Privacy policy
PRIVACY STATEMENT
PRIVACY STATEMENT PARAGRAPH 13 of the GTCs
1. Name and contact details of the data controller and the data protection officer
This privacy statement applies to the processing of data carried out by:
The Data Controller: Aubade Paris (hereinafter referred to as Aubade), 10-12 Rue du Colonel Driant, 75001 Paris, France, represented by its legal representative, Mr Félix Sulzberger, Chairman
Email: contact@aubadepro.com
Telephone: (+33) 01 70 99 20 00
The Data Protection Officer: Natalie Schwager
Email: dataprotection@calidagroup.com
2. Collection and storage of personal data, as well as its nature, purpose and use
a. By visiting the website
When you access the Aubade website, the browser installed on your device automatically sends information to our website's server.
This information is temporarily stored in a log file.
The following information is collected without any action on your part and recorded until it is automatically deleted within four weeks:
IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
The type and version of the browser and other information transmitted by the browser (such as your computer's operating system, the name of your service provider, geographical origin, the language setting, etc.).
We process the above-mentioned data for the following purposes:
To ensure good website connection
To ensure the comfortable use of our website
To assess the safety and stability of the system, as well as
For other administrative purposes (tracking orders, requests and customer returns).
The legal basis for data processing is legitimate interest, in accordance with Article 6, para. 1. F of the General Data Protection Regulation (hereinafter: “GDPR”). Our legitimate interest arises from the above-mentioned purposes for the collection of data. Under no circumstances do we use the data collected to draw conclusions about you.
The deletion of your data saved by Aubade Paris does not preclude such data, in accordance with Article 6, para. 1. C of the GDPR, from being stored by our hosting provider for a sufficiently long period of time (defined on a case-by-case basis according to the procedure initiated by the rights representative) for the prosecution of criminal acts pursuant to regulatory obligations.
We also use cookies and analysis services when you visit our website. You will find more detailed information on this subject in numbers 4 and 5 of this data protection statement.
b. Placing an order as a guest
If you wish to order products as a guest on our website, we collect the following information:
Title, first name, surname
A valid email address
Address and country
Date of birth
Payment data, depending on the payment method you have chosen (for example, credit card data or bank details).
This data is collected:
To identify you as a contractual partner
To check the plausibility of the data entered
To process the payment of your order
For the settlement of any guarantee claims that may exist and the exercise of any claims against you.
Data processing is carried out at your request and is necessary in accordance with Article 6, para. 1. B of the GDPR for the purposes indicated for the performance of the contract and pre-contractual measures.
In order to ensure that your order is processed quickly and easily, and that any questions you may have are answered as quickly as possible, you also have the option of providing additional information:
Your telephone number and your mobile number
An alternative delivery address.
The provision of this data is optional.
The personal data collected for the order will be retained:
As part of the management and fulfilment of your orders, throughout the duration of our commercial relationship, until the expiry of your legal guarantee.
Beyond that, your data will be archived until the expiry of the applicable limitation periods: five (5) years from the delivery of the order.
This data may, however, be retained for a longer period, by virtue of a legal obligation to which Aubade Paris is subject, in particular due to fiscal and commercial retention obligations (ten (10) years for orders over 120 euros) or for documentation obligations (Article 6, para.1. b and c of the GDPR).
If you have consented to the use of your data for commercial prospecting purposes, your data may be retained until your consent is withdrawn or for a period of three (3) years from the last contact with Aubade Paris (Article 6, para.1 a of the GDPR).
c. When creating a user account
You have the option of creating a password-protected user account where we store your personal data. The purpose of this is to facilitate the processing of your orders in a simple, fast and personalised way. User data is retained and used in accordance with the GDPR and your acceptance of our online general terms and conditions of use.
If you wish to create a password-protected user account, we collect the following information:
Title, first name, surname
Date of birth
A valid email address
In addition, you will need to enter a password of your choice to create a user account. This will allow you to access your account along with your email address. In your user account, you can consult and modify the data stored about you at any time.
For faster contact, you can also enter your mobile phone number. This information is optional and is not required to create a user account.
The data is processed at your request and, within the meaning of Article 6, para. 1.B of the GDPR, is necessary for the assigned purposes of contract performance and pre-contractual measures.
You do not need to create an account to use the site or place orders. We give you the option of placing your order as a guest (see 2. B). In this case, however, you will have to re-enter your data with each new order.
The personal data collected during registration will be retained for the duration of your registration.
After deletion of your user account, your data will be automatically deleted, unless we are obliged to retain your data for a longer period due to fiscal and legal retention and documentation obligations (Article 6, para.1. B and C of the GDPR).
If you place an order on our site, your personal data is retained:
As part of the management and fulfilment of your orders, throughout the duration of our commercial relationship, until the expiry of your legal guarantee.
Beyond that, your data will be archived until the expiry of the applicable limitation periods: five (5) years from the delivery of the order.
If you have consented to the use of your data for commercial prospecting purposes, your data may be retained until your consent is withdrawn or for a period of three (3) years from the last contact with Aubade Paris (Article 6, para.1 a of the GDPR).
d. Reservation of products in store
If you wish to reserve items of lingerie in the Aubade store, you can do so free of charge by reserving online.
We collect the following information so that we can process your in-store reservation quickly and easily, and so that we can respond more quickly to any questions you may have:
Your title, surname and first name
A valid email address
A valid telephone number
This data is collected:
To identify you as a contractual partner
To check the plausibility of the data entered
To enable the selected store to tell you when your reservation is ready
Data processing is carried out at your request and is necessary in accordance with Art. 6 para. 1. B of the GDPR for the purposes indicated for the performance of the contract and pre-contractual measures.
The personal data collected for the order will be retained for up to five (5) years from the date of the order, the statutory limitation period, and will be automatically deleted.
We may be required to retain your data for a longer period due to fiscal and documentation obligations (Article 6 para.1. B and c of the GDPR).
If you have consented to the use of your data for commercial prospecting purposes, your data may be retained until your consent is withdrawn or for a period of three (3) years from the last contact with Aubade Paris (Article 6, para.1 a of the GDPR).
You can revoke your consent at any time with effect for the future.
e. When you subscribe to our newsletter
We offer a newsletter containing personalised product recommendations from our range and information about our special offers (for example, competitions, discounts, exceptional offers). In order to prepare and send the newsletter, we are required to process personal data about you, including information relating to your online activity, and work with Emarsys eMarketing Systems AG, Willi-Schwabe-Straße 1, 12489 Berlin, Germany (hereinafter: “Emarsys”).
e.1. If you subscribe to our newsletter:
If you have given your express consent in accordance with Article 6, 1. a of the GDPR, we will use your email address for the purpose of sending you our newsletter on a regular basis. To receive the newsletter, simply enter an email address. You will then receive an email asking you to confirm your subscription to the newsletter ("double opt-in"). This allows us to verify that the subscription request has been made on your behalf.
- How the personalised newsletter works
Our newsletter is offered exclusively for personalised information, with the aim of informing you only of offers that interest you and correspond to your needs. For this reason, in addition to your email address, we also use other available information about you, such as your customer data contained in your user account, your purchase history and your activity on the site (for example, your wish list, the contents of your baskets, your product searches, the product pages viewed) in order to provide you with personalised content.
In this context, your purchasing behaviour and your activity on the aubade.fr online store are recorded on the basis of your consent, and this information is analysed in order to select suitable content and is associated with your user account. Your profile information will not be used for any other purpose and will not be passed on to third parties.
To ensure the technical design of personalised offers, we use the services of Emarsys. To this end, Emarsys analyses the additional information available indicated above in order to design the content of the newsletter accordingly. Open, click, return, deliverability, unsubscribe and conversion rates are also analysed in this context. Cookies or pixels (tags that collect information such as IP address, browser type and version, email client and date and time of consultation) are also used for analysis purposes. This enables us to know who opens the email and clicks on the links it contains. If you do not wish to be the subject of these analyses, you can unsubscribe from our newsletter at any time.
e.2. In the case of newsletters sent without you having subscribed:
If you have not subscribed to our newsletter, we will use your email address regularly after an order to send you our newsletter with information about products similar to those you have ordered, provided you have not objected to this.
The processing of personal data in this context is authorised on the basis of our legitimate direct marketing interests in accordance with Article 6, 1.f of the GDPR.
e.3. In the event of unsubscribing from our newsletter:
You can unsubscribe from this newsletter at any time, without having to provide a reason, either by clicking on the corresponding link in the email, directly in your user account or by sending a message to contact@aubadepro.com. Once you have unsubscribed, you will no longer receive the newsletter.
e.4. Emarsys data protection guarantees
A subcontracting agreement has been entered into with Emarsys, in accordance with Article 28 of the GDPR. Under this contract, Emarsys undertakes to act in accordance with the GDPR and to guarantee the rights of data subjects. You can find out more about the tracking carried out in conjunction with Emarsys .
f. Using our contact form
If you have any questions whatsoever, you can contact us using the available in the bottom right-hand corner of every page of the website. To do this, you need to provide a valid email address, your first name and the subject of your request so that we know who has sent us the request and how to respond to it.
The data used to contact us is processed within the meaning of Article 6, para. 1.f of the GDPR on the basis of our legitimate interest.
The personal data we have collected for the use of the contact form will be automatically deleted once your request has been fulfilled.
g. Advertising mail
We use the postal address you provided when you placed your order to send you loyalty offers by post from time to time, unless you have objected to this. To this end, we process your name and address in accordance with the GDPR Article, based on our legitimate interest in informing our customers about our product range.
h. Participation in a competition
When you enter one of our online competitions, we collect the data (your name, address, a valid email address, potentially your gender, potentially your date of birth) that you provide via the entry form.
This information is used to:
Manage the competition;
Check your eligibility;
Inform you if you have won;
Improve our future competitions.
We work with Emarsys on these competitions. The processing of the data required to manage the competition is based on your freely given consent in accordance with the GDPR.
Your data is retained for as long as is necessary for the organisation of the competition. As a general rule, once the competition is over, we delete your personal information within two weeks, unless you have agreed to its use for other purposes.
Winners' data is retained for up to five (5) years after the end of the year following the competition, to allow for possible verification in the event of legal recourse.
On behalf of Aubade Paris, Emarsys manages the sending of participation confirmations and prize notifications, using your name and email address. You will find more information on the transfer of data to Emarsys in section 5.l of this privacy statement.
3. Transmission of data to third parties
Your personal data is only passed on to third parties in the cases specified below.
Insofar as this is permitted by law and is necessary for the processing of contractual relationships in accordance with Art. 6, para. 1. B of the GDPR, your personal data will be passed on to third parties.
This includes, in particular, transmission to companies for administrative purposes and to ensure centralised customer management with regard to our contractual relationship, as well as transmission to transport and logistics companies for the purpose of delivering the goods you have ordered and transmission of payment data to payment service providers and/or banks for the purpose of carrying out a payment transaction.
It also includes transmission to companies for the purposes of operational support for customers, customer account reviews and product reservations. The data transmitted will only be used by third parties for the purposes specified.
Support service (contact form)
If you use our support service via our website, the data (name and email address) that you have entered in the contact form will be transmitted to Zendesk Inc, 1019 Market St, San Francisco, CA 94103 (U.S.A.) ("Zendesk").
Zendesk uses this information to respond to your requests on our behalf. This use is based on the Data Processing Agreement we have entered into with Zendesk. Under the terms of this agreement, Zendesk is committed to protecting your rights regarding your personal data and guarantees that Zendesk's use of the data complies with the GDPR.
Zendesk guarantees that your data will be fully protected against unauthorised access. Zendesk will not use your data to contact you for its own purposes or to pass it on to third parties.
As a company based in the United States, Zendesk complies with European data protection regulations and is registered with the U.S. Department of Commerce’s Transatlantic Data Privacy Framework (DPF) programme.
Processing by Aubade Paris
Your personal data is integrated into the Aubade Paris customer database.
This processing is part of the performance of the responsibilities of the data controller (Aubade Paris). This processing is carried out for the purposes of data saving, internal administration and centralised customer management. It is based on Article 6. 1. f of the GDPR, the purposes mentioned being considered legitimate interests within the meaning of this regulation.
Payment management
As part of the fulfilment of your order, we use service providers to manage payments.
It may be necessary to transmit information such as the amount of your purchases and other personal data to these service providers.
The data transmitted varies depending on the service provider chosen and the payment option selected. This transfer of data is carried out in compliance with Article 6 of the GDPR, for the performance of the contract and on the basis of our legitimate interests in offering you suitable payment options.
You will find more information on these service providers below.
c.1 - Payment solution via Shopify Payments:
For payments by bank card or other supported methods, payment management is provided by Shopify Payments, a subsidiary of Shopify Inc. (Shopify Payments (Europe) Ltd., 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland).
When you make an online payment via our site hosted on Shopify, we collect the following data:
Your IP address
Your order information, such as the invoice amount, your customer number and your email address
Your payment ID
Your bank card data or your account data.
This information is used to:
Finalise the transaction
Check the plausibility of your information.
If necessary, Shopify Payments will also pass on this data to third parties (such as banks or financial institutions).
Shopify Payments is fully responsible for the secure processing of payment data. All information is encrypted and Aubade Paris does not have access to it. To find out more about data protection by Shopify Payments, see their .
The payment solution via Shopify Payments is available for domain names in the following countries and languages:
France: language (fr);
Germany: language (de);
Germany: language (fr);
Belgium: language (en);
Belgium: language (fr);
Netherlands: language (en);
Netherlands: language (fr);
Netherlands: language (en);
Netherlands: language (nl).
Payment methods accepted via Shopify Payments:
Credit and debit cards: Visa, Mastercard, Carte Bleue (debit card)
Digital wallets: Apple Pay, Shop Pay
If you agree, your payment data may be recorded in encrypted form by Shopify Payments to facilitate future purchases. We only have access to a limited extract of this data (for example, the last four digits of your card). You may request the deletion of this information at any time. Once your request has been made, your data will be deleted if it is no longer needed for ongoing payments.
For more details, please see the .
Bank card payment solution
When payment is made by bank card, Aubade Paris ensures the validity of the information entered thanks to the 3D Secure security process which ensures secure payment and ensures that the payment is carried out correctly.
No banking information is stored on our site. Your bank data is entered directly on the secure server of our technical and financial partner Worldline Online Payments, a service provider offering guarantees in terms of personal data protection.
The banking information you provide is encrypted on your own computer and will never circulate unencrypted on the Internet.
Please note that your credit card will not be charged until your order has left our warehouse.
Payment solution via PayPal:
We also offer payment management via PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal").
If you choose PayPal, you will be redirected to their site where you can log in with your login details to complete the payment.
Once on the PayPal site, we no longer have access to the data collected by their service. Your bank details or credit card information are only recorded on the PayPal site.
This means that they are not transmitted via the Internet with each order.
After finalising your payment, simply click on the button that will redirect you to our web page. You can find more information on data protection by PayPal in their .
The payment solution via Paypal is available for sites in the following languages:
France: language (fr);
Germany: language (de);
Germany: language (fr);
Belgium: language (en);
Belgium: language (fr);
Netherlands: language (en);
Netherlands: language (fr);
Netherlands: language (nl);
USA: language (en);
Canada: language (fr);
Canada: language (en);
Switzerland: language (fr);
Switzerland: language (de);
Switzerland: language (en);
UK: language (en).
c.2 - management of mobile payments via connected checkouts in Aubade stores:
As part of our mobile checkout solution in most Aubade stores, we provide you with tablets that allow you to purchase our products and view your customer information. For this "omnichannel" system, we share your basic customer data and your order history with our payment partner Ingenico (Ingenico, SASU, 13 rue Pages, 92150 Suresnes, France).
Aubade Paris has signed a subcontracting agreement with Ingenico in accordance with Article 28 of the GDPR. This contract guarantees that Ingenico complies with the General Data Protection Regulation and protects the rights of data subjects.
The transfer of your data is carried out in accordance with Article 6 paragraph 1 b. of the GDPR. Our aim is to optimise and improve customer relationship management and the scope of our services.
The data processed in this context will be deleted once its purpose has been fulfilled, generally at the end of the contractual relationship.
Notification management
As part of our services, we may need to send you notifications to keep you informed.
To this end, we transmit your personal data to external service providers who assist us in sending these notifications. This transfer is necessary to meet our legitimate interests, in accordance with the GDPR. Our main objective is to inform you of the status of your order.
We work with the service provider Emarsys to send out various notifications. Emarsys is responsible for sending messages on our behalf, such as:
Order confirmations
Shipping confirmations
Cancellation messages
Notifications relating to participation in or prizes from competitions
Notifications concerning user accounts and other confirmation messages.
For these purposes, Aubade Paris shares some of your data with Emarsys:
Your surname and first name
Your email address
Your postal address
The shipping address for the order
Your customer account data, necessary for the smooth purchase and receipt of your order.
A subcontracting agreement has been signed with Emarsys, committing the latter to complying with our instructions and guaranteeing the rights of data subjects. You can find more information on the data protection provided by Emarsys
Transfer of data to third countries
Your personal data is only passed on to third parties in the cases specified below.
e.1- Transfer of data outside the European Union or outside the European Economic Area
When your data is processed, it may be transferred to third countries, i.e. outside the European Union (EU) or the European Economic Area (EEA).
If the European Commission deems that a third country ensures an adequate level of protection (in accordance with Article 45, paragraph 3 of the GDPR), no additional measures are required for this transfer.
e.2 - Transfer of data to the United States
Transfers to the United States are carried out on the basis of the Transatlantic Data Privacy Framework (DPF) in force since 10 July 2023, provided that the recipient is DPF-certified.
For transfers to the United States, if the recipient is not DPF-certified and does not present adequate safeguards within the meaning of Article 46 of the GDPR, the transfer will only be carried out with your explicit consent pursuant to Article 49 of the GDPR. It is important to note that for recipients who are not DPF-certified in the United States, it is not possible to guarantee a level of data protection comparable to that of the European Union (hereinafter: "EU”).
If your personal data is transferred to the United States, it may be subject to access by the American authorities as part of the PRISM and UPSTREAM surveillance programmes, in accordance with Section 702 of the Foreign Intelligence Surveillance Act (FISA), as well as Presidential Decree No. 12333 or Presidential Strategic Directive No. 28. Unfortunately, EU citizens have no effective jurisdictional protection against such access, neither in the United States nor in the EU.
e.3 - Transfer of data to other countries outside the EU, EEA, USA
In other cases, or for transfers to so-called non-secure third countries, data is only transferred if the conditions of Article 46 et seq. of the GDPR are met. In concrete terms, this means that data is only transmitted if:
The recipient has put in place appropriate safeguards to protect personal data in accordance with Article 46 of the GDPR;
You have explicitly consented to the transfer after being informed of the risks, in accordance with Article 49 of the GDPR;
The transfer is necessary for the performance of our contractual obligations towards you;
Another derogation provided for in Article 49 of the GDPR applies.
In all cases, you will be informed of the legal basis applied for the transfer.
4. Cookies
We use cookies. These are small files that your browser creates automatically and which are stored on your mobile device (laptop, tablet, smartphone or similar) when you visit the site. Cookies do not cause any damage to your device, nor do they contain viruses, Trojan horses or other malware.
The cookie stores information linked to the device used. This does not mean that we are directly informed of your identity.
Cookies are used to make your use of our site more pleasant for you.
For example, we use session cookies to recognise that you have already visited certain pages on our site, that you have already logged in to your user account or that you have already logged in to view your shopping basket. These are automatically deleted once you leave our site.
We also use temporary cookies to optimise the functionalities of the site. They are stored on your device for a specified period of time. If you revisit our site to use our services, you will be automatically recognised, along with the entries and settings you have made, so that you do not have to re-enter them.
Finally, we use cookies to statistically record the use of our website and to evaluate it in order to optimise our offer (see section 5). These cookies enable us to automatically recognise that you have visited our site before. These cookies are deleted at the end of a defined period of time.
The data processed by cookies is necessary for the purposes indicated in order to protect our legitimate interests and those of third parties in accordance with Article 6, paragraph 1. f of the GDPR.
If the processing of cookies is subject to your consent, this will be indicated when you browse our site.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message is always displayed before a new cookie is created. However, the complete deactivation of cookies may prevent you from using all the functions of our website.
5. Analysis tools (services used for tracking and targeting)
The tracking and targeting measures described below, which we have implemented, are carried out on the basis of your consent pursuant to Article 6, para. 1a of the GDPR.
With the tracking measures used, we want to ensure that our website is designed to meet the needs of our customers and that our website is continually optimised. We also use tracking measures to statistically record the use of our website and to evaluate it for you with the aim of optimising our offer.
We want to use the targeting measures used to ensure that you only see advertisements on your devices that are based on your real or supposed interests.
You will find the purposes and corresponding categories of data in the various tracking and targeting tools.
a. Google Analytics & encrypted emails
In order to design and optimise our website, we use
In this sense, usage profiles are created in anonymous form (see point 4) and cookies are used.
The information generated by Cookies concerns your use of the website on:
Your browser (type and version)
The operating system
The referring URL (the site that linked you to our website)
The hostname of the querying computer (IP address)
The time the server was consulted
This information is transmitted to a Google server located in the United States, where it is recorded. Google is subject to the Data Privacy Framework, in order to guarantee an appropriate level of data protection.
This information is used to analyse the use of the site, to compile reports on the activities of the site for the purpose of carrying out market research to help optimise the design of the website and to provide this website with other services related to the use of websites and the Internet. This data may be communicated to third parties in the event of a legal obligation or when third parties are mandated to process this data.
Under no circumstances will your IP address be linked to other Google data. IP addresses are processed anonymously so that no link is possible (IP masking), making any identification impossible.
Depending on the options you have accepted, we activate the Google Analytics advertising functionalities. These functionalities generate reports on target audiences and demographic characteristics (age, gender, areas of interest), as well as on the effectiveness of our marketing campaigns.
The data comes from Google campaigns, targeted advertising and the Display network (an advertising delivery channel), as well as from visitors identified by third-party partners. Your identity is not directly revealed, which enables us to assess user behaviour without identifying you, in order to optimise our marketing approaches.
We also use the "Advanced Conversions" functionality to more accurately measure conversions across different channels and to compensate for any gaps in data collection. This helps us to better understand the effectiveness of certain advertising campaigns and to offer adverts tailored to your interests, both on our site and via Google.
This is a functionality specific to the Google network, which we apply for analytics and other purposes.
Encrypted emails:
When a conversion (such as an online purchase) occurs, personal data (such as your email address) is collected. This data is encrypted and hashed using the SHA256 algorithm before being sent to Google, which compares it with its own information to provide us with anonymous statistics on conversion.
In general, the data collected is automatically deleted after 14 months. In certain specific cases (in the case of legal proceedings requiring the use of these elements), the maximum duration of this saving may be up to 26 months before the data collected is deleted.
You can prevent the installation of cookies by adjusting your browser settings. Please note, however, that in this case, you may not always be able to use all the functions of this website.
At any time, you can object to the collection and storage of data (including your IP address) for web analysis purposes by installing an Add-on module in your browser to deactivate Google Analytics, accessible through the .
An alternative to the Add-on module for your browser, particularly for browsers on mobile devices, is to to object to the collection and storage of data by Google Analytics.
An Opt-out Cookie will be installed to prevent the use of your data when you visit the site. This Opt-out Cookie is specific to this browser and to our website and is stored on your phone. If you delete Cookies from your browser, you will need to reinstall the Opt-out Cookie.
For more information on data protection in relation to Google Analytics, go to the
b) Criteo & encrypted emails
This website uses Criteo GmbH technology to anonymously collect and store information such as the type and version of your browser, the operating system used, the host name of your device (IP address) and the date and time of consultation for marketing and optimisation purposes, in collaboration with Criteo SA, 32 rue Blanche, 75009 Paris, France. Criteo is jointly responsible with Aubade Paris in accordance with Article 26 of the GDPR. Cookies are used for the purposes set out in section 4 – Cookies.
Criteo uses an algorithm to analyse browsing behaviour and can then display targeted personalised banners or advertisements on other websites (called "Publishers"). Under no circumstances may the data collected be used to identify you personally without your explicit consent, and it is not combined with other personal data. The data collected will only be used to improve the advertising offer. No other use or disclosure to third parties takes place.
Criteo may install tags (trackers) from its contractual partners on your device. A list of the publishers concerned is
You can object to the anonymous analysis of your browsing behaviour on this page by clicking on . Please note that even after deactivation, you will continue to receive adverts, but they will be less targeted.
Encrypted emails
During conversions on our site (such as the purchase of a product), personal data (such as your email address) may be collected, hashed using the SHA256 algorithm and then transmitted to Criteo. This data is then compared with that of Criteo to provide us with anonymised statistics, thereby improving the measurement of conversions.
We have entered into a Joint Data Controller Agreement with Criteo, which sets out the respective responsibilities in accordance with the GDPR. You may exercise your rights as a data subject with either of the joint data controllers.
If you have chosen to unsubscribe (Opt-out Cookie) and wish to display your personalised Criteo banner again, please .
For more information on Criteo technology, please refer to the Criteo Privacy Policy:
You can contact the Criteo Data Protection Officer at the following address: Data Protection Officer, 32 rue Blanche, 75009 Paris, France. Email: dpo@criteo.com.
The data is deleted once its purpose has been fulfilled.
c) Facebook Custom Audiences
We also use Meta Website Custom Audiences from Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). This is a Meta marketing service that enables us to display personalised advertising, targeted by centres of interest, on Facebook to pseudonymised visitors to our website who also use Facebook.
A Facebook Custom Audience pixel is integrated on our website (hereinafter: "Meta Pixel"). This is a Javascript code used to save personal data relating to the use of the website. This includes your IP address and your browser software, as well as the initial site and the target page.
The Meta Pixel is activated when you visit our site or interact with one of our advertisements on Meta, for example by clicking on a link to our site. This Pixel helps us to measure the impact of our Facebook adverts for statistical and market research purposes, in particular to find out whether users have been redirected to our site after clicking on an advert (a so-called "conversion").
This information is transmitted to Meta servers in the United States. Meta is subject to the Data Privacy Framework, which guarantees an adequate level of data protection.
These servers use automatic cross-checking to determine whether you have saved a Facebook cookie. The Facebook cookie automatically determines whether you belong to the target group that is relevant to us. If you belong to this target group, corresponding messages from us are posted to you on Facebook. In this context, neither we nor Facebook will identify you personally by cross-checking your data. You can also prevent the implementation of Facebook Custom Audiences
This Opt-Out prevents your personal data from being collected in the future when you visit this website.
d) Meta Conversions API (Facebook)
On our website, we use the Conversions API tracking tool from the American company Meta Platforms Inc. The data is transferred to Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland), the data controller in Europe.
Via this data interface, we exchange data with Meta relating to your behaviour on the basis of our legitimate interest (Article 6. 1. F of the GDPR) or your consent (Article 6. 1 a. of the GDPR).. This enables us to present you with tailored advertising. We and Meta also use this data to process your transactions.
Using these tools, we can target Facebook Ads for users who have shown an interest in our online offer or who have specific characteristics (for example, interests in certain topics or products, determined based on the sites visited) that we share with Meta ("Custom Audiences"). The Meta Pixel and Conversions API also enable Meta to track visitors to our site on different devices in order to include them in a target group for the display of adverts ("Facebook Ads").
Additional cookies are installed to record personal data relating to the use of our site, such as the pages visited, the search terms used, connection information and the HTTP header (IP address, browser details, referrer). The data sent to Meta is first encrypted locally before being transmitted via a secure connection for comparison with the data encrypted by Meta. Custom Audiences do not allow you to be personally identified, although the data is stored and processed by Meta, which may establish a link with the profile of the user concerned.
Through the Conversions API, Facebook receives information about your visit to our website and your behaviour on it. If you are registered with a Facebook service, Facebook may create a link between your visit to our site and your account.
Meta, which processes your personal data in the United States, is subject to the Data Privacy Framework, which guarantees an adequate level of data protection.
For more information on the data processed by the Meta Conversions API, please consult the page .
For more information on the data security conditions that Meta uses to protect your data, please consult the page accessible .
You can deactivate this tool at any time in the cookie settings.
If you are logged in to Facebook, you can make changes on the page accessible .
To find out more about Meta as a data controller and to contact its Data Protection Officer. You can also consult the or contact .
In general, user data collected in this way is deleted after 180 days.
e) Bing Conversion Tracking
We use the Conversion Tracking software from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 (U.S.A.), which enables us to collect and track the actions of users of our website who have arrived on our site by clicking on a Bing advert.
If you visit our website after being redirected from a Bing advert, we will place a cookie on your computer. This cookie enables Microsoft to record data relating to the use of our website (for example, the time spent on the site, the parts of the site that you accessed and the advertisements that redirected you to our website); if this results in an order being placed, the value of the order and the time at which the order was placed. No information is collected that could be used to identify you directly.
The information is transmitted to a Microsoft-owned server located in the United States, where it is stored for up to 180 days.
Microsoft, which processes your personal data in the United States, is subject to the Data Privacy Framework, which guarantees an adequate level of data protection.
We have also entered into a data processing contract with Microsoft for the use of Bing advertisements. In this contract, Microsoft guarantees that all data processing by it is carried out in compliance with the General Data Protection Regulation, and that the company guarantees the protection of the rights of data subjects.
If you do not wish to take part in the conversion tracking mentioned here, you can refuse the placement of the cookies required for this purpose by selecting the settings in your web browser to generally deactivate the automatic installation of cookies. For more information on data privacy and the cookies used by Microsoft Bing, please visit the .
f) Google Tag Manager
Our website uses the Google Tag Manager service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). This service allows us to manage the tools mentioned in this privacy policy, with specific details provided in the dedicated sections of the document.
Google Tag Manager, which implements the tags (trackers), triggers other tags which, under certain circumstances, collect data.
Google Tag Manager does not have access to this data. If a deactivation is carried out at domain or cookie level, it applies to all tracking tags managed via Google Tag Manager. In addition, Google Tag Manager itself does not store or read any information on users’ devices, nor does it perform any independent data analysis. However, when a page is loaded, Google Tag Manager may transmit your IP address to Google, with possible storage in the United States by Google LLC.
Google LLC is subject to the Data Privacy Framework, which guarantees an adequate level of data protection.
To find out more about the Google Tag Manager service, visit .
This processing is carried out only with your explicit consent, in accordance with Article 6 of the GDPR (for data processing). You can revoke your consent at any time with effect for the future. In general, data is retained for a period of 90 days.
g) Google Adwords Conversion Tracking
We also use the Google Conversion Tracking tool from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (United States) to record and statistically analyse the use of our website in order to optimise the offers we send to you. To this end, Google Adwords saves a cookie (see Paragraph 4 above) on your computer when you access our website via a Google advert.
These cookies expire after 30 days and do not allow any personal identification. If the user visits certain pages of the Adwords customer website and the cookie has not yet expired, Google and the customer can recognise that the user has clicked on the advertisement and has been redirected to this page.
Each Adwords customer receives a different cookie. As a result, cookies cannot be tracked via the web pages of the Adwords customer. The information generated through the conversion cookie is used to produce conversion statistics for Adwords customers who have opted to use conversion tracking. Adwords customers find out the total number of users who clicked on their advert and were redirected to a page containing a conversion tracking tag. However, they do not receive any information that could be used to personally identify users.
If you do not wish to take part in the tracking procedure, you can refuse the necessary cookie - for example, via your browser settings, which generally deactivate the automatic saving of cookies. You can also deactivate conversion tracking cookies by setting your browser to block cookies from the "" domain.
You can find Google’s privacy notice on conversion tracking .
h) Google Remarketing
We use multi-device remarketing technologies from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (U.S.A.) to help you view targeted advertising on other websites on the basis of your visit to our websites.
When you visit our websites, Google may collect recognition elements for your browser or device (by creating a so-called browser fingerprint), to evaluate your IP address or a recognition element in the form of a small text file in the databases of your device (so-called third-party cookie). Google may also link and save your visit to our website with one or more of these recognition elements in order to display our advertising on other websites.
The recognition elements mentioned above are configured as pseudonyms and may be used by Google to recognise your device on other websites. For example, if you visit a page that participates in Google's Display Network (i.e. on-screen advertising on behalf of Google), Google is likely to identify your device and your browser on the basis of the elements mentioned above.
We also equip our websites with so-called "remarketing tags", which means that we include in our websites keywords containing statements relating to the content of the page displayed (such as product or service categories). The keywords we use do not contain any personal or sensitive information. Google receives and saves these keywords relating to the recognition elements mentioned above. As a result, if you visit a website that we have tagged with a particular product category, Google saves this tag and assigns it to your recognition criteria.
In doing this, we may use Google to advertise on other websites based on the pages visited. If you visit another website participating in the Google Display Network, Google will be able to tell you, based on the recognition elements and keywords stored on these recognition elements, whether you are interested in seeing our adverts and, if so, which ones.
You can find out more about Google's data protection policy .
If you subscribe to Google services with your own credentials or use one or more of your own Google Accounts, Google may combine recognition elements from different browsers and devices. Consequently, if Google has created its own recognition elements for the laptop, desktop, smartphone or tablet you use, these recognition elements may be associated with each other when you have used or use a Google service with your credentials. In this way, Google can target our advertising campaigns beyond the devices. However, Google will only do this if, in the past, you have given Google your consent to such data processing.
If you do not wish to take part in the tracking procedure, you can refuse the necessary cookie - for example, via your browser settings, which generally deactivate the automatic saving of cookies. For more information, please click .
i) Google Maps: mapping service
Our website uses the Google Maps application provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (hereinafter "Google") to display interactive maps.
The processing of your data is based on your explicit consent, in accordance with Article 6 of the GDPR. You may withdraw this consent at any time, with effect for the future.
When this service is activated, Google may collect information on your device, history data (including your IP address) and location data. No data is transferred to Google unless you have activated it when accessing our site.
Google LLC is subject to the Data Privacy Framework, which guarantees an adequate level of data protection.
j) Pinterest Tag & encrypted emails
We use Pinterest Tag from Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
This tag collects, stores and analyses data on the browsing behaviour of visitors to our site in the form of a pseudonym. This information may be associated with a user if Pinterest has other data about him/her, such as data linked to a Pinterest account. Using an algorithm, Pinterest evaluates this browsing data to provide targeted product recommendations in the form of personalised advertising banners on the user’s Pinterest account.
Using Pinterest Tag, we also have the ability to supplement conversion data with other personal information in order to improve the accuracy of conversion tracking and to fill in collection gaps. This also enables us to more accurately attribute advertising interactions to the conversions achieved. Our aim is to display advertisements that correspond to the interests of visitors to our site, and to make our offer more attractive both on our site and in the context of the adverts displayed via Google.
Encrypted emails:
When you make a conversion on our site (for example, an online purchase), personal data (generally the email address) is collected. This data is integrated into the Pinterest tag, where it is hashed using the SHA256 algorithm. The hashed values are then sent to Pinterest, which compares them with its own data to provide anonymous statistics that improve conversion tracking. In particular, this comparison works when the user also has a Pinterest account.
We share responsibility for data processing with Pinterest in accordance with Article 26 of the GDPR. A joint data controller agreement has been signed to this effect. We are responsible for providing data protection information and ensuring the secure implementation of Pinterest Tag on our site, while Pinterest is responsible for data security and respecting the rights of data subjects (Articles 15-20 of the GDPR).
k) intelliAd
This web page uses the intelliAd web analysis service (operator: emarketing AG, Landsberger Str. 110, 80339 Munich, Germany). In order to provide an ergonomic design and to optimise this web page, anonymised data and browser-specific data is collected and recorded after aggregation.
The use of intelliAd's Tracking service leads to the local recording of cookies. You have the right to refuse, now and in the future, the storage of your browsing data. To do this, use intelliAd's Opt-Out function.
To improve tracking accuracy, the "First-Party-Tracking" process is used. A first-party cookie (ia-6303837373136323131303) is placed in the user's browser.
Full IP addresses are also not recorded as part of this procedure and are only processed in anonymised form.
l) Emarsys Web Extend and Smart Insight
We use Emarsys Webextend and Smart Insight from Emarsys to analyse the online activity of visitors to our website and to personalise our newsletter (see 2. E).
These services create pseudonymised usage profiles and use cookies (see section 4) as well as JavaScript Snippets.
Emarsys receives the information recorded by cookies on the use of our website (for example, IP address, browsing information, such as the references of the products viewed or added to the basket). Cookies are deleted at the end of a session or after one year at the latest.
We use the information collected via Webextend to enrich existing customer profiles and to offer personalised content. This includes information such as confirmations of the receipt and reading of emails, information on your computer and Internet connection, the operating system and platform you use, your browsing history, your order history, the date and time of your visit to the home page and the products/items you have viewed.
If you have subscribed to our newsletter and you have a user account and you subscribe or if you visit our site from a newsletter, the information collected is associated with your profile on the basis of your consent (see section 2. E).
The use of Web Extend and Smart Insight is also based on our legitimate interests (Article 6, 1. f of the GDPR) in analysing and optimising our website and promotional offers (see section 2. E).
This is why Emarsys processes information on our behalf to analyse the use of our website and the consultation of our newsletter in order to create reports on the activities of our customers and prospects.
A subcontracting agreement has been entered into with Emarsys, in accordance with Article 28 of the GDPR. By virtue of this contract, Emarsys undertakes to act in accordance with the General Data Protection Regulation and to guarantee the rights of data subjects.
You can object to the processing of data by Emarsys on our website by This activates an "Opt-Out" cookie, which has the effect of preventing Emarsys from collecting and recording data relating to your activity on our website.
m) Consent management with OneTrust on our websites
m.1- Presentation of the OneTrust solution
We use the OneTrust consent management service on our site to manage consents related to the use of cookies and similar technologies. Within this framework, data such as the date and time of your visit, information on your browser, your consent, the device used and the anonymised IP address are processed.
This processing is based on Article 6 of the GDPR, due to the legitimate interest in collecting and managing consents. You can access this solution deployed by OneTrust at any time via the "cookie preferences" tab in the bottom right-hand corner of the home page.
In general, consent is retained until it is revoked or until the cookie is deleted. The lifetime of the cookie following interaction with an advertising banner is 12 months.
m.2 - Hosting of the One Trust solution by Shopify
The One Trust solution is hosted on Shopify, which offers sufficient guarantees for the protection of your data.
For more information, please refer to the .
n) Avis Vérifiés quality label
We use the service of Avis Vérifiés, located at 18-20 Avenue Robert Schuman, 13002 Marseille, France.
If you have given your consent by ticking the relevant box or by clicking on the "Review later" button during or after your order, we will forward your email address to Avis Vérifiés so that they can send you an email inviting you to leave a review. You may withdraw your consent at any time by contacting us at the address below or by contacting Avis Vérifiés directly.
This data processing is based on our legitimate interests, in accordance with Article 6, paragraph 1, sentence 1, point f) of the GDPR, in order to effectively promote our offer.
Each time the online verified review is viewed, a log file is automatically recorded by the web server. This file contains information such as your IP address, the date and time of access, the data transferred and the service provider used. This access data is only used to record the consultation and is automatically deleted in accordance with the of Avis Vérifiés.
o) Sovendus vouchers
When you make purchases on the Aubade France, Germany, Belgium and Netherlands sites, we offer you the possibility of receiving vouchers from websites via the network of Sovendus GmbH, Hermann-Veit-Straße 6, 76135 Karlsruhe, Germany.
As soon as you choose one of the vouchers, we transmit the hash value of your email address and your IP address to the service provider, in encrypted form and under a pseudonym, unless you object to this. In addition, for invoicing purposes, we transfer to Sovendus, under a pseudonym, the order number, the value of the order with indication of the currency, the session identifier, the voucher code and the timestamp. The transfer of your data to Sovendus is based on our legitimate interest, in accordance with Article 6.1. F of the GDPR.
The retention period for this data is 7 (seven) days.
6. The rights of the data subject
Your rights as a data subject are: the right of access to data concerning you, the right to rectify or erase such data, the right to restrict the processing of your personal data, the right to the portability of your data, and the right to withdraw your consent.
These rights may be exercised by contacting the data controller, Aubade Paris, by sending a request together with a copy of an identity document to the following email address: contact@aubadepro.com
a) Right of access
In accordance with Article 15 of the GDPR, you have the right to request information about your personal data that we process.
In particular, you can obtain information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be communicated, the intended retention period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of recourse, the origin of your data, if it is not collected from us, as well as the existence of an automated decision-making process, including profiling and, where applicable, significant information on the respective details.
b) Right to rectification
In accordance with Article 16 of the GDPR, you have the right to demand without delay that we correct or supplement your personal data that we retain.
c) Right to erasure
In accordance with Article 17 of the GDPR, you have the right to demand the erasure of your personal data retained by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
d) Right to restriction of processing
In accordance with Article 18 of the GDPR, you have the right to demand a restriction on the processing of your personal data, provided that one of these conditions is met:
You dispute the accuracy of this data;
The processing is unlawful but you refuse to erase it and demand the restriction of its use;
We no longer need the data, but it is necessary for you for the establishment, exercise or defence of legal claims;
You have objected to the processing of your data, in accordance with Article 21.1 of the GDPR; during the verification as to whether the legitimate grounds we are pursuing override your rights.
e) Right to portability
In accordance with Article 20 of the GDPR, you may demand that the personal data you have provided to us in a structured, common and machine-readable format be transmitted to you, or demand that it be transmitted to another data controller.
This right does not apply where your data is processed on the basis of our legitimate interest (Article 6.1.f of the GDPR).
f) Right to withdraw your consent
In accordance with Article 7.3 of the GDPR, you have the right to revoke consent to the processing of your data at any time.
As a result, we are no longer authorised to continue processing data on the basis of this consent in the future.
g) Right to lodge a complaint with a supervisory authority
In accordance with Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the way in which we process your data constitutes a breach of the GDPR.
You can submit this complaint to the French supervisory authority, the CNIL, at the following address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, France
7. Right to object
Insofar as your personal data is processed on the basis of legitimate interests within the meaning of Article 6. 1. f of the GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 of the GDPR if there are reasons arising from your particular situation or if the objection is directed against direct advertising.
In the latter case, you have a general right to object, which we implement without specifying a particular situation.
You may exercise your right by contacting the data controller, Aubade Paris, by sending a request together with a copy of your identity document to the following email address:
contact@aubadepro.com
8. Data security
All personal data you provide will be transmitted in encrypted form using the generally accepted and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used in online banking, for example. You can recognise a secure TLS connection by the "s" after the http (i.e. ...) in your browser's address bar or by the padlock symbol in the lower part of your browser.
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties. Our security measures are constantly being improved in line with technological developments.
9. Update and amendment of this privacy statement
This data protection statement was updated in November 2024.
As a result of the further development of our website and the offers contained therein, or due to changes in legal and/or official requirements, it may be necessary to amend this privacy statement.
This privacy statement may be consulted at any time on the website at the following address:
10. Contact
If you have any questions, please contact customer service at the following email address: contact@aubadepro.com