Privacy Policy

Last updates : – Version 2.2

This Privacy Policy (hereinafter the “Policy”) is issued by Les Chiffonniers d’Eureka Fripe, registered with the Rouen Trade and Companies Register (RCS) under number 321 525 156 00113 (SIREN: 321 525 156), with its registered office at 159 route de Paris, 76920 Amfreville-la-Mi-Voie, France (hereinafter the “Company”).

The Company owns and operates the website www.eureka-fripe.com (hereinafter the “Website”). Any natural or legal person accessing the Website is hereinafter referred to as the “User”.

The Company attaches great importance to protecting Users’ privacy and personal data. This Policy explains how personal data are collected, processed and protected when browsing the Website or using the services offered. By accessing the Website and using its services, Users acknowledge that they have read and understood this Policy.

Article 1 – Definitions

Personal Data: any information relating to an identified or identifiable natural person, as defined by the GDPR (and, where relevant for UK users, the UK GDPR).

Processing: any operation performed on Personal Data (collection, storage, consultation, use, disclosure, deletion, etc.).

Data Controller: the entity which determines the purposes and means of Processing (the Company).

Processor: any person or organisation processing Personal Data on behalf of the Data Controller.

Article 2 – Data Controller and applicable framework

The Company acts as Data Controller for Personal Data processed via the Website. It complies with the French Data Protection Act and the EU GDPR. Guidance from the CNIL (French Supervisory Authority) is taken into account. For Users located in the United Kingdom, we also take into account the UK GDPR and the Data Protection Act 2018 to the extent applicable.

Article 3 – Collection of Personal Data

We collect Personal Data when you:

  • browse the Website;
  • complete a form (contact, quotation request, appointment, “Handpick” visit);
  • subscribe to a newsletter;
  • interact with us (email, phone, social networks).

Categories of data (depending on context):

  • Identity/Contact: first name, surname, company name, role, professional email address, phone number, postal address, country;
  • Free-text content: message and any attachments you send us;
  • Technical data: pages viewed, timestamps, referrer URL, device/browser type, language settings, truncated IP address (see Article 12);
  • Security (hCaptcha): strictly necessary anti-bot signals when submitting forms.

For Processing operations requiring consent (e.g., marketing cookies), data are collected/activated only after your explicit consent.

Article 4 – Legal bases

  • Performance of a contract or pre-contractual measures at your request (responses to enquiries, quotations, appointments);
  • Legal obligation (e.g., accounting, data-subject rights, security);
  • Legitimate interests (securing the Website via hCaptcha, service continuity, internal audience measurement with Matomo configured in an anonymised manner, service improvement), without overriding your rights and freedoms;
  • Consent (newsletters, Marketing/Google Ads cookies) — you may withdraw consent at any time.

Article 5 – Purposes of Processing

  • Operation of the Website and services: handling enquiries, quotations, appointments, organising “Handpick” visits;
  • Security and fraud prevention: protecting forms against automation and abuse via hCaptcha;
  • Internal audience measurement: anonymised analytics via Matomo on-premise (FR) to improve content and user experience;
  • Communications: sending information and newsletters (subject to consent);
  • Marketing and campaign performance: Google Ads only if you consent (see Article 12);
  • Compliance with legal obligations and handling data-subject requests.

Article 6 – Data recipients

Access is limited to authorised staff (sales, web/IT, logistics for visits). Processors acting on our behalf (under written agreements ensuring confidentiality and security) include:

  • Hosting and managed services (France);
  • Web tools: Borlabs Cookie (consent management), hCaptcha (form security), Matomo (self-hosted; administered by our managed service provider), Google Ads (only if consent).

A current list can be provided upon request.

Article 7 – International data transfers

  • Matomo: no transfer outside the EEA (self-hosted in France);
  • hCaptcha: certain technical Processing may occur outside the EEA/UK. Transfers are subject to appropriate safeguards (including Standard Contractual Clauses and/or the UK International Data Transfer Agreement/Addendum);
  • Google Ads (if consent): Processing may involve transfers outside the EEA/UK, covered by Standard Contractual Clauses / UK IDTA and complementary measures.

Article 8 – Users’ rights

Under the GDPR (and UK GDPR where applicable), you have the rights of access, rectification, erasure, restriction, objection (on legitimate grounds), and portability. You may also define instructions under French law regarding your data after death (see Article 10).

To exercise your rights: contact@eureka-fripe.com. We respond within one (1) month; this may be extended by two months for complex/multiple requests (you will be informed accordingly).

Article 9 – Data retention

We retain data only for as long as necessary for the purpose; indicative periods are:

  • Forms (prospects/customers): for the handling period + 36 months after the last active contact;
  • Quotations/contracts/invoices: 10 years (legal obligations);
  • Newsletter: until consent is withdrawn (unsubscribe);
  • Technical/security logs: 6 to 12 months;
  • Matomo (aggregated/anonymised): kept for the analytics period configured internally (full IPs are never stored);
  • Cookie preferences (Borlabs): 2 months;
  • hCaptcha: short-lived security cookies/tokens (~30 minutes, up to 1 day depending on context);
  • Google Ads (if consent): as per Google’s policies (e.g., _gcl_au ~ 90 days).

Article 10 – Post-mortem directives (France-specific)

In accordance with French law, you may define directives concerning the storage, deletion and disclosure of your Personal Data after death by contacting: contact@eureka-fripe.com.

Article 11 – User obligations

You confirm that the Personal Data you provide are accurate, up to date and adequate, and undertake not to transmit data relating to third parties without authorisation.

Article 12 – Cookies and similar technologies

The Website uses cookies. Full details (types, purposes, durations, providers) are available in the Cookie Policy. In short:

  • Necessary: language preference (Polylang), consent preferences (Borlabs Cookie), form security (hCaptcha);
  • Statistics (Analytics): Matomo on-premise (hosted in France), configured to be strictly anonymised (truncated IP, no advertising IDs, no retargeting), which allows consent exemption in FR/EEA when technical conditions are met;
  • Marketing (optional): Google Ads (conversion measurement/advertising) only after your consent.

Consent & Google Consent Mode v2: the Borlabs Cookie banner records your choices. By default, Google signals are set to denied (ad_storage, ad_user_data, ad_personalization) and switch to granted only after you accept the “Marketing” category. Before consent, no advertising cookies and no Google Ads signals are sent. You can change or withdraw your choices at any time via the “Manage cookies” icon (always visible).

Article 13 – Security

We implement appropriate technical and organisational measures (encryption in transit, access controls, backups, monitoring). We specifically use hCaptcha to prevent automated form submissions; this Processing is strictly necessary for the service and has no advertising purpose.

While every effort is made to protect Personal Data, transmission over the Internet cannot be guaranteed to be 100% secure. In the event of a personal data breach likely to result in a high risk to Users’ rights and freedoms, Users will be informed without undue delay, in accordance with applicable law. This notice does not constitute an admission of fault or liability.

Article 14 – Third-party links

The Website may contain links to third-party websites. Such sites operate under their own privacy policies; the Company assumes no responsibility for their content or practices. Users should read the privacy policy of any third-party site they visit.

Article 15 – Business transfer

In the event of a corporate transaction (e.g., merger, acquisition, asset transfer), Personal Data may be transferred as part of the transaction, subject to applicable data protection laws.

Article 16 – Updates to this Policy

This Policy may be updated to reflect legal, regulatory or technical developments. Any substantial change will be indicated on the Website (e.g., update date shown at the top of this page). Users are encouraged to review this page regularly.

Article 17 – Contact

For any questions or requests regarding this Policy, please contact: contact@eureka-fripe.com.

Article 18 – Governing law and jurisdiction

This Policy is governed by French law. Failing an amicable settlement, the courts within the jurisdiction of the Rouen Court of Appeal shall have exclusive jurisdiction, without prejudice to mandatory consumer protection rules where applicable.