Politique de confidentialité

Effective Date: December 23, 2025

Introduction

TRIGONO SAS, operating under the trade name PANDAESiA ("we", "us", "our"), is committed to protecting the privacy of its customers and website visitors ("you", "your"). This Privacy Policy aims to inform you in a clear, simple, and complete manner about how we collect, use, share, and protect your personal information, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and the French "Informatique et Libertés" Act.

Article 1: Data Controller

The data controller for your personal data is:
TRIGONO SAS

3 rue Sébastien Leclerc, 57000 Metz, France

Email: info@pandaesia.fr

Article 2: Personal Data Collected

We collect various categories of personal data about you:
Identification Data: First name, last name.
Contact Data: Email address, phone number, billing and shipping address.
Transaction Data: Information related to orders and payments (we do not store your full credit card details, which are processed by our secure payment provider, Stripe).
Connection and Browsing Data: IP address, browser type and version, time zone, cookie information, pages visited, search terms, and how you interact with the site.
Profile Data: Purchase history, preferences.
Marketing and Communications Data: Your preferences for receiving marketing communications from us.

Article 3: Purposes and Legal Bases for Processing

We process your personal data for specific purposes, based on the following legal grounds:
Purpose of Processing
Legal Basis (GDPR)
To manage and fulfill your orders, payments, deliveries, and customer service.
Performance of a contract (Article 6(1)(b))
To communicate with you regarding your order.
Performance of a contract (Article 6(1)(b))
To prevent and detect fraud.
Legitimate interest (Article 6(1)(f))
To manage our accounting and comply with our legal and regulatory obligations.
Legal obligation (Article 6(1)(c))
To analyze site usage to improve our services and your experience.
Legitimate interest (Article 6(1)(f)) or Consent (for non-essential cookies) (Article 6(1)(a))
To send you information and commercial offers by email (newsletter).
Consent (Article 6(1)(a))

Article 4: Data Recipients

Your personal data is processed internally by our authorized staff. It may also be shared with trusted third parties:
Shopify Inc.: Our e-commerce platform provider. Shopify processes data to operate the online store.
Stripe, Inc.: Our payment service provider to securely process transactions.
Delivery Service Providers: To ensure the delivery of your orders.
Analytics and Marketing Tools: Such as Google Analytics and Meta (Facebook/Instagram) to analyze traffic and optimize our advertising campaigns, subject to your consent for cookies.
Legal and Regulatory Authorities: If we are required to do so by law or in the context of legal proceedings.

Article 5: Data Transfers Outside the European Union

Some of our service providers (such as Shopify, Google, Meta) are located outside the European Union. When we transfer your data, we ensure that it benefits from an adequate level of protection by using the mechanisms provided for by the GDPR, such as the European Commission's Standard Contractual Clauses and/or an adequacy decision.

Article 6: Data Retention Period

We retain your data for a limited period, necessary for the purposes for which it was collected:
Order Data: 10 years from the end of the accounting year to comply with our legal obligations.
Customer Data (for marketing): 3 years from the end of the business relationship (last purchase) or your last contact.
Browsing Data: 13 months maximum (lifespan of cookies).

Article 7: Data Security

We implement appropriate technical and organizational measures to protect your personal data against destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

Article 8: Your Rights Over Your Data

In accordance with the GDPR, you have the following rights:
Right of access (Article 15): To obtain confirmation that your data is being processed and to access this data.
Right to rectification (Article 16): To have inaccurate information about you corrected.
Right to erasure (Article 17): To request the deletion of your data, under certain conditions.
Right to restriction of processing (Article 18): To request the temporary freezing of the use of some of your data.
Right to data portability (Article 20): To receive the data you have provided to us in a structured, machine-readable format.
Right to object (Article 21): To object at any time to the processing of your data for marketing purposes.
Right to withdraw your consent at any time for processing based on it.
To exercise these rights, please contact us at info@pandaesia.fr. We may ask you for proof of your identity.

Article 9: Cookies

We use cookies to operate the site, improve your experience, and analyze our traffic. For more information, please see our Cookie Policy.

Article 10: Right to Lodge a Complaint

If you believe that your rights are not being respected, you have the right to lodge a complaint with the competent supervisory authority, the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr.

Article 11: Changes to the Policy

We reserve the right to modify this policy at any time. The most recent version will always be available on our site.