In accordance with the General Data Protection Regulation (GDPR — EU 2016/679) and applicable data protection law.
1. Data Controller
Société AEBB
10 rue de Penthièvre, 75008 Paris
Email: contact@cookarium.com
2. Data Collected
| Category | Data | Purpose |
|---|---|---|
| Identity | First name, last name | Order processing |
| Contact | Email, phone | Communication, order tracking |
| Delivery | Postal address | Product shipping |
| Payment | Transaction data (Stripe) | Secure payment |
| Browsing | IP address, cookies | Security, anonymous statistics |
3. Legal Basis for Processing
- Contract performance: order processing, delivery, after-sales service
- Legal obligation: invoicing, accounting (10-year retention)
- Legitimate interest: website security, fraud prevention
- Consent: newsletter, non-essential cookies
4. Retention Period
| Data | Duration |
|---|---|
| Order data | 10 years (accounting obligation) |
| Customer account data | 3 years after last order |
| Browsing data | 13 months maximum |
| Marketing data | 3 years after last contact |
5. Data Recipients
Your data may be shared with the following processors, strictly within the scope of their services:
- Stripe Inc. — payment processing (policy available at stripe.com)
- Hostinger International Ltd. — website hosting
- Carriers — delivery of your orders
No data is sold or transferred to third parties for commercial purposes.
6. Your Rights
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of your data
- Right of rectification: correct your inaccurate data
- Right to erasure: request deletion of your data
- Right to portability: receive your data in a structured format
- Right to object: object to certain processing activities
- Right to restriction: limit the processing of your data
To exercise your rights: contact@cookarium.com
We will respond within a maximum of 30 days.
You also have the right to lodge a complaint with your national supervisory authority (in the UK: ICO — ico.org.uk).
7. Security
We implement appropriate technical and organisational measures to protect your data against any unauthorised access, modification, disclosure or destruction, including: SSL/TLS encryption, application firewall, restricted data access.
8. Transfers Outside the EU
Some of our processors (including Stripe) may process your data outside the European Union. These transfers are governed by the European Commission’s standard contractual clauses and the adequate protection mechanisms provided by the GDPR.
9. Cookies
Our site uses cookies and trackers. You can manage your preferences at any time via our cookie management banner. For more information, please consult our cookie policy.