Privacy policy (GDPR)

1. Controller

Publisher: E-Com Shop (SIREN 934 934 308)

Address: 60 rue François 1^er, 75008 PARIS, France

Data protection contact: contact.ecomshopfrance@gmail.com

2. Purposes & legal bases

• Site operation (page delivery, security, fraud prevention) — legitimate interest; strictly necessary cookies only.
• Audience measurement (Google Analytics 4, with Consent Mode v2) — consent (disabled until granted).
• Marketing/affiliation (outbound clicks to Make, UTMs) — consent.
• Technical logging (server/CDN logs) — legitimate interest (diagnostics and security).

3. Data we process

• Technical data: IP address (partial/complete), user-agent, technical fingerprints (depending on consent), request IDs.
• Navigation data: pages viewed, events (CTA clicks, cookie preferences), UTM parameters (source, medium, campaign, content).
• We do not collect “special categories” of data via this site.

4. Cookies & Consent Mode v2

On your first visit, a banner lets you accept or refuse by category. As long as the “Analytics” category is not accepted, GA4 is blocked and Consent Mode signals (analytics_storage, ad_user_data, ad_personalization) are set to denied. You can change your choices at any time using the “Cookies” button displayed on the site.

Categories

• Necessary: functionality & security (e.g., language preference, menu state, consent state). Always on.
• Analytics: GA4 audience measurement (loaded only if you accept).
• Marketing: outbound marketing/affiliate tagging (Make links with UTM), where applicable.

5. Recipients

• Netlify, Inc. (hosting & CDN) — technical access to logs for operations.
• Google Ireland Ltd / Google LLC — Google Analytics 4 (only if “Analytics” is accepted).
• Make.com (Celonis SE group) — only if you click an affiliate link; once on their site, their own policy applies.

6. International transfers

Some recipients are located outside the European Union (e.g., the United States). When required, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and/or valid transfer mechanisms provided by service partners.

7. Retention

• Consent preference: up to 6 months (then renewal).
• Audience measurement (aggregated events): per GA4 settings (typically 2–14 months) — active only if consent is given.
• Technical logs: short, proportionate retention for performance/security troubleshooting.
• UTM & outbound clicks: timestamps and parameters retained for marketing analysis, in aggregate form.

8. Your rights

Under the GDPR you have the rights of access, rectification, erasure, restriction, objection and portability. You may also set post-mortem instructions.

To exercise your rights: contact.ecomshopfrance@gmail.com. We may request proof of identity when we have reasonable doubt.

If you believe, after contacting us, that your rights are not respected, you can lodge a complaint with your supervisory authority (e.g., the CNIL in France).

9. Security

We implement reasonable technical and organizational measures (CSP, HSTS, X-Content-Type-Options, Referrer-Policy, minimal Permissions-Policy). No online service is absolutely secure.

10. Minors

This site targets adult users. If you are a parent/guardian and believe a minor shared data with us, please contact us.

11. External links

Our site contains links to third-party sites (e.g., make.com). We have no control over their content and policies. Please consult them directly.

12. Updates

We may update this policy for legal, technical or operational reasons. The latest update date is shown below.

Last updated: August 30, 2025.