Back Bonjour TMB

Document

Privacy Policy

How we collect and protect your personal data.

Version: January 28, 2026

1. Purpose and scope

This Privacy Policy describes how UPARIS collects and processes personal data of users, prospects and clients via the www.bonjour-tmb.com site (the “Site”).

This policy applies exclusively to processing carried out via www.bonjour-tmb.com, unless otherwise stated.

2. Data controller – Contact details

The data controller is:

UPARIS (SAS) – Share capital: €100,000
Address: 102 avenue des Champs-Élysées, 75008 Paris, France
Tel.: +33 1 79 61 76 96
Email: support@uparis.org
SIRET: 829 456 136 00029
VAT (intra‑EU): FR66829456136
Atout France registration: IM075170050

For any question relating to data protection or to exercise your rights: support@uparis.org (subject: “GDPR – Personal data”).

3. Personal data processed

Depending on your browsing, communications and/or booking, UPARIS may process the following categories of data:

3.1. Identification and contact data

Name, first name, email, phone, country of residence, language.

3.2. Booking and trip‑related data

Booked trip, dates, options, information necessary for organization (logistics, operational constraints), exchanges with customer service, and communication history.

3.3. Data of other Travelers (multi‑Traveler bookings)

When the Client adds one or more Travelers to the booking, UPARIS processes data strictly necessary to perform the Contract (e.g., identity and information useful for organization).
The Client declares being authorized to provide this data and undertakes to have informed the Travelers, in particular about the T&Cs and this Privacy Policy.

3.4. Payment data

Payments are processed by a payment provider. UPARIS does not store the full bank card number. UPARIS may retain information necessary for proof and accounting management (status, reference, amount, invoice).

3.5. Technical and browsing data

IP address, technical logs, cookie identifiers, browser/device type, pages visited, browsing events, language settings (according to your cookie choices and browser settings).

3.6. Sensitive data (health) – only if necessary

Certain activities may require, for safety reasons, relevant information (e.g., allergies/contraindications). This information is requested only if necessary and access is limited to authorized persons.

4. Purposes of processing

UPARIS processes your data in particular to:

  1. handle your requests (questions, quotes, information);
  2. manage your bookings (file creation, confirmation, invoicing, trip organization, participant management);
  3. perform the contract (provider coordination, logistics, pre‑departure information, assistance);
  4. customer service and complaints (follow‑up, resolution, mediation/dispute);
  5. comply with legal obligations (accounting, invoicing, evidence);
  6. site security and fraud prevention;
  7. site improvement and audience measurement (according to your cookie choices);
  8. communication/marketing (newsletter/offers) according to applicable rules and your choices.

Processing is based, depending on the case, on:

  • performance of the contract or pre‑contractual measures (booking, organization, assistance);
  • compliance with legal obligations (e.g., accounting, dispute management);
  • UPARIS’s legitimate interest (security, service improvement, fraud prevention), subject to your rights;
  • your consent where required (non‑essential cookies, certain prospecting, etc.).

You can withdraw your consent at any time when processing is based on it.

6. Recipients – Processors

Your data are accessible, within the limits of their needs, to:

  • UPARIS (authorized staff: operations, support, accounting);
  • travel providers necessary to perform the trip (accommodation, guides, carriers, etc.);
  • technical providers (hosting/infrastructure, maintenance, emailing/CRM, support tools, payment provider, anti‑fraud, audience measurement subject to consent), acting as processors.

UPARIS requires its providers to commit to confidentiality and security in accordance with applicable regulations.

7. Data location – Transfers outside the EEA

7.1. Hosting and infrastructure

  • Customer data / back‑end: infrastructure and customer data hosted on Oracle Cloud Infrastructure – Frankfurt region (Germany).
  • Front‑end / security / performance: the Site uses Cloudflare services (delivery network, security) which may involve technical processing of certain data (e.g., logs, IP) via a distributed infrastructure.

7.2. Transfers outside the EEA and safeguards

When certain providers may result in transfers of data outside the European Economic Area, UPARIS implements appropriate safeguards (notably standard contractual clauses – SCCs, and, where applicable, additional measures).

You can request a copy of the applicable safeguards (e.g., SCCs), subject to the protection of confidential information, by writing to support@uparis.org.

8. Retention periods

UPARIS keeps your data only for as long as necessary for the purposes pursued, then deletes or securely archives them.

Indicative periods (which may vary depending on legal obligations and the situation):

  • booking data / contractual relationship: duration of performance + post‑trip management;
  • accounting records: for applicable legal periods;
  • disputes: duration of processing + limitation periods;
  • prospecting: until withdrawal of consent/objection or after a reasonable period of inactivity;
  • cookies: according to their nature and the defined duration.

9. Security

UPARIS implements appropriate technical and organizational measures (access control, segregation, backups, logging, limitation of authorizations, minimization).
Despite these measures, no system offers absolute security.

10. Cookies and trackers

The Site uses:

  • strictly necessary cookies (operation, security, cart/order if applicable);
  • optional cookies (audience measurement, personalization, marketing), subject to your consent.

You can accept, refuse, or configure cookies via the banner during your first visit, then change your choices at any time via Manage my cookies (to be placed in the Site footer). To learn more: Cookie Policy.

11. Your rights

In accordance with the GDPR, you have, in particular, the following rights: access, rectification, erasure, restriction, objection, portability, and withdrawal of consent (if applicable).

Exercising your rights: write to support@uparis.org (subject: “GDPR – Personal data”).
UPARIS may request proof of identity in case of reasonable doubt about the requester’s identity.

You may also lodge a complaint with the competent supervisory authority (in France: the CNIL).

12. Policy updates

UPARIS may modify this policy to reflect legal, technical, or operational changes. The version published on the Site is the version applicable on the date of consultation.