Politique de confidentialité
Privacy Policy
This Privacy Policy explains how Sprezzaturra collects, processes, and protects users' personal data, in accordance with the General Data Protection Regulation (GDPR – EU 2016/679) and French Law No. 78-17 of January 6, 1978 on Data Processing, Data Files and Individual Liberties.
1.1 Data Controller
Sprezzaturra
47 rue Vivienne, 75002 Paris, France
E-mail: contact@sprezzaturravintage.com
1.2 Data Collected
When browsing the Site or making a purchase, we may collect the following categories of personal data:
-
Identification data: first name, last name, e-mail address, phone number
-
Shipping and billing data: postal address
-
Payment data: banking information processed exclusively by our secure payment provider (Shopify Payments / Stripe) — Sprezzaturra does not store any banking details
-
Browsing data: IP address, browser type, pages visited, session duration (via cookies)
-
Commercial data: order history, preferences, and returns
1.3 Purposes and Legal Bases of Processing
-
Performance of sales contracts: order processing, delivery, after-sales service (legal basis: contract performance)
-
Customer relationship management: responding to inquiries and complaints (legal basis: legitimate interest)
-
Sending marketing communications: newsletters, promotions — only with your explicit consent (legal basis: consent)
-
Site analysis and improvement: audience and performance statistics (legal basis: legitimate interest)
-
Compliance with legal obligations: accounting, tax requirements (legal basis: legal obligation)
1.4 Data Recipients
Your personal data may be shared with the following third parties, strictly within the limits necessary:
-
Shopify Inc.: hosting of the store and payment processing
-
Shipping and delivery service providers
-
E-mail marketing tools (e.g. Klaviyo, Mailchimp) if you have consented to receive marketing communications
-
Legal authorities, where required by law
1.5 Data Retention Period
-
Active customer data: duration of the business relationship + 3 years
-
Billing data: 10 years (accounting obligation)
-
Marketing prospect data: 3 years from the last contact
-
Browsing data (cookies): 13 months maximum
1.6 Your Rights
In accordance with the GDPR, you have the following rights over your personal data:
-
Right of access: obtain a copy of your data
-
Right of rectification: correct inaccurate or incomplete data
-
Right to erasure (“right to be forgotten”)
-
Right to restriction of processing
-
Right to data portability
-
Right to object to processing
-
Right to withdraw consent at any time
To exercise these rights, please contact us at: contact@sprezzaturravintage.com. We are committed to responding within one month. If you are unsatisfied with our response, you may lodge a complaint with the French data protection authority (CNIL – www.cnil.fr) or your local supervisory authority.
1.7 Cookies
The Site uses technical cookies (necessary for operation), analytics cookies (audience measurement), and marketing cookies (targeted advertising). On your first visit, a banner allows you to manage your preferences. You may change your choices at any time through your browser settings.
1.8 Security
Sprezzaturra implements appropriate technical and organizational measures to protect your data against unauthorized access, disclosure, alteration, or destruction: HTTPS protocol, restricted access, PCI-DSS certified payment providers.
1.9 International Customers and Data Transfers
As Sprezzaturra serves customers in the European Union, the United Kingdom, the United States, and Canada, personal data may be processed by service providers located outside the European Economic Area (notably Shopify Inc., based in Canada, and certain payment or e-mail marketing providers based in the United States). Such transfers are carried out in compliance with the GDPR, relying on appropriate safeguards including Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions issued by the European Commission.
All customers, regardless of their country of residence, are afforded the same level of data protection described in this Privacy Policy as a matter of Sprezzaturra's standard practice.