Privacy Policy

Introduction

ASRAR ('we', 'us', or 'our') is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website asrarsecrets.com or use our mobile application ('Platform'). This policy complies with the General Data Protection Regulation (GDPR) and French data protection law (Loi Informatique et Libertés).

Data Controller

The data controller responsible for your personal data is ASRAR, based in Paris, France. You can contact our Data Protection Officer at: privacy@asrarsecrets.com

Personal Data We Collect

We collect the following categories of personal data:

• Identity data: name, username, date of birth (for age verification)
• Contact data: email address, shipping address, phone number
• Transaction data: purchase history, payment method details (processed securely via third-party payment providers)
• Technical data: IP address, browser type and version, device identifiers, time zone, operating system
• Usage data: pages visited, products viewed, search queries, session duration
• Marketing data: communication preferences, newsletter subscription status
• Account data: login credentials (passwords are stored in hashed form and never in plain text)

Legal Basis for Processing

We process your personal data on the following legal grounds under Article 6 GDPR:

• Contract performance: to process your orders, manage your account, and deliver products
• Legal obligation: to comply with applicable laws including tax, customs, and consumer protection regulations
• Legitimate interests: to improve our Platform, prevent fraud, and ensure platform security
• Consent: for marketing communications and non-essential cookies — you may withdraw consent at any time

How We Use Your Data

We use your personal data for the following purposes:

• To process and fulfil orders, including payment processing and delivery coordination
• To create and manage your user account
• To provide customer support and respond to your enquiries
• To send order confirmations, shipping notifications, and important service updates
• To send marketing communications where you have given consent (you may opt out at any time)
• To improve our Platform through analytics and user behaviour analysis
• To prevent and detect fraud and unauthorised access
• To comply with legal and regulatory obligations
• To verify your age as required for access to adult content

Data Sharing and Disclosure

We do not sell your personal data. We may share your data with trusted third parties only as necessary:

• Payment processors (e.g., Stripe, PayPal) for secure transaction handling
• Logistics and courier services for order delivery
• Email service providers for transactional and marketing emails
• Analytics providers (e.g., Google Analytics) — data is anonymised where possible
• Cloud hosting providers for infrastructure
• Legal authorities when required by law or court order

All third-party processors are bound by data processing agreements and are required to maintain appropriate security measures.

International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). Where this is the case, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data receives the same level of protection as within the EEA.

Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy, or as required by law:

• Account data: retained for the duration of your account plus 3 years after account deletion
• Transaction and order data: retained for 10 years for accounting and legal compliance
• Marketing data: retained until you withdraw consent or unsubscribe
• Technical logs: retained for up to 12 months

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of access: request a copy of your personal data
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure ('right to be forgotten'): request deletion of your data where there is no compelling reason for its continued processing
• Right to restriction: request that we limit the processing of your data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: withdraw any previously given consent at any time
• Right to lodge a complaint: contact the French data protection authority (CNIL) at www.cnil.fr

To exercise any of these rights, please contact us at: privacy@asrarsecrets.com. We will respond within 30 days.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. These measures include TLS encryption for data in transit, hashed password storage, access controls, and regular security assessments. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Minors

Our Platform is strictly intended for users aged 18 and over. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from a minor, we will take steps to delete it immediately. Parents and guardians who believe their child has provided us with personal data should contact us at privacy@asrarsecrets.com.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or via a prominent notice on our Platform. The date at the top of this policy indicates when it was last updated.