Privacy policy (GDPR)
Last updated: 6 juillet 2026
This policy complies with Regulation (EU) 2016/679 (GDPR) and French Law No. 78-17 of 6 January 1978 on information technology, data files and civil liberties (the “Informatique et Libertés” Act). The competent supervisory authority is the CNIL.
1. Data controller
COOLFRANCE
473 Rue Louis Delaunay, 66000 Perpignan
info@cool-france.com
04 43 10 15 31
2. Data processed
- Contact data: name, email, phone, delivery address
- Order data: products, amount, date, payment method
- Technical data: IP address, browser type, cookies (with consent)
- Marketing data: only with explicit opt-in consent
3. Legal bases (Art. 6 GDPR)
- Art. 6(1)(b) — contract performance (order processing)
- Art. 6(1)(c) — legal obligations (accounting, tax)
- Art. 6(1)(a) — consent (cookies, marketing)
- Art. 6(1)(f) — legitimate interest (security, fraud prevention)
4. Retention period
- Order and invoicing data: 10 years (Art. L123-22 French Commercial Code)
- Marketing data: until consent is withdrawn
- Cookie consent: max. 13 months (CNIL recommendation)
- Server logs: max. 12 months
5. Data transfers
We only share data where necessary to fulfil orders: payment providers, carriers, accounting. Transfers outside the EU/EEA use Standard Contractual Clauses (SCC) under Art. 46 GDPR.
6. Your rights
Pursuant to Articles 15 to 22 GDPR and the Informatique et Libertés Act, you have the right to:
- Access (Art. 15)
- Rectification (Art. 16)
- Erasure (Art. 17)
- Restriction (Art. 18)
- Portability (Art. 20)
- Objection (Art. 21)
- Withdraw consent (Art. 7(3))
- Lodge a complaint with the CNIL (www.cnil.fr)
Supervisory authority: CNIL — Commission nationale de l'informatique et des libertés
info@cool-france.com
7. Cookies
Details in our Cookie policy. Necessary cookies do not require consent; analytics and marketing cookies are set only after your consent (Art. 82 of the Informatique et Libertés Act). Cookie policy
8. Security
We apply TLS encryption, access controls and regular security audits in accordance with Art. 32 GDPR.