Privacy policy
Last updated: December 11, 2024
At MAYUMI, protecting your personal data is a top priority.
When you use the website ma-yumi.com (hereinafter referred to as the "Site"), we may collect personal data about you.
The purpose of this policy is to inform you about how we process your data in compliance with Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons regarding the processing of personal data and the free movement of such data (hereinafter the "GDPR").
Changes to this privacy policy
We may update this privacy policy from time to time, particularly to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised privacy policy on the site, update the "last updated" date, and take any other steps required by applicable law.
Who is the data controller?
The data controller is MAYUMI, SAS, registered with the RCS of Paris under no. 931 955 983, with its headquarters located at 229 Rue Saint-Honoré, 75001 Paris, France (hereinafter referred to as "we").
How we collect and use your personal information
To provide our services, we collect personal information about you from various sources, as detailed below. The information we collect and use depends on how you interact with us.
In addition to the specific uses described below, we may use the information we collect about you to communicate with you, provide or improve our services, comply with applicable legal obligations, enforce applicable terms of service, and protect or defend the services, our rights, and the rights of our users or others.
Personal information we collect
Information we collect directly from you
The information you submit directly via our services may include:
- Contact details: Your name, address, phone number, and email address.
- Order information: Your name, billing address, shipping address, payment confirmation, email address, and phone number.
- Account information: Your username, password, security questions, and other information to ensure account security.
- Customer service information: Details included in your communications with us, such as messages sent via the services.
Certain features of the services may require you to provide specific information about yourself directly. Mandatory data fields are marked when providing your information and are necessary for the provision of our services.
Information we collect about your use
We may also automatically collect certain information about your interaction with the services ("usage data"). To do this, we may use cookies, pixels, and similar technologies ("cookies"). Usage data may include details about how you access and use our site and account, including device information, browser information, network connection details, your IP address, and other information related to your interaction with the services.
Information we obtain from third parties
We may also obtain information about you from third parties, including:
- Companies supporting our site and services, such as Shopify.
- Payment processing providers who collect payment information (e.g., bank account details, credit or debit card information, billing address) to process your payment and deliver the requested products or services.
When you visit our site, open or click on emails we send, or interact with our services or advertisements, we or third parties may collect information using online tracking technologies like pixels, web beacons, SDKs, third-party libraries, and cookies.
All information we obtain from third parties will be processed following this privacy policy. See the section below on "third-party websites and links" for more details.
Legal bases, purposes, and retention periods for your personal data
| Purpose | Legal basis | Retention period |
|---|---|---|
| Provide services available on our site through your account | Performance of the terms and conditions you or your company entered into with us | Your data is retained for the duration of your account. In case of inactivity for 2 years, your personal data will be deleted unless you respond to our reactivation email. Additionally, data may be archived for evidentiary purposes for 5 years. |
| Fulfill your order and manage customer-related activities (e.g., contracts, orders, deliveries, invoices, loyalty programs) | Performance of the contract you or your company entered into with us | Personal data is retained throughout the contractual relationship. Invoices are archived for 10 years. Other data (excluding payment details) is archived for evidentiary purposes for 5 years. |
| Build a customer and prospect database | Our legitimate interest in growing and promoting our business | Customers: Data is retained throughout the contractual relationship. Prospects: Data is retained for 3 years from the last contact for prospecting purposes. |
| Send newsletters, promotions, and updates to customers | Our legitimate interest in retaining and informing our customers | Data is retained for 3 years from your last contact with us. |
| Respond to your inquiries and support requests | Our legitimate interest in responding to your requests | Data is retained only as long as necessary to process your inquiry and deleted afterward. |
| Handle rights requests (e.g., access, erasure) | Our legitimate interest in processing and tracking such requests | ID verification documents are retained only for as long as necessary for verification. Once verified, the document is deleted. Objection information is retained for 3 years. |
Who has access to your data?
Your personal data may be shared with:
- Our company's staff.
- Our subcontractors: hosting providers, email providers, CRM tools, payment processors.
- Delivery and logistics service providers.
- Public and private entities exclusively for compliance with legal obligations.
Cookies
We use cookies on our site to operate and improve our services. For detailed information about cookies used with Shopify, visit: Shopify cookies.
Third-party websites and links
Our site may include links to third-party websites or platforms. We are not responsible for the privacy practices, security, accuracy, or reliability of these sites.
International data transfers
Data may be transferred outside the EU based on:
- Adequacy decisions by the European Commission (Article 45 GDPR).
- Appropriate safeguards (e.g., standard contractual clauses).
- Other guarantees outlined in Chapter V of the GDPR.
Security and retention
We strive to protect your data but cannot guarantee absolute security. Retention periods vary depending on legal, contractual, or operational requirements.
Your data rights
You have the following rights under the GDPR:
- Right to information (Articles 13, 14).
- Right to access (Article 15).
- Right to rectification (Article 16).
- Right to restriction of processing (Article 18).
- Right to erasure (Article 17).
- Right to file complaints with supervisory authorities (Article 77).
- Right to withdraw consent (Article 7).
- Right to data portability (Article 20).
- Right to object to processing (Article 21).
Contact point for data privacy
If you have questions or wish to exercise your rights, please email us at contact@ma-yumi.com or mail us at 229 Rue Saint-Honoré, Paris, 75001, France.
For data protection laws, we are the data controller unless stated otherwise.