Back to homeLegal
GDPR

Your rights

Last updated · 21 May 2026

How it works: the GDPR gives you seven concrete rights over your personal data. To exercise any of them, write to hello@sipnstay.fr with the template at the bottom of this page. We will respond within 30 days.

Summary

Under Chapter III of the GDPR (Articles 15 to 22) you have the following rights:

  • Article 15 — to ask for a copy of the data we hold about you
  • Article 16 — to have it corrected
  • Article 17 — to have it deleted (with legal-retention caveats)
  • Article 18 — to restrict our use of it
  • Article 20 — to receive it in a machine-readable format
  • Article 21 — to object to certain types of processing
  • Article 7(3) — to withdraw consent you gave us

Right of access

You can ask for a copy of all personal data we hold about you, plus information on:

  • The purposes we use it for
  • The categories of data we process
  • Who we share it with
  • How long we keep it
  • The source if we did not collect it from you directly

We respond within 30 days. The first copy is free; subsequent identical requests within a short period may incur a reasonable administrative fee.

Rectification

If anything we hold is inaccurate or incomplete, you can ask us to fix it. Most fields (name, email, phone, welcome message) are also editable directly from your dashboard at /host/settings.

Erasure

You can ask us to delete your data. We will, except where:

  • French commercial law obliges us to retain invoices (10 years)
  • Anti-money-laundering rules require us to keep KYC records (5 years)
  • We are defending a legal claim

Where we are obliged to retain, we will restrict the data so it is no longer used, and delete it at the end of the legal period.

Restriction

You can ask us to stop using your data (but keep it on file) while a question is resolved — for example, if you have asked for rectification and we are reviewing.

Portability

Where we process your data based on consent or contract, you can ask for it in a structured, machine-readable format (we provide JSON). You can then take it to another provider.

Objection

You can object to any processing we do based on legitimate interests. We will stop unless we have overriding legitimate grounds, or the processing is necessary to establish or defend a legal claim.

For anything we do based on your consent — currently: optional analytics, future marketing emails — you can withdraw at any time with no consequence to the services that rely on a contract instead. Clear your browser storage to be re-prompted by the consent banner, or write to us.

Lodge a complaint with the CNIL

If you believe we have mishandled your data and you are not satisfied with how we addressed your concern, you have the right to complain to the French data-protection authority, the CNIL(Commission nationale de l'informatique et des libertés):

How to make a request

Send an email to hello@sipnstay.fr with the subject line “Data subject request”. To help us verify your identity quickly, write from the email you use on SipnStay. You can use this template:

Subject: Data subject request — [Access | Rectification | Erasure | Portability | Other]

Hello SipnStay team,

I would like to exercise my GDPR rights regarding the personal data you hold about me.

Account email: <the email I use on SipnStay>
Request type: <pick one>
Verification: <attach or describe how I can confirm my identity>
Specifics: <any details — date range, type of data, etc.>

Thank you,
<name>

We respond within one month. In complex cases we may extend by two further months but will tell you within the first month if we need to.

For more on the legal background see the official GDPR text or the CNIL website.