PRIVACY POLICY – VOTRE LOUIS ONLINE STORE
1. Controller and Contact
The data controller is Votre Louis s.c., registered office: ul. Przełom 9, 61-423 Poznań, Poland, NIP (Tax ID): 7822958744, e-mail: hello@votrelouis.com, tel.: +44 7907 794992 (“Controller,” “we”).
2. Scope and Purposes of Processing
We process data only to the extent necessary to operate the Store and fulfill orders and – with your consent – for traffic statistics/analytics:
a) Order fulfillment (placing, payment, delivery; including returns/complaints handling);
b) Handling inquiries (contact form/e-mail/phone);
c) Service security (server logs, fraud prevention);
d) Settlements and legal obligations (accounting, archiving);
e) Store statistics/analytics (e.g., analytics tool) – solely to understand how you use the Store and to improve its functioning.
We do not run a newsletter. However, we use advertising pixels and remarketing technologies to deliver personalized ads based on your activity in the Store – only with your consent.
3. Legal Bases
3.1. Art. 6(1)(b) GDPR – performance of a contract or steps prior to entering into a contract (order, order-related contact).
3.2. Art. 6(1)(c) GDPR – compliance with legal obligations (accounting, statutory warranty).
3.3. Art. 6(1)(f) GDPR – our legitimate interest: ensuring the security of the Store (logs), pursuing or defending claims, ongoing correspondence.
3.4. Art. 6(1)(a) GDPR – your consent to cookies/analytics for statistical purposes (you may withdraw consent at any time in “Cookie Settings”).
4. Categories of Data
Identification and contact details (name, e-mail, phone), delivery/billing address, transaction data (products, amounts, payment method), technical data (IP address, cookies identifiers, browser headers) – only as necessary for the Store’s operation and – with consent – for analytics.
5. Data Recipients
Payment operator: STRIPE; carriers and customs brokers (for shipments outside the EU): UPS/DHL/FedEx; IT/hosting and Store maintenance providers; analytics provider (if used); accounting / legal advisors (when needed); public authorities – when required by law.
6. Transfers Outside the EEA (e.g., USA)
6.1. For deliveries outside the EEA (e.g., USA), transfer of recipient’s data (name, address, phone, e-mail, shipment details) to the carrier/broker outside the EEA is necessary to perform the contract (Art. 49(1)(b) GDPR).
6.2. If an IT/analytics provider is located outside the EEA (e.g., USA) and participates in the EU–US Data Privacy Framework, the transfer is based on an adequacy decision; otherwise we apply Standard Contractual Clauses (SCC) and supplementary safeguards (e.g., encryption, minimization, TIA).
6.3. Information about current recipients and transfer bases is available upon request.
7. Retention Periods
Orders and accounting documents: as required by law (generally 5 years from the end of the tax year; practically up to 6 years).
Complaints/statutory warranty: for the duration of rights + evidence archiving.
Correspondence unrelated to orders: up to 12 months or until case resolution.
Security logs: up to 12 months.
Analytics data from cookies: according to cookie lifecycle indicated in “Cookie Settings”; reports are stored in aggregated form.
8. Data Subject Rights
You have the right to: access, rectification, erasure (“right to be forgotten”), restriction, portability and to object to processing based on Art. 6(1)(f). You may withdraw consent to analytics at any time in “Cookie Settings.”
You may lodge a complaint with the supervisory authority – President of the Polish Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland). For rights-related matters: hello@votrelouis.com.
9. Voluntary Provision of Data
Providing data is voluntary but necessary to conclude and perform the contract (without a delivery address we cannot fulfill an order). Consent to analytics is not a condition for using the Store.
10. Cookies, Analytics and Server Logs
10.1. At your first visit, we display a cookie consent banner. You may change or withdraw consent at any time in “Cookie Settings.”
10.2. We use marketing/remarketing cookies and advertising pixels – only with your consent, for remarketing and advertising campaigns.
10.3. Partners (e.g., analytics provider) may store their own cookies – the list of tools and retention periods is provided in “Cookie Settings.”
10.4. Server logs are recorded automatically (IP address, date, URL, headers) for security and diagnostics purposes; we do not combine them with analytics for marketing.
11. Children
The Store is not directed at children; we do not knowingly collect data of persons under 16 years of age.
12. Security
We apply technical and organizational measures adequate to the risk (TLS, access control, minimization, backups).
13. Changes to the Policy
We will inform you of material changes to the Policy on the website and update the date at the bottom of the document. The new version applies from publication and does not affect actions taken before the change.
Last updated: September 15, 2025
