Privacy Policy (GDPR)

PRIVACY POLICY (GDPR)

(Full version – EU‑compliant)

1. Introduction

This Privacy Policy explains how www.cartajouer.com collects, uses, stores and protects personal data in accordance with the General Data Protection Regulation (GDPR – EU 2016/679) and applicable French law.

The website is operated by:

CARTAJOUER – Marino Julien Sole Proprietor Address: 6 Av. Miss Pell, 06260 Puget‑Théniers, France Email: infos@cartajouer.com

2. Data collected

We only collect data necessary for order processing, account management and service improvement.

Data that may be collected includes:

  • first and last name

  • postal address

  • email address

  • delivery information

  • order history

  • browsing preferences (cookies)

  • IP address (security and fraud prevention)

No banking information is stored on our website. Payments are processed by secure third‑party providers.

3. Purpose of processing

Data is used for:

  • processing and shipping orders

  • managing customer accounts

  • communicating with customers (emails, confirmations, tracking)

  • ensuring website security

  • improving user experience

  • complying with legal and tax obligations

No data is sold or transferred to third parties.

4. Legal basis

Processing is based on:

  • performance of a contract (order)

  • consent (cookies, newsletter)

  • legitimate interest (security, fraud prevention)

  • legal obligations (billing, accounting)

5. Data retention

Data is retained for:

  • 3 years for inactive accounts

  • 6 years for accounting documents

  • 13 months for cookies

  • Legal duration for tax and administrative obligations

6. Data sharing

Data may be shared only with:

  • payment providers

  • shipping carriers

  • website host (OVH)

  • security or analytics tools (anti‑fraud)

All providers comply with GDPR.

No data is transferred outside the EU without adequate protection.

7. Cookies

The website uses cookies for:

  • website functionality

  • cart management

  • anonymous statistics

  • user experience improvement

A consent banner allows users to accept or refuse non‑essential cookies.

8. Data security

We implement all necessary technical and organizational measures to protect data:

  • HTTPS protocol

  • secure hosting

  • restricted access

  • regular backups

  • intrusion protection

9. User rights

Under GDPR, users have the following rights:

  • right of access

  • right to rectification

  • right to erasure

  • right to object

  • right to restriction

  • right to data portability

  • right to withdraw consent

  • right to lodge a complaint with a supervisory authority

To exercise your rights: infos@cartajouer.com

10. Contact

For any question regarding data protection: infos@cartajouer.com