Privacy Policy

1. Introduction

This Privacy Policy informs users of the website Candles of Provence (hereinafter referred to as “the Website”) about how their personal data is collected, used, and protected. Your personal information is processed transparently, securely, and in accordance with the General Data Protection Regulation (GDPR – EU 2016/679) and applicable privacy laws.

2. Data Controller

Candles of Provence – Khouri
Country: France
SIRET No.: 518 555 602 000 78

For privacy reasons, the exact address of the registered office and the first name of the owner are not published on the Website. These details may be shared upon written request via our secure contact form, or with competent authorities when legally required.

No telephone contact is provided. For any questions or requests, please use our contact form only. We respond within 24–48 hours.


Contact Us (Form)

For any privacy-related inquiries, please use our secure contact form — we reply within 48 hours.

3. Data Collected

The following data may be collected when using the Website:

  • Identity data: name, surname (if necessary for order processing).
  • Contact data: country, shipping/billing address if applicable, phone (optional). All communication takes place through our secure contact form — no public email addresses are displayed on the Website.
  • Order data: products purchased, order references, amounts, payment method (no banking data is stored on the Website).
  • Delivery data: shipping address (if required) and Colissimo tracking number.
  • Technical data: IP address, device and browser type, visited pages, and activity on the Website (via cookies and analytics tools).
  • Visual content: photographs of personalized creations made for clients, which may be shared on our social media accounts, website, or blogs to showcase our craftsmanship. No identifiable personal information or client images are ever published without explicit consent.

4. Purpose of Data Processing

  • To manage orders, payments, and shipping (including Colissimo).
  • To create and manage customer accounts.
  • To respond to contact requests and customer support inquiries.
  • To send order updates and, with your consent, promotional emails or newsletters.
  • To present our creations (candles, pouches, personalized gifts) on our communication platforms.
  • To improve the browsing experience and Website security.

5. Legal Basis for Processing

  • Contract performance (orders, shipping, after-sales service).
  • Legitimate interest (showcasing handmade creations, promoting craftsmanship, ensuring site security).
  • Legal obligation (accounting, warranty, data retention for proof).
  • Consent (publication of identifiable photos, cookies, newsletters).

6. Use of Customer Order Photos

We may take photographs of certain personalized creations made for customers (such as candles, pouches, or custom gifts) to present them on our social media, website, or other communication materials (blogs, catalogs, etc.).

These photos display only the finished product and never include personal elements that could identify the customer (faces, addresses, etc.). Customers may request anonymization or removal of a photo at any time via our contact form, and the content will be deleted without delay.

7. Data Recipients

  • Payment providers (e.g., Stripe, PayPal) — payment data never transits through the Website.
  • Carrier: La Poste / Colissimo (shipping and parcel tracking).
  • Technical providers: hosting, maintenance, analytics tools.
  • Legal authorities when required by law.

Your personal data is never sold, rented, or shared for commercial purposes.

8. Data Retention Periods

  • Order and billing data: 5 years (legal and accounting obligations).
  • Inactive customer data: 3 years after last contact.
  • Cookies: up to 13 months for non-essential analytics cookies.
  • Photos of creations: maximum 3 years unless a deletion request is made by the customer.

9. Data Security

We implement appropriate technical and organizational measures to protect your data: HTTPS encryption, regular backups, access control, data minimization, and periodic security audits.

10. Your Rights

Under GDPR, you have the right to access, rectify, erase, restrict, and object to the processing of your data, as well as the right to data portability. You may also set instructions for the handling of your personal data in the event of death.

To exercise these rights or request the removal of a photo, please use our contact form. We will respond within 30 days. In case of unresolved issues, you may contact the CNIL (French Data Protection Authority).

11. Cookies

The Website uses essential cookies for its operation and, subject to your consent, analytics and personalization cookies. You can manage your preferences at any time through the cookie banner or your browser settings.

12. Third-Party Services

The Website may rely on third-party services:

  • Payments: Stripe, PayPal (see their privacy policies).
  • Analytics: e.g., Google Analytics (requires user consent if applicable).
  • Hosting & maintenance: technical service providers.

13. Contact

For any questions regarding data privacy and protection, please use our contact form:

14. Updates

This Privacy Policy may be updated to reflect legal or technical developments. The applicable version is the one published on the Website at the time of your visit.

Avis Rapides