Privacy Policy

In accordance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act (Law No. 78-17 of 6 January 1978, as amended), the data controller is:

• —Identity: first and last name, salutation
• —Contact: email address, postal address, phone number
• —Payment: card details processed by certified PCI-DSS providers (we never store your card data)
• —Account: password (encrypted), preferences, wishlist
• —Communications: messages sent through our contact forms or customer support

• —Technical: IP address, browser, operating system, device type
• —Behavioural: pages viewed, time spent, click paths, referring URL
• —Cookies and similar trackers (see section 06)

• —Order history, delivery tracking, returns and refunds
• —Customer service interactions, claims and disputes

Each processing operation relies on a specific legal basis under Article 6 of the GDPR.

Your data is shared exclusively with carefully selected sub-processors, each bound by a Data Processing Agreement (DPA) compliant with Article 28 of the GDPR.

Some of our sub-processors are based outside the European Economic Area (notably in Canada and the United States). Such transfers are framed by the safeguards required under Chapter V of the GDPR:

• —Adequacy decisions issued by the European Commission (e.g. Canada, EU-U.S. Data Privacy Framework)
• —Standard Contractual Clauses (SCCs) approved by the European Commission
• —Binding Corporate Rules (BCRs) where applicable
• —Supplementary measures (encryption in transit and at rest, access controls, audits)

Non-essential cookies are placed only with your prior consent, in accordance with Article 82 of the French Data Protection Act and CNIL guidelines. You may accept, refuse, or withdraw your consent at any time through the cookie preferences panel.

Withdrawal of consent does not affect the lawfulness of processing carried out beforehand (Article 7.3 GDPR).

Personal data is retained only for as long as necessary for the purposes for which it was collected.

• —Customer accounts: duration of the relationship + 3 years from last activity
• —Order and invoice records: 10 years (French Commercial Code, Art. L123-22)
• —Marketing prospects: 3 years from the last contact
• —Cookies and trackers: maximum 13 months
• —Customer service correspondence: up to 5 years
• —Server logs and security data: up to 12 months

Under Articles 15 to 22 of the GDPR, you have the following rights:

To exercise your rights, contact us at hello@thepetsociety.paris. We will respond within one (1) month, extendable by two (2) months for complex requests (Article 12.3 GDPR). No proof of identity is required by default; we may request it only if there is reasonable doubt about the requester's identity, in line with CNIL guidelines.

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the French supervisory authority (CNIL) or with the supervisory authority of your country of residence.

Consumer Mediation — CM2C

49 rue de Ponthieu — 75008 Paris — France
Tél : 01 89 47 00 14 — litiges@cm2c.net
cm2c.net/declarer-un-litige.php

EU Online Dispute Resolution Platform:
ec.europa.eu/consumers/odr

All transactions are secured through SSL/TLS encryption. Payments are processed exclusively by PCI-DSS Level 1 certified providers. Access to personal data is restricted to authorised personnel acting under strict confidentiality obligations. We implement appropriate technical and organisational measures (access control, encryption, regular backups, intrusion detection, staff training) to ensure a level of security commensurate with the risk (Article 32 GDPR).

Our services are not directed at children under fifteen (15) years of age. We do not knowingly collect personal data from minors below this age threshold. If you believe a child has provided personal data without parental consent, please contact us immediately so we can delete the relevant data.

FALCON TRADING does not engage in automated decision-making producing legal or similarly significant effects on individuals (Article 22 GDPR). Some technical operations (fraud scoring, recommendation algorithms) may be performed automatically but are subject to human review whenever a decision affects access to our services.

This Privacy Policy may be updated to reflect legal, technical, or organisational changes. The current version is always available on this page. Material changes will be notified by email or through a notice on the website.

For more information, please refer to our Legal Notice, our Terms of Service, our Return & Refund Policy, and our Shipping Policy.