Privacy Policy

Last updated: 24 November 2025

1. Introduction

At ÉCLAT NOIR, we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller:

ÉCLAT NOIR

123 Artisan Street

London, UK

Email: privacy@juliamendes.com

Data Protection Contact: dpo@juliamendes.com

2. What Data We Collect

We collect and process the following categories of personal data:

Account Information

Full name
Email address
Password (hashed and encrypted)
Phone number
Account preferences

Order and Payment Information

Billing and shipping addresses
Order history and preferences
Payment information (processed securely by Stripe - we do not store full card details)
Transaction records

Newsletter and Marketing Data

Email address
Consent timestamp
IP address (hashed for audit purposes)
Marketing preferences

Technical and Usage Data

IP address (anonymized for analytics)
Browser type and version
Device information
Pages visited and interaction data
Cookie consent preferences
Shopping cart contents

3. How We Collect Data

We collect your personal data through:

Account registration: When you create an account on our website
Checkout process: When you place an order or make a purchase
Newsletter signup: When you subscribe via our newsletter popup or footer
Cookie consent banner: When you manage your cookie preferences
Website usage: Automatically through cookies and similar technologies
Customer support: When you contact us with inquiries

4. Why We Use Your Data (Lawful Basis)

Under UK GDPR Article 6, we process your personal data only when we have a lawful basis. Here's how we use your data and why:

Processing Activity	Purpose	Lawful Basis
Order processing	To fulfill your orders and process payments	Contract (Article 6.1.b)
Account management	To provide and maintain your account	Contract (Article 6.1.b)
Newsletter and marketing	To send promotional emails and updates	Consent (Article 6.1.a)
Analytics cookies	To understand website usage and improve services	Consent (Article 6.1.a)
Marketing cookies	To deliver personalized advertising	Consent (Article 6.1.a)
Essential cookies	To enable core website functionality	Legitimate interest (Article 6.1.f)
Tax and legal compliance	To comply with UK tax and legal obligations	Legal obligation (Article 6.1.c)

5. Cookie Usage

We use cookies and similar technologies to improve your browsing experience. Cookies are categorized as:

Essential Cookies: Required for the website to function (shopping cart, authentication, security)
Functional Cookies: Remember your preferences and enhance features
Analytics Cookies: Help us understand how visitors use our website
Marketing Cookies: Used to deliver relevant advertisements

You can manage your cookie preferences at any time through our Cookie Policy page or via the cookie preference center in our website footer.

6. Third-Party Processors

We share your data with trusted third-party service providers who help us operate our business. All processors are bound by data processing agreements (DPAs) and comply with UK GDPR requirements.

Service Provider	Purpose	Location	Safeguards
Stripe	Payment processing	US (with EU operations)	Adequacy decision + DPA
Supabase	Database and authentication	EU/UK regions	EU/UK data residency
Cloudinary	Image hosting and delivery	Global CDN	DPA + Standard Contractual Clauses
Google Analytics	Website analytics	US	DPA + IP anonymization
Microsoft Clarity	User behavior analytics	US	DPA + Privacy controls
Vercel	Website hosting	Global (EU edge nodes)	DPA + Standard Contractual Clauses

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law:

Data Type	Retention Period	Reason
User accounts	Until deletion requested	Contract performance
Orders and transaction records	7 years	UK tax law (HMRC requirements)
Newsletter subscribers	2 years of inactivity	Consent expiry
Abandoned shopping carts	90 days	Business need
Cookie consent records	1 year	PECR compliance
Audit logs	7 years	Legal obligation and security

8. Your Data Rights

Under UK GDPR, you have the following rights:

Right to Access (Article 15)

You can request a copy of the personal data we hold about you. To request your data, log in to your account and visit the "Download My Data" section, or email us at privacy@juliamendes.com.

Right to Rectification (Article 16)

You can update incorrect or incomplete personal data through your account settings or by contacting us.

Right to Erasure (Article 17)

You can request deletion of your personal data. Visit your account settings and select "Delete My Account" or email us. Note: We may retain certain data for legal obligations (e.g., 7-year tax records).

Right to Data Portability (Article 20)

You can receive your personal data in a structured, machine-readable format (JSON). Use the "Download My Data" feature in your account.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing. Unsubscribe from marketing emails using the link provided in each email or update your preferences in your account.

Right to Restrict Processing (Article 18)

You can request that we limit how we use your data in certain circumstances. Contact us at privacy@juliamendes.com.

Right to Withdraw Consent (Article 7.3)

You can withdraw consent for cookies and marketing at any time. Manage cookie preferences via the footer link or browser settings.

Response Time: We will respond to all data subject requests within 30 days of receipt.

9. International Data Transfers

Some of our service providers operate in countries outside the UK and EU. We ensure appropriate safeguards are in place:

Adequacy Decisions: For transfers to countries recognized by the UK government as providing adequate data protection (e.g., EU member states)
Standard Contractual Clauses (SCCs): For transfers to other countries, we use EU Commission-approved SCCs to ensure your data remains protected
Data Processing Agreements: All third-party processors sign DPAs committing to UK GDPR standards

10. Data Security

We implement industry-standard security measures to protect your personal data:

Encryption: HTTPS/TLS encryption for data in transit; AES-256 encryption for data at rest
Access Controls: Role-based access control (RBAC) and row-level security (RLS) in our database
Authentication: Secure password hashing (bcrypt) and multi-factor authentication options
Regular Audits: Security audits, vulnerability scanning, and penetration testing
Breach Notification: In the event of a data breach affecting your rights, we will notify you and the ICO within 72 hours as required by law

11. Children's Privacy

Our services are not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you are under 13, please do not provide any personal information. If we become aware that we have collected personal data from a child under 13, we will take steps to delete it promptly.

For users aged 13-18, we recommend obtaining parental consent before providing personal information.

12. Changes to Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How we notify you:

Material changes: We will notify you via email and/or a prominent notice on our website
Minor changes: We will update the "Last updated" date at the top of this page
Version history: Previous versions are available upon request

We encourage you to review this privacy policy periodically to stay informed about how we protect your data.

13. Right to Complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

UK Information Commissioner's Office (ICO)

Website: https://ico.org.uk/make-a-complaint/

Phone: 0303 123 1113

Address:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

However, we would appreciate the opportunity to address your concerns before you contact the ICO. Please contact us first at privacy@juliamendes.com.

14. Contact Us

If you have any questions about this privacy policy or how we handle your personal data, please contact us:

Data Protection Contact:
Email: dpo@juliamendes.com

General Privacy Inquiries:
Email: privacy@juliamendes.com

Postal Address:
ÉCLAT NOIR
123 Artisan Street
London, UK

Response Time: We aim to respond to all inquiries within 30 days.

Legal Disclaimer: This privacy policy was last updated on 24 November 2025. We may update this policy from time to time. We will notify you of significant changes by email or prominent notice on our website. This policy should be reviewed by a legal professional specializing in UK data protection law before relying on it for compliance purposes.

Back to Home