GDPR
Last updated: April 3, 2026
Zapia is committed to complying with the General Data Protection Regulation (EU) 2016/679 (GDPR). This page summarises your rights as a data subject and how we fulfil our obligations as a data controller.
Legal basis for processing
We process your personal data on the following legal bases: (1) Contract performance — processing necessary to provide the services you have subscribed to; (2) Legitimate interests — such as fraud prevention and service security; (3) Consent — for analytics cookies and marketing communications, which you may withdraw at any time.
Your rights
Under the GDPR you have the right to: access a copy of the personal data we hold about you; rectify inaccurate data; request erasure ('right to be forgotten') where we have no overriding legal basis to retain it; restrict or object to certain processing activities; receive your data in a portable, machine-readable format; and lodge a complaint with a supervisory authority.
How to exercise your rights
Send your request to contact@zapia.fr. We will respond within 30 days. We may ask you to verify your identity before fulfilling the request.
Data retention
We retain personal data for as long as your account is active or as required to provide services. Billing and contractual records are kept for the period required by French law (generally 10 years). You may request deletion of non-legally-required data at any time.
International transfers
All data is stored and processed within the European Union. We do not transfer personal data outside the EU/EEA.
Data protection contact
For any GDPR-related enquiries, contact our data protection point of contact at contact@zapia.fr.
Supervisory authority
If you believe we have not addressed your concern adequately, you have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) at cnil.fr.