PRIVACY POLICY
Last updated:
At Decléor, protecting your personal data is a priority. This policy informs you about how we collect, use, and protect your information when you use our website decleor.com
1. Data Controller
The data controller for personal data is:
COSPAL Simplified joint-stock company (SAS) 3 Rue Chauveau Lagarde 75008 Paris, France
Contact : contact@cospal.fr
2. Data collected
We collect the following data based on your interactions with our site:
Account creation: Name, surname, email address, postal address
Login and browsing: Login data, IP address, browsing data, approximate location
User profile, delivery address, phone number
Order and payment: Purchase history, bank or credit card details (processed securely by our payment provider)
Customer service : Content of your interactions with our team
Cookies and trackers: Browsing data and preferences (you can manage your preferences via the cookie banner or your browser settings)
3. Purposes of the processing
Your data is collected for the following purposes:
- Creating and managing your customer account
- Order processing and tracking
- Payment and delivery management
- Customer service and support
- Personalizing your experience and product recommendations
- Sending commercial communications (newsletters, offers) with your consent
- Statistical analysis and improvement of our services
- Fraud prevention and transaction security
- Compliance with our legal and regulatory obligations
4. Legal basis for processing
Depending on the purpose, our processing relies on:
- Contract execution : order management, deliveries, customer service
- Your consent : sending marketing communications, placing non-essential cookies
- Our legitimate interest : improving our services, preventing fraud, statistics
- Compliance with legal obligations : retaining invoices, responding to court orders
5. Data Recipients
Your data may be shared with:
Technical service providers: Hosting (Shopify), secure payment, logistics and transport, analytics tools
Financial institutions , banks and payment organizations for transaction processing
Competent authorities: Administrations, judicial or regulatory authorities in the event of a legal obligation
Business partners only with your prior consent
In the event of an exceptional transaction (merger, acquisition or disposal of assets), you would be informed beforehand.
Our service providers are contractually obligated to respect the confidentiality and security of your data.
6. Data transfers outside the EU
Some of our service providers may be located outside the European Union. In this case, we ensure that appropriate safeguards are in place (standard contractual clauses of the European Commission, adequacy decision, or other mechanism compliant with the GDPR).
7. Shelf life
Your data is kept for the period strictly necessary for the purposes for which it was collected:
| Data type | Shelf life |
|---|---|
| Customer account data | Duration of the business relationship + 3 years |
| Order data | 10 years (accounting obligations) |
| Payment details | Transaction duration + legal archiving |
| Cookies | 13 months maximum |
| Prospecting data | 3 years after the last contact |
At the end of these periods, your data is deleted or anonymized.
8. Data Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, modification, disclosure or destruction:
- Encryption of sensitive data (SSL/TLS)
- Restricted access to personal data
- Regular security audits
- Training our teams in data protection
However, no data transmission over the Internet can be guaranteed to be completely secure. We recommend that you protect your login credentials.
9. Your rights
In accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act, you have the following rights:
Right of access: Obtain confirmation that your data is being processed and receive a copy.
Right to rectification : Correct inaccurate or incomplete data
Right to erasure: Request the deletion of your data in the cases provided for by law.
Right to restriction of processing: Request the suspension of the processing of your data
Right to object: You have the right to object to the processing of your data, particularly for marketing purposes.
Right to data portability: Receive your data in a structured format and transmit it to another controller
Right to withdraw your consent at any time, without affecting the lawfulness of the processing carried out before this withdrawal
Right to define post-mortem directives: Organize the fate of your data after your death
10. How to exercise your rights
To exercise your rights or for any questions relating to your personal data:
By email : contact@cospal.fr By mail : COSPAL — Data Protection, 3 Rue Chauveau Lagarde, 75008 Paris
We will respond within one month. This period may be extended by two months in the case of a complex request.
You may be asked to provide proof of identity if there is any doubt about your identity.
11. Complaint to the CNIL
If you believe that the processing of your data does not comply with regulations, you can file a complaint with the National Commission for Information Technology and Civil Liberties (CNIL):
Website : www.cnil.fr Address : CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
12. Cookies
Our website uses cookies and similar technologies. To learn more about the cookies used and to manage your preferences, please see our Cookie Policy .
13. Amendments to this charter
We reserve the right to modify this charter at any time to adapt it to legal developments or our practices.
In the event of a substantial change, you will be notified by email at least 15 days before the new provisions come into effect.
If you do not accept these changes, you can delete your account before they take effect.
14. Contact
For any questions regarding this charter or your personal data:
COSPAL 3 Rue Chauveau Lagarde 75008 Paris, France contact@cospal.fr