PRIVACY POLICY
Last updated:
At Decléor, protecting your personal data is a priority. This policy informs you about how we collect, use, and protect your information when you use our site decleor.com
1. Data controller
The data controller is:
COSPAL Simplified joint-stock company (SAS) 3 Rue Chauveau Lagarde 75008 Paris, France
Contact : contact@cospal.fr
2. Data collected
We collect the following data based on your interactions with our site:
Account creation Name, first name, email address, postal address
Login and browsing Login data, IP address, browsing data, approximate location
User profile Delivery address, phone number
Order and payment Purchase history, bank or credit card data (securely processed by our payment provider)
Customer service Content of your exchanges with our team
Cookies and trackers Browsing data and preferences (you can manage your preferences via the cookie banner or your browser settings)
3. Purposes of processing
Your data is collected for the following purposes:
- Creation and management of your customer account
- Processing and tracking your orders
- Payment and delivery management
- Customer service and support
- Personalization of your experience and product recommendations
- Sending commercial communications (newsletters, offers) with your consent
- Statistical analysis and improvement of our services
- Fraud prevention and transaction security
- Compliance with our legal and regulatory obligations
4. Legal basis for processing
Depending on the purposes, our processing is based on:
- Contract execution: order management, deliveries, customer service
- Your consent: sending commercial communications, placing non-essential cookies
- Our legitimate interest: improving our services, fraud prevention, statistics
- Compliance with legal obligations: invoice retention, response to judicial requests
5. Data recipients
Your data may be shared with:
Technical providers Hosting (Shopify), secure payment, logistics and transport, analytics tools
Financial institutions Banks and payment organizations for transaction processing
Competent authorities Administrations, judicial or supervisory authorities in case of legal obligation
Business partners Only with your prior consent
In case of exceptional operation Merger, acquisition, or asset sale — you would be informed beforehand
Our providers are contractually required to respect the confidentiality and security of your data.
6. Data transfers outside the EU
Some of our providers may be located outside the European Union. In this case, we ensure that appropriate safeguards are in place (standard contractual clauses of the European Commission, adequacy decision, or other GDPR-compliant mechanism).
7. Retention period
Your data is retained only for the time strictly necessary for the purposes for which it was collected:
| Type of data | Retention period |
|---|---|
| Customer account data | Duration of the commercial relationship + 3 years |
| Order data | 10 years (accounting obligations) |
| Payment data | Transaction duration + legal archiving |
| Cookies | Maximum 13 months |
| Prospecting data | 3 years after the last contact |
At the end of these periods, your data is deleted or anonymized.
8. Data security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction:
- Encryption of sensitive data (SSL/TLS)
- Restricted access to personal data
- Regular security audits
- Training our teams on data protection
However, no data transmission over the Internet can be guaranteed to be completely secure. We recommend protecting your login credentials.
9. Your rights
In accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act, you have the following rights:
Right of access Obtain confirmation that your data is being processed and receive a copy
Right to rectification Correct inaccurate or incomplete data
Right to erasure Request the deletion of your data in cases provided by law
Right to restriction Request the suspension of the processing of your data
Right to object Object to the processing of your data, especially for marketing purposes
Right to data portability Receive your data in a structured format and transfer it to another controller
Right to withdraw your consent At any time, without affecting the lawfulness of processing carried out before this withdrawal
Right to set post-mortem directives Arrange the fate of your data after your death
10. How to exercise your rights
To exercise your rights or for any questions regarding your personal data:
By email: contact@cospal.fr By mail: COSPAL — Data Protection, 3 Rue Chauveau Lagarde, 75008 Paris
We will respond within one month. This period may be extended by two months in case of a complex request.
An identity document may be requested if there is doubt about your identity.
11. Complaint to the CNIL
If you believe that the processing of your data does not comply with regulations, you can file a complaint with the National Commission on Informatics and Liberty (CNIL):
Website: www.cnil.fr Address: CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
12. Cookies
Our site uses cookies and similar technologies. To learn more about the cookies used and manage your preferences, please see our Cookie Policy.
13. Changes to this policy
We reserve the right to modify this policy at any time to adapt to legal developments or our practices.
In case of substantial changes, you will be informed by email at least 15 days before the new provisions come into effect.
If you do not accept these changes, you may delete your account before they take effect.
14. Contact
For any questions regarding this policy or your personal data:
COSPAL 3 Rue Chauveau Lagarde 75008 Paris, France contact@cospal.fr