Privacy Policy

Privacy Notice

Effective date: [Effective Date]

1. Scope

This notice explains how [francetoolsupply] collects, uses, discloses, and protects personal information from customers and visitors to our international online store (the “Site”). It applies to personal data collected online and when you interact with our customer service, mobile applications, payment processors, and other services related to purchases and order fulfillment.

2. Information We Collect

We collect the following categories of information to provide, improve, and secure our services:

  • Contact information: name, email address, phone number, billing and shipping addresses.
  • Account details: username, hashed password, account preferences, order history.
  • Payment information: credit/debit card details, payment tokens, billing address, transaction records. We do not store full card numbers on our servers except as permitted through secure, PCI-compliant tokenization services (see Security below).
  • Identifiers & transactional data: order IDs, invoices, returns, refunds, delivery tracking numbers.
  • Device & usage information: IP address, device type, browser, operating system, pages visited, referral source, cookies and similar technologies, crash and performance data.
  • Marketing & communications preferences: opt-in/opt-out choices, marketing interaction history.
  • Customer support records: chat logs, emails, call recordings (with notice where required by law).
  • Optional data: demographic information, product reviews, photos you provide, survey responses.

3. Legal Bases for Processing (Where Applicable)

Depending on your location and applicable law, we process personal data based on one or more of the following legal bases:

  • Performance of a contract (processing necessary to provide goods and services you requested).
  • Legal obligations (e.g., tax, accounting, customs, fraud prevention).
  • Legitimate interests (e.g., improving services, protecting the security of our Site, preventing fraud), balanced against your rights and freedoms.
  • Consent (for marketing communications, analytics cookies, or other optional processing where we request and you provide explicit consent).

4. How We Use Personal Information

We use personal information for the following purposes:

  • Order processing & fulfillment: to confirm orders, bill, ship, handle returns, provide receipts and customer service.
  • Payments & refunds: to authorize and process payments, issue refunds, and detect and prevent fraud.
  • Account management: to create and maintain user accounts, support login and authentication, and show order history.
  • Customer service: to respond to inquiries, process complaints, and manage warranty or return requests.
  • Marketing & personalization: to send promotional offers (where you consent or where permitted by law), tailor content, and measure campaign effectiveness.
  • Security & fraud prevention: to detect and prevent malicious, unauthorized, or illegal activity.
  • Analytics & product improvement: to analyze usage, improve the Site, and develop new features and products.
  • Legal compliance: to comply with laws, subpoenas, and regulatory requests and to exercise or defend legal claims.

5. Payment Card Data & Security

We take strict measures to protect payment card information:

  • PCI Compliance: All card payments are processed through PCI-DSS compliant third-party payment processors (for example, payment gateways, merchant acquirers). We do not directly store, process, or transmit full card numbers on our servers except where a certified processor provides tokenization.
  • Tokenization: When supported, card data is exchanged for a secure token by the payment processor. We store tokens instead of raw card numbers to enable recurring purchases and refunds without retaining sensitive data.
  • Encryption: All sensitive payment data in transit is encrypted using TLS/HTTPS. Where cardholder data must be stored by us (e.g., limited, temporary storage for order processing in certain jurisdictions), it is encrypted at rest using strong industry-standard encryption (for example AES-256) and access is strictly limited.
  • Access controls: Access to payment data is restricted to authorized personnel and systems on a need-to-know basis. Administrative access requires multi-factor authentication and role-based permissions.
  • Monitoring & testing: We regularly perform security assessments, vulnerability scans, and penetration tests and require similar security standards from our service providers.
  • Do not send sensitive data via insecure channels: Please avoid emailing full payment card numbers or PINs to us. If we ever need card details for a legitimate reason we will request them through a secure channel.

6. How We Protect Contact Information and Other Personal Data

We implement administrative, technical, and physical safeguards to protect personal information:

  • Secure transmission: TLS/HTTPS for all connections to the Site.
  • Data minimization & retention limits: We collect only the information necessary for the purpose stated and retain it only as long as required for business, legal, or tax purposes. Retention periods vary by data type and jurisdiction (typical retention: transaction records and financial statements 6–10 years; account data retained until account deletion plus a limited period for dispute resolution).
  • Access controls: Least-privilege access, unique credentials for staff, role-based permissions, and multi-factor authentication for privileged accounts.
  • Encryption at rest: Sensitive personal data stored in databases is encrypted when required by law or business need.
  • Vendor security: Third-party service providers are selected for strong security practices and contractual protections (including confidentiality, data processing agreements, and security standards).
  • Operational safeguards: Regular security training, background checks for relevant employees, logging and monitoring of systems, and incident response planning.
  • Physical security: Data centers and offices used by our operations use physical access controls, CCTV, and environmental protections.

7. Cookies, Tracking, and Similar Technologies

We and our partners use cookies, web beacons, local storage, and similar technologies to provide and personalize the shopping experience, enable site functionality, analyze usage, and serve relevant advertising. You can manage cookie preferences through our cookie banner or via your browser settings. Blocking certain cookies may impact Site functionality (e.g., keeping you logged in, remembering preferences, or processing a checkout).

8. Sharing and Disclosure

We may share personal information with the following categories of recipients for the purposes described above:

  • Service providers: payment processors, shipping carriers, fulfillment partners, email and messaging providers, analytics and advertising partners, customer support platforms, hosting and infrastructure providers.
  • Professional advisors: auditors, lawyers, accountants.
  • Affiliates and business partners: where necessary to complete a transaction or provide a service you requested.
  • Legal & public authorities: to comply with legal obligations, respond to lawful requests, protect rights and safety, or when required by court order or regulation.
  • Business transfers: in connection with a merger, acquisition, sale of assets, financing, or in the event of bankruptcy; in such case, we will require the transferee to honor the commitments in this notice.

We require appropriate contractual safeguards and take steps to ensure third parties use and protect data consistent with this notice.

9. International Data Transfers

Because we operate internationally, personal data may be transferred to, processed, and stored in countries other than your country of residence. When transfers occur, we protect data using one or more of the following mechanisms:

  • Data transfer agreements incorporating Standard Contractual Clauses or other lawful transfer mechanisms.
  • Transfers to countries with an adequacy decision or appropriate safeguards under applicable law.
  • Technical and contractual measures to require processors to protect personal information to a comparable standard.

10. Your Rights and Choices

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information. To exercise these rights, contact us using the contact details below.

  • Access: Request a copy of personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of data where we are not required to retain it for legal or business reasons.
  • Portability: Request a machine-readable copy of personal data you provided.
  • Restriction: Request restriction of processing in certain circumstances.
  • Objection: Object to processing based on our legitimate interests or to direct marketing.
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting processing prior to withdrawal.

For residents of certain regions (for example, the European Economic Area or California), additional statutory rights may apply. We will respond to requests in accordance with applicable law and may need to verify your identity before fulfilling a request.

11. Data Retention

We retain personal information as long as necessary to provide our services, to comply with legal obligations, to resolve disputes, and to enforce agreements. Retention periods vary by data category and local legal requirements; we periodically review our retention schedules to minimize stored data.

12. Children

The Site is not intended for children under the age of 16 (or a higher age where required by local law). We do not knowingly collect personal information from children under that age. If you believe we have collected personal data of a child in violation of this notice, please contact us and we will take steps to delete it.

13. Security Incidents & Breach Notification

We maintain an incident response program and will notify affected individuals and regulators as required by applicable law in the event of a data breach that creates a risk to user rights and freedoms. Notifications will describe the nature of the incident, the categories of data involved, and the steps taken in response.

14. Third-Party Links & Services

Our Site may include links to third-party websites, plug-ins, or services. This notice does not apply to third-party practices. We encourage you to review the privacy notices of any third-party sites you visit.

15. Changes to This Notice

We may update this notice to reflect changes in our practices, legal requirements, or product features. When we make material changes, we will post a prominent notice on the Site and update the Effective Date above.

If you are a resident of the European Economic Area or another jurisdiction with a supervisory authority, you may also lodge a complaint with your local data protection authority.