PRIVACY POLICY

Last updated: 8 March 2026

This Privacy Policy explains how LORYAA (“Loryaa”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data when you visit loryaa.com (the “Website”), place an order, contact us, or otherwise interact with us.

We are committed to processing your personal data in accordance with applicable data protection laws, including Regulation (EU) 2016/679 (GDPR) and applicable French data protection rules.

1. Data Controller

The data controller is:

LORYAA
60 rue François 1er
75008 Paris
France
SIRET: 10009868000018
Email: contactloryaa@gmail.com

If you have any questions about this Privacy Policy or about how your personal data is handled, you can contact us at contactloryaa@gmail.com

2. Personal Data We Collect

We may collect the following categories of personal data, depending on how you use the Website:

a. Data you provide directly

  • first name and last name;

  • billing address and delivery address;

  • email address;

  • phone number;

  • order details;

  • payment-related information provided during checkout;

  • messages you send us through email or contact forms;

  • any information you choose to provide when contacting us.

b. Data collected automatically

When you browse the Website, we may automatically collect:

  • IP address;

  • browser type and version;

  • device type;

  • operating system;

  • referring URL;

  • pages viewed;

  • browsing activity on the Website;

  • date and time of access;

  • cookies and similar technologies data.

c. Data related to transactions

When you make a purchase, we may collect:

  • products ordered;

  • order amount;

  • payment status;

  • transaction identifiers;

  • shipping and return information.

We do not normally store your full bank card details ourselves where payments are processed by a third-party payment provider. In that case, payment data is processed directly by the relevant payment service provider according to its own privacy and security rules.

3. Purposes of Processing

We process your personal data for the following purposes:

  • to create, manage, and fulfill your orders;

  • to process payments;

  • to arrange shipping and delivery;

  • to communicate with you about your order;

  • to respond to your inquiries and customer service requests;

  • to manage returns, refunds, and complaints;

  • to improve the Website and user experience;

  • to ensure Website security and prevent fraud;

  • to send marketing communications, where permitted by law;

  • to comply with our legal and regulatory obligations;

  • to establish, exercise, or defend legal claims.

4. Legal Bases for Processing

Under the GDPR, processing must rely on a valid legal basis. Depending on the context, we process your personal data on the basis of: performance of a contract, compliance with legal obligations, legitimate interests, or consent. The GDPR also provides that consent may be withdrawn at any time, and that individuals have the right to object at any time to processing for direct marketing purposes.

In particular, we rely on:

  • performance of a contract: when processing is necessary to process your order, deliver products, manage payments, or provide customer service;

  • legal obligations: when processing is necessary to comply with accounting, tax, consumer, or other legal obligations;

  • legitimate interests: for example to secure the Website, prevent fraud, improve our services, or manage business operations, provided your rights do not override those interests;

  • consent: where required, for example for certain cookies or for certain marketing communications.

5. Cookies and Similar Technologies

The Website may use cookies, pixels, tags, and similar technologies to ensure proper functioning, measure traffic, improve performance, and, where applicable, personalize content or advertising.

Some cookies may be strictly necessary for the operation of the Website and do not require consent under applicable rules. Other cookies, especially advertising or certain analytics cookies, may require your prior consent. CNIL states that analytics cookies can be exempt from consent only under specific conditions, including limited purposes, user information, and an ability to object.

Where required by law, we will request your consent before placing non-essential cookies on your device.

You can also manage cookies through your browser settings and, where available, through the cookie banner or preference center on the Website.

6. Recipients of Personal Data

We may share your personal data only with persons or entities that need access to it for the purposes described in this Privacy Policy, including:

  • payment service providers;

  • shipping and logistics providers;

  • hosting providers;

  • website and e-commerce platform providers;

  • analytics and marketing providers, where applicable;

  • professional advisors such as lawyers, accountants, or auditors;

  • public authorities or regulators when required by law.

All such recipients must process personal data only as permitted by applicable law and, where relevant, under appropriate contractual safeguards.

7. International Data Transfers

Some of our service providers may process personal data outside the European Economic Area.

Where personal data is transferred outside the EEA, we will ensure that appropriate safeguards are implemented as required by applicable law, such as an adequacy decision or appropriate contractual safeguards. The GDPR provides rules for transfers of personal data to third countries and requires appropriate safeguards where no adequacy decision applies. 

8. Data Retention

We keep personal data only for as long as necessary for the purposes for which it was collected, including to comply with legal, accounting, tax, and reporting obligations, and to manage disputes or enforce our rights.

Retention periods may vary depending on the category of data and the purpose of processing. For example:

  • order and invoice data: for the period required by applicable accounting and tax laws;

  • customer service correspondence: for the time necessary to manage the request and any follow-up;

  • marketing data: until you withdraw consent or object, or after a reasonable inactivity period;

  • technical logs and analytics data: for a limited period appropriate to their purpose.

When personal data is no longer needed, it will be deleted or anonymized where appropriate.

9. Your Rights

Under the GDPR, individuals have rights including the right of access, rectification, erasure, restriction of processing, data portability, objection, and the right to withdraw consent at any time where processing is based on consent. The GDPR also states that a person has the right to object at any time to the processing of personal data for direct marketing purposes.

Subject to applicable legal conditions, you may have the right to:

  • access your personal data;

  • request correction of inaccurate or incomplete data;

  • request deletion of your personal data;

  • request restriction of processing;

  • object to certain processing activities;

  • request portability of the data you provided to us;

  • withdraw your consent at any time where processing is based on consent;

  • define instructions concerning the fate of your personal data after your death, where permitted by applicable law.

To exercise your rights, you may contact us at contactloryaa@gmail.com

We may request proof of identity where necessary to verify your request.

10. Complaints

If you believe that your personal data has been processed unlawfully, you also have the right to lodge a complaint with the competent data protection authority. In France, this authority is the CNIL. CNIL is the French supervisory authority for data protection matters.

11. Security

We implement appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. CNIL’s GDPR security guidance emphasizes the need for appropriate security measures proportionate to the risks of processing.

However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

12. Marketing Communications

If you subscribe to our newsletter or if we are otherwise permitted to contact you under applicable law, we may send you promotional emails about our products, services, or news.

You can unsubscribe at any time by clicking the unsubscribe link included in marketing emails or by contacting us at contactloryaa@gmail.com

If you object to direct marketing, we will stop using your personal data for that purpose. The GDPR expressly provides a right to object at any time to processing for direct marketing purposes.

13. Third-Party Websites

The Website may contain links to third-party websites or services.

We are not responsible for the privacy practices, content, or policies of such third parties. We encourage you to read their privacy notices before providing any personal data.

14. Children

The Website is not intended for children who are not legally able to enter into a purchase contract under applicable law, and we do not knowingly collect personal data from children in violation of applicable legal requirements.

If you believe that a child has provided us with personal data unlawfully, please contact us at contactloryaa@gmail.com

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business developments.

The updated version will be published on the Website with a revised “Last updated” date.

16. Contact

For any questions regarding this Privacy Policy or your personal data, please contact:

LORYAA
60 rue François 1er
75008 Paris
France
Email: contactloryaa@gmail.com