Privacy policy
Last updated: January 31, 2025
PREAMBLE
The website https://www.lacasano.com/fr (the "Site") is an online store for home decor accessories and furniture (the "Services"), published by the company La Casano (hereinafter referred to as "La Casano", "we").
As part of the access, consultation, browsing, and use of the Site, La Casano collects certain personal data from its users, whether they are a customer, a visitor to the website, or any other person whose information has been collected in accordance with this policy (the "Users", "you", "your", "yours"), particularly through the contact section, your user account, newsletter subscription, or a purchase on the Site.
This privacy policy (the "Privacy Policy") explains how La Casano collects, uses, and discloses your personal information when you visit the Site, make a purchase on the Site, or otherwise communicate with us about the Site. Its purpose is to inform you about the purposes and conditions under which we collect and process the personal data we may gather through our Site. The term "personal data" refers to information that identifies you directly or indirectly, concerns you, describes you, or may be linked to you. The following sections describe the categories and specific types of personal data we collect and process (the "Personal Data").
We kindly ask you to read this policy carefully to understand how your personal data is used by La Casano in connection with the use of the Site and how you can exercise your rights in this regard. This policy complements the Terms of Services of the Site, as well as any related documents or notices.
MODIFICATIONS TO THIS PRIVACY POLICY
We reserve the right to modify and update this Privacy Policy at any time, particularly to reflect changes in our practices, any evolution in the Services offered on the Site, or for any other operational, legal, or regulatory reasons.
We will publish the revised Privacy Policy on the Site, update the "Last Updated" date, and take any other appropriate measures to communicate the revised Privacy Policy to you when required by applicable law.
Therefore, we recommend that you review this Privacy Policy regularly.
DATA CONTROLLER
The data controller for the personal data collected is La Casano, a company with its registered office at 51 Rue Marguerite de Rochechouart – 75009 Paris, registered with the Paris Trade and Companies Register under number 920 191 624.
As the data controller, we are committed to protecting the confidentiality of the information in our possession in accordance with the General Data Protection Regulation (GDPR) No. 2016/679 of April 27, 2016, and the French Data Protection Act No. 78-17 of January 6, 1978, as amended (the "Data Protection Act") (together, the "Applicable Regulations"), under the supervision of the Commission Nationale de l’Informatique et des Libertés (CNIL), the French authority responsible for personal data protection.
PERSONAL DATA COLLECTED
To provide the Services, we collect personal data about you from various sources, as outlined below. The personal data we collect and use may vary depending on how you interact with our Site and use our Services.
In addition to the specific uses outlined below, we may use the personal data we collect about you to communicate with you, provide or improve the Services, comply with any applicable legal obligations, enforce the applicable terms of service, and protect or defend the Services, our rights, and the rights of our users or others.
Personal data we collect directly from you
The Privacy Policy applies to personal data we may collect directly from you, which includes:
• Identification data, including your first name, last name, address, phone number, and email address. • Order and payment data, including your first name, last name, billing address, shipping address, payment confirmation, email address, and phone number.
• User account data, including your username, password, security questions, and other information used to ensure the security of your account.
• Customer service data, including information you choose to include in communications exchanged with us, for example, when sending a message via our contact form or our contact details.
• Connection and browsing data, which may include information about how you access and use our Site and account, including information about the device, browser information, network connection information, IP address, and other details related to your interaction with the Services. To achieve this, we may use cookies, trackers, pixels, and similar technologies (see the "Cookies" section below).
• Reviews on our Services. You have the option to submit reviews on our Services. If you choose to submit content in any public area of the Site, that content will be public and accessible to everyone. We do not control who will have access to the information you choose to make available to others, and we cannot guarantee that those with access will respect your privacy or ensure its security. We are not responsible for the privacy or security of the information you make public, nor for the accuracy, use, or misuse of any information you disclose or receive from third parties.
Certain features of the Services may require you to provide us with certain information directly. Failing to provide this information may prevent you from using or accessing these features.
By voluntarily providing personal data about yourself, you agree to provide accurate information that does not harm the interests or rights of third parties.
Personal data we collect through third parties
The Privacy Policy applies to personal data that we may collect from third parties, including suppliers and service providers who may collect information on our behalf, such as:
• Companies that support our Site and Services, such as Shopify.
• Our payment processors, who collect payment information (e.g., bank account, credit or debit card details, billing address) to process your payment, in order to fulfill your orders and provide the Services you requested, in order to perform the contract we have entered into with you.
• When you visit our Site, open or click on the emails we send, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software development kits, third-party libraries, and cookies.
Any information we obtain from third parties will be processed in accordance with this Privacy Policy. See also the section below on Third-Party Websites and Links.
PURPOSES AND LEGAL BASES
We use your personal data only within the limits authorized by applicable regulations and in accordance with the legal bases provided by the GDPR for the following purposes:
· Provision of Products and Services: We use your personal data to provide you with Services in order to perform the contract we have entered into with you, including processing your payments, fulfilling your orders, sending you notifications related to your account, purchases, returns, exchanges, or other transactions, creating, maintaining, and managing your account, organizing shipping, facilitating returns and exchanges, and other features and functionalities related to your account. If you reside in the EEA, the legal basis for this data processing activity is the necessity for us to perform the contract we have concluded with you, or to take steps at your request prior to entering into a contract, in accordance with Article 6(1)(b) of the GDPR.
· Compliance with Accounting and Tax Obligations: We process and retain certain of your personal data, including transaction data (invoices, payments, etc.), in order to comply with our legal obligations related to accounting and taxation. This data may be kept for up to 10 years, in accordance with applicable legal provisions. If you reside in the EEA, the legal basis for this processing is our compliance with legal obligations, in accordance with Article 6(1)(c) of the GDPR.
· Marketing and Advertising: We may use your personal information for marketing and promotional purposes, such as sending marketing, advertising, and promotional communications by email, SMS, or postal mail, and showing you advertisements for products or services. This may include using your personal information to better tailor the Services and advertising on our Site and other websites. If you reside in the EEA, the legal basis for this data processing activity is our legitimate interest in selling our products to you when you are a customer, in accordance with Article 6(1)(f) of the GDPR, or because you have consented to the processing of your personal data for this purpose when you are a prospect, in accordance with Article 6(1)(a) of the GDPR.
· Security and Fraud Prevention: We use your personal information to detect, investigate, or take action regarding potential fraudulent, illegal, or malicious activities. If you choose to use the Services and create an account, you are responsible for ensuring the security of your account credentials. We strongly recommend that you do not share your username, password, or other access information. If you believe your account has been compromised, please contact us immediately. If you reside in the EEA, the legal basis for this data processing activity is our legitimate interest in securing our Site for you and other customers, in accordance with Article 6(1)(f) of the GDPR.
· Communicating with You and Improving Services: We use your personal information to provide customer service and improve our Services. This includes enhancing your shopping experience by allowing Shopify to match your account with other Shopify services that you may choose to use. In this case, Shopify will process your information as described in its Privacy Policy and its Consumer Privacy Policy. This is in our legitimate interest to ensure responsiveness, provide efficient services, and maintain our business relationship with you in accordance with Article 6(1)(f) of the GDPR.
· Management of Necessary Technical Cookies: We use necessary technical cookies to ensure the proper functioning of our Site and allow you to access essential features, such as navigating the Site, securely accessing your account, and remembering your privacy preferences. The use of these cookies is based on our legitimate interest in ensuring the optimal operation of our Site, in accordance with Article 6(1)(f) of the GDPR.
· Management of Audience Measurement Cookies: We also use audience measurement cookies to analyze the use of our Site, understand traffic, and improve our Services. These cookies allow us to collect anonymous statistical data on user interactions with our Site. If you reside in the EEA, the processing of personal data collected via these cookies is based on your prior consent, in accordance with Article 6(1)(a) of the GDPR.
· Responding to Your Contact Requests and Managing Complaints: We process your personal data to respond to your contact requests or manage your complaints. This includes providing assistance, addressing questions or comments you may send us, and potentially resolving disputes. If you reside in the EEA, this processing is justified by our legitimate interest in communicating with you and maintaining a satisfactory business relationship, in accordance with Article 6(1)(f) of the GDPR.
· Managing Your GDPR Rights Requests: We use your personal data to process and respond to requests you may make regarding the exercise of your rights under the GDPR (right of access, rectification, erasure, etc.). This processing is necessary to comply with our legal obligations regarding personal data protection, in accordance with Article 6(1)(c) of the GDPR.
COOKIES AND TRACKERS
Cookies and trackers used
We use cookies and other trackers to identify your preferences and ensure the proper functioning of the Site.
A cookie is a small file stored by a server on the terminal (computer, phone, etc.) of visitors to the Site and associated with a web domain. This file is automatically sent back during subsequent visits to the same domain. The term "cookies" refers to all trackers placed and/or read when visiting the Site. Your consent applies to the following domain: www.lacasano.com/
We use cookies to operate and improve our Site and Services (including remembering your actions and preferences), to perform analytics, and to better understand user interaction with the Services (in our legitimate interest to manage, improve, and optimize the Services). We may also allow third parties and service providers to use cookies on our Site to better tailor the Services and advertisements on our Site and other websites.
We use two types of cookies:
• Functional Cookies necessary for navigation, which allow the Site's presentation to be adapted to the display preferences of the visitor's terminal, remember information related to a form the visitor has filled out, and implement security measures. Without these necessary cookies, basic navigation and some essential functions may be blocked.
• Audience Measurement Cookies, used by the Site to generate anonymous statistics. They allow us to count the number of visitors and identify how they move on the Site when they use it. This helps improve the Site's performance, ensuring that visitors easily find what they are looking for.
For specific information about the cookies we use to operate our store with Shopify, please visit: https://www.shopify.com/legal/cookies
When you visit the Site, you are informed via a specific banner that allows you to learn about the cookies used, their associated purposes, and to accept or decline each category of cookies, as applicable.
Management of Consent
You can manage your cookie consent or configure them by purpose by clicking here.
Most browsers automatically accept cookies by default, but you can choose to configure your browser to delete or reject cookies using the controls in your browser. Please note that deleting or blocking cookies may impair your user experience and lead to malfunctioning of certain services, including some features or general functionalities, or their unavailability. Moreover, blocking cookies may not completely prevent how we share information with third parties, such as our advertising partners.
You also have the option to configure your web browser to manage cookie storage on your device.
Depending on your preferences, you can:
Allow cookies to be stored on your device;
Refuse cookies, either systematically or based on their sender;
Be notified before a cookie is stored, so you can accept or reject it on a case-by-case basis.
The process for configuring cookies varies depending on the browser you are using. To adjust your preferences, consult the "Help" or "Aide" menu of your browser. It will guide you on how to modify the settings related to cookies.
If you accept the storage of cookies through your browser, they will be temporarily stored in a dedicated space on your device.
Here are the official guides for configuring cookies on the most common browsers:
For Microsoft Edge™: Link to guide
For Safari™: Link to guide
For Chrome™: Link to guide
For Firefox™: Link to guide
For more information about managing cookies and protecting your privacy, you can also consult the CNIL website: Link to CNIL's page on cookies.
Third-Party Cookies Set by Our Partners
Our services may include features that redirect you to third-party services through clickable buttons (for example, Instagram), or allow you to view embedded third-party content on our Site (such as videos).
These features rely on third-party cookies placed directly by our partners, who act as data controllers. These cookies are managed exclusively by these partners, and we have no control over these services.
As a result, we have no control or responsibility over these cookies or the use of personal data collected through them. We strongly recommend that you consult the privacy policies of our partners to understand how your data is processed through these cookies.
DURATION OF PERSONAL DATA RETENTION
Please note that no security measure is perfect or inviolable, and we cannot guarantee "absolute security." Additionally, any information you send us may not be secure during transit. We recommend that you do not use unsecured channels to communicate sensitive or confidential information to us.
The retention period of your personal data depends on various factors, such as whether we need the data to maintain your user account, provide the Services, comply with legal obligations, resolve disputes, or enforce other applicable contracts and policies.
Your personal data will not be retained longer than necessary, with the retention period being linked to the purposes for which the data was processed and our legal obligations.
We are committed to deleting personal data that is no longer necessary for the purposes for which it was initially collected once the necessary retention period has expired. However, the retention period may be extended when required by law, to resolve a dispute, or to address your claims.
Here are some specific retention periods for your personal data:
• Personal data collected during purchases and your user account data are retained for 3 years from the date of your registration with our Service. Some payment data (such as invoices) are retained for 10 years to meet our accounting and tax obligations.
• Personal data collected for our newsletter is retained for 3 years from the date of your subscription or the last contact to enable the sending of commercial offers and to maintain the business relationship.
• Personal data collected to handle your GDPR rights requests is retained for 5 years from the receipt of the complete request, except for identity verification documents, which are retained only for the time required to verify the identity of the person making the request.
• Personal data collected to respond to your contact and claims requests is retained for the duration necessary to process your request, then for 1 year, and up to 5 years in accordance with the general statutory limitation period for legal disputes.
• For specific information regarding the retention period of cookies and other trackers used to operate our store with Shopify, please visit Shopify Cookies Policy
TRANSMISSION OF PERSONAL DATA
In certain circumstances, we may disclose your personal data to third parties for the performance of contracts, legitimate purposes, and for other reasons as outlined in this Privacy Policy. These may include, but are not limited to:
• Service Providers and Other Third Parties: We may share your personal data with service providers or other third parties who perform services on our behalf, such as IT management, payment processing, data analysis, customer service, cloud storage, order processing, and shipping.
• Business and Marketing Partners: We may share your personal data with commercial and marketing partners to provide services and send you advertising. These partners will use your personal data in accordance with their own privacy policies.
• When You Request or Consent to Disclosure: We may disclose certain personal data to third parties at your request or with your consent, for example, to ship products to you or through your use of social media widgets or integrations, with your permission.
• Affiliates or Within Our Corporate Group: We may share your personal data with our affiliates or within our corporate group as part of our legitimate interest in managing a successful business.
• Business Transactions: In the event of a business transaction such as a merger, acquisition, or bankruptcy, we may disclose your personal data to comply with applicable legal obligations (including in response to subpoenas, search warrants, and similar requests), enforce applicable terms of service, and protect or defend our services, our rights, and the rights of our users or third parties.
• Legal and Regulatory Compliance: Your personal data may be disclosed to third parties to comply with laws, regulations, and legal requests or orders, or when permitted by law, for the protection and defense of rights, including in situations involving threats to life, health, or safety.
We disclose the following categories of personal data about you:
1.Categories of personal data
• Identifiers: This includes basic contact details and certain information related to orders and account details.
• Commercial Information: This encompasses data regarding your orders, purchasing history, and customer service information.
• Internet or Other Network Activity: This includes usage data, such as how you interact with the Site, your browsing behavior, and other network-related activities.
• Geolocation Data: This pertains to location data determined by your IP address or other technical measures that help identify your geographic location.
2.Categories of recipients
• Suppliers and third parties providing services on our behalf (such as internet service providers, payment processors, order fulfillment partners, customer service partners, and data analysis providers)
• Commercial and marketing partners
• Affiliates
We do not use or disclose sensitive personal data without your consent or for the purpose of inferring characteristics about you. We only share your personal data for advertising and marketing activities with your prior consent.
SECURITY OF PERSONAL DATA
We secure your personal data by implementing appropriate physical, organizational, and technical measures to prevent unauthorized access, use, disclosure, modification, or destruction, in accordance with applicable regulations.
These measures include the use of encryption systems to protect sensitive data, firewalls to prevent intrusions, and secure protocols (such as HTTPS) for data exchanges.
We also ensure that access to personal data is limited to authorized and trained personnel who are responsible for data protection, along with the implementation of strict processes for data processing and management.
Additionally, we ensure the security of the premises where personal data is stored, with restricted and protected access controls.
Moreover, we regularly conduct audits and security tests to identify and correct potential vulnerabilities.
In the event of a data breach that may result in a high risk to your rights and freedoms, we commit to informing you as soon as possible, in compliance with our legal obligations.
However, no security measure is perfect or invulnerable, and we cannot guarantee absolute security. Additionally, any information you send may not be secure during transmission, especially if you use unsecured channels to communicate sensitive or confidential information.
LOCATION OF PERSONAL DATA
Your personal data is hosted on servers located in France.
Please note that we may transfer, store, and process your personal data outside the country in which you reside. Your personal data is also processed by employees and service providers and third-party partners in these countries.
In the event of transfers of personal data outside the European Union, these will be carried out with appropriate safeguards in accordance with the applicable regulations, either because the recipient countries benefit from an adequacy decision, or because these transfers are governed by the implementation of Standard Contractual Clauses approved by the European Commission.
WEBSITES AND THIRD-PARTY LINKS
Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to non-affiliated sites that we do not control, you should review their privacy and security policies as well as their terms of use. We do not guarantee and are not responsible for the privacy or security of these sites, including the accuracy, completeness, or reliability of the information found on these sites. Information you provide in public or semi-public areas, including information you share on third-party social media platforms, may also be visible to other users of the Services and/or users of those third-party platforms, without limitation on how we or a third party may use it. The inclusion of such links does not, in itself, imply an endorsement of the content of those platforms or their owners or operators, except in the situations outlined in the Services.
DATA ON CHILDREN
The Services are not intended for use by children under the age of 16, and we do not knowingly collect any personal data from children. If you are the parent or guardian of a child who has provided us with their personal data, you can contact us using the contact details below to request their deletion.
YOUR RIGHTS
In accordance with applicable regulations, you have the right to exercise your rights of access, rectification, erasure, objection, limitation of processing, data portability, and to withdraw your consent at any time.
Depending on your place of residence, you may be entitled to all or part of the rights listed below regarding your personal data. However, these rights are not absolute and may only apply in certain circumstances, and we may, in some cases, refuse your request as permitted by law.
• Right of Access/Knowledge: You may have the right to request access to the personal data we hold about you, including details regarding how we use and share your personal data.
• Right to Deletion: You may have the right to request that we delete the personal data we hold about you.
• Right to Rectification: You may have the right to request that we correct the personal data we hold about you.
• Right to Portability: You may have the right to receive a copy of the personal data we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
• Right to Refuse Sale, Sharing, or Targeted Advertising: You may have the right to ask us not to “sell” or “share” your personal data or to refuse the processing of your personal data for purposes considered “targeted advertising,” as defined in privacy laws. Please note that if you visit our Site while the Global Privacy Control opt-out signal is enabled, depending on your location, we will automatically treat this as an opt-out request for the “sale” or “sharing” of information for the device and browser you use to visit the Site.
• Restriction of Processing: You may have the right to request that we stop or restrict our processing of your personal data.
• Withdrawal of Consent: When we rely on your consent to process your personal data, you may have the right to withdraw that consent.
• Appeal: You may have the right to appeal our decision if we refuse to process your request. You can do this by responding directly to our refusal.
• Management of Communication Preferences: We may send you promotional emails that you can opt-out of at any time using the unsubscribe option displayed in our emails. If you unsubscribe, we may continue to send you non-promotional emails, such as those related to your account or orders you have placed.
To exercise any of these rights, we invite you to submit your request to La Casano:
Via this contact form: click here
Electronically at the following address: contact@lacasano.com
We will not discriminate against you if you exercise any of these rights.
In case of reasonable doubt about the origin of the request, and when necessary to verify your identity, we may need to collect information from you to verify your identity before providing a substantive response to the request, such as your email address, account information, or a copy of an identity proof. This is an additional and appropriate security measure to ensure that personal data is not disclosed to someone who is not authorized to receive it.
In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof that you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request promptly, as required by applicable law.
COMPLAINTS
If you have any complaints regarding how we process your personal data, please contact us using the contact details provided above.
If our response to your complaint does not satisfy you, depending on your place of residence, you may have the right to appeal our decision by contacting us using the contact details below or by submitting your complaint to your local data protection authority. For the EEA, you can find a list of data protection authorities here.
The data protection authority responsible in France is the Commission Nationale de l’Informatique et des Libertés (CNIL), whose headquarters are located at 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07. Phone: 01 53 73 22 22.
CONTACT
If you have any questions about our privacy practices or this Privacy Policy, or if you wish to exercise any of your rights, please choose one of the following options:
• Call us at: +33637014467
• Send us an email at: contact@lacasano.com
• Contact us by mail at : 51 rue Marguerite de Richechouart, 75009 Paris