Privacy Policy

Privacy Policy – POUPOU SHOP

Preamble This Privacy Policy describes how POUPOU SHOP (hereinafter "we", "us", "our") collects, uses and protects the personal information you provide to us when you visit our website poupou.shop (hereinafter the "Site") or when you make a purchase. We are committed to protecting your privacy and personal data in accordance with applicable laws, including the General Data Protection Regulation (GDPR) (EU) 2016/679 of April 27, 2016 and the "Informatique et Libertés" law of January 6, 1978 as amended.

1. Identity of the Data Controller The controller of your personal data is: POUPOU SHOP Registered office address: 56 Avenue des Dragons de l'Impératrice, 33127 Martignas-sur-Jalle, France SIRET number: 804 246 916 00022 - Contact email address for questions relating to personal data: poupou.shopy@gmail.com

2. What personal data do we collect? We collect personal data that you provide directly to us when you:

  • Create a customer account on our Site.

  • Place an order.

  • You subscribe to our newsletter.

  • Contact us via the contact form or by email. This data may include:

  • Identification data: Last name, first name, email address, postal address, telephone number.

  • Order Data: Details of products purchased, order history, delivery information.

  • Payment Data: Information relating to your bank card (processed by our secure payment provider; we do not have access to your full card numbers) or PayPal account.

  • Communication Data: Correspondence and exchanges with our customer service. We also collect data automatically when you browse our Site via cookies and other tracking technologies. This data may include:

  • IP address.

  • Browser type and operating system.

  • Pages visited, duration of visit, clicks made.

  • Source of the visit (referring site).

3. Why do we collect your data (Purposes and Legal Basis)? We process your personal data for the following purposes and on the corresponding legal bases:

Purpose of processing

Legal basis

Order management (processing, payment, delivery, returns)

Execution of a contract

Customer account management (creation, access, preference management)

Execution of a contract / Pre-contractual measures

Customer service (answering your questions, handling complaints)

Legitimate interest / Performance of a contract

Sending newsletters and marketing communications (with your consent)

Your consent

Improvement of the Site and our services (analysis of navigation statistics, personalization of the user experience)

Legitimate interest / Your consent (for non-essential cookies)

Fraud Prevention and Site Security

Legitimate interest / Legal obligation

Compliance with our legal and regulatory obligations

Legal obligation

4. Who do we share your data with? We may share your personal data with the following categories of recipients, only to the extent necessary to achieve the purposes mentioned above:

  • E-commerce platform provider: Shopify (for website hosting and online store management).

  • Payment providers: Services like Stripe for secure processing of credit card transactions.

  • Delivery services: Carriers such as La Poste or Mondial Relay for the delivery of your orders.

  • Traffic analysis tools: Google Analytics (to understand the use of our Site and optimize our services).

  • Marketing and advertising tools: Platforms like Google Ads or the Meta (Facebook/Instagram) Pixel for the delivery of targeted advertising (with your consent if required by law).

  • Legal and administrative authorities: In the event of a legal obligation or legitimate request. We require our partners to comply with personal data protection legislation and to guarantee the security and confidentiality of your information.

5. Data transfer outside the European Union Some of our service providers (e.g., Shopify, Google, Meta) may be located outside the European Union (EU) or the European Economic Area (EEA). In this case, we ensure that these transfers are governed by appropriate safeguards, such as the European Commission's standard contractual clauses or other mechanisms validated by the GDPR, in order to ensure a level of data protection equivalent to that of the EU/EEA.

6. Duration of retention of your data We retain your personal data only for the period necessary to achieve the purposes for which they were collected, and in accordance with applicable legal and regulatory obligations.

  • Order data: Retained for the legal retention period for accounting documents and for warranty management and customer service purposes (generally 10 years from the order).

  • Customer account data: Retained for as long as your account is active. In case of prolonged inactivity (for example, 2 years without logging in or placing an order), we may contact you before deleting your account.

  • Data used for direct marketing purposes: Retained until you withdraw your consent or exercise your right to object.

  • Technical data (cookies): Stored for a maximum period of 13 months for non-essential cookies after their first deposit in your terminal.

7. Your rights regarding your personal data In accordance with the GDPR, you have the following rights regarding your personal data:

  • Right of access: Obtain confirmation that your data is being processed and, if so, access it.

  • Right of rectification: Request the correction of inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”): Request the deletion of your data, under certain conditions.

  • Right to restriction of processing: Request the suspension of the processing of your data, under certain conditions.

  • Right to portability: Receive your data in a structured, commonly used and machine-readable format, and transmit it to another data controller.

  • Right to object: Object to the processing of your data for legitimate reasons, or object to the processing of your data for direct marketing purposes.

  • Right to withdraw your consent: At any time, for processing based on your consent.

  • Right to lodge a complaint: With a supervisory authority (in France, the CNIL: www.cnil.fr). To exercise these rights, please contact us by email at poupou.shopy@gmail.com . We may ask you to prove your identity (for example, via an ID document) before responding to your request in order to guarantee the security of your data.

8. Cookies Our Site uses cookies to ensure its proper functioning, analyze traffic, personalize content and offer targeted advertising. A cookie is a small text file stored on your device (computer, tablet, smartphone) when you visit a website. We use different types of cookies:

  • Necessary cookies: Essential for the proper functioning of the Site (shopping cart management, connection security). They do not require your consent.

  • Performance and analytics cookies: Help us understand how visitors interact with our Site (most visited pages, traffic sources).

  • Functional cookies: Remember your preferences (language, currency) for a better user experience.

  • Advertising cookies: Used, with your consent, to show you relevant advertising based on your interests and browsing habits. You can manage your cookie preferences at any time through your browser settings or through our cookie consent banner (if you use one on your site). Please note that disabling certain cookies may affect the functionality of our Site and degrade your browsing experience. For more information on cookies and how to manage them, you can consult the CNIL website (www.cnil.fr).

9. Changes to the Privacy Policy We reserve the right to modify this Privacy Policy at any time. Any changes will be posted on this page with a "Last Updated" date. We encourage you to regularly review this page for any changes.

10. Contact us For any questions regarding this Privacy Policy or the processing of your personal data, please contact us at: POUPOU SHOP Email: poupou.shopy@gmail.com