Update Date: March 2, 2026
STRL 54, SASU with capital of 100€, RCS Nancy 949525760, SIRET 94952576000027, VAT FR20949525760, registered office 15 Rue de Haigneville, 54290 Bayon (hereinafter "us", "our store").
DPO Contact: Franck Bersauter, contact@arti-st.com | +33 3 55 06 40 06.
We collect and process your personal data to manage our e-commerce site www.stereos.store, in compliance with GDPR (EU 2016/679) and the French Data Protection Act.
1. Collected Data
- Identity: Name, first name, address, email, phone (orders/deliveries).
- Payment: Bank details (via Stripe, not stored).
- Navigation: IP, cookies, site journey (UX improvement).
- Accounts: Hashed password (registered customers).
- Communications: SAV messages/newsletters (opt-in).
Sources: direct input, cookies, partners (Stripe).
2. Legal Bases and Purposes
| Purpose | Legal Basis | Data | Retention |
|---|---|---|---|
| Order/delivery execution | Contract (art. 6.1.b) | Identity, payment, address | 5 years invoices |
| Secure payment | Contract (art. 6.1.b) | Bank details (Stripe) | Transaction time |
| Statistics (Google Analytics) | Legitimate interest (art. 6.1.f) | Anonymized IP, visits | 14 months |
| Retargeting ads (Facebook Pixel) | Consent (art. 6.1.a) | Visitor ID, actions | 90 days |
| Newsletters/SAV | Consent (art. 6.1.a) | Until unsubscribe | |
| Security/fraud | Legitimate interest (art. 6.1.f) | IP logs | 1 year |
3. Recipients and Transfers
- Internal: Team.
- Subcontractors: Stripe (USA, EU standard contractual clauses - SCC), LWS host (France), Colissimo/La Poste (EU).
- Transfers outside EU: Google LLC (USA), Meta (Facebook Pixel, USA), Stripe (USA) – protected by SCC/Privacy Shield (EU decision), or explicit consent.
- Sharing: No data sales.
4. Cookies and Consent
Use of essential cookies (navigation), functional (cart), analytical/advertising (Google Analytics, Facebook Pixel). Native PrestaShop module handles consent banner (opt-out possible).
Durations: max 13 months.
5. Your GDPR Rights
- Access, rectification, erasure, objection, restriction, portability (art. 15-22).
- Withdraw consent (newsletters).
- Complaint to CNIL: www.cnil.fr.
Exercise: contact@arti-st.com (ID proof). Response 1 month (extendable).
DPO: Franck Bersauter (internal), same contact.
6. Security
Data encrypted SSL/TLS, secure LWS hosting, encrypted backups, regular audits. Breach notification <72h (art. 33).
7. Minors
Site not intended for under 18s; parental verification if reported.
Contact: For questions, contact@arti-st.com.