confidentiality

www.ethiluxe.com

PUBLICATION DATE: 28/10/2025

This Privacy Policy (the “Policy”) aims to formalize our commitment to respecting the privacy of users of the website www.ethiluxe.com (the “Site”) operated by Ethiluxe.

The Policy and the Terms and Conditions of the Site form a contractual whole. All capitalized terms not defined herein are defined in the Terms and Conditions of Use available here: www.ethiluxe.com/cgv/.

As part of providing our Site, we process your personal data in accordance with Regulation (EU) 2016/679 of 27 April 2016 (the “GDPR”) and under the conditions described below.

Personal data means any information relating to an identified or identifiable natural person. We collect and process personal data only for the purposes of providing and improving our services and communicating about them, in strict compliance with the GDPR.

We only collect personal data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed. You will never be asked to provide sensitive personal data such as your racial or ethnic origin, political, philosophical, or religious opinions. By using the Site, you consent to the processing of your personal data in accordance with this Policy. If you do not agree with the terms of this Policy, please refrain from using the Site and its Services.

We may collect and store your personal data when you:

• browse our Site;
• contact us via our contact form;
• contact us by phone or via social media;
• place an order on our Site;
• subscribe to our newsletter.

We use your personal data to operate and manage the Site’s Services and to respond to your specific requests. We also use your personal data to improve our Services, the Site, and the user experience. This information is used exclusively by us and helps us better tailor our Services to your needs.

Connection data: Each time you visit our Site, we collect data such as your IP address, the MAC address of your device, connection date and time, and information about your browser.

Navigation data: We also collect information on how you access the Site, which pages you visit, and how long you stay on them. Cookies may be used for this purpose as described in Article 5 below.

To respond to requests you make through our Customer Service, we may use your name, surname, email address, and phone number.

We collect your name, surname, and phone number to handle any request made by phone or through our official social media accounts. We will reply to you via phone or email to address your request, provide after-sales service, or send a quotation.

When placing an order, we collect the data necessary to process and deliver your products:

• Identification data: name, surname, postal address, phone number, email address;
• Order details: order number, product details, amount, discounts, billing and shipping address;
• Payment data: payments are processed securely by certified providers (e.g., Stripe, PayPal, Prestashop Checkout). Ethiluxe never has access to your complete banking information;
• Order history and any correspondence with Customer Service.

This data is required for processing your order, shipping, invoicing, and fraud prevention.

When subscribing to our newsletter, we collect your email address and, where applicable, your first name to personalize messages. This information allows us to send you news, offers, and content related to our products.

The legal basis for this processing is your consent, which you can withdraw at any time by clicking the unsubscribe link included in every email or by contacting us at the address indicated in Article 8.

You can unsubscribe from the newsletter with a single click from any communication received.

We have implemented technical and organizational measures to ensure the security, integrity, and confidentiality of your personal data to prevent alteration, loss, or unauthorized access. These include SSL encryption, secure access to the back office, and monitoring of suspicious login attempts.

However, no security measure is infallible, and we cannot guarantee absolute protection of your data.

You are also responsible for maintaining the confidentiality of your password and login information.

Your personal data may be transmitted to external service providers working on our behalf, such as:

• payment processing (Prestashop Checkout, Stripe, PayPal, etc.);
• delivery of your orders (Colissimo, Mondial Relay, Chronopost, etc.);
• website hosting and technical maintenance;
• customer service or marketing management (CRM, emailing).

All our subcontractors are contractually bound to comply with confidentiality and GDPR requirements.

We may disclose your data to administrative or judicial authorities when required by law or necessary to protect our rights or those of others.

Your personal data is kept only for the time necessary for the purposes for which it was collected:

• Account information: as long as your account is active and up to 3 years after your last activity;
• Order data: 10 years in accordance with accounting and tax obligations;
• Newsletter data: until you unsubscribe or up to 3 years after the last contact;
• Browsing data (cookies): maximum 13 months.

A cookie is a text file that may be stored on a device when accessing an online service via a web browser. A cookie allows its issuer, during its period of validity, to recognize the relevant device each time that device accesses digital content that contains cookies from the same issuer.

In any event, cookies placed on your browser (where applicable with your consent) are deleted no later than 13 months after they are stored on your device.

The cookies we may issue allow us to:

• compile statistics and measure traffic and usage of the various sections and content on our Site (pages visited, navigation paths), in order to improve the interest and ergonomics of the Site and, where applicable, of our products and services;
• adapt the presentation of our Site to your device’s display preferences (language used, display resolution, operating system, etc.) during your visits, according to the hardware and software used by your device;
• remember information entered in a form on our Site (registration or account login) or relating to products, services or information you have selected on our Site (subscribed service, contents of a shopping cart, etc.);
• allow you to access reserved and personal areas of our Site, such as your Account, using identifiers or data you may have previously provided to us, and to implement security measures, for example when you are asked to log in again to content or a service after a certain period of time.

While you browse the Site, social media cookies may also be generated, in particular via sharing buttons. These cookies may collect personal data.

On your first visit to the Site, and only if the Site uses cookies, a cookie banner will appear on the home page. A clickable link will allow you to learn more about the purpose and functioning of cookies and will redirect you to this Policy. Continuing to browse another page of the Site or selecting an element of the Site (for example: image, text, link, etc.) constitutes your acceptance of the deposit of the cookies in question on your device.

You may configure your browser at any time so that cookies are stored on your device, or, on the contrary, so that they are refused (either systematically or depending on the issuer). You can also configure your browser so that you are asked to accept or refuse cookies on a case-by-case basis, before a cookie is stored on your device.

Warning: any configuration may affect your browsing experience on the Internet and your access conditions to certain services that require the use of cookies. We decline any responsibility for the consequences related to the degraded functioning of our services resulting from our inability to store or consult the cookies necessary for their operation that you have refused or deleted. For example, this may be the case if you try to access content or services that require you to log in. This may also be the case if we (or our service providers) are unable to recognize, for technical compatibility purposes, the type of browser used by your device, its language and display settings, or the country from which your device appears to be connecting to the Internet.

Each browser has a different configuration method for managing cookies and your preferences. This is described in your browser’s help menu, which will allow you to understand how to modify your cookie preferences. Below is some information for the main browsers:

Internet Explorer / Edge:

• In Internet Explorer, click the Tools button, then Internet Options.
• Under the General tab, under Browsing history, click Settings.
• Click the View files button.

Firefox:

• Go to the browser’s Tools menu, then select Options.
• In the window that opens, choose Privacy and then click Show Cookies.

Safari:

• Open Preferences from the browser menu (Safari > Preferences).
• Click on Privacy.

Google Chrome:

• Open Settings using the button to the right of the address bar or via the browser menu (Chrome > Preferences).
• Select Advanced Settings.
• Click on Site settings, then Cookies.

For more information about cookies, you can consult the website of the CNIL (the French Data Protection Authority).

In accordance with Articles 15 to 22 of the GDPR, you have the following rights:

• Right of access: obtain confirmation whether data concerning you is being processed and receive a copy;
• Right of rectification: request correction of inaccurate data;
• Right of erasure: request deletion of your data under certain conditions;
• Right to restriction: request temporary suspension of processing;
• Right to object: object at any time to processing based on legitimate interest;
• Right to data portability: receive your data in a structured, machine-readable format;
• Right to withdraw consent at any time where processing is based on consent.

To exercise your rights, contact our Data Protection Officer (see Article 8) and include a copy of your identity document.

We reserve the right to modify this Policy at any time. Updates will be indicated by the publication date at the top of this page. We recommend checking this Policy regularly.

Ethiluxe
Sonia SAIHI (DPO)
3 Rue Charlemagne
75004 Paris, France
E-mail: spam@ethiluxe.com
Tel: +33 7 85 73 54 37

For any questions regarding your personal data or if you wish to delete your account, please contact our Data Protection Officer (DPO) at the address above.

If you believe that your rights have not been respected, you may file a complaint with the French Data Protection Authority (CNIL) via their website: www.cnil.fr or by post: CNIL, 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.