Privacy Policy

Version updated on 02/09/2025.

1) Who is responsible ?

Data controller: Gabriel Wetzer — micro-enterprise (exempt from RCS/RM registration)

SIRET: 487 794 844 00042

Address: 13 allée des Comtes, 67200 Strasbourg, France

Contact (data & rights): hello@happy-strasbourg.eu

Scope: this policy applies to the website(s) operated by Happy Strasbourg, in particular: happy-strasbourg.eu.

2) What data do we collect?

  • Identity & contact details: surname, first name, email address.
  • Visit information: preferred language, type of visit (Free Tour/private), date, and number of participants.
  • Free content: message/comments entered in the form.
  • Technical data/trackers: according to your choices in the consent panel (see “Cookies & Trackers”).

Origine des données :

  • Contact form (website).
  • Free Tour booking form (website).
  • Private bookings managed via FareHarbor (integrated module or service provider page).

Payments: no card details are collected on the website. Online payments are processed by FareHarbor. Tips at the end of Free Tours via SumUp are made outside the website.

3) Purposes & legal bases

Purposes Legal Basis(es) Details
Management of reservations/visits Performance of the contract (and, failing that, legitimate interest) Recording of the visit, practical exchanges, confirmation emails.
Response to requests (contact form) Legitimate interest Responding to your requests and questions.
Billing & accounting obligations Legal obligation Retention of supporting documents.
Traffic statistics (Google Analytics 4) Consent (via CMP) Non-essential audience measurement. Scripts blocked until you have given your consent.
Advertising/remarketing (Google Ads) Consent (via CMP) Advertising conversion measurement and remarketing, only if accepted.
Site security (logs, anti-abuse) Legitimate interest Incident detection and protection against fraud/abuse.

We do not send newsletters or marketing emails. Only transactional emails (e.g., booking confirmation) are sent.

4) Cookies, trackers, and consent

We use a consent management platform (CMP)—Sirdata (TCF v2.2). When you arrive, a banner allows you to:

  • accept, refuse, or configure the purposes and partners;
  • change your choice at any time via the “Manage my cookies” link below;
  • prevent the storage of non-essential cookies until you have given your consent (Analytics/Ads blocked).

Manage my cookies : open the preferences panel

4.1 Google Analytics 4 (GA4)

  • Deployed via Google Tag Manager.
  • Google Signals disabled (no cross-device personalized ads).
  • Audience measurement is only enabled after consent.

4.2 Google Ads

  • Conversion and remarketing tags used only with consent.
  • No import of email databases (Customer Match) or newsletters.

4.3 Indicative table of cookies/trackers

Cookies and durations may change according to Google/Sirdata. The consent panel is authoritative for the updated list.

Cookie / clé Fournisseur Finalité Durée indicative Base légale
_ga Google Analytics Audience measurement (visitor ID) 24 month Consent
_ga_XXXX Google Analytics GA4 property settings 24 month Consent
_gid Google Analytics Statistics (24-hour ID) 24 h Consent
_gcl_au Google Ads Conversion attribution / experimentation 90 days Consent
IDE / ANID Google (DoubleClick) Advertising / remarketing up to 13 months (EU) Consent
Sirdata Cookies Sirdata CMP Remembering your consent choices 13 month Legitimate interest / compliance
Essential cookies (session, language preference, anti-spam) Happy Strasbourg Proper functioning of the site 12-month session Legitimate interest

5) Recipients & subcontractors

  • OVH (website hosting and, where applicable, associated email accounts).
  • Google (Analytics, Ads, Tag Manager) — activated after consent.
  • Sirdata (consent management & proof of consent).
  • FareHarbor (bookings and payments for private tours).
  • Web service providers (freelance developers/marketing): restricted and occasional access for maintenance.
  • Collaborative tools: Google Drive (storage of website images only).

The list may be updated; access to data is only granted when necessary.

6) Transfers outside the European Union

Some service providers (including Google) may operate from the United States. These transfers are made on the basis of the mechanisms provided by these suppliers (e.g., EU-US Data Privacy Framework and/or Standard Contractual Clauses) and additional measures.

7) Retention periods

  • Reservation files & customer relations: duration of the relationship, then 3 years.
  • Prospects (contact/quote): 3 years after the last contact.
  • Accounting/billing documents: 10 years (legal obligation).
  • Security logs: 12 months.
  • Proof of consent (CMP): 13 months.

8) Your rights

You have the right to access, rectify, erase, object to, restrict, and transfer your data, as well as to give instructions regarding your data after your death.

To exercise your rights, please contact us at hello@happy-strasbourg.eu. We will respond within 1 month (this period may be extended in complex cases). You may be asked to provide proof of identity.

If, after contacting us, you feel that your rights have not been respected, you can refer the matter to the CNIL: www.cnil.fr.

9) Security

We implement appropriate technical and organizational measures: HTTPS/TLS, backups, access control, partitioning, regular updates, two-factor authentication (OVH/Google), traceability of administrator access.

OVH server location: France.

10) Minors

Our services are not intended for children under the age of 15; any participation by a child must be accompanied by an adult.

11) Décisions automatisées

No decisions with legal effects are made based solely on automated processing. No internal profiling, except for Google advertising features activated only with your consent.

12) Mises à jour

This policy may change to reflect our practices or legal requirements.

Last update: 09/02/2025.