Confidentiality Policy

1. Introduction

This Privacy Policy explains how VELOS D’AUTREFOIS collects, uses, and protects your personal data.

We are committed to ensuring the protection of your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR).

2. Personal data collected

In the course of our activity, we may collect the following personal data:

  • First and last name
  • Postal address
  • Email address
  • Phone number
  • Order information (purchased products, order history)
  • Payment data (processed securely by third-party providers; we do not directly access it)
  • Technical data (IP address, browser type)

3. Purpose of data collection

Your personal data is collected for the following purposes:

  • Processing and delivering orders
  • Creating and managing customer accounts
  • Processing payments
  • Invoicing and accounting
  • Customer service and support
  • Improving website functionality and user experience
  • Website security and fraud prevention
  • Compliance with legal and accounting obligations

4. Legal basis for processing

We process your personal data based on:

  • Contract performance (Article 6(1)(b) GDPR): order management and payment processing
  • Legal obligation (Article 6(1)(c) GDPR): accounting and invoicing requirements
  • Legitimate interest (Article 6(1)(f) GDPR): website security and service improvement
  • Consent (Article 6(1)(a) GDPR): for non-essential cookies

5. Data recipients

Your personal data is intended exclusively for VELOS D’AUTREFOIS.

It may be shared with:

  • Internal staff (order management and customer support)
  • Technical service providers (hosting, maintenance)
  • Secure payment providers (e.g. PayPal)

All third-party providers are contractually bound to comply with GDPR requirements (Article 28).

6. Cookies

Our website only uses cookies that are strictly necessary for its proper functioning:

  • Cookies required for WooCommerce (cart and customer session management)
  • Cookies related to secure payments via PayPal

These cookies are essential for website operation and do not require user consent.

No advertising or newsletter tracking cookies are used.

7. Data retention

Personal data is stored only for as long as necessary:

  • Order data: 6 to 10 years (legal accounting requirements)
  • Customer data: duration of the business relationship + 3 years of inactivity
  • Browsing data: up to 13 months

8. Data security

We implement appropriate technical and organizational measures to protect your data against:

  • Loss
  • Unauthorized access
  • Alteration
  • Disclosure

9. Your rights

In accordance with GDPR, you have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure (in certain cases)
  • Right to restriction of processing
  • Right to object
  • Right to data portability
  • Right to withdraw consent at any time

You also have the right to lodge a complaint with your local data protection authority.

10. Exercising your rights

To exercise your rights, you can contact us:

VELOS D’AUTREFOIS
21 rue de la Mairie
41500 COUR-SUR-LOIRE
Email: velosdautrefois@gmail.com
Website director: Gérald PAILLAUD
Company registration number (SIRET): 91373023000012

11. Policy updates

This Privacy Policy may be updated at any time to comply with legal, technical, or operational changes.