This Privacy Policy (hereinafter the “Policy”) is issued by Les Chiffonniers d’Eureka Fripe, registered with the Rouen Trade and Companies Register (RCS) under number 321 525 156 (SIREN) – SIRET 321 525 156 00113, with its registered office at 159 route de Paris, 76920 Amfreville-la-Mi-Voie, France (hereinafter the “Company”).
The Company owns and operates the website www.eureka-fripe.com (hereinafter the “Site”). Any natural or legal person accessing the Site is hereinafter referred to as the “User”.
The Company attaches great importance to protecting Users’ privacy and personal data. This Policy explains how personal data are collected, processed and protected when browsing the Site or using the services offered.
By accessing the Site and using its services, Users acknowledge that they have read and understood this Policy.
Article 1 – Definitions
Personal Data: any information relating to an identified or identifiable natural person, as defined by the UK GDPR and Regulation (EU) 2016/679 (GDPR).
Processing: any operation performed on Personal Data (collection, storage, consultation, use, disclosure, deletion, etc.).
Data Controller: the entity which determines the purposes and means of processing Personal Data.
Processor: any person or organisation processing Personal Data on behalf of the Data Controller.
Article 2 – Data Controller and applicable framework
The Company acts as Data Controller for all Personal Data processed via the Site. The Company complies with the UK GDPR, the Data Protection Act 2018, and, where applicable, the EU GDPR. Guidance from the Information Commissioner’s Office (ICO) is taken into account.
Article 3 – Collection of Personal Data
The Company may collect Personal Data when Users:
- browse the Site;
- complete a contact form or subscribe to a newsletter;
- submit a business or quotation request;
- interact with the Company by email or social networks;
- book or attend a professional visit/“Handpick” appointment.
Depending on context, collected data may include: surname, first name, company name, professional email address, telephone number, postal address, business activity, and any information voluntarily provided during commercial exchanges. Certain technical data (e.g., IP address, browser, pages viewed) may be collected for security and audience measurement purposes (see “Cookies”).
For processing operations requiring consent, Personal Data are collected only after the User’s explicit consent.
Article 4 – Legal bases
Processing is carried out on one of the following legal bases:
- User’s consent (e.g., newsletters, marketing cookies);
- performance of a contract or pre-contractual measures at the User’s request;
- compliance with a legal obligation;
- legitimate interests of the Company (e.g., Site security, service improvement), without overriding Users’ rights and freedoms.
Article 5 – Purposes of processing
- Operating the Site and services (handling enquiries, appointments, quotations);
- Improvement and personalisation of the browsing experience;
- Internal management & security (fraud prevention, diagnostics, service continuity);
- Newsletters & commercial communications (subject to consent);
- Statistical analysis & performance measurement (see Matomo below);
- Advertising performance measurement via Google Ads (subject to consent; see “Cookies”);
- Compliance with legal and regulatory obligations.
Article 6 – Data recipients
Access to Personal Data is limited to authorised employees/agents who process requests and ensure the Site’s proper operation. Certain Personal Data may be shared with third-party service providers (hosting, maintenance, emailing, CRM, analytics/ads) acting as Processors under written contracts ensuring confidentiality and security.
Article 7 – International data transfers
The Site and core services are hosted in France. However, Personal Data may be transferred outside the European Economic Area (EEA) or the UK when using certain technical providers (e.g., Google). In such cases, the Company implements appropriate safeguards (e.g., UK International Data Transfer Agreement/Addendum, EU Standard Contractual Clauses, or adequacy decisions) to ensure an adequate level of protection.
Article 8 – Users’ rights
Under the UK GDPR, Users have the following rights: access, rectification, erasure, restriction, objection, and data portability. Users may also define instructions under applicable French law regarding their data after death (see Article 10).
To exercise these rights, contact: contact@eureka-fripe.com. The Company will respond within one (1) month; this may be extended by two months for complex/multiple requests (Users will be informed accordingly).
Article 9 – Data retention
Data are retained only for as long as necessary to fulfil the purposes for which they were collected, considering the nature/sensitivity of the data, the risk of harm from unauthorised use/disclosure, and legal obligations. Certain technical logs may be retained for security/compliance. Data may be anonymised for statistical purposes.
Article 10 – Post-mortem directives (France-specific)
In accordance with French law, Users may define directives concerning the storage, deletion, and communication of their Personal Data after death by contacting: contact@eureka-fripe.com.
Article 11 – User obligations
Users confirm that the Personal Data they provide are accurate, up to date and adequate, and undertake not to transmit data relating to third parties without authorisation.
Article 12 – Cookies and similar technologies
The Site uses cookies and similar technologies. Full details (types, purposes, retention, consent choices) are provided in the Site’s Cookie Policy. Key points:
- Necessary cookies: essential for the Site to function (e.g., language selection, consent storage);
- Statistics / Analytics: the Site uses Matomo, self-hosted in France and configured to be fully anonymised; when configured accordingly, such analytics may be exempt from consent;
- Marketing: the Site uses Google Ads conversion tracking via Google Consent Mode v2 (Advanced), fully managed through Borlabs Cookie. No advertising cookies or tracking signals are sent to Google until the User has explicitly accepted the “Marketing” category in the banner. Upon refusal, only anonymised, cookieless pings may be sent for aggregated conversion modelling.
Article 13 – Security
The Company implements appropriate technical and organisational measures to ensure a level of security appropriate to the risks (encryption in transit, access controls, backups, monitoring). While every effort is made to protect Personal Data, transmission over the Internet cannot be guaranteed to be 100% secure.
In the event of a personal data breach likely to result in a high risk to Users’ rights and freedoms, Users will be informed without undue delay, in accordance with applicable law. This information duty shall not be construed as an admission of fault or liability.
Article 14 – Third-party links
The Site may contain links to third-party websites. Such sites operate under their own privacy policies; the Company assumes no responsibility for their content or practices. Users should read the privacy policy of any third-party site they visit.
Article 15 – Business transfer
In the event of a corporate transaction (e.g., merger, acquisition, asset transfer), Personal Data may be transferred as part of the transaction, subject to applicable data protection laws.
Article 16 – Updates to this Policy
This Policy may be updated to reflect legal, regulatory or technical developments. Any substantial change will be indicated on the Site (e.g., update date shown at the top of this page). Users are encouraged to review this page regularly.
Article 17 – Contact
For any questions or requests regarding this Policy, please contact: contact@eureka-fripe.com.
Article 18 – Governing law and jurisdiction
This Policy is governed by French law. Failing an amicable settlement, the courts within the jurisdiction of the Rouen Court of Appeal shall have exclusive jurisdiction, without prejudice to mandatory consumer protection rules where applicable.
