Privacy Policy

What data we collect, why we collect it, and how you stay in control.

Last updated: May 14, 2026

Data Controller

Data We Collect

Data provided by you: first name, last name, postal address, email address, phone number, and payment information (processed by our payment provider and never stored by Pellmaro).

Data collected automatically: IP address, browser type, pages visited, visit duration, traffic source, and cookie identifiers.

Communication data: content of your emails, messages, and calls with our customer service team.

Why We Use This Data (Legal Basis)

Performance of a contract (GDPR Art. 6(1)(b)): processing and delivering your orders, managing returns, and keeping you informed about your shipment status.

Legal obligation (GDPR Art. 6(1)(c)): retaining invoices and accounting records (10 years) and complying with tax obligations.

Legitimate interest (GDPR Art. 6(1)(f)): preventing fraud, improving the website, and measuring audience data in an aggregated manner.

Consent (GDPR Art. 6(1)(a)): sending newsletters, using non-essential cookies, and delivering personalized advertising. You may withdraw your consent at any time.

Data Retention Periods

Order and billing data: 10 years (French accounting requirement).
Customer account data: as long as your account remains active; deleted upon request.
Browsing data and cookies: up to 13 months.
Prospect data (newsletter subscribers): 3 years from the last contact.

Who We Share Your Data With

We never sell your data. We only share it with service providers necessary to fulfill your order:

• Shopify Inc. — store hosting
• Shopify Payments / Stripe / PayPal — payment processing
• Carriers (Colissimo, Mondial Relay, DPD, UPS, etc.) — delivery services
• Email marketing tools (Klaviyo / Brevo) — order confirmations and newsletters
• Analytics tools (Google Analytics, Meta) — only after cookie consent has been granted

All of these providers are contractually committed to maintaining the confidentiality and security of your data.

Transfers Outside the EU

Some providers (Shopify, Google, Meta) may process data outside the European Union. In such cases, these transfers are governed by Standard Contractual Clauses approved by the European Commission or by adequacy decisions (including the Data Privacy Framework for the United States).

Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Right of access to your data
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object
• Right to withdraw your consent at any time
• Right to lodge a complaint with the CNIL (www.cnil.fr)

To exercise these rights, please contact us at contact@pellmaro.co. We will respond within a maximum of 30 days.

Specific Rights (California — CCPA / CPRA)

If you reside in California, you also have the right to know which categories of data we collect about you, the right to request deletion of your data, the right to opt out of the "sale" or "sharing" of your data, and the right not to be discriminated against for exercising these rights. To exercise these rights, contact us at contact@pellmaro.co with the subject line "CCPA Request".

Security

We implement reasonable technical and organizational measures (TLS encryption, restricted access, certified hosting) to protect your data. As no method of transmission is 100% secure, we cannot guarantee absolute security; however, we commit to notifying you within 72 hours in the event of a breach likely to create a risk to your rights and freedoms.