Privacy Policy (GDPR)

Last updated: May 14, 2026 — GDPR-compliant (EU 2016/679)

Data controller

[TO COMPLETE: Trading name, address, registration number, contact.rplock@gmail.com]

Data collected

  • Identification: first name, last name, email, postal address, phone (optional)
  • Payment: processed directly by Shopify Payments/Stripe or PayPal — we store no payment data
  • Orders: purchase history, amounts, shipping status
  • Navigation: analytical cookies (see Cookies section)

Processing purposes

  • Sales contract performance: order processing, delivery, after-sales (legal basis: GDPR art. 6.1.b)
  • Legal obligations: invoicing, accounting, fraud prevention (legal basis: GDPR art. 6.1.c)
  • Marketing communications: promotional emails only with explicit consent (legal basis: GDPR art. 6.1.a)
  • Service improvement: anonymized statistical analyses (legal basis: GDPR art. 6.1.f, legitimate interest)

Retention period

  • Active customer data: 3 years after last order
  • Invoicing data: 10 years (accounting obligation)
  • Marketing data: until consent withdrawal
  • Analytical cookies: 13 months maximum

Your rights

As a data subject, you have the following rights:

  • Access: obtain a copy of your data (art. 15)
  • Rectification: correct inaccurate data (art. 16)
  • Erasure: request deletion (art. 17, subject to legal obligations)
  • Restriction: restrict certain processing (art. 18)
  • Portability: retrieve your data in a structured format (art. 20)
  • Objection: to marketing processing (art. 21)
  • Consent withdrawal: at any time, without affecting prior processing

To exercise your rights: contact.rplock@gmail.com — response within 1 month maximum.

Cookies

We use:

  • Essential cookies: necessary for cart and authentication (no consent required)
  • Analytical cookies: anonymized audience measurement (Shopify Analytics, Google Analytics)
  • Marketing cookies: Meta Pixel, TikTok Pixel (consent required via banner)

Transfers outside EU

Some data may be processed by our service providers outside the EU (Shopify, Meta) as part of their services. These transfers are governed by the Standard Contractual Clauses adopted by the European Commission.

Complaints

You may lodge a complaint with your local data protection authority (CNIL in France, ICO in UK, FTC in US) if you consider that the processing of your data violates GDPR.