Feel confident!
We collect and process your personal data in full compliance with the applicable laws and regulations, including:
-
the General Data Protection Regulation (GDPR) No. 2016/679 of 27 April 2016,
-
and the French Data Protection Act No. 78-17 of 6 January 1978, as amended.
This privacy policy aims to inform you transparently about how we collect, use, and protect your personal data.
1. Who are we?
900, a SAS company registered with the Paris Trade and Companies Register under number 852 949 148, with its registered office at 60 rue Amelot, 75011 Paris, France, acts as the data controller.
This means that we determine the purposes and means of processing the personal data collected through our website and services.
2. Who are you?
Depending on your relationship with us, you may be:
🧭 Website user – you browse our website, whether or not you have created a customer account or placed an order.
✉️ Prospect – you show interest in our products or services (for example, by subscribing to our newsletter, contacting us for information, or interacting with our brand without yet making a purchase).
🛍️ Customer – you have placed an order on our website (and we thank you warmly for that!).
👉 This distinction is important because the type of data we collect and how we use it may vary depending on your status.
3. Why do we collect personal data about you?
|
What categories of personal data? |
Are you affected? |
What is the purpose (purposes)?
On what legal basis? |
For how long? |
Is it mandatory or optional? |
|
Identity details (such as email)
|
Prospect
Client
User |
To respond to a request from you
The Company's legitimate interest in ensuring follow-up and managing the relationship with interested parties.
|
3 years from the last contact |
Mandatory to enable the processing of your request. |
|
Identity details (such as name, surname, email, delivery address, phone number)
Information related to any transaction
Payment information |
Client |
Management of the commercial relationship and after-sales service Order fulfillment and tracking Invoicing and accounting and tax management Management of potential pre-litigation and disputes Performance of the contract Legal obligation (accounting, taxation) The Company's legitimate interest in defending its rights |
For the duration of the contractual relationship
Then, 3 years from the last contact
Then, in intermediate archiving: to meet our accounting or tax obligations, as proof in the event of a dispute, and within the limit of the applicable legal statute of limitations |
Mandatory for the execution and management of the order |
|
Credit card number (including the security code)
|
Client
|
Debit of the subscription contracted online involving defined and regular payments (contract)
Performance of the contract |
For the duration of the contractual relationship (card data is not stored by the Company but by a PCI-DSS certified payment provider) |
Mandatory for the completion of the payment
|
|
Identity details (such as name, surname, email) |
Prospect
|
Carrying out direct marketing operations by email (sending newsletters, personalized offers, product news/updates)
Specific consent
|
Until consent is withdrawn or 3 years from the last contact in the absence of withdrawal
|
Optional (you can withdraw your consent at any time)
|
|
Identity details (such as name, surname, email, and phone number)
|
Client |
Carrying out direct marketing operations for similar products and services, by email and SMS
The Company's legitimate interest
|
For the duration of the commercial relationship, then 3 years from the last contact in the absence of exercising the right to object
|
Optional (you can object to receiving these communications at any time) |
| IP address |
Prospect Client User |
To ensure the proper technical functioning and security of the site. To prevent and detect technical incidents or fraud attempts.
The Company's legitimate interest in ensuring the security and proper functioning of its services. |
3 years from the last contact or in accordance with applicable legal obligations |
Mandatory (necessary for the site's operation) |
4. Who do we pass on your data to (recipients)?
We only transmit the data strictly necessary for the mission of each of our partners and processors, under agreements that comply with the General Data Protection Regulation (GDPR).
📦 Customer Data We share some of your personal data with:
-
Our logistics partners: to ensure the delivery of your products and manage potential returns.
-
Our IT service providers: for order processing, payment, delivery tracking, and customer relationship management (e.g., information requests, sending transactional and follow-up emails).
✉️ Prospect and User Data We share certain data with:
-
Our IT service providers responsible for managing messages, information requests, and sending newsletters.
💳 Payment Data We do not store your payment data ourselves. It is processed directly by our secure payment provider, Stripe, which is Payment Card Industry Data Security Standard (PCI-DSS) certified, ensuring a high level of security. 👉 You can view Stripe's privacy policy here.
🤝 Our Processors' Commitments All our processors (sous-traitants) have contractually committed to complying with applicable personal data protection regulations, including:
-
to act only on our instructions,
-
to guarantee data security and confidentiality,
-
not to use it for any purpose other than that for which it was entrusted to them.
5. Where is the data stored?
The data we store directly is hosted in data centers located within the European Union, thereby ensuring a level of protection compliant with European regulations on personal data protection.
Some of our processors (sous-traitants) may, within the scope of the services they provide on our behalf, transfer or store data outside the European Union. In this case, we ensure that:
-
these transfers are carried out in compliance with applicable regulations,
-
appropriate safeguards are implemented, such as:
-
an adequacy decision from the European Commission, or
-
the signing of Standard Contractual Clauses approved by the European Commission,
-
-
our partners contractually commit to ensuring a level of protection equivalent to that required within the European Union.
👉 This means that even if some data is processed outside the EU, it remains supervised and protected in accordance with the GDPR.
6. Why should you accept cookies?
6.1 There are cookies that are necessary for the website to function properly.
They allow, for example, to guarantee the security of your connection, ensure smooth navigation, and adapt the site to your device or language.
You can object to and delete them by changing your browser settings.
⚠️ However, this may degrade your user experience and limit certain site functionalities.
|
Name of the cookie essential to the proper functioning of the website |
Purpose |
Duration of storage |
|
Cloudflare |
Redirect the user to the right version of the website and the right server, for faster loading times |
Maximum 13 months |
6.2 There are other non-essential cookies offered by third-party companies.
These cookies allow us:
-
to improve your browsing experience,
-
to better understand your use of the site,
-
and to provide you with personalized commercial offers that may interest you.
All information collected by these cookies is anonymized: 👉 Our company does not have any personally identifiable data from your browsing (type of products viewed, pages visited, etc.).
|
Cookie name |
Purpose |
Duration of storage |
|
Klaviyo |
To study your browsing on our website, to offer you assistance by email in the event of any difficulty encountered on our website.
|
Maximum 13 months |
|
Shopify |
To enable us to know the number of visitors, the number of pages viewed, and your navigation on our website, very useful to enable us to improve your user experience!
|
Maximum 13 months |
|
|
To enable us to present you with advertisements relating to commercial offers from our Company which are likely to be of interest to you.
|
Maximum 13 months |
|
Google Analytics |
To obtain statistics on visits to our site (e.g. number of visits, pages most frequently consulted). We use this data to identify any malfunctions on the site and any improvements that need to be made.
|
Maximum 13 months |
|
Pixel Google Ads / Youtube |
To enable us to present you with advertisements relating to commercial offers from our Company which are likely to be of interest to you.
|
Maximum 13 months |
| MentionMe |
To enable the processing of customer e-mail addresses and certain order data for the following purposes: |
Maximum 13 months |
| Clarity |
To obtain data on users' expectations and behaviour on the site. We use this data to identify any malfunctions on the site and any improvements that need to be made.
|
Maximum 13 months |
| Facebook Pixel |
To identify visitors from Facebook, measure the performance of advertising campaigns, and enable retargeting actions.
|
Maximum 13 months |
| Facebook Conversion Tracking |
To analyze Facebook ad performance, measure conversions, and optimize advertising campaigns.
|
Maximum 13 months |
| Google Advertising Products |
To measure the performance of Google advertising campaigns (Ads, YouTube, Display…), attribute conversions, and optimize delivery.
|
Maximum 13 months |
| Snap Pixel |
To identify visitors from Snapchat, track their interactions on the site, and enable advertising retargeting actions.
|
Maximum 13 months |
| TikTok |
To identify visitors from TikTok, track their interactions on the site, and enable advertising retargeting actions.
|
Maximum 13 months |
| Datadog |
To measure the site's technical performance, analyze session errors, and improve the user experience.
|
Maximum 13 months |
7. What are your rights?
In accordance with the regulations in force, you have the following rights regarding your personal data:
-
Right of access: You can request to receive the personal data we hold about you in order to verify its content.
-
Right to rectification: If this data is inaccurate or incomplete, you can request that it be corrected or updated.
-
Right to erasure: You can request the deletion of personal data concerning you when its retention is no longer necessary for the purposes for which it was collected.
-
Right to object: You can object to certain processing of your personal data, particularly processing based on our legitimate interest (e.g., direct marketing).
-
Right to portability: You can request to retrieve some of your data in a structured, commonly used, and machine-readable format, in order to store it or transmit it to another provider.
-
Right to restriction of processing: You can request the temporary suspension of the use of your personal data, for example, if you contest its accuracy or object to its processing.
👉 You may also withdraw your consent at any time for processing based on it (e.g., for cookies or direct marketing).
📩 How to exercise your rights You can exercise your rights by email at: rgpd@900.care
To ensure the security of your data, we may ask you to provide the necessary information to verify your identity.
📝 Right to lodge a complaint with the CNIL If, after contacting us, you believe that your rights are not being respected, you can lodge a complaint with:
Commission nationale de l'informatique et des libertés (CNIL) 3 place de Fontenoy – TSA 80715 – 75334 Paris cedex 07 Tel: +33 (0)1 53 73 22 22 www.cnil.fr
However, please be assured that we make every effort to ensure your request is satisfied!
