Privacy policy

PRIVACY POLICY

Last updated: 02/01/2026

This Privacy Policy is intended to inform users of the website www.cleverfaces.com (the “Website”) about how their personal data is collected, used and protected, in accordance with Regulation (EU) 2016/679 on the protection of personal data (GDPR) and the French Data Protection Act.

 

 

ARTICLE 1 – DATA CONTROLLER

The data controller is:

KIONKE Kathryn EI
7 avenue Foch, 59800 Lille, France
Email: contact@cleverfaces.com

The data controller is the natural or legal person who determines the purposes and means of the processing of personal data within the meaning of Article 4 of the GDPR.

 

 

ARTICLE 2 – PERSONAL DATA COLLECTED

When using the Website and placing orders, the following personal data may be collected:

  • Identification data: first name, last name

  • Contact details: email address, postal address, telephone number

  • Order, billing and payment data

  • Content provided by the user, in particular photographs representing natural persons, whether adults or minors

  • Browsing and usage data relating to the Website (via cookies and trackers – see Article 9)

Data is collected directly from the user when creating an account, placing an order, using the Website, or via tracking technologies.

 

 

ARTICLE 3 – PHOTOGRAPHS, MINORS AND ARTIFICIAL INTELLIGENCE

The Website allows users to upload photographs of natural persons in order to generate personalised portraits integrated into books, using artificial intelligence technologies.

These photographs may depict adults or minors. The user declares that they hold the necessary legal authority or authorisations, including parental authority where applicable, to upload such images.

The data controller does not carry out any verification of identity or parental authority and relies solely on the declarations made by the user.

Uploaded photographs and generated portraits are used exclusively for the creation of the personalised books ordered. They are not used for any other purpose, including identification, facial or biometric recognition, commercial prospecting, testing, system improvement or marketing communication, unless the user has given prior written consent.

The processing carried out has neither the purpose nor the effect of uniquely identifying a natural person and does not constitute the processing of biometric data within the meaning of Article 9 of the GDPR.

This Privacy Policy operates in conjunction with the General Terms and Conditions of Sale available on the Website.

 

 

ARTICLE 4 – LEGAL BASES FOR PROCESSING

Personal data processing is based on the following legal grounds:

  • Performance of a contract: order management, production and delivery of personalised books

  • Consent: sending marketing communications, use of non-essential cookies and trackers

  • Legal obligations: accounting, tax and regulatory obligations

 

 

ARTICLE 5 – PURPOSES OF PROCESSING

Personal data is processed for the following purposes:

  • Management of orders and customer relationships

  • Personalisation, AI-based generation, production and delivery of books

  • Billing and compliance with accounting and tax obligations

  • Handling customer requests, complaints and after-sales service

  • Sending marketing communications where the user has given consent

  • Website analytics and improvement (via cookies and trackers, subject to consent)

 

 

ARTICLE 6 – DATA RECIPIENTS AND TRANSFERS

Personal data is accessible only to the data controller.

It may be shared with technical service providers acting as data processors, solely for the purposes of performing the contract or operating the Website, including:

  • Payment service providers

  • Printing and logistics partners

  • Hosting and IT service providers

  • Technical service providers involved in AI-based portrait generation

These service providers act on the instructions of the data controller and are subject to confidentiality and security obligations in accordance with the GDPR.

Where personal data is transferred outside the European Union, the data controller ensures that such transfers are subject to appropriate safeguards in accordance with the GDPR, such as standard contractual clauses or adequacy decisions.

 

 

ARTICLE 7 – DATA RETENTION PERIODS

Personal data is retained only for as long as necessary to fulfil the purposes for which it is processed, in particular:

  • Account and order data: for the duration of the contractual relationship

  • Billing data: 10 years, in accordance with legal obligations

  • Commercial data: 3 years from the last contact

  • Uploaded photographs and AI-generated portraits: a maximum period of 60 days from completion of the order or the last interaction with the user, after which they are deleted unless a legal obligation requires otherwise

 

 

ARTICLE 8 – DATA SECURITY

The data controller implements appropriate technical and organisational measures to ensure the security, integrity and confidentiality of personal data.

These measures include, in particular, restricted access to data, secure hosting, the use of encrypted connections, and reliance on service providers offering sufficient security guarantees.

 

 

ARTICLE 9 – COOKIES AND TRACKERS

The Website uses cookies and trackers.

Certain cookies are strictly necessary for the operation of the Website and do not require the user’s consent.

Other cookies and trackers, including those used for audience measurement, navigation analysis, advertising or retargeting purposes, are used only after obtaining the user’s consent via the cookie management banner.

Some trackers may be placed by third parties acting as independent data controllers, in accordance with their own privacy policies.

Users may manage or withdraw their consent at any time via the cookie management tool available on the Website.

 

 

ARTICLE 10 – DATA SUBJECT RIGHTS

In accordance with applicable regulations, data subjects have the following rights:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restriction of processing

  • Right to object

  • Right to data portability

  • Right to withdraw consent at any time where processing is based on consent

The exercise of certain rights may be limited where retention of the data is necessary for the performance of a contract or compliance with a legal obligation.

These rights may be exercised at any time by contacting the data controller at the following address: contact@cleverfaces.com

For data relating to minors, these rights may be exercised by the parent or legal guardian.

If a data subject believes that their rights have not been respected, they may lodge a complaint with the French Data Protection Authority (CNIL).

 

 

ARTICLE 11 – CHANGES TO THE PRIVACY POLICY

This Privacy Policy may be amended at any time to reflect legal, regulatory or operational changes. The version applicable is the one published on the Website at the time of consultation.