Privacy policy
Privacy policy
At IZIPIZI, the protection of your personal data is a priority.
When you use our website (the "Website") and in the context of managing our contractual relationship with our customers and prospects, we are required to collect personal data about you.
The purpose of this policy is to inform you about how we process this data in compliance with Regulation (EU) 2016/679 of April 27, 2016 (the "GDPR"), and the French Data Protection Act No. 78-17 of January 6, 1978, as amended (together the "Applicable Regulations").
1. Who is the data controller?
When you browse our Website or in the context of managing our contractual relationships, the data controller is IZIPIZI, a simplified joint-stock company (SAS) registered with the Paris Trade and Companies Register (RCS) under No. 524 478 138, with its registered office located at 19 rue de Calais, 75009 Paris ("We" or "Us").
2. What data do we collect?
Personal data is any information that relates to an identified or identifiable individual, either directly or by cross-referencing with other data. We collect personal data falling into the following categories:
- Identification data (last name, first name, email address, postal address, phone number);
- Data relating to your orders and purchases;
- Connection data (connection logs);
- Browsing data (IP address, browsing path, dates and times of visits) — see Cookie Management;
- Economic and financial data (bank details, data relating to your bank cards);
- Location data;
- Any information you choose to provide us when submitting a contact request via our form.
If you visit our website while logged into social networks on your device, data exchanges may occur between IZIPIZI and these social networks. You can prevent these exchanges by logging out of the social networks prior to browsing the IZIPIZI website.
When using the Website, we also collect health data concerning you (for example, regarding diopter levels when purchasing reading glasses). You may withdraw your consent at any time by contacting us at the details provided in the "Contact point for exercising your rights" section.
Mandatory data is indicated as such when you provide your data — typically with an asterisk.
3. Legal basis, purposes & retention
The table below sets out, for each purpose, the legal basis on which we rely and how long we keep your data.
| Purpose | Legal basis | Retention |
|---|---|---|
| Provide our services (creation of your customer account) | Performance of pre-contractual measures and/or performance of the contract. | For the duration of your account. After 3 years of inactivity, your data is deleted in the absence of a response to our reactivation email. Data may be archived for evidentiary purposes for 5 years. |
| Execute orders, manage contracts, deliveries, invoices, product availability alerts, loyalty programs. | Performance of the contract. | Duration of the contractual relationship. Archived 5 years for evidence. Contract data: 10 years from delivery if amount > €120, otherwise 5 years. Bank card data is kept by our payment provider until receipt of goods plus your withdrawal period; CVV2 is not stored. |
| Manage your reviews on our products | Our legitimate interest in collecting your feedback. | 2 years from publication of the review. |
| Build a file of customers and prospects | Our legitimate interest in developing and promoting our business. | Customers: 3 years from last purchase. Prospects: 3 years from last contact. |
| Newsletters, solicitations and promotional messages | Customers: legitimate interest. Prospects: your consent. | 3 years from your last contact or until withdrawal of consent. |
| Respond to information / contact / demonstration requests, satisfaction follow-up. | Performance of pre-contractual measures. | 3 years from your last contact. |
| Comply with legal obligations (fraud, litigation, requests from authorities). | Compliance with our legal obligations. | Invoices: 10 years. Transactions (excluding bank details): 5 years. Contract data: 10 years if > €120. |
| Organize contests and promotional operations | Our legitimate interest. | Duration of the contest, archived 3 years for evidence. |
| Statistics / improve Website (audience cookies) | Your consent. | To be completed. |
| Personalized advertising (advertising cookies) | Your consent. | To be completed. |
| Manage requests to exercise data subject rights | Our legitimate interest. | If proof of identity requested: kept only for the time necessary to verify, then deleted. Marketing objection: 3 years. GDPR right requests: 3 years. |
4. Who are the recipients of your data?
The following parties will have access to your personal data:
- Our company's personnel;
- Our processors: hosting provider, newsletter dispatch provider, audience measurement and analysis provider, email messaging provider, secure payment provider, invoicing tool, cookie management tool;
- Our partners acting as independent data controllers, such as service providers handling the delivery of our products. We disclaim all liability regarding the processing carried out by our partners and invite you to consult their privacy policies;
- Where applicable, public and private bodies, exclusively to comply with our legal obligations.
5. Data transfers outside the EU
Your data is kept and stored on the servers of our hosting provider, located in the European Union. In the context of the tools we use, your data may be transferred outside the European Union, particularly to the United States. The transfer of your data is secured using one of the following mechanisms:
- Transfer to a country covered by an adequacy decision by the European Commission (Article 45 of the GDPR);
- Transfer based on appropriate safeguards under Article 46 of the GDPR (e.g., standard contractual clauses, binding corporate rules, certification mechanism);
- Transfer based on one of the appropriate safeguards described in Chapter V of the GDPR.
However, all data handled for statistical purposes outside the EU is anonymized.
You can obtain a copy of the mechanisms ensuring the transfer of your data by contacting us via the details provided in the "Contact point for exercising your rights" section below.
6. Your rights
You have the following rights regarding your personal data:
- Right to information (Articles 13 and 14 of the GDPR) — this is precisely why we have drafted this policy.
- Right of access (Article 15).
- Right to rectification (Article 16).
- Right to restriction of processing (Article 18).
- Right to erasure ("right to be forgotten", Article 17).
- Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), pursuant to Article 77.
- Right to set guidelines regarding the retention, erasure, and communication of your personal data after your death.
- Right to withdraw your consent at any time (Article 7). This withdrawal will not affect the lawfulness of processing carried out before the withdrawal.
- Right to data portability (Article 20).
- Right to object (Article 21). We may, however, continue processing despite your objection for legitimate grounds or for the defense of legal claims.
You may exercise these rights by writing to us at the contact details below. We may ask you on this occasion to provide additional information or documents to verify your identity.
7. Cookies
To learn more about cookie management, please consult our Cookie Policy.
8. Contact point for exercising your rights
By email: dpo@izipizi.com
By post: 19 rue de Calais, 75009 Paris, France
9. Amendments
We may amend this policy at any time, in particular to comply with any regulatory, jurisprudential, editorial, or technical developments. These changes will apply as of the effective date of the amended version. You are therefore invited to regularly consult the latest version of this policy. Nevertheless, we will keep you informed of any significant changes.