Newsletter Let's stay connected Contact Got a question?
GET TICKETS
Legal

Personal
data

Last updated: March 2026

We place great importance on respecting your privacy and are committed to building strong and lasting relationships with you. Protecting your personal data is paramount to us. This Data Protection Policy informs you as clearly as possible about how your data is processed when using the services on this website.

This policy applies to all services offered on the website nhaparis.com.

This policy is subject to French Law No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties (as amended in 2004), and the European General Data Protection Regulation (GDPR) of 27 April 2016.

Definitions

“Data controller” refers to the person who determines the purposes and means of processing personal data.

“Personal data” means information that allows you to be identified as an individual. Your surname, phone number, email address and IP address are all personal data.

“Processing of personal data” means any operation or set of operations applied to personal data (collection, recording, storage, consultation, etc.).

Who collects personal data?

BRIDGES, located at 21 Place de la République, 75003 Paris, France, is the data controller for all personal data processing carried out on the website nhaparis.com.

What are the purposes of data collection?

BRIDGES is committed to collecting, processing and storing your personal data for specific, legitimate and relevant purposes. Your data is processed for the following purposes:

  • Managing customer accounts, shopping carts and orders
  • Managing deliveries, order tracking and after-sales service
  • Providing customer service accessible by phone or instant messaging, including an AI-powered assistant
  • Providing social media sharing tools
  • Sending targeted commercial offers by email, mobile notifications, social media or any other medium
  • Managing your newsletter subscriptions, email or SMS notifications
  • Collecting customer reviews on products sold
  • Personalising website (mobile and desktop) and app content based on user preferences
  • Running competitions and promotional activities
  • Sharing information with commercial partners

With the exception of commercial prospecting, BRIDGES considers that all of the above processing is necessary for the performance of the contract between a Customer and BRIDGES (legitimate interest).

Commercial prospecting is based on your consent. When creating your account on the website, you are expressly asked for your consent:

  • to receive offers from BRIDGES
  • to receive offers from BRIDGES partners

You may withdraw this consent at any time by clicking the unsubscribe link in any email received, or by contacting us.

What are your rights?

In accordance with the French Data Protection Act of 6 January 1978, you have the right to access, rectify and object to the processing of your personal data. You may exercise these rights by email or by post to:

BRIDGES
21 Place de la République, 75003 Paris, France

BRIDGES will respond within 1 month of receiving your request.

Under the GDPR (Regulation 2016/679 of 27 April 2016), you may also exercise your right to restriction of processing, erasure of your data, data portability and the right not to be subject to automated individual decision-making, including profiling.

For confidentiality and data protection purposes, a signed copy of an identity document must be included with your request.

If you are not satisfied with our response, you may lodge a complaint with the CNIL (French data protection authority).

Data retention

BRIDGES has established specific rules regarding the retention period for personal data.

To determine the most appropriate retention period, BRIDGES distinguishes between prospects who have never made a purchase and customers who have already made a purchase.

For prospects, the retention period starts from the last marketing communication for which the prospect showed interest (i.e. clicked on a link).

For customers, the retention period starts from their last purchase.

After your death

In accordance with Article 40-1 of the French Data Protection Act, you may send us instructions regarding the storage, deletion and communication of your personal data after your death. These instructions may be general or specific.

To send us your instructions, please contact us by email.

Data recipients

Your data may be shared with BRIDGES partners who may process the data on their own behalf (recipients) or solely on behalf of and according to the instructions of BRIDGES (sub-processors).

Data recipients include:

  • Marketplace sellers
  • Law enforcement authorities in the context of judicial requests relating to fraud prevention

BRIDGES also uses sub-processors for the following operations:

  • Secure payment on websites and mobile applications
  • Fraud prevention
  • Personalisation of website and mobile app content
  • Website maintenance and technical development
  • Operation of the website chatbot, powered by Anthropic’s artificial intelligence (Claude model). Messages sent in the chat are transmitted to Anthropic to generate a response. No personal data is retained server-side after the response is generated. Conversation history is stored only in your browser (localStorage) and can be deleted at any time via the chat settings.

Data protection officer

BRIDGES has appointed a data protection officer responsible for ensuring compliance with the European Regulation. For any questions regarding personal data protection, please use the contact page.

Transfers outside the European Union

Your personal data may be transferred to companies located in countries outside the European Union that do not provide an adequate level of personal data protection, in order to fulfil the purposes described above.

Prior to any transfer outside the European Union, and in accordance with applicable regulations, BRIDGES implements all required procedures to obtain the necessary safeguards for such transfers.

Data security

BRIDGES takes various measures to ensure the security of your data against loss, misuse, unauthorised access, disclosure, alteration or destruction. In particular:

  • Access to databases is strictly reserved for authorised personnel who need it for their duties.
  • In accordance with the French Data Protection Act and the European Regulation, BRIDGES has ensured that sub-processors commit to respecting data security and confidentiality.
  • All BRIDGES employees are made aware of personal data protection through training, newsletters and team meetings.

Amendments

BRIDGES reserves the right to amend this Data Protection Policy at any time. In the event of a substantial change such as the introduction of a new purpose, BRIDGES will provide you with prior information about this new purpose, to ensure you have a reasonable period to exercise your rights under applicable law.

We nevertheless encourage you to regularly review this Policy to stay informed about how BRIDGES protects your personal information.

This Policy was last updated on the date indicated above.

Contact

For any questions about our Policy, you can contact us via our contact page.

Contact us →