Privacy Policy


Privacy Policy – Black Roses P.O.N

Last updated: April 1, 2026

This Privacy Policy describes how Black Roses P.O.N collects, uses, stores, and shares your personal data when you visit the site, use its services, make a purchase, or contact us.

The site is operated by Black Roses P.O.N and powered by Shopify, which provides the technical infrastructure for the online store. Shopify provides compliance tools, but each merchant remains responsible for their own data protection obligations.

By using this site, you acknowledge that you have read this Privacy Policy.

1. Data Controller

The data controller for personal data collected on the site is:

Black Roses P.O.N
35 avenue de Ménival, 69005 Lyon, France
Email: blackrosespon@gmail.com

2. Personal data collected

We may collect the following categories of personal data:

  • Identification data: name, first name, email address, phone number;
  • Postal data: billing address and delivery address;
  • Order and transaction data: products ordered, shopping cart, purchase history, amount paid, payment method, order status;
  • Account data: login credentials, password, preferences;
  • Communication data: messages sent to customer service, information requests, complaints;
  • Technical and browsing data: IP address, browser type, device used, pages viewed, interactions with the site;
  • Data from cookies and trackers, when their use is enabled.

Banking data is processed via the secure payment providers used by Shopify. It is not necessarily stored directly by Black Roses P.O.N depending on the payment method used.

3. How your data is collected

Your personal data may be collected:

  • directly from you, when you place an order, create an account, fill out a form or contact us;
  • automatically, when you browse the site, particularly via cookies or similar technologies;
  • via Shopify and its providers, when necessary for the operation of the store, payment processing, security, or traffic analysis. Shopify also processes certain data as part of its own services and policies.

4. Purposes of processing

Your personal data is collected and processed for the following purposes:

  • manage orders, payments, shipments, any returns, and after-sales service;
  • create and administer your customer account;
  • respond to your requests and ensure customer service;
  • improve the site's operation and personalize your shopping experience;
  • ensure site security and prevent fraud;
  • comply with our legal, accounting, and tax obligations;
  • send you commercial communications, if you have consented or if the law permits.

GDPR information obligations include, in particular, the purpose of the processing and the legal basis chosen.

5. Legal bases for processing

Depending on the case, your personal data is processed on the following legal bases:

  • the performance of a contract, particularly to process your order;
  • compliance with a legal obligation, for example in terms of invoicing or accounting record keeping;
  • our legitimate interest, particularly to secure the site, prevent fraud, or improve our services;
  • your consent, when this is required, particularly for certain cookies or the sending of certain marketing communications.

6. Recipients of the data

Your personal data may be communicated, to the necessary extent, to the following recipients:

  • Shopify, as the e-commerce platform provider;
  • secure payment providers;
  • carriers and logistics providers;
  • technical service providers involved in hosting, maintenance, traffic analysis, or customer service;
  • administrative or judicial authorities when required by law.

We do not sell your personal data.

7. Cookies and trackers

The site may use cookies and other trackers in order to:

  • enable its proper functioning;
  • measure audience and improve performance;
  • memorize certain preferences;
  • propose, where applicable, personalized content or advertisements.

In accordance with applicable rules, some cookies require your consent before being placed or read on your device. The CNIL reminds that not all trackers are subject to the same regime and that some do require prior consent.

You can manage your preferences via the cookie banner displayed on the site, as well as, where applicable, via your browser settings.

8. Retention period

Your personal data is retained for a period not exceeding that necessary for the purposes for which it is collected, subject to legal retention obligations.

By way of indication, certain data may be retained:

  • for the duration necessary for processing your order and for the commercial relationship;
  • for the legal periods applicable in accounting, tax, or evidentiary matters;
  • until your consent is withdrawn when processing is based on it.

The CNIL reminds that the retention period must be defined according to the purpose of the processing.

9. Data security

Black Roses P.O.N implements appropriate technical and organizational measures to protect your personal data against loss, alteration, unauthorized access, or disclosure.

However, as no system is entirely invulnerable, absolute security cannot be guaranteed.

10. Your rights

In accordance with the GDPR and applicable regulations, you have, as the case may be, the following rights:

  • right to access your data;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to object;
  • right to data portability;
  • right to withdraw your consent at any time when processing is based on it;
  • right to lodge a complaint with the CNIL.

The CNIL reminds that data subjects must be informed of their rights in a clear and accessible manner.

To exercise your rights, you can write to us at: blackrosespon@gmail.com

We may ask you for proof of identity when necessary to secure the processing of your request.

11. Transfers outside the European Union

As part of the use of Shopify or certain technical providers, some personal data may be transferred outside the European Union.

When such transfers occur, they are governed by the appropriate legal mechanisms provided for by applicable regulations, particularly standard contractual clauses when necessary. Shopify indicates that some data may be processed in different countries as part of its services.

12. Links to third-party sites

The site may contain links to third-party sites or services. Black Roses P.O.N is not responsible for the privacy practices of these third-party sites. We invite you to consult their own privacy policies before transmitting personal data to them.

13. Changes to the Privacy Policy

Black Roses P.O.N reserves the right to modify this Privacy Policy at any time, particularly in the event of legal, regulatory, technical, or commercial changes.

The applicable version is that published on the site on the date of your consultation.

14. Contact

For any questions regarding this Privacy Policy or to exercise your rights, you can contact us at the following address:

Black Roses P.O.N
35 avenue de Ménival, 69005 Lyon, France
Email: blackrosespon@gmail.com