1. Data controller
Mappyness, a sole proprietorship operated by Julien Pinquié, is the controller of personal data collected through this website. Contact us via our contact form (full details in our legal notice).
2. Data we collect
- —Order data: name, email, delivery and billing address, phone (optional), and payment information (processed by Stripe — we never see card details).
- —Technical data: IP address, browser type, pages visited and diagnostic data in case of a technical error, via our host's server logs, our error-monitoring tool and, where applicable, audience-measurement cookies.
- —Communications: messages you send us via the contact form.
The data required to fulfil your order is mandatory: without it, the order cannot be processed. Other information is optional.
3. How we use your data
- —To process and fulfil your orders.
- —To send order confirmations and shipping notifications.
- —To respond to your support enquiries.
- —To improve our website and services (audience measurement, with your consent).
4. Legal basis (GDPR)
We process your data on the basis of: contractual necessity (order fulfilment), legitimate interest (fraud prevention, site security and proper functioning, technical error monitoring), and your consent where applicable (audience-measurement cookies).
5. Data recipients
We share your data only with the providers necessary to fulfil your order and operate the site:
- —Stripe — payment processing;
- —Shopify — order management and tracking;
- —Gelato — printing and preparation of posters;
- —carriers — delivery of your order;
- —Resend — sending transactional emails and handling the contact form;
- —Vercel — website hosting;
- —Sentry — technical error monitoring;
- —Google — address autocomplete in the editor.
We do not sell personal data.
6. International transfers
Some of these providers are located outside the European Union, notably in the United States (Stripe, Shopify, Resend, Vercel, Google). These transfers are governed by appropriate safeguards under the GDPR: the European Commission's Standard Contractual Clauses and/or certification under the EU-US Data Privacy Framework. Gelato is established in the EEA (Norway).
7. Data retention
Data needed to manage the customer relationship is kept for the duration of that relationship. Accounting records and order documents are kept for 10 years, as required by French commercial law. Audience-measurement data is anonymised or deleted after 13 months.
8. Security
We implement appropriate technical and organisational measures to protect your data against loss, alteration or unauthorised access: encrypted connections (HTTPS), restricted access to data, and payment processing by a PCI-DSS-certified provider (Stripe) — we never have access to your card details.
9. Your rights
Under the GDPR you have the right to access, correct, delete or port your personal data, to object to certain processing and to withdraw your consent at any time. Contact us via our contact form to exercise your rights. You may also lodge a complaint with the French data protection authority, the CNIL (www.cnil.fr or CNIL — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07).
10. Cookies
We use strictly necessary cookies for the site to function (e.g. the cart session) and, during payment, cookies set by Stripe for fraud-prevention purposes (__stripe_mid, __stripe_sid); these cookies do not require your consent. Optional audience-measurement cookies are only placed with your consent, which you can give or withdraw at any time via our cookie banner.