PRIVACY POLICY

Effective date: Updated January 1, 2026

The Berthie brand operates an online retail website for ready-to-wear clothing and accessories.
As part of its activities, Berthie collects and processes personal data relating to users of the website (the “Users”).

This Privacy Policy explains how personal data is collected, used, stored, and protected, in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

1 — Data Controller

The data controller is:

Berthie

2 — Data Collected

We may collect the following categories of personal data:

Customer account data

  • First name, last name
  • Email address
  • Phone number
  • Password (encrypted)

Marketing preferences

Order data

  • Shipping address
  •  Billing address
  • Order details
  • Purchase history

Payment data

Payment data is processed directly by payment service providers (e.g. Stripe, PayPal, Shopify Payments).
Berthie never has access to full credit card numbers.

Customer service data

  • Email exchanges / messages
  • Support requests
  • Complaints

Browsing data

  • IP address
  • Browser type
  • Pages viewed
  • Cookies
  • 3 — Legal Bases for Processing
  • Data processing is based on:
  • ✅ Performance of a contract (order processing & delivery)
    ✅ Consent (newsletter, marketing communications)
    ✅ Legitimate interest (service improvement)
    ✅ Legal obligation (invoicing, accounting)

4 — Purposes of Processing

  • Personal data is used to:
  • Process orders
  • Deliver products
  • Manage customer service
  • Send order confirmations
  • Prevent fraud
  • Improve the website
  • Send marketing communications (with consent)

5 — Data Retention Periods

  • Data is retained as follows:
  • Customer data: 3 years after the last contact
  • Order data: legal accounting retention periods
  • Marketing data: until consent is withdrawn
  • Cookies: maximum 13 months
  • 6 — Data Recipients

Personal data may be shared with:

Payment service providers

Shipping and logistics partners

Website hosting provider

Email marketing tools

External customer service providers (if applicable)

Legal authorities when required by law

All service providers are subject to confidentiality obligations.

  • 7 — Transfers Outside the EU

Some technical service providers may be located outside the European Union.
In such cases, appropriate safeguards compliant with the GDPR are implemented, including Standard Contractual Clauses.

  • 8 — Users’ Rights

Each User has the right to:

Access

Rectification

Erasure

Objection

Restriction of processing

Data portability

To exercise your rights:
📧 [GDPR contact email]

We will respond within 30 days.

Users may also lodge a complaint with their national data protection authority
(e.g. the CNIL in France).

  • 9 — Data Security

Berthie implements appropriate technical and organizational measures to protect personal data against:

Unauthorized access

Loss

Alteration

Disclosure

  • 10 — Cookies

The website uses cookies for:

Technical operation

Audience measurement

Marketing purposes (with consent)

A consent banner allows users to manage their cookie preferences.