Eyes
Manifesto

PRIVACY POLICY

PRIVACY POLICY

At HYBRÉ, respecting your privacy and protecting your personal data is our top priority.
 This privacy policy (hereinafter referred to as the “Privacy Policy”) is intended to inform you of how your personal data is processed when using the website www.cenee-paris.com (the “Site”) in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) and French Law No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties, in its latest applicable version (together, the “Applicable Regulations”).

This Privacy Policy does not describe how your data is collected and processed through the use of cookies and other trackers (“Cookies”) on the Site. For more information, please refer to our Cookie Policy.

  • Who is the data controller? ?
    •

    When you browse and/or register on our Site, or more generally in the context of managing our contractual relationships with you, the data controller is HYBRÉ, a simplified joint-stock company (SAS), registered with the Paris Trade and Companies Register under number 928 292 291, with its registered office located at 42 Avenue Claude Vellefaux, 75010 Paris, France (“We”, “Us”, “Our”).

  • What data do we collect?
    •

    Personal data refers to any information that identifies an individual, either directly or indirectly through the combination of other data.
     We collect personal data that falls into the following categories:

    • Identification data (first name, last name, email address, billing address, shipping address, phone number);

    • Data relating to your orders;

    • Login data (connection logs, encrypted passwords);

    • Browsing data (IP address, pages viewed, connection date and time, browser used, operating system, user ID, MAID);

    • Economic and financial data (bank account details, credit/debit card information);

    • Any information you choose to provide us, particularly in the context of product reviews.

    Mandatory data is clearly indicated at the time you provide your information and is marked by any appropriate means.


  • Details Regarding the Processing of Your Personal Data


    • Purpose

    Legal Basis

    Retention Period

    To provide you with Our services available on the Site

    Performance of the General Terms and Conditions of Sale (GTCS) you have accepted

    If you have an account: your data is retained for the duration of your account.

    Connection logs are retained for 6 to 12 months.

    If your account is inactive for 2 years, your personal data will be deleted unless you respond to our reactivation email.


    If you do not have an account: your data is retained for 3 years for marketing purposes.


    In addition, your data may be archived for evidentiary purposes for a period of 5 years.

     

    To allow you to create an account, access it, manage your orders and modify your personal data

    Performance of the General Terms and Conditions of Sale you have accepted

    Data is retained for the duration of your account and for an additional 3 years after account deletion for marketing purposes.


    If your account is inactive for 2 years, your personal data will be deleted.


    Your data may also be archived for evidentiary purposes for a period of 5 years.

    To process your order, manage the customer relationship (orders, deliveries, invoices, loyalty programs, customer service, etc.)

    Performance of the General Terms and Conditions of Sale you have accepted

    Data is retained for the duration of the contractual relationship, extended by 3 years for marketing purposes.


    Data (excluding bank details) may be archived for 5 years for evidentiary purposes.


    Bank card data is retained by our payment service provider until the product is received, plus the withdrawal period.


    Visual cryptogram (CVV2) data is not stored.

    To analyze your use of the services, understand your needs and improve features or generate browsing and audience statistics

    Our legitimate interest in improving Our services

    If not related to phone recordings (e.g. cookie-based user experience improvements): personal data is retained for 12 months 


    Once anonymized, the data is no longer considered personal and may be retained as long as necessary.

    To manage your reviews on Our products

    Our legitimate interest in collecting feedback on Our products

    5 years from the date the review is published.

    To create a prospect database

    Our legitimate interest in collecting feedback on Our products

    Data is retained for 3 years from your last contact with Us.

    To comply with Our legal obligations regarding the reporting of unlawful content on the Site

    To comply with Our legal obligations regarding the reporting of unlawful content on the Site

    Personal data relating to your identity is retained for 5 years from the end of the validity of the General Terms and Conditions of Sale (GTCS), the closure of your account, or the closure of the report.

    Other information provided by the user, including payment-related information, is retained for 1 year from the end of the validity of the GTCS, the closure of your account, or the closure of the report.

    Technical data allowing identification of the source of the connection or relating to the terminal equipment used is retained for 1 year from the time of the connection or the use of the terminal equipment.

    To send newsletters, marketing and promotional communications by email

    For customers: Our legitimate interest in retaining and informing Our clients

    For prospects: Your consent

    Data is retained for 3 years from your last contact with Us or until your consent is withdrawn.

    To respond to your inquiries and contact requests

    Our legitimate interest in responding to your requests

    Data is retained for 3 years from your last contact with Us.

    To retain administrative documents and information related to Our business

    Compliance with Our legal and regulatory obligations

    Invoices are archived for 10 years.


    Transaction data (excluding bank data) is retained for 5 years.


    Contractual data and documents related to contract signature are retained for 5 years.

    To organize sweepstakes and promotional contests

    Performance of the contest rules you accepted prior to entry

    Data is retained for the duration of the contest or promotional operation and may be archived for 5 years for evidentiary purposes.

    To respond to data subject rights requests

    Compliance with Our legal and regulatory obligations

    If we request proof of identity: it is retained only for the time necessary to verify identity, after which it is deleted.

  • Who are the recipients of your data? ? 
    •

    The following parties may have access to your personal data: :


    1. The staff of our company ;
    2. Our subcontractors for the following services: hosting, email marketing, audience analysis, customer relationship management, logistics, accounting and legal management, IT security, advertising, and automated marketing;

    3. Any authority legally entitled to access such data, in particular judicial, police, or administrative authorities, if they make a request.

    Our store is hosted on the Shopify platform, which enables us to offer our products for sale. As a data processor, Shopify processes certain personal data on our behalf, particularly for hosting, payment management, and order fulfillment.

    To learn more about how Shopify processes your personal data, we invite you to consult its privacy policy available [here].


  • Are your data likely to be transferred outside the European Union?? 
    •

    Your data is stored and retained for the duration of processing on the servers of the company Shopify, located in Canada and the United States.

    As part of the tools we use (see the section on recipients regarding our subcontractors), your data may be transferred outside the European Union. These data transfers are secured using the following mechanisms:

    • Either the data is transferred to a country subject to an adequacy decision by the European Commission, pursuant to Article 45 of the GDPR: in this case, the country ensures a level of protection considered adequate under the GDPR;

    • Or the data is transferred to a country whose level of data protection has not been recognized as adequate under the GDPR: in this case, such transfers are based on appropriate safeguards as provided for in Article 46 of the GDPR, adapted to each service provider, including but not limited to the execution of Standard Contractual Clauses approved by the European Commission, the application of Binding Corporate Rules, or an approved certification mechanism;

    • Or the data is transferred based on one of the appropriate safeguards described in Chapter V of the GDPR.


    You may obtain a copy of the instruments used for the transfer of your data outside the European Union by contacting us using the details provided in the section “What are your rights regarding your data?” below.

  • What are your rights regarding your personal data ?
    •

    You have the following rights concerning your personal data:

    • Right to information: this is precisely the purpose of this Privacy Policy. This right is provided under Articles 13 and 14 of the GDPR.

    • Right of access: under Article 15 of the GDPR, you have the right to access all of your personal data at any time.

    • Right to rectification: pursuant to Article 16 of the GDPR, you have the right to rectify any inaccurate, incomplete, or outdated personal data at any time.

    • Right to restriction of processing: you have the right to obtain the restriction of the processing of your personal data in certain cases, as defined in Article 18 of the GDPR.

    • Right to erasure (“right to be forgotten”): under Article 17 of the GDPR, you may request the deletion of your personal data and prevent future collection on the grounds set out in the regulation.

    • Right to define post-mortem directives: you may define instructions regarding the retention, deletion, and communication of your personal data after your death.

    • Right to withdraw your consent at any time: for processing based on consent, Article 7 of the GDPR states that you may withdraw your consent at any time. This withdrawal will not affect the lawfulness of processing carried out prior to withdrawal.

    • Right to data portability: under certain conditions provided by Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit them to another data controller.

    • Right to object: under Article 21 of the GDPR, you may object to the processing of your personal data. Please note, however, that we may continue processing your data despite your objection, on the basis of legitimate grounds or for the establishment, exercise, or defense of legal claims.

    You may exercise these rights by writing to us at the following address: hello@cenee-paris.com

    We may request additional information to verify your identity if there is reasonable doubt, including any document that may justify your identity.

    If you believe your request has not been adequately addressed, you have the right to lodge a complaint with the competent supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL), located at 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07



  • Changes to this Privacy Policy
    •

    We may update this Privacy Policy at any time, in particular to comply with legal, regulatory, jurisprudential, editorial, or technical developments. These changes shall apply as of the effective date of the updated version.
     You are therefore invited to consult this policy regularly to review the latest version. However, we will inform you of any material changes to this Privacy Policy.

    Effective date : 18.06.2025