Privacy Policy
Updated on 05/09/2026
The purpose of this Privacy Policy is to inform users of the 10-Chairs website (hereinafter "the Site") about how 10-Chairs Innovations (hereinafter "we" or "the Company") collects and processes their personal data, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the French Data Protection Act (Loi Informatique et Libertés).
By using the Site and providing us with your personal data, you accept the terms of this Policy. We commit to preserving the confidentiality and security of your data.
1. Identity of the data controller
Le controller of the data collection on the Site is the company 10-Chairs Innovations, a simplified joint-stock company (SAS) registered with the Épinal Trade and Companies Register (RCS) under number 931 685 317, with its registered office located at 6 C Rue du Grand Breuil, 88200 Remiremont, France.
You can contact us for any question related to data protection: - By email: contact@10-chairs.com - By mail: 10-Chairs Innovations, 6 C Rue du Grand Breuil, 88200 Remiremont, France.
We only collect personal data that is necessary for the purposes described in Article 3. This data can be provided directly by you through the Site's forms, or collected automatically during your browsing.
2.1. Data that you voluntarily provide to us: - Payment of an intention deposit: full name, email address, possibly postal address (if requested for billing), payment amount, transaction date. Note that payment information (credit card number, PayPal credentials) is not transmitted to us directly: it is processed securely by payment providers (PayPal, Stripe/Typeform). However, we retain a transaction ID and the payment status. - Email contact / support: if you contact us directly (via the mailto link or by any other means), we will retain your email address and the content of your message to be able to respond and follow up on your request.
2.2. Data collected automatically: - Navigational data: during your visit to the Site, we may collect information such as your IP address, technical data about your browser and device (type and version of browser, operating system, screen resolution), the browsing path on our Site (pages viewed, duration of viewing, etc.), as well as stored cookies (see Article 6 on Cookies).
We do not collect so-called "sensitive" data under the GDPR (health data, racial origin, political opinions, etc.), nor do we collect payment card data (managed by third parties as indicated).
3. Purposes and legal grounds for processing
We process your personal data for various explicit and legitimate purposes. For each processing activity, we ensure that we have an appropriate legal basis (consent, contract, legitimate interest, legal obligation).
3.1. Management of intention deposits and pre-sales
- Purposes: Process your €1 intention deposit payments; register these deposits in our customer database; issue a payment confirmation to you; integrate you into the priority list of future buyers; refund the deposit if necessary (e.g., if the products are not released on time or upon request for withdrawal).
- Legal basis: Processing based on the performance of a contract (our General Terms and Conditions of Sale that you accept when making the deposit). Necessary refund operations also comply with a legal obligation when related to the right of withdrawal.
3.2. Communication and marketing (newsletter)
- Purposes: Inform members who have paid an intention deposit about project news, progress (e.g., finalization of the prototype, upcoming opening of pre-orders...), potentially send general newsletters about the progress of the project or promotional offers linked to the launch.
- Legal basis: Consent or legitimate interest (prospection for direct marketing of similar products/services). At the time of your registration, we may explicitly ask if you wish to receive our newsletters or communications (consent opt-in checkbox). If you are already a customer (e.g., you paid a deposit), we may send you communications regarding products or services similar to those already provided, on the basis of our legitimate interest in keeping you informed, in accordance with article L.34-5 of the French Postal and Electronic Communications Code. In any case, you will have the opportunity to object at any time to receiving these emails (via the unsubscribe link present in each sending or by contacting us).
3.3. Responses to contact/support requests
- Purposes: Answer questions you have asked, assist you in case of problems (e.g., questions about the deposit, etc.), and generally communicate with you following your request.
- Legal basis: Legitimate interest of the Company to respond to users' requests on the Site. When the request relates to the performance of a contract (e.g., refund request, exercising a right), the basis may be the performance of a contract or compliance with a legal obligation.
3.4. Site operation and security
- Purposes: Ensure the proper technical functioning of the Site and its features (payment modules, etc.); compile anonymous traffic statistics to improve our services; ensure the security of the Site and your data (prevention of attacks, bug detection).
- Legal basis: Legitimate interest of the Company to maintain its Site operational and secure. Certain necessary technical cookies are placed on this legal basis (see Article 6). Traffic measurement, when carried out anonymously or in a privacy-respecting manner (without invasive tracking), may also fall under legitimate interest.
4. Sharing of data – Recipients
4.1. Internally: The personal data collected is accessible to authorized members of the Company, only to the extent necessary to perform their duties. For example, customer support staff will have access to contact details to respond to inquiries, the technical team will have access to registration information to manage the waitlist, etc. Given the small size of our startup, these roles may be handled by a limited number of people (founders, in particular, may have access to all data in compliance with the stated purposes).
4.2. Providers and processors: We use trusted third-party companies to help us provide our services, for example: - Typeform – online form platform: used to collect certain information (e.g., surveys). The responses you submit via Typeform are transmitted to us and stored securely on their servers. - Payment services (PayPal, Stripe): manage financial transactions related to the intention deposit. PayPal is used for payments via PayPal accounts; Stripe (integrated into Typeform) can be used for card payments. These providers collect your payment data directly. We only receive payment confirmation from them (amount, date, payer's email, transaction identifier) and do not have access to your full bank details. - Hosting provider (Framer): the Site is hosted on the infrastructure of Framer B.V. Based in the Netherlands, Framer potentially stores certain technical data or Site content (possibly including part of user data entered in integrated forms). Framer acts as a technical processor by providing storage and availability for the Site. - Analytics and communication tools: we may use third-party tools such as Google Analytics (configured with IP anonymization) for audience statistics, or email delivery services (e.g., Brevo, Lemlist) for our newsletters. These tools will only receive the data strictly necessary (e.g., your email for sending a newsletter). We ensure that our providers offer adequate guarantees of compliance (data processing agreements, server localization, etc.).
All of these providers are bound to us by a subcontracting agreement requiring them to protect your data, process it only on our behalf and according to our instructions, and not use it for other purposes.
4.3. Legal obligations and special cases: Apart from these providers, we do not share your personal data with any third party, unless required or forced by law (for example, court order, legal obligation to transmit invoices featuring your contact details to the tax administration if you made a payment). Likewise, in the event of litigation, we may communicate certain information to legal advisers or competent authorities to defend our rights.
4.4. Transfers outside the European Union: In general, we prioritize providers hosting data within the EU or in countries recognized as adequate by the European Commission. However, some providers (e.g., PayPal, Google) may be located or store data in the United States or elsewhere. In this case, we ensure that appropriate safeguards are in place to govern these transfers, such as the European Commission's standard contractual clauses or any other measure required by the GDPR. You can contact us for more details on this subject.
We retain your personal data only for the period necessary for the purposes for which it was collected, and in accordance with applicable legal requirements.
For example:
- Data related to the intention deposit: retained until the product is marketed and a purchase is made, or until refunded if applicable. Transaction records (invoices, proof of payment) are kept for 10 years in accordance with legal accounting and tax obligations in France. - Contact data (email messages): retained for the time required to process your request and then archived for the applicable limitation period (5 years) in case a trace is needed. - Connection logs and browsing data: server technical logs are retained for a few months to ensure security. Cookies have varying lifespans (see Article 6) but do not exceed 13 months for non-essential cookies.
At the end of these periods, we delete or anonymize personal data. We may retain certain information beyond this if required by law or if necessary for the establishment, exercise, or defense of legal claims (for example, retaining relevant data in case of dispute).
6.1. What is a cookie?
A cookie is a small text file placed on your device (computer, smartphone, etc.) during a website visit. It allows the site to recognize your device on each subsequent visit, for the duration of the cookie's validity.
We use the following cookies on the Site: - Strictly necessary cookies: These cookies are essential for the operation of the Site and allow you to use its basic features. Without these cookies, some services on the Site cannot be provided correctly. - Performance / analytical cookies: These cookies collect information on how visitors use the Site (pages viewed most often, potential error messages, etc.). They help us improve how the Site works. For this purpose, we use tools like Google Analytics configured with IP anonymization (which means your IP address is truncated so as not to identify you). The collected data is aggregated and anonymous. - Third-party functional cookies: Some modules integrated into the Site may place their own cookies. For example, our forms (hosted via Typeform) or the integration of the Stripe / PayPal payment process may use cookies necessary for their functioning. Similarly, if we display third-party multimedia content (YouTube videos, etc.), these services may place cookies subject to their own policies.
We do not use advertising or third-party targeting cookies on the Site at this time.
6.2. Consent and cookie management:
On your first visit to the Site, a cookie banner informs you of the purposes of cookies and prompts you to accept, reject, or customize their placement (excluding necessary cookies). Your choice will be kept for a maximum of 13 months, and then your consent may be requested again.
You can change your cookie preferences at any time using the cookie management module available on the Site ("Cookie Settings" link at the bottom of the page) or through your browser settings. Most browsers allow you to control cookies (accept them, block them, delete them).
Please note that refusing necessary cookies may result in the unavailability of certain features of the Site.
To learn more about cookies and how to control them, you can visit the CNIL website: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.
The Company attaches great importance to the security of your personal data. We implement appropriate technical and organizational measures to protect your data against unauthorized access, disclosure, loss, or destruction. These measures include encryption of communications (Site via HTTPS), data backup procedures, strict access management for our team and providers, etc.
Furthermore, we require our processors to maintain a level of security in line with industry standards for any processing of your data.
In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will inform you as soon as possible, as well as the competent supervisory authority (CNIL), in accordance with legal requirements.
In accordance with regulations, you have the following rights regarding your data: - Right of access: get confirmation that data relating to you is processed, and if so, access it and receive a copy of it, as well as information on the purposes of the processing, the categories of data concerned, etc. - Right to rectification: have inaccurate personal data concerning you corrected and incomplete data completed. - Right to erasure (right to be forgotten): in some cases, obtain the deletion of your data (e.g., if it is no longer necessary, if you withdraw your consent, or if you object and there is no overriding legitimate interest to keep it). - Right to restriction of processing: request a temporary freeze on the use of some of your data, for example, while resolving a dispute or verifying the accuracy of contested data. - Right to object: object at any time, for reasons relating to your particular situation, to the processing of your data based on the Company's legitimate interest. In particular, you can object to commercial prospecting (newsletters) and we will then stop this processing. - Right to data portability: receive the personal data that you have directly provided to us in a structured, commonly used, and machine-readable format, when the processing is automated and based on your consent or a contract, in order to transmit it to another service provider if you wish. - Post-mortem directives: in France, the right to define directives regarding the outcome of your data after your death (retention, erasure, communication). You can inform us of specific directives.
To exercise your rights, please contact us at the contact details indicated in Article 1. We may ask you for proof of identity if necessary, to ensure we do not disclose your data to an unauthorized person.
We will endeavor to respond within 1 month of receiving your request. This period may be extended by 2 months in the event of complex or multiple requests, but we will then keep you informed.
If, despite our efforts, you feel that your rights are not being respected, you can file a complaint with the competent supervisory authority. In France, the CNIL (www.cnil.fr) is the authority responsible for ensuring respect for privacy.
10-Chairs services (intention deposit, etc.) are intended for an adult audience. We do not knowingly collect data from individuals under 15 without parental consent. If a minor under 15 has registered without parental authorization, the parent or guardian can contact us to request the deletion of the child's data.
10. Changes to the Privacy Policy
We may update this Privacy Policy from time to time, for example in the event of legal changes or developments in our processing. In the event of a significant change, we will inform users (for example via a notice on the Site or by email) and update the date below.
We invite you to regularly review this page to stay informed about our privacy practices.