Privacy Policy
This privacy policy describes how Maison Lumée collects, uses, and protects the personal data of visitors and customers, in accordance with the GDPR and the French Data Protection Act.
1. Data Controller
- MIATH Lorys, sole proprietor
- 15 rue Chico Mendes, 27200 Vernon, France
- contactmaisonlumee@gmail.com
2. Data Collected
- When placing an order: name, first name, postal address, email, phone number, payment information (processed by our secure provider, never stored by us)
- When subscribing to the newsletter: email address
- When browsing: connection data, cookies, browsing statistics
- When contacting us: name, email, message content
3. Purposes of Processing
- Process and ship your orders
- Manage customer relations (after-sales service, returns)
- Send you our newsletter, if you have consented
- Improve our website and services
- Comply with our legal and accounting obligations
4. Legal Basis for Processing
- Performance of the sales contract (order processing, delivery)
- Your consent (newsletter, non-essential cookies)
- Legitimate interest (service improvement, security)
- Legal obligations (invoicing, accounting)
5. Data Recipients
Your data may be transmitted to necessary service providers: Shopify (hosting), payment provider, carrier. These providers are bound by confidentiality and security obligations.
6. Retention Period
- Order and customer relationship data: duration necessary for management
- Newsletter data: 3 years from the last contact
- Accounting documents and invoices: 10 years (legal obligation)
7. Your Rights
In accordance with the GDPR, you have the following rights: access, rectification, erasure, restriction of processing, data portability, opposition, withdrawal of consent at any time.
To exercise these rights: contactmaisonlumee@gmail.com
You can also lodge a complaint with the CNIL: www.cnil.fr
8. Cookies
The site uses cookies strictly necessary for its operation (cart, connection) and, where applicable, audience measurement cookies. You can configure your browser to refuse non-essential cookies.
9. Security
We implement reasonable technical and organizational measures to protect your data. Payments are processed via a platform compliant with PCI-DSS standards.
10. Transfers Outside the European Union
Some technical service providers may be located outside the EU. In this case, appropriate safeguards govern these transfers (standard contractual clauses of the European Commission).
Last updated: July 2026