or until the refund if applicable. Transaction records (invoices, payment receipts) are kept for 10 years in accordance with the accounting and tax obligations in France. - Potential investor data: kept until the investment offer is completed. If you do indeed join the investment, your data will be kept as long as necessary for managing this relationship (according to financial regulations). If the investment project does not materialize or if you decide not to participate, your data will be deleted within 3 years maximum after collection, unless you request deletion sooner. - Contact data (email messages): retained while processing your request and then archived for the duration of the applicable statute of limitations (generally 5 years) in case any record is needed. - Login logs and browsing data: technical server logs are kept for a few months to ensure security. Cookies have varying lifetimes (see Article 6) but do not exceed 13 months for non-essential cookies.
At the end of these periods, we delete or anonymize personal data. We may retain certain information beyond this if required by law or if necessary for the establishment, exercise, or defense of rights in legal proceedings (for instance, retention of relevant data in case of litigation).
6.1. What is a cookie?
A cookie is a small text file placed on your device (computer, smartphone…) when you visit a website. It allows the site to recognize your device on each subsequent visit, for the duration of the cookie's validity.
We use the following cookies on the Site: - Strictly Necessary Cookies: These cookies are essential for the operation of the Site and allow you to use its basic features. For example, they remember your ongoing registration on the waiting list or your login (if applicable), and are used to secure the referral mechanism. Without these cookies, certain services of the Site (such as tracking your position on the list) cannot be provided properly. - Performance / Analytical Cookies: These cookies collect information on how visitors use the Site (most frequently viewed pages, possible error messages…). They help us improve the operation of the Site. We use tools like Google Analytics configured with IP anonymization (which means your IP address is truncated not to identify you). The data collected is aggregated and anonymous. - Third-party Functional Cookies: Some modules embedded in the Site may place their own cookies. For example, our forms (hosted via Typeform) or the integration of the PayPal payment process may use cookies necessary for their operation. Similarly, if we display third-party multimedia content (YouTube videos, etc.), these services may deposit cookies subject to their own policies.
We do not use advertising or third-party targeting cookies on the Site at present.
6.2. Consent and Cookie Management:
Upon your first visit to the Site, a cookie banner informs you of the purposes of the cookies and offers you to accept, refuse, or customize their placement (excluding necessary cookies). Your choice will be retained for a maximum period of 13 months, after which you may be asked for your consent again.
You can modify your cookie preferences at any time using the cookie management module available on the Site (link “Cookie Settings” at the bottom of the page) or through your web browser settings. Most browsers indeed allow you to control cookies (accept them, block them, delete them).
Please note that refusing necessary cookies may lead to the unavailability of certain functionalities of the Site (e.g. the referral system may not function properly without a cookie to remember the link).
To learn more about cookies and how to manage them, you can consult the CNIL website: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.
The Company places great importance on the security of your personal data. We implement appropriate technical and organizational measures to protect your data from unauthorized access, disclosure, loss, or destruction. These measures include the encryption of communications (Site in HTTPS), data backup procedures, strict access management for our staff and service providers, etc.
We also require our subcontractors to maintain a level of security compliant with industry standards for any processing of your data.
In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will inform you as soon as possible, as well as the competent supervisory authority (CNIL), in accordance with legal requirements.
In accordance with the regulations, you have the following rights regarding your data: - Right of access: obtain confirmation that data concerning you are being processed, and if applicable, access them and receive a copy, as well as information on the purposes of the processing, the categories of data concerned, etc. - Right of rectification: correct inaccurate personal data concerning you and complete incomplete data. - Right to erasure (right to be forgotten): in certain cases, obtain the deletion of your data (e.g., if they are no longer necessary, if you withdraw your consent, or if you object and no overriding legitimate interest justifies their retention). - Right to restriction: request the temporary freezing of the use of certain of your data, for example, time to resolve a dispute or verify the accuracy of contested data. - Right to object: object at any time, for reasons related to your particular situation, to the processing of your data based on the legitimate interest of the Company. In particular, you may object to commercial prospecting (newsletters) and we will cease that processing. - Right to portability: receive in a structured, commonly used, and machine-readable format the personal data you have provided directly, when the processing is automated and based on your consent or a contract, so that you can transmit them to another provider if you wish. - Post-mortem directives: in France, the right to define directives regarding the fate of your data after your death (retention, deletion, communication). You can inform us of any specific directives.
To exercise your rights, please contact us at the details provided in Article 1. We may ask for proof of identity if necessary, to ensure that we do not disclose your data to an unauthorized person.
We will strive to respond within 1 month from the receipt of your request. This period may be extended by 2 months in the case of a complex or multiple request, but we will keep you informed.
If despite our efforts you believe your rights are not being respected, you can file a complaint with the competent supervisory authority. In France, the CNIL (www.cnil.fr) is the authority responsible for ensuring compliance with privacy.
The services of 10-Chairs (waiting list, letter of intent, etc.) are intended for an adult audience. We do not knowingly collect data from individuals under the age of 15 without parental consent. If a minor under 15 has registered without parental permission, the parent or guardian may contact us to request the deletion of the child's data.
10. Changes to the Privacy Policy
We may need to update this Privacy Policy, for example, in the event of legal changes or our processing. In case of substantial modifications, we will inform users (for example via a notice on the Site or by email) and will update the date below.
We encourage you to regularly check this page to stay informed about our privacy practices.