Privacy Policy

PRIVACY POLICY

Last updated: October 31, 2025

1. Introduction

This privacy policy describes how we, Darkhat Miniatures, collect, use, store, and protect the personal data you provide to us through our website / online store and as part of our business relationship.

Data Controller

Company name: Christophe Garreau (Darkhat Miniatures)
Address: Rue Lemerchier - 80000 Amiens, France
Email: contact+rgpd1@darkhatminiatures.com
Company ID (SIREN): 513 868 885

2. Data We Collect

2.1 Data Collected Automatically

When you visit our website, we may automatically collect certain technical information:

  • Device data: type of device, operating system, browser type, IP address, time zone, installed cookies.
  • Browsing data: pages or products viewed, referring site or search engine, links clicked, date and time of access.

This information helps us analyze and improve the user experience, detect fraud, and optimize our services.

2.2 Data You Provide Directly

When you make a purchase or subscribe to our newsletter, you may provide us with the following information:

  • Full name
  • Postal address (shipping and billing)
  • Email address
  • Phone number (optional)
  • Payment details (processed exclusively by our secure payment provider). Note: Your banking information is never accessible to Darkhat Miniatures. Payments are securely processed by our partner PayPal (Europe) S.à r.l. et Cie, S.C.A., or any other provider indicated at the time of payment (e.g. Stripe, PrestaShop Checkout). We only receive confirmation of the transaction (amount, reference, payment status) in order to validate and ship your order.

  • Purchase history
  • Marketing preferences (opt-in / opt-out)

2.3 Data from Third Parties / Partners

Where applicable, we may receive certain data from external service providers (for example, for audience analysis or targeted advertising).

We will inform you of such specific cases when they occur.

3. Purpose of Processing & Legal Basis

We use your data for the following purposes:

  • Order processing and management (contract performance): preparation, delivery, invoicing.
  • Customer relationship management: communication with you, handling returns, complaints, and after-sales service.
  • Security: detection and prevention of fraud (legitimate interest).
  • Direct marketing (e.g., newsletter, promotional offers): based on your consent.
  • Website analysis and optimization: improving usability and tracking navigation (legitimate interest, unless you explicitly object).

4. Sharing Your Data

Your data may be shared with:

  • Payment service providers: to process your payments.
  • Delivery and logistics providers: to ship your orders.
  • Analytics and advertising tools / platforms: such as Google Analytics, social media platforms, etc.
  • Competent authorities: when required by law (e.g., legal requests, court orders).
  • We ensure that these service providers maintain an appropriate level of data protection (confidentiality clauses, technical and organizational safeguards, etc.).

If your data is transferred outside the European Economic Area (EEA), we secure such transfers through standard contractual clauses or to countries recognized as providing an adequate level of protection.

5. Data Retention Period

We retain your personal data for as long as necessary to fulfill the purposes outlined above:

  • Order data: retained for as long as legally required (e.g., invoicing for 10 years in France) or until you request its deletion.
  • Marketing data (newsletter): retained until you unsubscribe or withdraw your consent.
  • Technical / browsing data: generally retained for a defined period (e.g., 13 months), unless you object.

6. Your Rights

In accordance with the GDPR, you have the following rights:

  • Right of access: to obtain a copy of the data we hold about you.

  • Right to rectification: to correct inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”): to request the deletion of your data under certain conditions.

  • Right to restriction of processing.

  • Right to object: to processing based on our legitimate interests or for direct marketing purposes.

  • Right to data portability: to receive your data in a structured, commonly used format and transfer it to another controller.

  • Right to withdraw consent: where processing is based on consent. Withdrawal does not affect the lawfulness of prior processing.

  • Right to lodge a complaint with a supervisory authority (in France: Commission nationale de l’informatique et des libertés – CNIL).

To exercise your rights, please contact us at contact+rgpd1@darkhatminiatures.com or by mail at the address provided above. We will respond within the legal time limits.

7. Cookies and Trackers

We use cookies and other tracking technologies:

  • Strictly necessary cookies: required for the proper functioning of the website.
  • Analytics cookies: to understand how you use our site (e.g., Google Analytics).
  • Advertising / targeting cookies: to offer you personalized promotions and content.

You can manage your cookie preferences or refuse tracking at any time via our cookie management module (Button at the bottom right of the website) or your browser settings. Please note that refusing certain cookies or trackers may limit some features of the website.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption of communications (HTTPS), restricted access, regular backups, and internal awareness procedures.

However, no system is completely foolproof. In the event of a personal data breach, we comply with the legal notification obligations (to the supervisory authority and/or the individuals concerned).

9. Minors

Our website is not intended for individuals under the age of 16 (or another age as applicable). If you are under 16, please do not provide any personal data without the consent of your legal guardian.

If we become aware that data from a minor has been collected without consent, we will delete it as soon as possible.

10. Changes to This Policy

We may modify this privacy policy at any time (for example, due to changes in regulations, our services, or our processing activities). The updated version will be published on our website, with the revision date indicated. We recommend that you review it regularly.

11. Contact

For any questions regarding this policy or your personal data, you can contact us at the following email address: contact+rgpd1@darkhatminiatures.com.
You may also contact us to exercise your rights or to obtain additional information.