Privacy policy
Last updated 21 May 2026
1. Introduction
Liberty House Real Estate SASU (hereinafter "LHRE") is committed to protecting the privacy of users of its website libertyhouse.fr and its associated services.
This Privacy Policy describes the conditions under which LHRE collects, uses, stores and protects the personal data of its users, in accordance with Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation, hereinafter "GDPR") and French law no. 78-17 of 6 January 1978 as amended (Data Protection Act).
2. Data Controller
The data controller for personal data is as follows.
- Liberty House Real Estate SASU
- Registered office at 34 avenue des Champs-Elysees, 75008 Paris
- SIRET 952 992 634 00024 · RCS Paris
- Email contact@libertyhouse.fr
- Phone +33 4 65 84 80 16
3. Data Protection Officer (DPO)
The Data Protection Officer appointed by LHRE is Arthur Merlino.
For any questions regarding the protection of your personal data or to exercise your rights, you can contact him using the details below.
- By email dpo@libertyhouse.fr
- By post, Liberty House Real Estate SASU, attention DPO, 34 avenue des Champs-Elysees, 75008 Paris
4. Data Collected
4.1 User Account Data
When creating your account, we collect surname, first name, email address, phone number, postal address, date of birth, nationality.
4.2 Booking Data
When making a booking, we collect stay dates, number of guests, stay preferences, special requests, selected services.
4.3 Payment Data
Payments are processed by our provider Stripe. LHRE does not store banking data (card number, security code). Only transaction information (amount, date, reference) is retained by LHRE.
4.4 Browsing Data
When browsing the site, we collect IP address, browser type, pages visited, visit duration, cookies (see section 11).
4.5 Communication Data
When communicating with our teams, we collect messages sent via the contact form, information requests, email and phone exchange history.
4.6 KYC / AML-CFT Data (property owners)
For property owners entrusting a management mandate, we collect a copy of identity document, proof of address, Kbis extract (where applicable), in compliance with anti-money laundering and counter-terrorism financing (AML-CFT) obligations.
5. Purposes and Legal Bases
5.1 Performance of a contract (article 6.1.b GDPR)
- Management of bookings and the payment process
- Operational communication related to the stay
- Provision of concierge services
- User account management
5.2 Consent (article 6.1.a GDPR)
- Sending newsletters and marketing communications
- Use of non-essential cookies
- Sharing data with marketing partners
5.3 Legitimate interest (article 6.1.f GDPR)
- Improvement of service quality and user experience
- Fraud prevention and platform security
- Anonymised statistics and audience analysis
5.4 Legal obligation (article 6.1.c GDPR)
- Tax and accounting obligations
- Anti-money laundering (AML-CFT)
- Retention of mandates and registers (Hoguet law)
- Response to judicial requisitions
6. Retention Period
Personal data is retained for the following periods.
- Account data duration of the contractual relationship + 3 years after the last activity
- Booking data 10 years from the end of the accounting year (accounting obligation)
- Mandates and registers 10 years (legal obligation under the Hoguet law)
- Cookies 13 months maximum from the time of placement
- KYC data 5 years after the end of the business relationship (AML-CFT obligation)
- Prospecting data 3 years after the last active contact
At the end of these periods, data is deleted or irreversibly anonymised.
7. Recipients
Your personal data may be disclosed to the following recipients, strictly to the extent necessary for the purposes described above.
- Authorised LHRE staff sales, operational and accounting teams, within the limits of their responsibilities
- Technical service providers hosting provider, payment provider (Stripe), emailing service, customer relationship management tool
- Property owners data strictly necessary for the performance of the booking (surname, first name, dates, number of guests, special requests)
- Competent authorities upon judicial or administrative requisition, in accordance with applicable legislation
LHRE does not sell or rent your personal data to third parties.
8. Transfers Outside the European Union
Some of our technical service providers are established in the United States, notably Stripe (payments), Anthropic (the Atelier artificial intelligence assistant), Resend (email delivery), Sentry (technical monitoring) and Mapbox (mapping). These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of protection for your data.
You can obtain a copy of the safeguards in place by contacting the DPO at dpo@libertyhouse.fr.
9. Security
LHRE implements appropriate technical and organisational measures to protect your personal data against any unauthorised access, modification, disclosure or destruction.
- Data encryption in transit (TLS 1.3) and at rest (AES-256-GCM for sensitive PII)
- Restricted data access based on the principle of least privilege
- Access logging (audit logs)
- Regular encrypted backups
- Periodic security testing and vulnerability monitoring
10. Individual Rights
In accordance with the GDPR, you have the following rights regarding your personal data.
- Right of access obtain confirmation that your data is being processed and receive a copy thereof
- Right to rectification request the correction of inaccurate or incomplete data
- Right to erasure request the deletion of your data, subject to legal retention obligations
- Right to data portability receive your data in a structured, machine-readable format
- Right to restriction obtain restriction of processing in certain cases provided for by the GDPR
- Right to object object to processing based on legitimate interest, including profiling
How to exercise your rights
You can exercise your rights by contacting the DPO by email at dpo@libertyhouse.fr or by post to the registered office address. A response will be provided within 30 days of receiving your request.
If you experience any difficulty exercising your rights, you may lodge a complaint with the French Data Protection Authority (CNIL) at www.cnil.fr.
11. Cookies
11.1 Essential Cookies
These cookies are necessary for the website to function and cannot be disabled. They include session, security and language preference cookies.
11.2 Analytics Cookies
The site currently uses no analytics cookies or audience-measurement tool. Should a GDPR-compliant analytics solution (no identifying cookie, no personal data) be deployed, this policy will be updated accordingly and, where applicable, your consent collected via the dedicated banner.
11.3 Marketing Cookies
Marketing cookies are disabled by default. They are only activated upon explicit user consent (opt-in) via the cookie management banner. You can change your preferences at any time.
12. Policy Amendments
LHRE reserves the right to amend this Privacy Policy at any time. In the event of a substantial change, users will be notified by email or by notification on the website. The date of the last update is indicated at the top of this page.
Continued use of the website after publication of the amendments constitutes acceptance of the updated policy.