Privacy & Security Policy
Data Controller: Catherine André Mode Unit (France)
Hosting: 20 rue du Rajol, 12100 Millau
GDPR Contact: e-shop@catherineandre.com
1- What data? Why? (Purposes & Legal Bases)
Account & Orders: account creation, cart, shipping, invoicing, after-sales service.
Legal basis: contract performance and legal obligations.
Payment: payments are processed via Crédit Agricole on a secure page. We do not store card data.
Legal basis: contract performance / legal obligation.
Customer relations & support: responses to your requests, product returns.
Legal basis: contract performance / legitimate interest.
Marketing (email/SMS, if applicable): newsletters, offers.
Legal basis: consent (prospects) / legitimate interest with opt-out option (customers).
Analytics & cookies: understanding site usage, improving ergonomics (see § Cookies).
Legal basis: consent (except strictly necessary audience measurement configured in line with CNIL recommendations).
2- Data Sharing
Payment provider: Crédit Agricole.
Hosting & technical providers: subcontractors operating under our responsibility with GDPR-compliant agreements.
No transfers outside the EEA, unless required by a specific tool. In such cases, Standard Contractual Clauses are applied, and this policy will be updated accordingly.
3- Security
TLS encryption of communications, server hardening, security updates.
Passwords hashed & salted (e.g. bcrypt/Argon2).
Access controls (least privilege), MFA on administration, logging and access reviews.
Encrypted backups and disaster recovery plan.
Regular testing (vulnerability scans, patches).
4- Your Rights
You have the rights of access, rectification, erasure, restriction, objection (including to marketing), and portability.
To exercise your rights: e-shop@catherineandre.com
You may also lodge a complaint with the CNIL (the French Data Protection Authority).
Sign In
Sign in