VERSION AS OF JUNE 25, 2026
PRIVACY AND COOKIE POLICY
This privacy and cookie policy (hereinafter the "Policy") details the rights and obligations existing between, on the one hand, the online store hereinafter referred to as the "Site" and, on the other hand, any natural person hereinafter referred to as "the User", when the User accesses, uses, makes a purchase or any other transaction, or communicates with the Site by any other means regarding the services offered by the Site (hereinafter the "Services ").
By accessing and using the Services, the User acknowledges having read this Policy and understanding the terms of collection and use of their information described therein.
ARTICLE 1. DATA CONTROLLER
The data controller who manages and collects User data on the Site (www.maisonandrera.com) is the company SAS ANDRERA, a simplified joint-stock company with a sole shareholder governed by French law, with a capital of 500 euros, registered under number 995 284 254 and whose registered office is located at 9 Quai Georges Clemenceau, 30900 Nîmes (hereinafter the "Company ").
ARTICLE 2. DATA COLLECTED
This Policy concerns all personal data directly or indirectly identifying an individual and considered as personal data hereinafter referred to as "Personal Information ".
Personal Information does 'not include information collected anonymously or rendered unidentifiable, so that it'does not allow the User to be identified or reasonably linked to them. The Site may collect or process the following categories of Personal Information, including inferences drawn from such Personal Information, depending on how you interact with the Services, your place of residence, and to the extent permitted or required by applicable law:
2.1. Regarding Contact Information
All confidential data such as the User's first name, last name, delivery address, billing address, telephone number, and e-mail address.
2.2. Regarding Financial Information
All data that can be collected by the Site, particularly when the User makes a purchase, such as credit card, debit card, and bank account numbers, payment card information, bank account information, transaction details, payment method, payment confirmation, and other payment-related details.
The User's bank card data is neither stored nor processed directly by the Site, but exclusively by the online payment provider used by the Site, which complies with applicable industry security standards (PCI-DSS standard).
2.3. Regarding Account Information
All data such as the user name, password, answers to security questions, and the User's preferences and settings.
2.4. Regarding Transaction Information
All collected data such as items that the User may view, place in their cart, add to their wish list, purchase, return, exchange, or cancel, as well as all past and completed transactions.
2.5. Regarding communications with the Site
All information that the User may include in their communications, for example when the User requests an inquiry from customer service.
2.6. Regarding information about the browsing device
All information collected regarding the User's device, browser or network connection, IP address and other unique identifiers.
2.7. Regarding usage information
Information related to the User's interaction with the Services, including the manner and frequency of the User's access and interaction with them.
ARTICLE 3. ACCESS OF MINORS TO THE SITE:
The Site is intended for adults with the legal capacity to contract. The Site does not knowingly collect Personal Information about minors.
If the User is a minor, access to the Services and, in particular, making a purchase on the Site, must be carried out under the supervision and with the authorization of their legal representative.
If the Company becomes aware that Personal Information has been collected from a minor without the prior authorization of their legal representative, it will take the necessary measures to delete this information as soon as possible.
ARTICLE 4. DATA RETENTION PERIOD:
The retention period for Personal Information depends on various factors, such as the need to retain this information to manage the User's account, provide the Services, comply with legal accounting obligations, resolve disputes, or enforce any other applicable contract or policy.
The Personal Information of Users related to file management (order tracking, and/or invoicing) is archived after a period of five (5) years from the end of the relationship with the Site.
ARTICLE 5. PURPOSES OF DATA COLLECTION:
Depending on how the User interacts with the Site or the Services used, the Company may use the User's Personal Information for the following purposes, based on the legal grounds provided by the GDPR:
5.1. Provide, adapt, and improve the Services
Personal Information is used to provide the Services to the User, particularly to execute the contract concluded with them, process payments, process orders, remember preferences and items of interest to the User, send account-related notifications, process purchases, returns, exchanges or other transactions, create, maintain and manage the account, organize shipments, facilitate possible returns and exchanges, allow the publication of reviews, and create a personalized shopping experience, for example by recommending products related to purchases made. This may include using Personal Information to adapt and improve the Services in a more relevant way.
5.2. Marketing and advertising
Personal Information is used for marketing and promotional purposes, for example to send the User marketing, advertising and promotional communications by e-mail, SMS or postal mail, and to display online advertisements for products or services on the Services or on other websites, particularly based on items previously purchased or added to the cart, as well as the User's other activities on the Services.
5.3. Security and fraud prevention
Personal Information is used to authenticate the User’s account, provide a secure payment and purchase experience, detect, investigate or address any fraudulent, illegal, harmful or malicious activity, protect public safety and secure the Services. When the User creates an account, they are responsible for the confidentiality of their login credentials. The User is advised not to share their username, password or any other access identifier with anyone.
5.4. Communication with the User
Personal Information is used to provide customer service to the User, respond to their requests, offer them efficient services, and maintain the commercial relationship established with them.
5.5. Legal reasons
Personal Information is used to comply with applicable law or respond to valid legal proceedings, including requests from law enforcement or government agencies, to investigate or participate in civil discovery procedures, potential or ongoing litigation, or other contentious proceedings, and to enforce applicable terms or policies, or investigate potential violations thereof.
ARTICLE 6. RIGHTS REGARDING THE USE OF PERSONAL DATA:
In accordance with the General Data Protection Regulation ("GDPR") and depending on their place of residence, the User may have some or all of the rights listed below regarding their Personal Information.
6.1. Right of access and right to information
The User may have the right to request access to the Personal Information held by the Site about them.
6.2. Right to erasure
The User may have the right to request the deletion of the Personal Information held about them.
6.3. Right to rectification
The User may have the right to request the rectification of inaccurate Personal Information held about them.
6.4. Right to data portability
The User may have the right to receive a copy of the Personal Information held about them and to request its transfer to a third party, in certain circumstances and subject to certain exceptions.
6.5. Communication preference management
The Site may send the User promotional emails. The User can choose to stop receiving them at any time by using the unsubscribe option included in these emails. If the user unsubscribes, the Site may continue to send the User non-promotional emails, for example, related to their account or orders placed.
Where the User resides in the UK or the European Economic Area, and subject to exceptions and limitations provided by local law, the User may exercise the following rights in addition to the rights listed above.
6.6. Objection to processing and restriction of processing
The User may have the right to request the Site to cease or restrict the processing of their Personal Information for certain purposes.
6.7. Withdrawal of consent
Where the processing of Personal Information is based on the User's consent, they have the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The User can exercise these rights in the designated areas on the Services or by contacting the Site at the contact details provided in Article 11 below. To learn more about Shopify's use of Personal Information and the rights the User may have, including rights related to data processed by Shopify, the User can visit https://privacy.shopify.com/fr.
The User will not be penalized in any way for exercising any of these rights. The Site may need to verify the User's identity before processing their requests, within the limits provided or authorized by applicable law. In accordance with applicable law, the User may appoint an authorized agent to exercise their rights on their behalf; in this case, proof of authorization given to this agent may be required, and the User may also be asked to verify their identity directly. The Site responds to requests within the deadlines provided by applicable law (generally a period of one (1) month from receipt of the request, which may be extended to three (3) months for complex or numerous requests).
ARTICLE 7 DATA RECIPIENTS
The Personal Information collected by the Site is primarily intended for the internal departments of the Company authorized to process it due to their functions (customer service, sales department, accounting and logistics department).
The Personal Information may also be communicated to the Company's service providers and subcontractors involved in the execution of the Services, including:
Each of these recipients is bound to respect the confidentiality of Personal Information and to process it in accordance with the instructions of the Site and with applicable data protection legislation.
ARTICLE 8 TRANSFERS OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
The Personal Information collected by the Site is generally processed and stored within the European Union.
However, some providers or subcontractors used by the Site, particularly for hosting, online payment, or customer relationship management, may be located outside the European Union or the European Economic Area, or may be required to transfer Personal Information there.
In such cases, the Site ensures that such transfers are governed by appropriate safeguards required by the GDPR, such as:
The User may obtain, upon simple request to the Site at the contact details provided in Article 11, a copy of the safeguards put in place to govern such a transfer.
ARTICLE 9. MEASURES IMPLEMENTED FOR PERSONAL DATA SECURITY
The Site is particularly attentive to the protection of its Users' Personal Information. The Site undertakes to process this data in accordance with the provisions of the General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 and Law No. 78-17 of 6 January 1978, as amended, relating to information technology, files, and freedoms (the "Informatique et Libertés" law), which define the conditions under which personal data processing may be implemented.
ARTICLE 10. CHANGES TO THE PRIVACY POLICY
The Site reserves the right to update this Policy at any time, particularly to reflect changes in its practices or for any other operational, legal, or regulatory reason. The revised Policy will be published on the Site with its last updated date, in accordance with applicable law.
ARTICLE 11. PROCEDURES FOR EXERCISING USER RIGHTS
For any questions regarding the Site's privacy practices or this Policy, or to exercise any of their rights, the User can contact the Site by email at the following address: contact@maisonandrera.com;
For the purposes of applicable data protection legislation, the Site acts as the data controller for the User's Personal Information.
If the User believes, after contacting the Site, that their personal data protection rights have not been respected, they have the right to file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), the competent supervisory authority in France, whose contact details are available on the website www.cnil.fr.
ARTICLE 12. COOKIE MANAGEMENT POLICY
12.1. Definition of cookies
A cookie is a small text file placed and/or read, for example, when consulting a website, reading an email, installing or using software or a mobile application, regardless of the type of terminal used by the User (computer, tablet, smartphone, etc.). The cookie is generally used by the sender to recognize the User's terminal during each visit or use, as well as to ensure the proper functioning and security of the site concerned.
12.2. Cookies used on the Site
When browsing the Site, cookies may be placed on the User's device. The Site may use the following categories of cookies:
Strictly necessary cookies:
These cookies are essential for the functioning of the Site and allow, in particular, the use of its main features, such as managing the shopping cart or the User's account. They cannot be disabled and do not require the User's prior consent.
Audience measurement cookies:
These cookies are used to generate traffic statistics and analyze the use of the Site, in order to improve its interest and usability.
Functional cookies:
These cookies are used to personalize the User's browsing experience, particularly by remembering their preferences (language, currency, login credentials).
Marketing and advertising cookies:
These cookies are used to offer the User personalized advertisements based on their browsing on the Site and, where applicable, on other websites, and to measure the effectiveness of advertising campaigns.
Social media sharing cookies:
These cookies, placed by third parties, allow the User to share content from the Site on social networks or to inform these networks of their browsing on the Site.
The table opposite summarizes the categories of aforementioned cookies that the Site may use:
|
Category |
Purpose |
Consent required |
Maximum duration |
|
Strictly necessary cookies |
Site operation (cart, account, security) |
No |
Session duration or 13 months |
|
Audience measurement cookies |
Site traffic and usage statistics |
Yes (except for measurement exempted by the CNIL) |
13 months |
|
Functional cookies |
Personalization (language, currency, preferences) |
Yes |
13 months |
|
Marketing and advertising cookies |
Targeted advertising and campaign measurement |
Yes |
13 months |
|
Social network cookies |
Content sharing, social module integration |
Yes |
13 months |
12.3. Cookie retention period
In accordance with applicable legislation, cookies placed on the User's terminal have a maximum retention period of thirteen (13) months from their placement. After this period, the User's consent is requested again.
12.4. Cookie consent and preference management
When first visiting the Site, a cookie information banner is displayed. This banner allows you to accept all cookies, refuse them, or set your preferences cookie by cookie, with the exception of strictly necessary cookies, which do not require consent.
Expressed preferences can be modified at any time via the cookie management module accessible from the Site, or directly from the settings of the browser used.
12.5. Configuring cookies from the browser
The User has the option to configure their internet browser to accept or refuse cookies, systematically or on a case-by-case basis. The configuration methods differ depending on the browser used and are generally accessible in its "help" menu:
Refusing all cookies may impair the User's access to all or part of the Site's functionalities.