Privacy Policy

Privacy Policy

In compliance with the General Data Protection Regulation (GDPR — EU 2016/679) and the Data Protection Act. Last updated: May 15, 2026.

1. Data Controller

EOKACOM, operating the website nordaparis.com under the NORDA brand.
Contact: contact@nordaparis.com

2. Data Collected

We collect the following categories of data:

  • Identity: first name, last name;
  • Contact details: postal address, email, phone number;
  • Order data: purchase history, amounts, products;
  • Payment data: tokenized by the payment processor, never stored in plain text by EOKACOM;
  • Technical data: IP address, browser type, pages viewed, cookies (see Cookie Policy).

3. Purposes of Processing

  • Processing and shipping orders;
  • Customer service and returns management;
  • Website security and fraud prevention;
  • Marketing communications (only with explicit opt-in consent);
  • Legal and accounting obligations.

4. Legal Basis

  • Contract performance (Article 6.1.b GDPR): for ordering, delivery, after-sales service;
  • Consent (Article 6.1.a): for the newsletter and non-essential cookies;
  • Legitimate interest (Article 6.1.f): for website security, fraud prevention, service improvement;
  • Legal obligation (Article 6.1.c): for accounting and tax record-keeping.

5. Recipients

Your data is communicated only to recipients necessary for the performance of the service:

  • Shopify International Limited (Ireland) — hosting and store management;
  • DHL Express — carrier for delivery;
  • Payment processor (Stripe or equivalent) — processing tokenized transactions;
  • Transactional email provider — sending order confirmations.

EOKACOM never sells, rents, or transfers your data to third parties for commercial purposes.

6. Transfers Outside the EU

Some subprocessors (notably Shopify) may process data outside the European Union. These transfers are governed by standard contractual clauses adopted by the European Commission and/or by adequacy decisions, in accordance with Articles 44 to 49 of the GDPR.

7. Retention Period

  • Order data: 10 years (accounting obligations);
  • Customer account data: until account deletion, then archived for 3 years;
  • Marketing data: 3 years from the last contact;
  • Cookies: maximum 13 months.

8. Your Rights

In accordance with Articles 15 to 22 of the GDPR, you have the following rights:

  • Right of access to your data;
  • Right to rectification in case of inaccuracy;
  • Right to erasure ("right to be forgotten");
  • Right to restriction of processing;
  • Right to object to processing;
  • Right to data portability;
  • Right to withdraw your consent at any time;
  • Right to define post-mortem directives regarding the fate of your data.

To exercise these rights, contact us at: contact@nordaparis.com. We will respond within one month maximum, in accordance with Article 12 of the GDPR.

9. Complaint to the CNIL

If you believe that your rights are not being respected, you may lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (French Data Protection Authority):

CNIL
3 place de Fontenoy — TSA 80715
75334 PARIS CEDEX 07
Telephone: 01 53 73 22 22
www.cnil.fr

10. Security

EOKACOM implements appropriate technical and organizational measures to ensure the security of your data: TLS encryption, secure Shopify hosting (PCI DSS Level 1 certification), restricted data access.

11. Modifications

This policy may be modified at any time. The current version is the one published on the site on the date of your consultation.