Privacy Policy – JK FISHER

Last updated: 10/10/2025
This policy describes how JK FISHER collects, uses, stores, shares, and protects your personal data when you visit jkfisher.fr (the "Site") or make a purchase.

1) Data Controller

JK FISHER – 16 Allée Van Gogh, 33160 Saint-Aubin-de-Médoc, France.
Contact: contact@jkfisher.fr

We have not appointed a DPO at this stage. For any privacy questions, please use the address above.

2) What data do we collect?

2.1 Data you provide to us

• Identity and contact: last name, first name, email address, postal address, phone number.

• Order and delivery data: products, amounts, shipping address, tracking, billing.

• Customer relationship data: messages sent to customer service, chat/contact requests, customer reviews, marketing preferences (opt-in/opt-out).

• Payment: payment methods (card numbers are processed by our payment providers; we do not have access to them in clear text).

2.2 Automatically collected data ("Device Information")

• Technical information: IP address, device identifiers, browser type/settings, time zone, pages viewed, time spent, source of origin, clicks and interactions.

• Cookies and similar technologies (pixels, tags, scripts) – see Section 9.

3) Purposes and legal bases (GDPR)

We process your data for:

• Contract execution (Art. 6.1.b GDPR): order taking, payment, billing, delivery, after-sales service, customer accounts.

• Legitimate interest (Art. 6.1.f): Site security, fraud prevention, traffic statistics, service improvement, prospecting to existing customers for similar products ("soft opt-in"), evidence and litigation management.

• Legal obligation (Art. 6.1.c): accounting/tax obligations, GDPR rights management.

• Consent (Art. 6.1.a): sending newsletters/offers to non-customers, placing certain non-essential cookies/trackers, personalized advertising when required.

4) Advertising, analytics and automated decision-making

• Audience measurement: we use Google Analytics, among other tools, to better understand Site usage.

• Targeted advertising: we may display advertisements likely to interest you based on your interactions (remarketing).

• Profiling: we may segment audiences (e.g., "frequent buyers", "interested in [category]") to adapt communications and offers. This profiling does not produce significant legal effects concerning you.

You can opt out of targeted advertising by visiting:

• Facebook: https://www.facebook.com/settings/?tab=ads

• Google: https://www.google.com/settings/ads/anonymous

• Bing: https://about.ads.microsoft.com/fr-fr/ressources/politiques/annonces-personnalisees
  And, more broadly, via the DAA portal: https://optout.aboutads.info/?c=3&lang=fr

5) Recipients and transfers

We share data with service providers acting on our behalf (hosting, payment, delivery, email marketing, chat/customer service, analytics, advertising).

• Hosting/Store: Shopify (see its policy: https://www.shopify.fr/legal/confidentialite).

• Analytics: Google (https://www.google.com/intl/fr/policies/privacy/).

• Payment: PSP providers (e.g., Shopify Payments, Stripe, PayPal depending on store activation).

• Carriers: shipping and contact information.

Some service providers may process data outside the EU (e.g., Canada/United States). In such cases, we ensure the existence of appropriate safeguards (standard contractual clauses, additional measures, regional hosting when available).

6) Data retention periods

We retain your data only for the time necessary for the stated purposes:

• Order/billing: legal retention period (up to 10 years for accounting documents).

• Customer account: as long as the account is active, then deletion/archiving according to legal obligations.

• Prospecting: 3 years from the last contact from you (or until consent withdrawal).

• Customer service tickets: 3 years after closure, unless litigation.

• Cookies: duration specified in the cookie manager (see Section 9).

7) Your rights (GDPR)

You have the following rights: access, rectification, erasure, restriction, objection (especially to prospecting), data portability, and withdrawal of consent at any time.
You can also define post-mortem directives (Art. 85 French Data Protection Act).
To exercise your rights: contact@jkfisher.fr (attach proof of identity if necessary).
We will respond within 1 month (extendable by 2 months for complexity/volume, with reasoned information).
You can contact the CNIL (French Data Protection Authority) in case of disagreement: www.cnil.fr.

8) Security

We implement appropriate technical and organizational measures (access controls, in-transit encryption, logging, compartmentalization, principle of least privilege). No system is entirely secure; you remain responsible for the confidentiality of your identifiers and access means.

9) Cookies and trackers

9.1 What is a cookie?

A cookie is a small file placed on your device to make the Site work, measure audience, personalize your experience, and/or offer advertising.

9.2 Consent management

During your first visit, a consent banner allows you to accept/refuse, by purpose, non-essential cookies. You can change your choices at any time via the "Manage my cookies" link at the bottom of the page.

9.3 Categories of cookies we use

• Technical/necessary (consent exemption): session, shopping cart, authentication, security, load balancing.

• Audience measurement: Analytics (configuration may require your consent depending on settings).

• Personalization: display/language preferences.

• Advertising/Remarketing: to display relevant ads.

• Social networks: buttons/shares.

Examples (Shopify): _session_id, _shopify_visit, _shopify_uniq, cart, _secure_session_id, storefront_digest.
Typical lifespans range from session to 24 months. Exact values may evolve depending on Shopify and theme/App configuration.

9.4 “Do Not Track” / GPC

If your browser sends a Global Privacy Control (GPC) or “Do Not Track” signal, we endeavor to honor it when technically possible, without guarantee of compatibility with all third-party services. The settings via our cookie manager remain the reference.

10) Minors

The Site is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has provided us with data, please contact us for removal.

11) Communications and prospecting

• Customers: sending information on similar products (based on legitimate interest), with the possibility to unsubscribe at any time.

• Non-customers: sending newsletters only with your prior consent (opt-in).
  Each email contains an unsubscribe link.

12) Social networks and third-party content

Social media links/buttons or embedded content (YouTube, Instagram, etc.) may place their own cookies and collect data according to their policies. We are not responsible for these; please consult their respective policies.

13) Payment

Payments are processed by certified providers (e.g., Shopify Payments/Stripe/PayPal depending on configuration). Your card data is transmitted directly to these providers and is not stored by JK FISHER.

14) Transfers outside the EU

When service providers are located outside the EU/EEA, we frame transfers with Standard Contractual Clauses and, if necessary, additional measures (pseudonymization, regional hosting). The main countries include Canada and the United States for certain Shopify/Google services.

15) Retention of evidence and fraud prevention

To secure transactions, we may use fraud detection systems (risk score, necessary verifications). Some orders may be suspended pending further validation. Legal basis: legitimate interest and obligation to combat fraud.

16) Policy Changes

We may update this policy to reflect legal, technical, or operational developments. The last updated date is at the top of the document. In the event of a substantial change, we will inform you through an appropriate channel.

17) Contact

For any questions, requests to exercise rights, or complaints:
contact@jkfisher.fr

Postal address: 16 Allée Van Gogh, 33160 Saint-Aubin-de-Médoc, France.
You also have the right to lodge a complaint with the CNIL (www.cnil.fr).