Privacy Policy

Non-Slip Shower Mat places particular importance on protecting your personal data. This Privacy Policy describes how we collect, use, store, and protect the personal information of visitors and customers of the Non-Slip Shower Mat website, in accordance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act (Loi Informatique et Libertés).

1. Data controller

The data controller is the company ABCOMMERCE – SASU, registered office at 14 Allée Campferran, 31320 Auzeville-Tolosane. As the controller, we determine the purposes and means of processing the data.

2. Data collected

We collect different categories of personal data when you use our site:

  • Identity and contact details: last name, first name(s), billing and delivery address, phone number, email address (provided when creating an account, placing an order, or contacting us).
  • Account information: login details, password (encrypted), order history.
  • Financial information: payment details (partial bank card number, expiry date, etc.) processed by our providers. We do not store full banking details.
  • Transaction information: items purchased, purchase date, amounts, delivery preferences.
  • Communications: correspondence with our customer service (emails, contact forms, chat).
  • Connection and usage data: IP address, cookie identifiers, browser type, operating system, pages visited and time spent, source (referring site).
  • (Limited) geolocation data: approximate location via IP address to estimate the delivery area. No precise GPS geolocation is collected without explicit consent.

We may also process certain sensitive data only if you voluntarily provide it to us (for example, health data as part of preventive Covid information). In all cases, we limit collection to what is strictly necessary.

3. Purposes of processing

Your data is processed for the following purposes:

  • Order fulfilment: processing orders and payments, managing deliveries, order tracking, returns and refunds.
  • Customer service: handling customer requests and complaints (via email, phone, chat), improving support.
  • Customer account: creating and managing your account, secure authentication, saving your preferences and history.
  • Marketing and promotions: sending promotional or informational emails (newsletter) subject to your prior consent or our legitimate interest. You can unsubscribe at any time via the link included in each email.
  • Website improvement: analysing site usage (navigation assistance, pages viewed) and testing new features to optimise the user experience.
  • Security and prevention: securing payments, detecting and preventing fraud and abuse (for example, detecting unusual activity on an account).
  • Legal obligations: retaining data to meet accounting and tax requirements (10-year retention of invoices) and legal requests from public authorities (anti-fraud, court requests).
  • Communication: sending transactional information (order confirmation, invoices, delivery notices) necessary to perform the contract.

4. Legal basis for processing

The processing carried out is based on one of the following legal bases:

  • Performance of a contract (Article 6(1)(b) GDPR) for managing orders (payment, delivery, invoicing) and the customer account.
  • Legal obligations (Article 6(1)(c) GDPR) for retaining accounting and tax data.
  • Explicit consent (Articles 6(1)(a) and 9(2)(a) GDPR) for sending marketing offers by email, using marketing cookies, or subscribing to newsletters.
  • Legitimate interest (Article 6(1)(f) GDPR) for fraud prevention, service security, and website improvement (for example, traffic analysis via Google Analytics or equivalent).

You may withdraw your consent at any time for purposes that rely on it (in particular by unsubscribing from newsletters). This withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

5. Data recipients

The data collected may be shared, strictly as necessary, with the following recipients:

  • Authorised staff of ABCOMMERCE (customer service, accounting, marketing, IT) involved in processing your order.
  • Service providers (processors): hosting provider (Shopify), payment solutions (Stripe, PayPal), transport and logistics services, CRM and messaging, web analytics tools (Google Analytics, Facebook Pixel, etc.), direct marketing and newsletter services, technical support providers.
  • Logistics partners and suppliers (for order fulfilment, including dropshipping orders); these third parties process your data on our behalf and are contractually required to ensure its security.
  • Official bodies and legal authorities (DGCCRF, tax authorities, courts, police) in the event of a legal or judicial request.

In particular, please note that data required for shipping parcels may be transferred abroad for international delivery (carriers such as DHL, FedEx, or others, which may have subsidiaries outside the EU). In such cases, we ensure that we enter into data protection clauses equivalent to the European Commission’s Standard Contractual Clauses.

6. International transfers

Some providers (hosting, marketing tools, payment services, logistics platforms) may be located outside the European Union. In that case, we ensure that appropriate safeguards govern the transfer (for example, standard contractual clauses or adequacy decisions). The GDPR requires these transfers to be secured, and we only transfer what is necessary to perform the service.

7. Retention period

Data is retained for as long as necessary for the purposes for which it is collected, subject to statutory retention periods. For example:

  • Order and transaction data: retained for 10 years to meet tax obligations (invoice retention). During this period, it may be used only for after-sales service operations or accounting verification.
  • Customer account data: retained for the duration of the account’s existence and for 3 years after the last activity, unless otherwise required by law.
  • Logs and connection data: retained for up to 13 months maximum, for security and abuse prevention (legal retention period for technical logs).
  • Marketing data: retained until consent is withdrawn, or at the latest 3 years after opt-in (in line with CNIL recommendations for marketing solicitations). If you stop responding or unsubscribe, we will delete this marketing data sooner.
  • Marketing cookies and trackers: retained according to their nature (generally from a few months up to 24 months). Session cookies are deleted when the browser is closed.

8. Your rights

In accordance with European and French law (GDPR, French Data Protection Act), you have the following rights:

  • Right of access: you can obtain confirmation as to whether or not we process data about you and, if so, access that data.
  • Right to rectification: you can request the correction of inaccurate or incomplete data about you.
  • Right to erasure: you can request the deletion of your data, within legal limits (in particular if the data is no longer necessary for the purposes or if you withdraw your consent).
  • Right to restriction: you can request that the processing of your data be restricted in certain cases (for example, while accuracy is being verified or if you object to processing).
  • Right to data portability: if processing is based on your consent or on the performance of a contract, you can receive your data in a machine-readable format and transmit it to another controller.
  • Right to object: you can object at any time to the processing of your data on legitimate grounds (except where processing is necessary for the performance of a contract or a legal obligation). You can also object, without giving reasons, to direct marketing (advertising by email, SMS, post).
  • Right to withdraw your consent (where processing is based on that consent). Withdrawal does not affect the lawfulness of past processing.
  • Right to set post-mortem instructions (optional) regarding what happens to your data after your death.

To exercise your rights, you can:

  • Go to your personal account area (if applicable) to update or delete certain data yourself.
  • Contact us at contact@shower-mat-non-slip.com, specifying the right you wish to exercise. We will respond as soon as possible, and no later than one month (this period may be extended by an additional two months in cases of complexity or a high number of requests).

For security reasons, we may ask you for proof of identity to verify that you are the data subject. You also have the right to appoint an authorised representative to exercise these rights on your behalf (we will request proof of authorisation). If you reside in the European Economic Area or the United Kingdom, you may also lodge a complaint with the supervisory authority (CNIL in France) if you believe your rights are not being respected.

9. Cookies

We use cookies and trackers on the site to operate and analyse audience:

  • Strictly necessary cookies: to secure the site, keep the cart, maintain the session.
  • Performance and measurement cookies: to compile anonymous statistics on visits and on-site behaviour (for example, Google Analytics). This data helps us improve the site.
  • Targeting/advertising cookies: to display relevant online ads (for example via Facebook Pixel). They collect information about your browsing in order to offer personalised ads. These cookies are only set with your explicit consent.
  • Social media cookies: if you interact with plugins (Facebook, Instagram, Pinterest, etc.), these networks may set their own cookies to enable their features to work.

You can configure your cookie preferences at any time via a banner or through your browser settings (see the Help section for “cookies”). Refusing certain cookies may prevent the use of certain site features.

10. Security

We take appropriate technical and organisational measures to ensure the security, confidentiality, and integrity of your data (encryption, securing internal access, firewalls, etc.). However, as no system is infallible, in the event of a security breach we undertake to notify the CNIL and the individuals concerned in accordance with legal obligations. We also recommend choosing a strong password and not sharing it with anyone.

11. Minors

The site is not intended for minors. We do not knowingly accept registrations from minors on our site. If we discover that a child has provided their data, we will delete their information as soon as possible.

12. Changes to the policy

We may update this Privacy Policy to reflect changes in the law or in our processing activities. The version in force is the one published on the site under the “Privacy Policy” section. In the event of a material change, we will notify the change on the site or by email before the new version is implemented.