Privacy Policy — GDPR

1. Data controller

The controller of the data collected on lepetitchr.fr is Le Petit CHR — SIRET 928 601 657 00010, reachable at contact@lepetitchr.com.

2. Data collected

We collect:

Identity & contact: first name, last name, email, phone number, delivery/billing address, account type (private/professional).
Orders: order history, cart, abandoned carts, promo codes used.
Payment: Stripe/PayPal transactions (card numbers are never stored on our side).
Browsing: pages visited, time spent, device, approximate city (anonymised analytics cookies, after consent).
Messages: content of the contact form submissions and chatbot conversations.

3. Purposes

Your data is used exclusively to:

Process and deliver your orders
Provide you with efficient customer support
Issue invoices and meet our accounting/tax obligations
Improve the site (anonymous statistics)
Send you transactional information (order tracking, requested quote)

We never sell, rent or trade your data with commercial third parties.

4. Recipients

Your data is only shared with:

Stripe and PayPal for payments (PCI DSS level 1).
Vercel for hosting the site.
Supabase for the database (EU hosting).
Partner manufacturers (Hendi, Combisteel, AFI, Sofraca) — only the delivery address for your order (direct shipping).
Hostinger for the email messaging service.
Sentry for error monitoring (no personal data).

5. Retention period

Customer account: as long as the account is active, deleted on request
Orders & invoices: 10 years (legal accounting obligation)
Abandoned carts: 30 days, then purged
Analytics cookies: 13 months maximum
Contact messages: 3 years after the last exchange

6. Your rights

Under the GDPR, you have the following rights:

Access to your personal data
Rectification of inaccurate data
Erasure (right to be forgotten)
Restriction of processing
Portability of your data in a reusable format
Objection to processing for legitimate reasons
Withdrawal of consent at any time for consent-based processing

To exercise these rights, write to contact@lepetitchr.com or use the contact form. We reply within 30 days maximum.

You may also lodge a complaint with the French data protection authority, the CNIL (cnil.fr).

7. Security

The site runs over HTTPS (encrypted TLS) on every page. Passwords are stored as bcrypt hashes. Payments are processed by Stripe and PayPal and never touch our servers.

8. Cookies

We use three types of cookies:

Technical cookies (mandatory): cart, session, language preferences. No consent required.
Analytics cookies: anonymised traffic and page-view measurement. Activated only after your consent via the cookie banner.
Third-party payment cookies: required by Stripe and PayPal at the time of payment. Activated only at that point.

9. Updates

This privacy policy may be updated to reflect legal or technical changes. The last-updated date at the top of the page reflects the version in force.

2. Data collected

We collect:

Identity & contact: first name, last name, email, phone number, delivery/billing address, account type (private/professional).

Orders: order history, cart, abandoned carts, promo codes used.

Payment: Stripe/PayPal transactions (card numbers are never stored on our side).

Browsing: pages visited, time spent, device, approximate city (anonymised analytics cookies, after consent).

Messages: content of the contact form submissions and chatbot conversations.

3. Purposes

Your data is used exclusively to:

Process and deliver your orders

Provide you with efficient customer support

Issue invoices and meet our accounting/tax obligations

Improve the site (anonymous statistics)

Send you transactional information (order tracking, requested quote)

We never sell, rent or trade your data with commercial third parties.

4. Recipients

Your data is only shared with:

Stripe and PayPal for payments (PCI DSS level 1).

Vercel for hosting the site.

Supabase for the database (EU hosting).

Partner manufacturers (Hendi, Combisteel, AFI, Sofraca) — only the delivery address for your order (direct shipping).

Hostinger for the email messaging service.

Sentry for error monitoring (no personal data).

6. Your rights

Under the GDPR, you have the following rights:

Access to your personal data

Rectification of inaccurate data

Erasure (right to be forgotten)

Restriction of processing

Portability of your data in a reusable format

Objection to processing for legitimate reasons

Withdrawal of consent at any time for consent-based processing

To exercise these rights, write to contact@lepetitchr.com or use the contact form. We reply within 30 days maximum.

You may also lodge a complaint with the French data protection authority, the CNIL (cnil.fr).

8. Cookies

We use three types of cookies:

Technical cookies (mandatory): cart, session, language preferences. No consent required.

Analytics cookies: anonymised traffic and page-view measurement. Activated only after your consent via the cookie banner.

Third-party payment cookies: required by Stripe and PayPal at the time of payment. Activated only at that point.