PRIVACY POLICY
www.lasmole.com
In force as of April 24, 2026
Notice: this English version is provided for information only. In case of any discrepancy or interpretation dispute, the French version shall prevail. LA SMOLE SASU is a French company governed by French law.
This privacy policy describes how LA SMOLE (hereinafter "we", "our" or "the Company") collects, uses, stores and protects your personal data when you use the website www.lasmole.com (hereinafter the "Site").
We attach particular importance to protecting your privacy and commit to processing your personal data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on data protection (hereinafter "GDPR") and French Act no. 78-17 of 6 January 1978 as amended on information technology, data files and civil liberties.
1. Data controller
LA SMOLE, SASU with share capital of 12,000 €
Registered office: 30 Boulevard de Sébastopol, 75004 Paris, France
RCS Paris: 993 644 301
Represented by Ms. Daravy Ange, President
DPO contact: hello@lasmole.com
2. Personal data collected
We collect the following categories of data:
2.1 Data you provide us directly
- When placing an order: surname, first name, postal address, email address, phone number, delivery and billing addresses.
- When creating an account: surname, first name, email address, password (encrypted).
- When subscribing to the newsletter: email address.
- When contacting us: name, email address, message content.
2.2 Data collected automatically
- Browsing data: IP address, browser type, operating system, pages viewed, visit duration, traffic source.
- Cookies and trackers: session IDs, preferences, analytics data (see section 7).
2.3 Payment data
Banking data (card number, expiry date, security code) is collected and processed exclusively by our payment provider Shopify Payments (operated by Stripe). LA SMOLE never has access to your full banking data and does not store it.
3. Purposes and legal bases of processing
| Purpose | Legal basis | Retention period |
|---|---|---|
| Order management and tracking | Performance of contract (art. 6.1.b GDPR) | 5 years (accounting obligation) |
| Customer account management | Performance of contract (art. 6.1.b GDPR) | 3 years after last purchase |
| Newsletter delivery | Consent (art. 6.1.a GDPR) | Until consent is withdrawn |
| Commercial prospecting (emails) | Legitimate interest for existing customers / Consent for prospects (art. 6.1.a and 6.1.f GDPR) | 3 years after last contact |
| Responding to contact requests | Legitimate interest (art. 6.1.f GDPR) | 3 years after request closure |
| Site improvement and analytics | Consent (art. 6.1.a GDPR) | 25 months (analytics cookies) |
| Returns management and customer service | Performance of contract / Legal obligation | 5 years (civil statute of limitations) |
| Fraud prevention | Legitimate interest (art. 6.1.f GDPR) | 13 months |
4. Data recipients
Your personal data may be shared with the following categories of recipients, strictly to the extent necessary for the purposes described above:
- Hosting provider: Shopify International Limited (Ireland)
- Payment provider: Shopify Payments / Stripe
- Carriers: Mondial Relay, Colissimo (La Poste), Chronopost, FedEx, for the delivery of your orders
- Shipping provider: Sendcloud, for the logistics of shipments
- Emailing tools: Shopify Email / Klaviyo, for newsletter and transactional emails
- Analytics tools: Google Analytics, Meta Pixel, subject to your consent
We do not sell, rent or share your personal data for commercial purposes with any third party other than those mentioned above.
5. Data transfers outside the European Union
Some of our subprocessors (notably Shopify and Stripe) may process your data in countries outside the European Economic Area, including Canada and the United States.
In such cases, appropriate safeguards are put in place in accordance with the GDPR:
- Standard Contractual Clauses approved by the European Commission (art. 46.2.c GDPR);
- Adequacy decision of the European Commission (art. 45 GDPR) where applicable;
- EU-US Data Privacy Framework where applicable.
6. Data security
We implement appropriate technical and organisational measures to ensure the security and confidentiality of your personal data, including:
- SSL/TLS encryption of all exchanges on the Site;
- Secure PCI-DSS certified hosting (via Shopify);
- Access to data restricted to authorised personnel only;
- Encrypted passwords, not stored in clear text.
7. Cookies and trackers
7.1 What is a cookie?
A cookie is a small text file placed on your device (computer, phone, tablet) when you browse the Site. It allows information about your browsing to be stored.
7.2 Cookies used on the Site
| Cookie type | Purpose | Duration | Consent required |
|---|---|---|---|
| Strictly necessary cookies | Site functionality (session, cart, authentication) | Session / 14 days | No |
| Analytics cookies | Audience measurement (Google Analytics) | 25 months | Yes |
| Advertising cookies | Ad personalisation (Meta Pixel) | 13 months | Yes |
7.3 Managing your preferences
On your first visit, a consent banner lets you accept or refuse non-essential cookies. You can change your choices at any time by clicking on the "Cookies" link in the Site footer, or by configuring your browser.
Refusing analytics and advertising cookies does not affect the Site's functionality or your ability to place an order.
8. Your rights
In accordance with the GDPR, you have the following rights regarding your personal data:
| Right | Description | GDPR article |
|---|---|---|
| Access | Obtain confirmation that your data is being processed and receive a copy | Article 15 |
| Rectification | Have inaccurate or incomplete data corrected | Article 16 |
| Erasure | Request deletion of your data (subject to legal retention obligations) | Article 17 |
| Restriction | Temporarily restrict the processing of your data | Article 18 |
| Portability | Receive your data in a structured, machine-readable format | Article 20 |
| Objection | Object to the processing of your data, notably for commercial prospecting purposes | Article 21 |
| Withdrawal of consent | Withdraw your consent at any time for processing based on consent | Article 7.3 |
| Post-mortem directives | Set directives for what happens to your data after death | French Data Protection Act, art. 85 |
To exercise any of these rights, send your request by email to hello@lasmole.com, specifying your name, email address and the right you wish to exercise. A copy of a valid ID may be requested.
We commit to responding to your request within one (1) month of receipt. This period may be extended by two (2) months in case of complex requests.
9. Complaint to the CNIL
If you consider that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the French Data Protection Authority (CNIL):
CNIL
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07, France
www.cnil.fr
10. Protection of minors
The Site is not intended for persons under 16 years of age. We do not knowingly collect personal data from minors. If we become aware of the accidental collection of a minor's data, we will delete it immediately.
11. Changes to the privacy policy
We reserve the right to modify this privacy policy at any time. In case of substantial changes, we will inform you by email or through a notification on the Site. The date of the last update is shown at the top of this document.
We invite you to consult this page regularly to be aware of any changes.
12. Contact
For any question related to this privacy policy or the processing of your personal data, you can contact us:
LA SMOLE
Email: hello@lasmole.com
Address: 30 Boulevard de Sébastopol, 75004 Paris, France