How we collect, use, and protect your personal information.
Maison Roboto SAS (“MaisonRoboto,” “we,” “us,” or “our”), registered at 229 rue Saint-Honoré, 75001 Paris, France, is the data controller responsible for your personal information. We collect the following categories of data in the course of providing our services:
Personal details provided during commissions.When you initiate a bespoke inquiry, place a commission, or contact our atelier, we collect your name, email address, telephone number, postal address, company name (where applicable), and billing information. For bespoke commissions, we may also collect technical specifications related to your humanoid robot platform, including model, serial identifiers, and dimensional measurements required for garment engineering.
Browsing and device data.When you visit our website, we automatically collect certain technical information, including your IP address, browser type and version, operating system, referring URL, pages visited, time spent on each page, and the date and time of your visit. This data is collected through server logs and analytics tools.
Cookies and similar technologies.We use cookies and comparable tracking technologies to recognise your browser, remember your preferences, and understand how you interact with our site. For full details, please refer to the Cookies section below.
Communications.When you correspond with us by email, through our website forms, or via any other channel, we retain the content of those communications along with associated metadata to maintain a complete record of our client relationships.
We process your personal data only where we have a lawful basis to do so under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the French Loi n° 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés (“Loi Informatique et Libertés”). Our processing activities include:
Fulfilling commissions and providing services.We use your personal and technical data to process your orders, engineer garments to your robot platform’s specifications, manage delivery logistics, and handle payments. The legal basis for this processing is the performance of a contract to which you are a party (Article 6(1)(b) GDPR).
Client communication.We use your contact information to respond to inquiries, provide commission updates, schedule consultations, and deliver post-commission support including care guidance and maintenance programme notifications. This processing is based on our legitimate interest in maintaining client relationships (Article 6(1)(f) GDPR).
Improving our services.We analyse browsing data and aggregated usage patterns to refine our website experience, optimise our collections, and improve our atelier processes. Where analytics involve personal data, our legal basis is legitimate interest (Article 6(1)(f) GDPR), balanced against your rights through data minimisation and pseudonymisation measures.
Legal compliance.We process certain data to comply with our legal obligations under French commercial law, tax regulations, and other applicable legislation (Article 6(1)(c) GDPR).
MaisonRoboto does not sell, rent, or trade your personal information to third parties for their marketing purposes. We share your data only in the following limited circumstances, and only to the extent necessary for the stated purpose:
Payment processors.We share billing information with our payment service providers to process transactions securely. These providers are PCI DSS-compliant and process your data solely for the purpose of completing your payment.
Shipping and logistics partners.To deliver your commissions, we share your name, delivery address, and contact telephone number with our climate-controlled shipping and logistics partners. Where on-site installation is requested, our delivery team may also receive relevant site access details.
Platform manufacturers.For certain bespoke commissions, we may share limited technical fitting data, such as platform model, dimensional measurements, and joint articulation specifications, with the relevant humanoid robot manufacturer. This is done exclusively to ensure garment compatibility and optimal engineering. We share only the minimum technical data required and never disclose your personal identity or contact details to manufacturers without your explicit consent.
Legal requirements.We may disclose your data where required by law, regulation, legal process, or enforceable governmental request, or where necessary to protect the rights, property, or safety of MaisonRoboto, our clients, or others.
All third-party service providers are bound by data processing agreements that require them to protect your data in accordance with GDPR and to use it only for the specified purposes.
We retain your personal data for the duration of our client relationship and for a period of five (5) years following its conclusion, in accordance with French statutory retention obligations under the Code de commerce and relevant provisions of French commercial and tax law.
Commission records, including technical specifications and garment engineering data, are retained for the full retention period to facilitate future alterations, maintenance programme support, and platform update compatibility assessments.
Browsing data and analytics information are retained in anonymised or pseudonymised form for no longer than twenty-six (26) months from the date of collection, in line with recommendations issued by the Commission nationale de l’informatique et des libertés (CNIL).
Upon expiration of the applicable retention period, your data is securely deleted or irreversibly anonymised. You may request earlier deletion of your data at any time, subject to our legal retention obligations.
Under the General Data Protection Regulation and the Loi Informatique et Libertés, you have the following rights with respect to your personal data. You may exercise any of these rights at any time by contacting us at [email protected].
Right of access.You have the right to obtain confirmation as to whether we process your personal data and, if so, to request a copy of that data along with information about how it is processed (Article 15 GDPR).
Right to rectification.You have the right to request the correction of inaccurate personal data and, taking into account the purposes of the processing, the completion of incomplete personal data (Article 16 GDPR).
Right to erasure.You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where the data has been unlawfully processed, among other grounds (Article 17 GDPR). This right is subject to our legal retention obligations under French law.
Right to data portability.Where processing is based on consent or contractual necessity and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller (Article 20 GDPR).
Right to restriction of processing.You have the right to request that we restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data or where processing is unlawful but you oppose erasure (Article 18 GDPR).
Right to object.You have the right to object at any time to the processing of your personal data based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms (Article 21 GDPR).
We will respond to all rights requests within one (1) month of receipt, in accordance with GDPR requirements. In complex cases, this period may be extended by a further two months, in which case we will inform you of the extension and the reasons for it.
Our website uses cookies, small text files stored on your device, to ensure proper functionality, analyse usage, and remember your preferences. In accordance with Article 82 of the Loi Informatique et Libertés and CNIL guidelines, we obtain your consent before placing non-essential cookies.
Essential cookies.These cookies are strictly necessary for the operation of our website. They enable core functionality such as navigation, form submissions, and secure access to client areas. Essential cookies do not require your consent and cannot be disabled without impairing the site’s functionality.
Analytics cookies.We use analytics cookies to understand how visitors interact with our website, including which pages are most visited, how long visitors spend on each page, and where visitors arrive from. This data is collected in aggregate form and helps us improve our site’s structure and content. Analytics cookies are placed only with your prior consent.
Preference cookies.These cookies remember choices you make on our website, such as language preferences, currency display, and regional settings. They allow us to provide a more personalised experience. Preference cookies are placed only with your prior consent.
You may withdraw your cookie consent at any time by adjusting your browser settings or by contacting us directly. Please note that disabling certain cookies may affect the functionality of our website.
Your personal data is primarily processed and stored within the European Union. Our servers, databases, and core infrastructure are located in France, and the vast majority of our data processing activities take place within the EU.
In limited circumstances, data may be transferred to countries outside the European Economic Area (EEA), for example, when coordinating deliveries through our client service presences in Abu Dhabi, Los Angeles, or Singapore, or when sharing technical fitting data with platform manufacturers located outside the EU.
Where such transfers occur, we ensure that your data is afforded an equivalent level of protection through one or more of the following safeguards, in full compliance with Chapter V of the GDPR:
Adequacy decisions.We transfer data to countries that the European Commission has determined provide an adequate level of data protection.
Standard Contractual Clauses.Where no adequacy decision exists, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission, supplemented by additional technical and organisational measures where required by the circumstances of the transfer.
Explicit consent.In exceptional cases, we may transfer data based on your explicit, informed consent, provided you have been made aware of the potential risks of such transfers.
Protecting your personal data is fundamental to the trust our clients place in us. We implement comprehensive technical and organisational measures to safeguard your information against unauthorised access, alteration, disclosure, or destruction.
Encryption.All data transmitted between your browser and our servers is protected by TLS (Transport Layer Security) encryption. Sensitive data at rest, including payment information and client commission records, is encrypted using industry-standard AES-256 encryption.
Access controls.Access to personal data is restricted to authorised personnel on a strict need-to-know basis. Our atelier staff, client relations team, and technical engineers access only the data categories relevant to their responsibilities. All access is authenticated, logged, and subject to regular review.
Regular audits.We conduct periodic security assessments and audits of our systems, processes, and third-party service providers. These audits evaluate compliance with our internal security policies, GDPR requirements, and industry best practices. Any identified vulnerabilities are addressed promptly through our incident response procedures.
Incident response.In the event of a personal data breach, we will notify the CNIL within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, in accordance with Article 34 of the GDPR.
If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how your data is processed, please contact our Data Protection Officer:
Data Protection Officer
Maison Roboto SAS
229 rue Saint-Honoré, 75001 Paris, France
Email: [email protected]
We endeavour to resolve all inquiries and requests promptly and thoroughly. If you are not satisfied with our response, or if you believe that your data protection rights have been infringed, you have the right to lodge a complaint with the competent supervisory authority:
Commission nationale de l’informatique et des libertés (CNIL)
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07, France
Website: www.cnil.fr
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other operational factors. When we make material changes, we will publish the revised policy on this page and update the “last updated” date below.
Where changes are significant, for example, changes to the purposes of processing, the categories of data collected, or the rights available to you, we will make reasonable efforts to notify you directly, such as by email to the address associated with your commission account.
We encourage you to review this policy periodically to remain informed about how we protect your data.
This Privacy Policy was last updated in March 2026. Governing law.This Privacy Policy and any disputes arising from or relating to it are governed by the laws of the French Republic. The courts of Paris, France shall have exclusive jurisdiction over any proceedings arising in connection with this policy.