POAP Privacy Policy

What is the purpose of this Policy?
POAP FRANCE, attaches great importance to the protection and confidentiality of your personal data, which represent for us a guarantee of seriousness and trust.
The Data Privacy Policy specifically reflects our commitment to enforce compliance with applicable data protection rules and, in particular, those of the General Data Protection Regulation ("GDPR").
In particular, the Privacy Policy aims to inform you about how and why we process your data in connection with the services we provide.

Who is this Privacy Policy for?
The Privacy Policy applies to you, regardless of where you live, as long as you are at least 15 years old, and choose to use one of our POAPs via our website.
If you are under 15 years of age, you may not use our services without the prior express consent of one of your parents, which must be provided in writing to gdpr@poap.fr. If you believe that we may be holding information about a child of yours under the age of 16 without your consent, you may request that we delete it at gdpr@poap.fr.

Why do we process your data?
As part of the services offered, we may need to process your personal data for the following reasons and purposes:
To browse our website and use our POAP services and answer to your requests (e.g., requests for information, complaints, etc.) on the basis of our terms and conditions, and our legitimate interest in providing you with the best possible service.
To stay informed of our latest offers and events by email on the basis of your prior consent. In the case that you are already a customer, information will be sent on the basis of our legitimate interest.
To ensure and enhance the security and quality of our services on a day-to-day basis (e.g. statistics, data security, etc.) based on our legal obligations, our terms and conditions and our legitimate interest in ensuring the proper functioning of our services.
Your data is collected directly from you when you log on to our website and use our services.
We undertake to process your data only for the purposes described above. However, when you voluntarily post content on the pages we publish on social networks, you acknowledge that you are fully responsible for any personal information you may transmit, regardless of the nature and origin of the information provided.

What data do we process and for how long?
We have summarized the categories of personal data we collect and their respective retention periods.
If you wish to obtain further details on the retention periods applicable to your data, you can contact us at: gdpr@poap.fr.
Personal identification data (e.g. last name, first name) and coordinates (e.g. email address) kept for the duration of the provision of the service, plus the legal limitation periods, which are generally 3 years.
Data for commercial and marketing purposes (e.g.: email address) kept for a maximum of 3 years from the last contact we had with you.
Connection data (e.g. logs, IP address, etc.) kept for 1 year.
Upon expiration of the retention periods summarized above, we delete all of your personal data to ensure your privacy for future years.
The deletion of your personal data is irreversible and we will no longer be able to communicate them to you after this period. At most, we can only keep anonymous data for statistical purposes.
Please also note that in the event of litigation, we are required to retain all of your data for the duration of the processing of the case even after the expiration of the retention periods described above.

What rights do you have to control the use of your data?
The applicable data protection regulations give you specific rights that you can exercise, at any time and free of charge, to control how we use your data.
Right of access and copy of your personal data as long as this request is not in contradiction with business secrecy, confidentiality, or the secrecy of correspondence.
Right to rectify personal data that are incorrect, outdated or incomplete.
Right to object to the processing of your personal data carried out for commercial prospecting purposes.
Right to request deletion ("right to be forgotten") of your personal data that is not essential for the proper functioning of our services.
Right to the limitation of your personal data which allows you to freeze the use of your data in case of dispute on the legitimacy of a processing.
Right to the portability of your data which allows you to download part of your personal data in order to store them or transmit them easily from one information system to another.
In order for a request to be processed, it must be made directly by you at gdpr@poap.fr. Any request that is not made in this way cannot be processed.
Requests cannot be made by anyone other than you. Therefore, we may ask you to provide proof of identity if there is any doubt about the identity of the applicant.
We will respond to your request as soon as possible, but no later than three months from receipt of the request, in case the request is technically complex or if we receive many requests at the same time.
Please note that we may always refuse to respond to any excessive or unfounded request, especially if it is repetitive.
Who can access your data?
We will only share your data with persons duly authorized to use it to implement our services. This may include our staff in charge of service implementation, accounting, marketing or even security of our premises.
We will also share your data, and more precisely your identification data (ex: email, first name, last name) with the organizer of the exhibition, NFT Factory Paris, SIREN 905 104 907 , 24 rue de Lappe Paris 75011 · France

How do we protect your data?
We implement all technical and organizational means required to guarantee the security of your data on a daily basis and, in particular, to fight against any risk of destruction, loss, alteration, or disclosure of your data that would not be authorized (e.g.: training, access control, password, antivirus, "https", etc).

Can your data be transferred outside the European Union?
Unless strictly necessary and on an exceptional basis, we never transfer your data outside the European Union and your data is always hosted on European soil. In addition, we make every effort to hire only service providers who host your data within the European Union.
Should our service providers nevertheless transfer your personal data outside the European Union, we take great care to ensure that they implement appropriate safeguards to ensure the confidentiality and protection of your data.

Who can you contact for more information?
Our Data Protection Officer ("DPO") is always available to explain in more detail how we process your data and to answer your questions on the subject at gdpr@poap.fr.

How can you contact the CNIL?
You may at any time contact the French data protection supervisory authority (the "Commission nationale de l'informatique et des libertés" or "CNIL") at the following address CNIL Complaints Department, 3 place de Fontenoy - TSA 80751, 75334 Paris Cedex 07 or by telephone at

Can the policy be changed?
We may change our privacy policy at any time to accommodate new legal requirements as well as new processing that we may implement in the future. You will, of course, be notified of any changes to this policy. 

NFT Factory
137 rue Saint-Martin
75004 Paris France

mercredi-samedi 11h-19h

+33 1 88 61 18 12

Inscrivez-vous à notre newsletter pour ne rien manquer de notre actualité !