The LUPICIA company, as data controller, undertakes to comply with the provisions of law n ° 78-17 of 6 January 1978 as amended relating to information technology, files and freedoms as well as regulation (EU) no. ° 2016/679 of April 27, 2016 in force as of May 25, 2018.


During your visits to our site, when you subscribe to our newsletter, when you order product (s) or when you interact with us on our social networks, by email or by telephone, we collect data about you.
These data allow LUPICIA to know its customers and thus, best meet their needs and continuously improve our services.
We only collect your data on behalf of LUPICIA, and we undertake not to disclose this information to third party service providers and subcontractors only if this is strictly necessary. These third parties undertake to respect the same level of confidentiality and security as ours.
We will never resell, transfer or assign this data to third parties for commercial purposes without your prior written consent.


Personal data includes any information making it possible to directly or indirectly identify a natural person, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more several specific elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity.

When you create an account with LUPICIA or when you place an order, personal information is requested from you.

The mandatory information is the information we need to communicate with you and deliver your products to you in the best possible conditions. This is information necessary for the execution of the contract or the execution of pre-contractual measures.

2.1 - Types of data collected:

Mandatory customer identification data (name, first name, address, email, phone ...)
Electronic identification data (IP address, cookies, etc.).
Data relating to orders (delivery method, delivery and billing address, persons to whom purchases should be shipped, order history, purchase orders, invoices, etc.)
Data relating to after-sales service (complaints, exchanges by email or telephone, etc.).
Data relating to our emailing campaigns (email address, opening, clicks to our site ...).
Data relating to traffic on our site (pages viewed, time spent on the page, items viewed, put in the basket or purchased, exit page, etc.)
Personal data relating to payment by credit card is not recorded by LUPICIA.

LUPICIA uses a secure payment method SSL (Secure Socket Layer).

Bank details are encrypted (rendered illegible) at the time of transmission over the network. The encryption is made visible by the appearance of a padlock symbol in the browser.
The transaction is carried out through a payment service provider. Only the latter records the banking information provided in its secure server.

No intermediary collects this data.

2.2 - Usefulness of these data and legal basis:

Purpose of processing
Legal basis (s) for processing
Management of the customer account, the basket before purchase and the orders placed
This processing is necessary for the execution of the contract or the execution of pre-contractual measures
Delivery management and order tracking
This processing is necessary for the performance of the contract
Collection and management of customer opinions on our products and services
This processing is based on your willingness to share an opinion, and is necessary for the purposes of the legitimate interests we pursue (improving the quality of our products and services)

Display of targeted advertising on social networks

This processing is necessary for the purposes of the legitimate interests that we pursue (to offer you relevant content)

Sharing of site content to social networks

This processing is based on your consent and / or is necessary for the purposes of the legitimate interests that we pursue (to offer you relevant content)

Measurement of site traffic, performance of on-site and off-site marketing actions

This processing is necessary for the purposes of the legitimate interests that we pursue (to measure and improve our marketing actions and to optimize the presentation and structure of our website)

Implementation of targeted contests

This processing is based on your consent is necessary for the purposes of the legitimate interests that we pursue (to offer you relevant content)

2.3 - Cookies, what are they exactly?

A cookie is a digest of information transmitted to an Internet server by the computer of an Internet user. The aim is to make it easier for the user to navigate or to compile statistics. Cookies allow the server of the visited site or a third party server (advertising agency, web analytics service) to recognize the visitor's machine (by its IP address) and not the user. Thus, thanks to cookies, it is possible to automatically access a personalized page without identifying yourself.

Cookies therefore allow LUPICIA:

- measure the audience and the performance of specific content on our site,
- to adapt our site according to the technology used (support, browser), and the affinities of our users,
- memorize information previously filled in (form, connection, basket, etc.) and facilitate user navigation,
- allow sharing on social networks.

2.4 - How to avoid disclosing information relating to cookies and tracers?

In accordance with the GDPR, the data collected through the use of cookies by LUPICIA is subject to prior consent.

For each internet browser, it is possible to configure whether or not to accept cookies on all the sites consulted or by a determined sort. To find out more, go to the Help menu of your privileged browser.

Here is the list of help pages for the main browsers used by our customers:

- For Chrome: https://support.google.com/chrome/answer/95647?hl=fr&hlrm=en

- For Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies

- For Safari: https://support.apple.com/kb/PH21411?viewlocale=en_US&locale=en_US

- For Firefox: https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences?redirectlocale=fr&redirectslug=Activer+et+d%C3%A9sactiver+les+cookies


Most of the data collected is processed internally by the various LUPICIA departments.

They are also communicated to the subcontractors with whom we collaborate in order to allow the execution of the contract (payment services and delivery services) or to improve the quality of our products, services, our marketing actions and the presentation of our website ( marketing assistance).

We only communicate to them the personal data essential for the performance of their service, being reminded that our subcontractors are subject to the same obligations as LUPICIA concerning the protection of personal data.

Your personal data is also transmitted when we have a legal obligation to do so or if we believe, in good faith, that it is necessary for:

Respond to any complaint against LUPICIA;
Comply with any legal request
Enforce any contract concluded with our members;
In an emergency involving public health or the physical integrity of a person;
In the context of inquiries and investigations;
In order to guarantee the rights, property and safety of LUPICIA, its members and more generally any third party.
Finally, if LUPICIA were bought by a third party, the data in our possession will be transferred to the new owner.


Pursuant to Regulation 2016/679 of April 27, 2016, any natural person can exercise their rights relating to data protection on simple request, namely:

right of access to all the data collected,
right of rectification and portability of this data,
right of opposition and erasure of such data (also called "right to be forgotten").
These rights must be exercised directly with LUPICIA:

or by email to the address: RGPD@lupicia.fr
either by post to the address:
Protection of personal data
5bis, rue Georges MELIES
78390 Bois d’Arcy

We undertake to respond to any request within 30 days of receipt of the email or post. If the response given does not seem satisfactory, the holder of the data collected has the right to contact the CNIL.


The personal data collected by LUPICIA cannot be kept beyond the period strictly necessary for the purposes for which they are processed, and in compliance with the legal and regulatory provisions in force.

With the exception of certain categories of personal data, the retention period of which may vary depending on the legal or regulatory provisions in force, we process the data that we collect for a period of 3 years from the end of the business relationship. Thus, when there is no further interaction with LUPICIA for 3 years, this data is no longer used in accordance with the simplified standard NS-048.

Data relating to the management of orders, deliveries, invoicing and customer accounts must be kept for a period of 10 years in accordance with Article L. 123-22 paragraph 2 of the Commercial Code and the simplified NS standard. -048.

Regarding the data relating to payment by bank card recorded by our service provider, they may be kept in intermediate archives, for the purpose of proof in the event of any dispute of the transaction, for a period of 13 months in accordance with the Article L. 133-24 of the Monetary and Financial Code. This period can be extended to 15 months in order to take into account the possibility of using deferred debit payment cards in accordance with the simplified standard NS-048.

Finally, the information stored in your terminal (example: cookies) or any other element used to identify users and allowing their traceability will not be kept beyond a period of 13 months.


The personal data collected by LUPCIA are secure and will never be transmitted to partners who do not guarantee the same level of security as that which we require.

The main measures taken for the security of your data are:

The use of encrypted passwords (to which we do not have access)
Strict limitation of access to personal data to only people using it in the context of their missions, using a strictly personal username and password.
The use of secure internal and external servers for data backup.
The use of secure payment systems by our partners: Paypal (for more information: https://www.paypal.com/fr/webapps/mpp/paypal-safety-and-security) and CIC: https: // www.cic.fr/fr/banques/entreprises/internet-et-securite-bancaire/index.html?amcpage=2
NB: The CNIL recommends that users never:

Communicate your password to others.
Store your passwords in a clear file, on paper or in a place easily accessible by other people.
Save passwords in your browser without a master password.
Use passwords related to you (name, date of birth, etc.).
Use the same password for different access.
Keep default passwords.
Email yourself your own passwords. "


The person responsible for processing the personal data mentioned in this data protection policy is Michaël BOURDEL, Internet manager. Its representative is Jean PLAYE, Manager.

They can be contacted at RGPD@lupicia.fr, or by post at LUPICIA - Personal data protection - 5bis rue Georges MELIES - 78390 Bois d´Arcy.

We are committed to answering all your questions within 30 working days.

For any additional information relating to data protection law, we invite you to visit the CNIL website.


The data protection policy is subject to updates. In order to become acquainted with it, we invite you to consult this letter regularly.

Consent to the use of cookies.

For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.

When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data processing agreement

We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Server log files

Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:

  • Your consent status or the withdrawal of consent
  • Your anonymised IP address
  • Information about your Browser
  • Information about your Device
  • The date and time you have visited our website
  • The webpage url where you saved or updated your consent preferences
  • The approximate location of the user that saved their consent preference
  • A universally unique identifier (UUID) of the website visitor that clicked the cookie banner