Privacy Policy
Preamble
NAOF EYEWEAR SASU, operating the Eyewearista website, attaches particular importance to the protection of your personal data and to respecting your privacy. This Privacy Policy aims to inform you, clearly and transparently, about:
- The personal data collected via the website eyewearista.com
- The purposes and legal bases of their processing
- The recipients and retention periods
- Your rights and how to exercise them
Article 1 — Data Controller
Data is collected and processed by:
NAOF EYEWEAR SASU
Single-member simplified joint-stock company with share capital of €5,000
Registered office: 66 avenue des Champs-Élysées, 75008 Paris
RCS Paris: 812 384 980
Represented by Mr. FAOUSSI, CEO
Contact: contact@eyewearista.com — +33 7 86 67 02 21
The data controller is Mr. FAOUSSI, CEO (or the appointed DPO, if applicable).
Article 2 — Data Collected
2.1. Data you provide directly
- When creating an account: first name, last name, email address, password (encrypted)
- When placing an order: first name, last name, delivery address, billing address, phone, email, payment information (processed by our service provider, not stored by Eyewearista)
- When submitting an optical prescription: medical information appearing on your prescription (health data — processing subject to explicit consent and enhanced security)
- When contacting us: name, email, content of the message
- When subscribing to the newsletter: email, first name (optional)
2.2. Data collected automatically
- IP address, browser type, operating system
- Pages visited, visit duration, navigation path
- Traffic source (referring site, search keyword)
- Technical and analytical cookies (see Article 8)
Article 3 — Purposes and Legal Bases
| Purpose | Legal basis |
|---|---|
| Execution of the order (processing, delivery, invoicing) | Performance of contract |
| Customer account management | Performance of contract |
| After-sales service, management of returns and complaints | Performance of contract / legal obligation |
| Sending newsletters and marketing communications | Consent |
| Audience analysis and site improvement | Legitimate interest |
| Fraud prevention, payment security | Legitimate interest |
| Compliance with accounting and tax obligations | Legal obligation |
| Processing of optical prescription | Explicit consent (health data) |
Article 4 — Recipients
Your data is intended for:
– Eyewearista’s internal teams in charge of customer relations, logistics, accounting
– Our subcontractors acting only on our instructions and under contractual obligation of confidentiality:
– Hosting: Hostinger International Ltd. (EU)
– Payment service provider: WooCommerce Payments / Stripe (EU/USA, standard contractual clauses)
– Carrier: [TO COMPLETE: Colissimo, Chronopost, DHL, etc.]
– Emailing: [TO COMPLETE: Mailchimp, Brevo, or other service provider]
– Analytics tools: [TO COMPLETE: Google Analytics if applicable]
No data is sold or transferred to third parties for commercial purposes.
Article 5 — Transfers Outside the EU
Some subcontractors (notably Google Analytics and Stripe) may process your data in the United States. These transfers are governed by:
– Standard contractual clauses approved by the European Commission
– Adherence to the Data Privacy Framework (where applicable)
Article 6 — Retention Periods
| Data type | Duration |
|---|---|
| Customer account (inactive) | 3 years after last login |
| Orders and invoicing | 10 years (accounting obligation) |
| Commercial prospecting (newsletter) | 3 years after last contact, then deletion |
| Optical prescriptions | [TO COMPLETE according to optician professional obligation — typically 10 years] |
| Analytics cookies | 13 months maximum |
| Payment data | Not retained by Eyewearista |
Article 7 — Your Rights
In accordance with Articles 15 to 22 of the GDPR, you have the following rights:
- Right of access: obtain a copy of your data
- Right of rectification: correct inaccurate data
- Right to erasure (“right to be forgotten”): request the deletion of your data
- Right to restriction of processing
- Right to portability: receive your data in a structured format
- Right to object to processing (notably direct marketing)
- Right to withdraw consent at any time for consent-based processing
- Right to define post-mortem directives on your data
To exercise these rights: contact@eyewearista.com (attach a copy of ID proof).
We will respond within a maximum period of 1 month from receipt of your request.
In case of disagreement about the processing of your data, you have the right to lodge a complaint with the French Data Protection Authority (CNIL):
- Website: https://www.cnil.fr
- Address: 3 place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07
Article 8 — Cookies
8.1. What is a cookie?
A cookie is a small text file placed on your device when visiting a website.
8.2. Cookies used on this site
Strictly necessary cookies (no consent required):
– User session, cart, language preferences
– Secure payment operation
– Fraud prevention
Analytics cookies (subject to consent):
– [TO COMPLETE: Google Analytics, Matomo, etc. if used] — anonymized audience measurement
– Retention period: 13 months maximum
Marketing cookies (subject to consent):
– [TO COMPLETE: Facebook Pixel, Google Ads, etc. if used]
– Personalized advertising targeting
8.3. Cookie management
On your first visit, a banner allows you to accept, refuse, or customize cookies. You can modify your choices at any time via the link [TO COMPLETE: “Manage my cookies” in footer or equivalent].
You can also configure your browser to block all cookies — this may, however, degrade some features of the site.
Article 9 — Security
We implement appropriate technical and organizational measures to protect your data:
– Hosting in Europe (Hostinger, ISO 27001)
– Encrypted connections (HTTPS / TLS)
– Passwords stored with hashing
– Limited access to authorized personnel
– Payment via a PCI-DSS certified service provider (WooCommerce Payments / Stripe)
Article 10 — Minors
The site is not intended for persons under 15 years of age. No data is knowingly collected from minors. If you are a parent and believe your child has provided us with data, contact us at contact@eyewearista.com so that we may delete it.
Article 11 — Policy Updates
This Privacy Policy may be modified at any time to comply with legislative or technical developments. The version in force is the one published on this page.
Last updated: [TO COMPLETE – current date]