UPDATED ON JUNE 18, 2026

PRIVACY POLICY

At Decléor, protecting your personal data is a priority. This policy informs you about how we collect, use, and protect your information when you use our website decleor.com

DATA CONTROLLER:

The data controller for personal data is:

COSPAL Simplified joint-stock company (SAS) 3 Rue Chauveau Lagarde 75008 Paris, France

Contact: contact@cospal.fr

COLLECTED DATA

We collect the following data based on your interactions with our site:

Account creation Name, first name, email address, postal address

Login and navigation Login data, IP address, browsing data, approximate location

User profile Delivery address, phone number

Order and payment Purchase history, bank or credit card data (securely processed by our payment provider)

Customer service Content of your exchanges with our team

Cookies and trackers Browsing data and preferences (you can manage your preferences via the cookie banner or your browser settings)

COLLECTED DATA

We collect the following data based on your interactions with our site:

Account creation Name, first name, email address, postal address

Login and navigation Login data, IP address, browsing data, approximate location

User profile Delivery address, phone number

Order and payment Purchase history, bank or credit card data (securely processed by our payment provider)

Customer service Content of your exchanges with our team

Cookies and trackers Browsing data and preferences (you can manage your preferences via the cookie banner or your browser settings)

PURPOSES OF PROCESSING

Your data is collected for the following purposes:

  • Creation and management of your customer account
  • Processing and tracking your orders
  • Management of payments and deliveries
  • Customer service and support
  • Personalization of your experience and product recommendations
  • Sending commercial communications (newsletters, offers) with your consent
  • Statistical analysis and improvement of our services
  • Fraud prevention and transaction security
  • Compliance with our legal and regulatory obligations

LEGAL BASIS FOR PROCESSING

Depending on the purposes, our processing is based on:

  • Contract execution: order management, deliveries, customer service
  • Your consent: sending commercial communications, placing non-essential cookies
  • Our legitimate interest: improving our services, fraud prevention, statistics
  • Compliance with legal obligations: keeping invoices, responding to judicial requests

DATA RECIPIENTS

Your data may be shared with:

Technical service providers Hosting (Shopify), secure payment, logistics and transportation, analytics tools

Financial institutions Banks and payment organizations for transaction processing

Competent authorities Administrations, judicial or regulatory authorities in case of legal obligation

Business partners Only with your prior consent

In case of exceptional operation Merger, acquisition, or asset transfer — you would be informed beforehand

Our service providers are contractually required to respect the confidentiality and security of your data.

DATA TRANSFERS OUTSIDE THE EU

Some of our service providers may be located outside the European Union. In such cases, we ensure that appropriate safeguards are in place (standard contractual clauses of the European Commission, adequacy decision, or other GDPR-compliant mechanism).

SHELF LIFE

Your data is retained only for the time strictly necessary for the purposes for which it was collected:

  • Customer account data: duration of the business relationship + 3 years
  • Order data: 10 years (accounting obligations)
  • Payment data: duration of the transaction + legal archiving
  • Cookies: maximum 13 months
  • Prospecting data: 3 years after the last contact

At the end of these periods, your data is deleted or anonymized.

DATA SECURITY

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption of sensitive data (SSL/TLS)
  • Restricted access to personal data
  • Regular security audits
  • Training our teams on data protection

However, no data transmission over the Internet can be guaranteed to be completely secure. We recommend that you protect your login credentials.

YOUR RIGHTS

In accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act, you have the following rights:

Right of access Obtain confirmation that your data is being processed and receive a copy of it

Right to rectification Correct inaccurate or incomplete data

Right to erasure Request the deletion of your data in cases provided by law

Right to restriction Request the suspension of the processing of your data

Right to object Object to the processing of your data, particularly for marketing purposes

Right to data portability Receive your data in a structured format and transfer it to another controller

Right to withdraw your consent At any time, without affecting the lawfulness of processing carried out before this withdrawal

Right to set post-mortem instructions Arrange the fate of your data after your death

HOW TO EXERCISE YOUR RIGHTS

To exercise your rights or for any questions regarding your personal data:

By email: contact@cospal.fr By mail: COSPAL — Data Protection, 3 Rue Chauveau Lagarde, 75008 Paris

We will respond within one month. This period may be extended by two months in case of a complex request.

An identity document may be requested if there is any doubt about your identity.

COMPLAINT TO THE CNIL

If you believe that the processing of your data does not comply with regulations, you can file a complaint with the National Commission on Informatics and Liberty (CNIL):

Website: www.cnil.fr Address: CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07

COOKIES

Our site uses cookies and similar technologies. To learn more about the cookies used and manage your preferences, please see our Cookie Policy.

MODIFICATIONS TO THIS CHARTER

We reserve the right to modify this policy at any time to adapt to legal changes or our practices.

In the event of a substantial change, you will be informed by email at least 15 days before the new provisions take effect.

If you do not accept these changes, you may delete your account before they come into effect.

CONTACT

For any questions regarding this charter or your personal data:

COSPAL 3 Rue Chauveau Lagarde 75008 Paris, France contact@cospal.fr