Privacy policy
The privacy policy informs Users of the present site of the way in which personal data concerning them is collected and processed, in accordance with law n°78-17 of January 6, 1978 as amended and regulation n°2016-679 of April 27, 2016.
Article 1. Definitions
Words beginning with a capital letter meet the following definitions:
Data controller : LACLAYE, SAS with capital of €15,000, registered in the LYON Trade and Companies Register under number 984 082 800, and whose registered office is located at 9 rue d'Enghien 69002 LYON.
Site: Internet site published by the Data Controller.
Services: all services offered by the Data Controller.
User, “You”: any person accessing and browsing the Site.
Article 2. Processing of personal data
Browsing the Site
When browsing the Site, the Data Controller may automatically collect technical data about your equipment, your browsing actions and patterns, in particular through the use of cookies. Please consult the cookies policy below for more details on the purpose of data processing and retention periods, as well as on your rights.
Contact form
When you send a request via the contact form, the Data Controller collects your name and e-mail address, as well as any information you may include in your message. Please do not include any sensitive information in your message.
The legal basis for processing is the Data Controller's legitimate interest.
Data communicated in the context of a contact request will be kept for three (3) years from the closing of the request. If the contact leads to the conclusion of a contract, the data is kept for the duration of the contract and for the periods required to meet legal and regulatory obligations.
Newsletter subscription
When you subscribe to our e-mail newsletter, you agree to receive promotional and advertising information by e-mail. To this end, you provide your e-mail address.
The legal basis for this processing is consent. You may withdraw your consent at any time by clicking on the unsubscribe link in each e-mail.
The Data Controller may send you commercial communications by e-mail relating to products and services similar to those already provided.
The legal basis for this processing is the Data Controller's legitimate interest. You may opt out of receiving these communications at any time by clicking on the unsubscribe link in each e-mail.
Your e-mail address is kept until you unsubscribe or for three (3) years from the last contact between you and the Data Controller (e.g. a click on an element in an e-mail). Before deleting your address from the database, the Data Controller may contact you to ask whether you wish to maintain your subscription to the newsletter.
Users who have accepted the communication of personal data (and in particular their e-mail address) to third-party partners of the present site by checking the box provided for this purpose, may receive newsletters issued by these partners, whether commercial or not, at the frequencies and in the forms determined by the said partners.
The user may unsubscribe at any time by clicking on the link provided for this purpose on each newsletter issued by said partners. Alternatively, the user may unsubscribe by contacting the sender(s) of said newsletters directly. The editor of the present website cannot be held responsible for the content, data or form of newsletters sent by the aforementioned partners, whatever the prejudice suffered by the user. All claims must be made directly to the newsletter sender.
Customer account creation
The creation of a user account is a prerequisite for any order. To this end, the User will be asked to provide a certain amount of personal information. The User undertakes to provide accurate information, failing which the Order will be cancelled at the initiative of the Data Controller and the User's account will be deleted.
Certain information will be deemed essential for the conclusion of the contract, and its collection will be indispensable for the creation of the account and the validation of the conclusion of the contract in accordance with the terms of the General Terms and Conditions of Sale.
The personal data collected when a customer account is created are: surname, first name, e-mail address. The password chosen by the user is encrypted.
Customer account data is kept for two (2) years after your last connection to your customer account. After this period, before permanently deleting your data, the Data Controller will send you an e-mail offering you the option of keeping your customer account or deleting it.
Order processing
When you place an order, you will be asked to provide a certain amount of personal data required to process your order (invoice management, delivery and payment, tracking): surname; first name; postal address; e-mail address; telephone number for delivery; proof of identity for age checks.
This information is intended solely for the Data Controller, who may pass it on to partners, notably logistics partners, for the sole purpose of processing the order.
The legal basis for this data processing is the execution of the contract concluded when the online order is placed.
The following retention periods are applied to personal data collected when orders are placed on the site:
Pending, failed or cancelled orders: 6 months
Completed orders: 2 years in active database, then 3 years in intermediate archive
Invoices: 10 years in intermediate storage
Identification documents: 6 years maximum
Customer reviews
When you send a review of a product after purchase, the Data Controller collects your name and e-mail address, as well as any other information you may include in your message. Please do not include any sensitive information in your message.
The Data Controller publishes your review anonymously or with only your first name and the initial of your last name.
The legal basis for processing is consent. You may withdraw your consent at any time by sending an e-mail requesting the withdrawal of the notice, to the contact details indicated in article 6.
The data communicated in the context of a customer review is kept for three (3) years from the time the review is posted on the site.
Article 3. Recipients of data
The Data Controller may share your data with the following categories of recipients:
Internal personnel authorized to perform their duties and functions
Payment service providers, verification of identity and bank details, delivery, newsletter dispatch
Business partners if the User has given his consent
Subcontractors providing services for the exercise of its activity. The Data Controller requires all third-party service providers to respect the security of personal data and to process it in compliance with the law, solely for specific purposes in line with the Data Controller's instructions and under no circumstances for their own purposes.
Advisors bound by professional secrecy (legal, accounting, banking, insurance).
Third parties at the request of a public or administrative authority, or to comply with the requirements of the law or legal proceedings, or to defend its interests in court.
Article 4. Transfer of data outside the European Union
The Data Controller may share your data with service providers who may be located outside the European Economic Area (EEA).
In such circumstances, the Data Controller guarantees that your data is transferred to countries whose level of personal data protection has been deemed adequate by the European Commission or, if this is not the case, that it takes appropriate safeguards to ensure a secure transfer of your data, such as signing standard contractual clauses approved by the European Commission with the party receiving the data.
Article 5. Data security
The Data Controller takes appropriate technical and organizational measures to prevent disclosure of data, deterioration of data or access to data by unauthorized third parties.
When you transmit credit card information for payment, SSL encryption technology secures your transactions.
Article 6. Rights and how to exercise them
The User has the following rights:
Right of access to data: the User may obtain confirmation that his/her data is being processed, and if so, access to his/her data and information on the circumstances of the processing;
Right of rectification of data: the User may obtain from the Data Controller the rectification of his/her data if it is inaccurate or incomplete, as soon as possible;
Right to restrict processing: the User may request the Data Controller to restrict the processing of his/her data (i.e. to freeze data without using it, but without deleting it);
Right to object to processing: the User may object at any time to the processing of his/her data by the Data Controller, unless there are compelling legitimate grounds for doing so;
Right to withdraw consent at any time (e.g. to unsubscribe from the newsletter);
Right to data portability: the User may receive data that the Data Controller processes automatically and that has been provided on the basis of a contract or consent, and pass it on to another Data Controller;
Right to communicate instructions concerning the fate of data after death.
The User may exercise these rights by sending a request:
By e-mail to the following address: contact@laclaye.com
By post: 9 Rue d'Enghien 69002 LYON
Your request will be processed within one month of receipt. If we have any doubts about your identity, we reserve the right to request proof of identity from you. A copy of the proof of identity will be kept for one year. Other data relating to the processing of your request (title, surname, first names, nature of the request, response given) will be kept for 3 years.
The Data Controller undertakes to respect your instructions regarding the retention, deletion and communication of your personal data after your death. In the absence of a directive from you, the Data Controller will comply with requests from your heirs as set out in the applicable provisions of the French Data Protection Act.
If you consider that your personal data or your requests to exercise rights relating to your personal data are not being processed in accordance with the legal provisions by the Data Controller, you have the right to lodge a complaint with the CNIL, at the following address: CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07.
Article 7. Updates
The present policy may be updated at any time, in particular in the event of the implementation of new data processing, in application of legal and/or regulatory provisions and/or any recommendations made by the CNIL. We therefore invite you to consult the latest version of this page before browsing.
Article 8. Cookie management policy
The Data Controller uses cookies. A “cookie” is a small text file containing information specific to the user of the Site. It is stored on the user's hard disk and can only be read by the server that issued it.
For example, cookies help us to remember your user name the next time you visit, to understand how you interact with our content and to improve it on the basis of the information gathered.
Some cookies are essential to the operation of the site. Other cookies are optional. Your consent is required for them to be stored on your browser.
You can set your browser to block all cookies, but blocking essential cookies may prevent the site from working properly.
You can also delete cookies stored on your computer, by going to the appropriate menu in your browser (generally, Tools or Options / Privacy or Confidentiality). Such action has no effect on your browsing on the present site, but causes the user to lose all the benefits provided by the cookie. In this case, you will have to re-enter all your personal data.
No non-essential cookie is deposited on your browser when you access the Site. A pop-up window opens to allow you to express your choices. You can accept all cookies, continue without accepting them or adjust your choices by accessing the details of each cookie deposited. You can modify your choices at any time, or withdraw your consent by going to the interface via the dedicated link or widget.
Here is the list of cookies on our site, for use with Shopify. More information is available at https://www.shopify.com/fr/legal/cookies.
Cookies required for store operation
|
Nom |
Catégorie de cookie et finalité |
Durée de conservation |
|
_ab |
Utilisation liée au contrôle de l’affichage de la barre de l’interface administrateur sur la boutique en ligne. |
1 an |
|
_abv |
Maintient l’état réduit de la barre de l’interface administrateur. |
1 an |
|
_checkout_queue_token |
Utilisation liée à un cas de file d’attente au cours du processus de paiement. |
1 an |
|
_cmp_a |
Utilisation liée à la gestion des paramètres de confidentialité des clients. |
1 jour |
|
_identity_session |
Contient l’identifiant de session de l’utilisateur. |
2 ans |
|
_master_udr |
Identifiant permanent de l’appareil. |
Durée de la session |
|
_pay_session |
Le cookie de session Rails pour Shopify Pay |
Durée de la session |
|
_secure_account_session_id |
Utilisation pour suivre la session d’un client pour les nouveaux comptes clients |
30 jours |
|
_session_id |
Utilisation liée à la fourniture de rapports et d’analyses. |
2 ans |
|
_shopify_country |
Utilisation pour les boutiques Plus où la devise et le pays de tarification sont établis à partir du GeoIP, ce qui permet d’éviter les recherches de GeoIP après la première requête. |
30 minutes |
|
_shopify_essential |
Contient des informations essentielles au bon fonctionnement d’une boutique, telles que les informations relatives à la session et au paiement, ainsi que des données anti-fraude. |
1 an |
|
_storefront_u |
Utilisation liée à la mise à jour des informations sur les comptes clients. |
1 minute |
|
_tracking_consent |
Utilisation liée au stockage des préférences utilisateur paramétrées par un marchand selon les règles de confidentialité de la région du visiteur. |
1 an |
|
auth_state_<> |
Stockage d’un état pour l'authentification du client. |
25 minutes |
|
card_update_verification_id |
Utilisation liée à la vérification lorsqu’un acheteur est redirigé vers Shopify après avoir effectué le paiement avec 3D Secure. |
20 minutes |
|
cart |
Contient des informations relatives au panier de l’utilisateur. |
2 semaines |
|
cart_currency |
Utilisation une fois la commande finalisée pour générer un nouveau panier vide avec la même devise que celui qui vient d’être utilisé. |
2 semaines |
|
cart_sig |
Un hash des contenus d’un panier. Il est utilisé pour vérifier l’intégrité du panier et garantir la performance de certaines opérations du panier. |
2 semaines |
|
cart_ts |
Utilisation liée au paiement. |
2 semaines |
|
cart_ver |
Mise en place à chaque fois qu’un panier est mis à jour et utilisé pour suivre les différences de version du panier. |
2 semaines |
|
checkout |
Utilisation liée au paiement. |
21 jours |
|
checkout_one_remember_me |
Utilisation liée au pré-remplissage des données de paiement avec les données du paiement précédent. |
1 an |
|
checkout_prefill |
Cryptage et stockage des paramètres d’URL contenant des données à caractère personnel, utilisés dans les URL de permaliens des paniers. |
5 minutes |
|
checkout_session_lookup |
Utilisation liée au paiement. |
3 semaines |
|
checkout_session_token_<> |
Utilisation liée à l’enregistrement d’une session de paiement sur le serveur. |
3 semaines |
|
checkout_token |
Saisie de la page de destination du visiteur lorsque celui-ci vient d’autres sites. |
Durée de la session |
|
customer_account_locale |
Utilisation liée au suivi des paramètres régionaux d’un compte client lorsqu’une redirection survient depuis le paiement ou la boutique en ligne vers un compte client. |
1 an |
|
customer_payment_method |
Stockage du moyen de paiement mis à jour pour les abonnements. |
1 heure |
|
customer_shop_pay_agreement |
Utilisation liée à la vérification d’un nouvel instrument de paiement Shop Pay. |
20 minutes |
|
device_fp_id |
Identifiant d’empreinte digitale de l’appareil pour aider à prévenir la fraude. |
Durée de la session |
|
device_id |
Identifiant de session de l’appareil pour aider à prévenir la fraude. |
Durée de la session |
|
discount_code |
Stockage d’un code de réduction (reçu d’une visite d’une boutique en ligne avec un paramètre d’URL) dans une commande, pour être utilisé lors du prochain paiement. |
Durée de la session |
|
dynamic_checkout_shown_on_cart |
Ajustement de l’expérience de paiement pour les acheteurs qui procèdent à un paiement normal plutôt qu’à un paiement dynamique. |
30 minutes |
|
hide_shopify_pay_for_checkout |
Mise en place lorsqu’un acheteur rejette la fenêtre modale de connexion à Shop Pay pendant le paiement, informant l’acheteur via l’affichage. |
Durée de la session |
|
keep_alive |
Utilisation lorsque la redirection de domaine international est activée pour déterminer si une requête correspond à la première d’une session. |
Durée de la session |
|
locale_bar_accepted |
Maintient si la fenêtre modale de l’application de géolocalisation a été acceptée. |
Durée de la session |
|
locale_bar_dismissed |
Maintient si la fenêtre modale de l’application de géolocalisation a été refusée. |
1 jour |
|
localization |
Utilisation liée à la localisation du panier dans le bon pays. |
2 semaines |
|
logged_in |
Indice d’identité de connexion. |
12 semaines |
|
login_with_shop_finalize |
Utilisation liée à la connexion avec Shop. |
5 minutes |
|
master_device_id |
Identifiant permanent de l’appareil. |
1 an |
|
order |
Utilisation liée à l’accès aux données de la page contenant les informations de commande de l’acheteur. |
3 semaines |
|
pay_update_intent_id |
Stockage d’un ID d’une tentative de mise à jour d’un accord de facturation Shop Pay, nécessaire pour un rappel après la vérification d’un nouvel instrument de paiement Shop Pay. |
20 minutes |
|
preview_theme |
Utilisation liée à la prévisualisation d’un thème. |
Durée de la session |
|
previous_checkout_token |
Utilisation liée au pré-remplissage des données de paiement avec les données du paiement précédent. |
1 an |
|
previous_step |
Utilisation liée au paiement. |
1 an |
|
profile_preview_token |
Utilisation visant à prévisualiser Checkout Extensibility. |
5 minutes |
|
receive-cookie-deprecation |
Cookie spécifié par Google pour identifier certains navigateurs Chrome affectés par la dépréciation des cookies tiers. Vous pouvez en savoir plus sur ce cookie en cliquant ici. |
Durée de la session |
|
remember_me |
Utilisation liée au pré-remplissage des données de paiement avec les données du paiement précédent. |
1 an |
|
secure_customer_sig |
Utilisation liée à l’identification d’un utilisateur(-trice) après son inscription dans une boutique en tant que client(e), afin de ne pas l’obliger à se connecter de nouveau. |
1 an |
|
shop_pay_accelerated |
Signalement d’un acheteur pouvant bénéficier d’un paiement accéléré Shop Pay. |
1 an |
|
shopify-editor-unconfirmed-settings |
Stockage des changements qu’un marchand effectue dans l’éditeur pour mettre à jour l’aperçu. |
16 heures |
|
shopify_pay |
Utilisation liée à la connexion d’un acheteur à Shop Pay lorsqu’il revient pour effectuer le paiement dans la même boutique. |
1 an |
|
shopify_pay_redirect |
Utilisation liée à l’accélération du processus de paiement lorsque l’acheteur dispose d’un compte Shop Pay. |
1 an |
|
storefront_digest |
Stockage condensé du mot de passe de la boutique en ligne, afin de permettre aux marchands d’obtenir un aperçu de leur boutique en ligne protégée par un mot de passe. |
1 an |
|
tracked_start_checkout |
Utilisation liée au paiement. |
1 an |
|
user |
Utilisation liée aux identifiants Shop. |
1 an |
|
user_cross_site |
Utilisation liée aux identifiants Shop. |
1 an |
|
wpm-domain-test |
Utilisation liée au test de Web Pixel Manager de Shopify avec le domaine afin de veiller à ce que tout fonctionne correctement. |
Durée de la session |
Cookies nécessaires à l’établissement de rapports et à l’analyse de données
|
Nom du Cookie |
Catégorie de Cookie et finalité |
Durée de conservation |
|
_landing_page |
Saisie de la page de destination du visiteur lorsque celui-ci vient d’autres sites. |
2 semaines |
|
_orig_referrer |
Permet au marchand d’identifier l’origine des visiteurs. |
2 semaines |
|
_shopify_ga |
Contient les paramètres de Google Analytics qui permettent le bon fonctionnement des mesures d’analyse inter-domaines. |
Durée de la session |
|
_shopify_s |
Utilisation liée à l’identification d’une combinaison de session de navigation et d’une boutique déterminée. La durée est de 30 minutes à compter de la dernière utilisation. |
30 minutes |
|
_shopify_sa_p |
Saisie de la page de destination du visiteur lorsque celui-ci vient d’autres sites afin de faciliter l’analyse de données marketing. |
30 minutes |
|
_shopify_sa_t |
Saisie de la page de destination du visiteur lorsque celui-ci vient d’autres sites afin de faciliter l’analyse de données marketing. |
30 minutes |
|
_shopify_y |
Analyses de données fournies par Shopify. |
1 an |
|
checkout_one_experiment |
Utilisation lorsqu’un paiement remplit les conditions requises de Checkout One et qu’il a été confié à une expérience (groupe de contrôle ou groupe d’essai). |
Durée de la session |
|
shop_analytics |
Contient les informations nécessaires sur l’acheteur pour l’analyse de données dans Shop. |
1 an |
|
unique_interaction_id |
Utilisation liée aux mesures de paiement. |
10 minutes |
Mise à jour : 20/01/2025
***********