Privacy Policy

Effective Date: November 2025

Your Privacy Matters

We respect your privacy and are committed to protecting your personal data. This policy explains what information we collect, how we use it, and your rights under GDPR, CCPA, and other data protection laws.

1. Who We Are

Data Controller: Laetitia Demay

Role: Independent Artist & Designer

Location: Morocco

Contact:

WhatsApp: +212 648 720 351
Instagram: @7laetitiademay

Laetitia Demay is the data controller responsible for your personal data collected through this website. This means we decide how and why your data is processed.

2. What Information We Collect

We only collect personal data that is necessary to provide our services. Here's what we collect and why:

Information You Provide to Us

When You Place an Order:

Name: To address your package and confirm your identity
Email: To send order confirmations and shipping updates
Shipping Address: To deliver your purchase
Phone Number (optional): For delivery purposes if needed

When You Subscribe to Our Newsletter:

Email Address: To send you updates about new collections and exclusive offers

When You Contact Us:

WhatsApp/Instagram Messages: Content of your communications to respond to inquiries

Information Collected Automatically

Website Analytics (if applicable):

IP Address: To understand visitor locations and prevent fraud
Browser Type & Device: To optimize website performance
Pages Visited: To improve user experience
Cookies: See Section 6 for cookie details

Payment Information

PayPal Processing:

Payment details are collected and processed by PayPal
We do NOT store credit card numbers or payment information
We only receive confirmation that payment was successful

3. How We Use Your Information

We use your personal data only for the following purposes:

Order Processing (Legal Basis: Contract Performance)

Processing and fulfilling your orders
Communicating with you about your order status
Providing customer support
Processing returns and refunds

Newsletter (Legal Basis: Consent)

Sending you updates about new collections (only if you subscribed)
Sharing exclusive offers and promotions
You can unsubscribe at any time using the link in every email

Website Improvement (Legal Basis: Legitimate Interest)

Analyzing website traffic and user behavior
Improving website design and functionality
Preventing fraud and ensuring security

Legal Obligations (Legal Basis: Legal Requirement)

Complying with accounting and tax laws (order records)
Responding to legal requests from authorities
Protecting our legal rights

We Never:

Sell your personal data to third parties
Use your data for automated decision-making or profiling
Send you marketing emails without your consent

4. How Long We Keep Your Data

We retain your personal data only as long as necessary:

Data Retention Periods:

Order Information: 3 years (for legal/accounting requirements)
Newsletter Emails: Until you unsubscribe
Customer Service Communications: 2 years after last contact
Website Analytics: 26 months (Google Analytics default)
Cookies: See Section 6 for cookie expiration details

After these periods, we securely delete or anonymize your personal data.

5. Who We Share Your Data With

We share your personal data only with trusted service providers necessary to fulfill our services:

Payment Processing

PayPal, Inc. (USA) - For secure payment processing
PayPal's privacy policy: paypal.com/privacy

Website Hosting

Netlify, Inc. (USA) - For website hosting and delivery
Netlify's privacy policy: netlify.com/privacy

Shipping & Delivery

Postal Services: Morocco Post, USPS, Royal Mail, etc.
We share only the information necessary for delivery (name, address)

Analytics (if applicable)

Google Analytics (USA) - For website traffic analysis
Google's privacy policy: policies.google.com/privacy

International Transfers: Some service providers (PayPal, Netlify, Google) are based in the USA. Data transfers are protected by:

Standard Contractual Clauses (EU-approved)
Service providers' GDPR compliance commitments
Appropriate security measures

We Never:

Sell your data to third parties
Share your data for marketing purposes
Provide your data to advertisers

6. Cookies & Tracking Technologies

What Are Cookies? Cookies are small text files stored on your device when you visit a website. They help websites function properly and provide insights into user behavior.

Cookies We Use

Essential Cookies (Always Active):

Shopping Cart: Remembers items you added
Session Management: Keeps you logged in during checkout
Security: Protects against fraud and unauthorized access

Legal Basis: Necessary for website functionality (no consent required)

Analytics Cookies (Requires Consent):

Google Analytics: Tracks page views, visitor count, and traffic sources
Purpose: Understand how visitors use our site to improve it
Retention: 26 months

Legal Basis: Your consent (you can opt out)

Managing Cookies

Browser Settings: You can block or delete cookies through your browser settings
Opt-Out Tools: Use Google Analytics opt-out: tools.google.com/dlpage/gaoptout
Note: Blocking essential cookies may affect website functionality

7. Your Rights Under GDPR (EU/UK/EEA)

If you are located in the European Union, United Kingdom, or European Economic Area, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal retention requirements).

Right to Restrict Processing

Limit how we use your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format to transfer to another service.

Right to Object

Object to processing based on legitimate interests or direct marketing.

Right to Withdraw Consent

Withdraw consent at any time (e.g., unsubscribe from newsletter).

Right to Lodge a Complaint

File a complaint with your national data protection authority if you believe your rights have been violated.

How to Exercise Your Rights: Contact us via WhatsApp (+212 648 720 351) or Instagram DM. We will respond within 30 days.

8. Your Rights Under CCPA (California)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the following rights:

Right to Know

Request disclosure of the categories and specific pieces of personal information we collect.

Right to Delete

Request deletion of your personal information (subject to legal exceptions).

Right to Opt-Out of Sale

We Do NOT Sell Your Personal Information. We have not sold personal information in the past 12 months and do not plan to.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

Categories of Personal Information We Collect:

Identifiers (name, email, address)
Commercial information (purchase history)
Internet activity (website interactions)

Business Purposes: Order fulfillment, customer service, website improvement, legal compliance.

How to Exercise Your Rights: Contact us via WhatsApp or Instagram. We will verify your identity and respond within 45 days.

9. Children's Privacy

Our website and services are not directed to individuals under the age of 16.

We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete it.

10. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organizational measures:

Technical Measures

HTTPS Encryption: All data transmitted through our website is encrypted
Secure Payment Gateway: PayPal uses industry-standard encryption for payment processing
No Stored Payment Data: We do not store credit card information on our servers
Regular Security Updates: We keep our systems up to date

Organizational Measures

Access Control: Only authorized personnel can access personal data
Data Minimization: We collect only what is necessary
Staff Training: We understand data protection best practices

Data Breach Notification: In the unlikely event of a data breach, we will notify affected individuals and relevant authorities as required by law within 72 hours.

11. Third-Party Links

Our website may contain links to third-party websites (e.g., Instagram, PayPal). We are not responsible for the privacy practices of these external sites.

We encourage you to read the privacy policies of any third-party sites you visit:

Instagram: help.instagram.com/privacy
PayPal: paypal.com/privacy

12. Marketing Communications

Newsletter Subscription:

You can subscribe to our newsletter by providing your email address
Subscription is entirely voluntary (opt-in consent required)
We will send updates about new collections and exclusive offers

Unsubscribing:

Click the "Unsubscribe" link at the bottom of any email
Contact us directly via WhatsApp or Instagram
We will process your request within 48 hours

Order-Related Emails: Even if you unsubscribe from marketing, we will still send you essential emails about your orders (confirmations, shipping updates, etc.) as these are necessary to fulfill your purchase.

13. Automated Decision-Making & Profiling

We do NOT use automated decision-making or profiling that produces legal or similarly significant effects on you.

All customer interactions and decisions (order processing, customer service, etc.) involve human review.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

Notification:

Material changes will be posted on this page with an updated "Effective Date"
Significant changes may be communicated via email
Continued use of our website after changes constitutes acceptance

Version History: We maintain records of previous versions for transparency.

15. International Users

Our business operates from Morocco and serves customers worldwide. By using our website, you consent to the transfer of your personal data to Morocco and the countries where our service providers operate (primarily USA).

Data Protection Standards:

We comply with Moroccan Data Protection Law (Law 09-08)
We adhere to GDPR standards for EU/UK customers
We respect CCPA rights for California residents
We follow international data protection best practices

16. Contact Us About Privacy

Questions or Concerns About Your Privacy?

Contact Laetitia Demay (Data Controller):

WhatsApp: +212 648 720 351
Instagram: @7laetitiademay

We typically respond within 24-48 hours.

To Exercise Your Rights: Please provide your name, email address used for orders, and specify which right(s) you wish to exercise. We may request additional information to verify your identity.

17. Supervisory Authorities

If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with a data protection authority:

Morocco:

Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP)
Website: cndp.ma

European Union:

Contact your national data protection authority
List of EU authorities: edpb.europa.eu

United Kingdom:

Information Commissioner's Office (ICO)
Website: ico.org.uk

Last updated: November 2025