Privacy Policy

Through this privacy policy, we aim to provide you with all the information regarding the processing of your personal data that we carry out.

Understanding Personal Data and Its Processing

The EU Regulation No. 2016/679 of April 27, 2016, known as the "GDPR," defines personal data as "any information relating to an identified or identifiable natural person."

Therefore, personal data includes both your name and an email address or a customer account number

The purposes of processing your personal data as well as the means dedicated to it are determined by the Data Controller.

The Data Controller is the company [OLIVIO & CO], [SAS] with a capital of [30.000] euros, registered with the Trade and Companies Register of [Paris] under number SIREN [922 273 842], having its registered office at [231 rue Saint Honoré, 75001 Paris, France].

Your main point of contact

The data controller has designated [Xin CHENG] as the Data Protection Officer.

Our Data Protection Officer, acting as a privileged contact person, can be contacted for any questions regarding the processing of your personal data via email [e_service_eu@olivioandco.com] or by postal mail addressed to the following address: [231 rue Saint-Honoré, 75001 Paris, France].

The personal data we process

Throughout your visit to our website, [OLIVIO & CO SAS] is required to collect data about you for various purposes

What data is collected and why?

The data concerning you that we collect include, in particular, the following:

  • Identification data: name, first name;
  • Contact details: delivery and billing postal address, email address, phone number;
  • Financial data: choice of payment method;
  • Commercial data: customer account number, order number and delivery notes, reviews;
  • Browsing data : connection logs, IP address, location, browsing behaviour, data related to purchases, times and dates of visits to the site, localization data;
  • Social media data : when logging simultaneously on our website and on social networks such as Instagram, Facebook, Twitter/X, we might exchange data ;
  • data collected through cookies and trackers.

We process your data for various purposes, namely:

  • Allow you to contact us for any inquiries you may have;
  • Allow you to create a customer account;
  • Allow you to place an order, pay, be delivered and, if necessary, return your order;
  • Allow you to leave a review after receiving your order;
  • Allow you to receive, within the limits of the choices expressed, our offers and news;
  • Allow us to conduct statistics and quality surveys.

The processes put in place are based on (i) the execution of contractual or pre-contractual measures, (ii) our legitimate interest, or when required, on your (iii) consent.

It may also be that the processes put in place are based on compliance with legal obligations.

How long are your data kept?

We ensure that we only keep your personal data for a duration not exceeding that necessary in view of the purposes for which they are processed.

It should be noted that all data collected through requests made via the "contact us" tool are kept for a duration of (duration), those collected for the purpose of creating your customer account for a duration of 3 years from the last connection to the customer account. We may send communications regarding our products to anyone who has consented for a period of 3 years from the last contact and, to anyone who has placed an order through our site, communications regarding products similar to those purchased for a duration of 3 years from the last purchase

Who processes your data?

Your data are intended to be processed by the internal services of the company OLIVIO&CO and, in some cases, by our service providers responsible for services requiring the communication of such data.

To date, the providers to whom we may communicate your data are as follows:

  • Delivery service provider: Active Ants
  • Online payment service provider: PayPal, Shopify Payment, Strip, Apple pay
  • Provider responsible for sending commercial communication: Odoo
  • Website hosting provider: Shopify
  • advertising activities and for statistical analysis purposes: Google, Meta, or Klaviyo.

In this capacity, the Data Controller may be required to transfer your data to third parties located outside the European Union

In this event, the Data Controller will ensure that the transfers take place in countries recognized by the European Commission as providing a level of protection equivalent to that imposed by European regulations, or failing that, to frame these transfers using one of the legal tools provided for by Regulation (EU) 2016/679 of April 27, 2016, regarding the protection of individuals with regard to the processing of personal data and on the free movement of such data.

In summary:

To enable you to better understand the processes put in place by the Data Controller, we invite you to review the summary table below.

Process Purposes Types of data processed Legal basis Duration of retention Data transfer
« Contact Us » Allow website users to contact us Name, email, address, message Consent 3 years after the last exchanged message Internal services of the data controller
Customer Account Enable individuals to create an account Email address and password Consent 3 years from last login to the customer account Internal services
Orders Management Enable order placement, payment processing, delivery, and, if applicable, returns Name, surname, phone number, delivery address, payment methods Execution of contractual measures 5 years Payment service provider, Transport provider Warehouse
Accounting Enable the data controller to comply with accounting and tax obligations Name, surname, billing address, customer account number, order number, purchase and delivery orders Compliance with applicable regulations 10 years Internal services
Reviews Allow customers to leave reviews, which will be published on the website Name, surname, order date Consent 3 years Internal services Klaviyo
Commercial prospecting Sending commercial documentation by email (newsletter) Name, surname, email address

Consent(for individuals who have expressly agreed to receive documentation)

Legitimate interest(for individuals who have placed an order and concerning documentation on similar products or services)

 Until consent is withdrawn or 3 years from the last contact of individuals with the data controller Internal services Loox Judge me
Survey and Statistics Enable the data controller to conduct surveys on product quality and customer satisfaction Customer account number, order number and delivery notes, reviews Legitimate interest of the data controller Duration necessary to achieve the study objective or until the exercise of the right to object Internal services

Trackers and Cookies

We also use cookies to analyze website usage. The cookies used, their purpose, and duration of retention are specified in the cookie usage policy as provided below.

Your rights

In accordance with applicable regulations, you have the following rights:

Right to withdraw your consent: Your consent is never final, and you may decide to withdraw the consent you have given us at any time. However, processing carried out on this basis prior to withdrawal shall remain valid.

Right of access: You may inquire whether we hold data concerning you and, if so, request access to it.

Right to rectification: To ensure that we never process incorrect information, you have the right to have inaccurate or incomplete information we hold about you corrected and/or completed.

Right to erasure: You may request the deletion of your personal data.

Right to restriction of processing: In certain limited cases provided by the GDPR, you may request the temporary suspension of the use of some of your data.

Right to object: You may object to all or part of the processing of your data.

Right to data portability: When the processing of your personal data is based on consent or on the performance of a contract or pre-contractual measures, and when the processing is carried out using automated means, you may request the retrieval of this data in a readily usable format.

To exercise your rights, you may submit a written request by email to the following address: e_service_eu@olivioandco.com or by postal mail to the following address: 231 rue Saint-Honoré, 75001 Paris, France.

Your request must specify your identity. In case of reasonable doubt regarding the identity of the requester, an identity document may be requested.

We will endeavor to respond to your requests within a maximum period of one month. However, complex requests may be processed within a maximum period of three months.

You also have the option to file a complaint with the French National Commission for Data Protection and Liberties (CNIL).

Cookie usage policy

Through this cookie usage policy, OLIVIO & CO, presents to you the use it makes of cookies when you browse its website.

Cookies are small trackers that are installed on your browsing devices (mobile, tablet, computer) when you visit a website or application.

They serve various purposes. Some are strictly necessary for the operation of the visited website or application, while others are used to enable the Company to track and improve the performance of the site and user experience

1/ Different cookies

•      Strictly necessary cookies

In accordance with Directive 2002/58/EC as amended in 2009, known as « e-privacy », cookies whose use is strictly necessary for the provision of an online communication service explicitly requested by the user or which have the exclusive purpose of enabling or facilitating electronic communication are exempt from obtaining the consent of the website user.

However, the Company wishes to inform you that it might use of so-called « strictly necessary » cookies as recommended per SHOPIFY INTERNATIONAL LIMITED – which is hosting and ensuring development and application maintenance of the website – as follows pertaining to the information provided by SHOPIFY INTERNATION LIMITED itself on its website (https://www.shopify.com/legal/cookies#merchant-storefronts):

Name Function Duration
_ab Used in connection with access to admin. 2y
_customer_account_shop_sessions Used in combination with the _secure_account_session_id cookie to track a user's session for new customer accounts 30d
_secure_account_session_id Used to track a user's session for new customer accounts 30d
_secure_session_id Used to track a user's session through the multi-step checkout process and keep their order, payment and shipping details connected. 24h
_shopify_country For shops where pricing currency/country set from GeoIP, that cookie stores the country we've detected. This cookie helps avoid doing GeoIP lookups after the first request. session
_shopify_m Used for managing customer privacy settings 1y
_shopify_tm Used for managing customer privacy settings. 30min
_shopify_tw Used for managing customer privacy settings. 2w
_storefront_u Used to facilitate updating customer account information. 1min
_tracking_consent Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region. 1y
_cmp_a Used for managing customer privacy settings. 1d
c Used in connection with checkout. 1y
cart Used in connection with shopping cart. 2w
cart_currency Set after a checkout is completed to ensure that new carts are in the same currency as the last checkout. 2w
cart_sig A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations. 2w
cart_ver Used in connection with shopping cart. 2w
checkout Used in connection with checkout. 4w
checkout_token Used in connection with checkout. 1y
customer_account_locale Used in connection with new customer accounts 1y
dynamic_checkout_shown_on_cart Used in connection with checkout. 30min
hide_shopify_pay_for_checkout Used in connection with checkout. session
keep_alive Used in connection with buyer localization. 2w
master_device_id Used in connection with merchant login. 2y
previous_step Used in connection with checkout. 1y
discount_code Used in connection with checkout. session
remember_me Used in connection with checkout. 1y
secure_customer_sig Used to identify a user after they sign into a shop as a customer so they do not need to log in again. 1y
shopify_pay Used in connection with checkout. 1y
shopify_pay_redirect Used in connection with checkout. 1 hour, 3w or 1y depending on value
shop_pay_accelerated Used in connection with checkout. 1y
storefront_digest Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected. 2y
tracked_start_checkout Used in connection with checkout. 1y
checkout_session_lookup Used in connection with checkout. 3w
checkout_prefill Used in connection with checkout. 5m
checkout_queue_token Used in connection with checkout. 1y
checkout_queue_checkout_token Used in connection with checkout. 1y
checkout_worker_session Used in connection with checkout. 3d
checkout_session_token Used in connection with checkout. 3w
checkout_session_token_<<token>> Used in connection with checkout. 3w
cookietest Used to ensure our systems are working correctly 1m
order Used in connection with order status page. 3w
identity-state Used in connection with customer authentication 24h
identity-state-<<token>> Used in connection with customer authentication 24h
identity_customer_account_number Used in connection with customer authentication 12w
card_update_verification_id Used in connection with checkout. 20m
customer_account_new_login Used in connection with customer authentication 20m
customer_account_preview Used in connection with customer authentication 7d
customer_payment_method customer_account_preview 1h
customer_shop_pay_agreement customer_account_preview 20m
pay_update_intent_id customer_account_preview 20m
localization customer_account_preview 2w
profile_preview_token customer_account_preview 5m
login_with_shop_finalize Used in connection with customer authentication 5m
preview_theme Used in connection with the theme editor session
shopify-editor-unconfirmed-settings Used in connection with the theme editor 16h
wpm-test-cookie Used to ensure our systems are working correctly. session

•      Non-necessary cookies

Cookies that cannot be classified as necessary cannot be installed on your browsing device without your express and prior consent.

To allow you to make an informed choice about whether to accept cookies being installed on your browsing device, the Company hereby presents the different cookies it wishes to use as provided per SHOPIFY INTERNATIONAL LIMITED – which is hosting and ensuring development and application maintenance of the website – on its website (https://www.shopify.com/legal/cookies#merchantstorefronts) :

Reporting and Analytics

Name Function Duration
_landing_page Track landing pages. 2w
_orig_referrer Track landing pages. 2w
_s Shopify analytics. 30min
_shopify_d Shopify analytics. session
_shopify_fs Shopify analytics. 30min
_shopify_s Shopify analytics. 30min
_shopify_sa_p Shopify analytics relating to marketing & referrals. 30min
_shopify_sa_t Shopify analytics relating to marketing & referrals. 30min
_shopify_y Shopify analytics. 1y
_y Shopify analytics. 1y
_shopify_ga Shopify and Google Analytics. session
customer_auth_provider Shopify analytics. session
customer_auth_session_created_at Shopify analytics. session
shop_analytics Shopify analytics. 1y
unique_interaction_id Shopify analytics. 10min

2/ Accept or refuse cookies

To enable you to express your consent clearly and unambiguously, a banner will appear during your first visit to the site (or during your first visit following your action to delete cookies from your devices).

Since your consent can be withdrawn at any time, you can choose to disable these cookies at any time by adjusting your browser settings.