Privacy Policy

Privacy Policy

Last updated: March 28, 2026

Souvenirs et Compagnie SARL ("Souvenirs&Co"), as the data controller, is committed to protecting the privacy of users of its website souvenirs-paris.com, in accordance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679).

1. Data Controller

Souvenirs et Compagnie SARL
SIRET: 500 173 554 000 14
Address: Moulin de la Chaussée, Route de Mantes, 78580 Maule, France
Contact: [email protected]

2. Data Collected

We collect the following data depending on your use of the site:

  • Account creation / orders: name, email address, postal address, phone number
  • Payment: payment data is processed exclusively by our secure providers (Stripe, PayPal) and is never stored on our servers
  • Browsing: IP address, browser type, pages visited (via cookies, subject to your consent)
  • Contact form: email address, message content
  • Newsletter: email address

3. Purposes and Legal Basis

PurposeLegal Basis
Order management and deliveryContract performance
Customer account managementContract performance
Sending marketing newslettersConsent
Audience measurement (Google Analytics)Consent (via cookie banner)
Anti-spam protection (reCAPTCHA)Legitimate interest
Contact request handlingLegitimate interest
Legal obligations (invoicing, accounting)Legal obligation

4. Data Retention

  • Customer data: 3 years after the last order
  • Billing data: 10 years (accounting obligation)
  • Browsing data: 13 months maximum
  • Contact form: 1 year after the request is closed
  • Newsletter: until you unsubscribe

5. Cookies

Our site uses cookies. On your first visit, a banner allows you to accept or reject each category:

  • Essential cookies: session, cart, language preferences – necessary for the site to function (no consent required)
  • Analytics cookies: Google Analytics (GA4) – audience measurement, anonymized, activated only after your consent

You can change your preferences at any time by clicking the cookie icon at the bottom left of your screen, or by typing #tarteaucitron in the address bar.

6. Data Sharing

Your data may be shared with the following providers, strictly necessary for our services:

  • Stripe / PayPal: payment processing
  • Colissimo / La Poste: order shipping
  • OVH: website hosting (servers in France)
  • Google Analytics: audience measurement (subject to consent)
  • Google reCAPTCHA: anti-spam protection

We do not sell or rent your personal data to third parties.

7. Transfers Outside the EU

Some of our providers (Google, Stripe, PayPal) may process data in the United States. These transfers are governed by the EU-U.S. Data Privacy Framework or by Standard Contractual Clauses approved by the European Commission.

8. Your Rights

Under the GDPR, you have the following rights:

  • Right of access: obtain a copy of your personal data
  • Right to rectification: correct inaccurate data
  • Right to erasure: request deletion of your data
  • Right to data portability: receive your data in a structured format
  • Right to object: object to the processing of your data
  • Right to restriction: restrict the processing of your data
  • Right to withdraw consent: at any time, without affecting the lawfulness of prior processing

To exercise your rights, contact us at: [email protected]

We will respond within one month. If you have any difficulty, you may file a complaint with the French data protection authority (CNIL): www.cnil.fr

9. Security

We implement technical and organizational measures to protect your data: SSL/TLS encryption, restricted data access, secure hosting in France (OVH), 3D Secure authentication for payments.

10. Changes to This Policy

We may update this policy. The last modification date is shown at the top of the page. We encourage you to review it regularly.