Privacy Policy
Privacy Policy
WE VALUE YOUR PRIVACY
Applicability and Scope
This Privacy Policy applies to:
- Company Name: Half Bane Corp.
- Legal Form: [SARL / SAS / LLC]
- Registered Office: [Address in France]
- Email: Contact Page
- Trade and Companies Register Number (RCS): [number]
- VAT Number: [number]
- Hosting Provider: The data is hosted by the company scaleway.com, a certified hosting provider in accordance with the regulations in force, RCS 433 115 904, 8 Rue de la Ville-l’Évêque, 75008 Paris). Accommodation is provided exclusively in metropolitan France. scaleway.com’s hosting activities are ISO27001, ISO50001, HDS 1 certified and are therefore subject to regular security audits.
Certificate Number: HDS 739219. It covers personal information you provide directly, information collected automatically, and information obtained from third-party sources.
2. Updates to This Privacy Policy
We may update this Privacy Policy periodically. Any changes will be indicated by updating the “Last Updated” date. Significant changes affecting your rights will be communicated via the website, email, or other appropriate channels. Please review this page regularly.
Last Updated : 29/09/2025
3. Information We Collect
a) Information You Provide Voluntarily
Account and purchase details: Name, email, billing/shipping address, phone number, payment information.
Newsletter subscriptions and forms: Email, name, preferences, survey answers.
Customer support: Messages, inquiries, or feedback.
User-generated content: Reviews, comments, posts.
Third-party references: When sending gifts, sharing information about others.
Social media logins or interactions.
b) Information Collected Automatically
Device and browser information: IP, OS, browser type, device identifiers.
Usage data: Pages visited, clicks, session duration, cart interactions.
Cookies and tracking: For analytics, session management, marketing, retargeting.
Analytics tools: Google Analytics, SOE plugins, performance and engagement metrics.
Social media pixels or SDKs for engagement tracking.
c) Information From Third Parties
Publicly available information, marketing partners, and social media platforms.
Affiliated or trusted service providers to improve our services and insights.
4. How We Use Your Information
We process your data based on one or more of the following legal grounds:
Contract performance: to fulfill orders, manage your account, or deliver purchased services.
Legal obligation: to comply with accounting, tax, or consumer protection laws.
Legitimate interests: to improve services, prevent fraud, or ensure network security.
Consent: for marketing, analytics, or optional features.
Based on this grounds, this is how we process your information :
Order Processing & Fulfillment: Process purchases, deliver products, manage accounts, handle returns and refunds.
Communication & Support: Respond to inquiries, provide updates, personalize responses.
Marketing & Promotions: Send newsletters, offers, updates (with consent), run surveys, contests, and social campaigns.
Analytics & Site Improvement: Monitor website performance, improve UX/UI, prevent fraud.
Social Media Integration: Enhance user experience and provide requested social functionality.
Legal Compliance: Maintain records, respond to legal requests, comply with regulations.
Consent-Based Processing: Personalization, marketing, and analytics where consent is given. Consent may be withdrawn anytime.
5. How We Share Your Information
We may share information with:
Service Providers: Hosting, payment processing, email, analytics, and marketing services.
Business Transactions: Mergers, acquisitions, or sale of assets.
Marketing Partners: Only with consent.
Legal & Safety: Enforce policies, protect rights, comply with laws.
Aggregated/Anonymized Data: For analytics, research, and reporting.
We do not sell personal information.
6. WooCommerce & Payment Processing
Payments are processed securely; credit card data is not stored on our servers.
Billing and shipping information is used for order fulfillment and support.
Purchase history may be used for personalized offers.
7. Cookies & Tracking Technologies
Our website HalfBane.com uses cookies and similar technologies to enhance your browsing experience, analyze traffic, personalize content, and support essential site functions such as shopping cart management, login sessions, and email subscriptions.
What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They allow the site to recognize your device and store certain information about your preferences or previous actions.
Types of Cookies We Use:
Strictly Necessary Cookies: Required for the website to function properly (e.g. WooCommerce cart, checkout, login). Disabling them may break core features.
Functional Cookies: Remember preferences (e.g. language, region, login info).
Performance & Analytics Cookies: Used by tools like Google Analytics to measure website traffic and user behavior. Data is aggregated and anonymized whenever possible.
Marketing & Advertising Cookies: Used to track visitors across websites, build interest profiles, and serve relevant ads or recommendations.
Social Media Cookies: Enable integration with platforms such as YouTube, Instagram, or X (Twitter) for content sharing and embedded media.
Third-Party Cookies:
We may allow trusted third parties to set cookies on our site, including:
Google Analytics (to understand usage and improve performance),
FluentCRM (for tracking newsletter interactions),
Social networks (for embedded content and sharing).
Each third party manages its own cookies according to its privacy policy.
Your Cookie Choices:
Upon your first visit, you will be asked to consent to non-essential cookies via a cookie banner. You may:
Accept or reject all cookies,
Customize your preferences by category,
Change your choices at any time using the “Manage Cookies” link or browser settings.
Cookies are stored for a maximum of 13 months, after which consent will be requested again.
For more details on cookies and how to manage them, visit www.allaboutcookies.org
8. Social Media Integrations
Includes login, sharing, and engagement tracking.
Social platforms may collect data per their policies.
We use data only to enhance your experience or provide requested features.
9. Mobile Applications / PWA
If using a mobile app, device data may be collected: location, device ID, push notifications.
Permissions required for optional features like location services or contact imports.
Users may adjust or disable permissions anytime.
10. Children
Services are not for children under 15.
We do not knowingly collect data from children under 15. If we discover such data, we will delete it immediately. Parents may contact us to request deletion.
11. Data Security
We take the security of your personal data very seriously and have implemented appropriate technical and organizational measures to protect it from unauthorized access, disclosure, alteration, or destruction.
Technical Measures
Encryption: All data transmitted between your browser and our website is protected using SSL/TLS encryption.
Secure Hosting: Our website is hosted on servers that comply with industry-standard security practices and are regularly updated and monitored.
Access Controls: Access to personal data is restricted to authorized personnel only, based on role and necessity.
Data Backups: We perform regular encrypted backups to ensure data can be restored in case of system failure or incident.
Security Monitoring: Our systems are monitored for unusual activity, intrusion attempts, and malware.
Organizational Measures
Confidentiality Agreements: All staff and contractors with access to personal data are bound by confidentiality obligations.
Training: Team members handling user data are trained in data protection and cybersecurity best practices.
Incident Response
In the unlikely event of a data breach, we will:
Take immediate steps to contain and mitigate the breach,
Notify the relevant supervisory authority within 72 hours if required,
Inform affected individuals if the breach is likely to result in a high risk to their rights and freedoms.
While we take every reasonable measure to secure your data, please note that no online transmission or storage system can be guaranteed to be 100% secure.
12. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, and reporting obligations. Once these purposes have been achieved or the retention period has expired, your data is securely deleted or anonymized.
- Customer accounts (including names, email addresses, and preferences) are kept as long as the account remains active. If an account is inactive, it may be retained for up to 3 years after the last interaction for customer relationship management and potential claims.
- Order and transaction data (including billing, shipping, and payment information) are retained for 6 years from the end of the fiscal year, in compliance with legal obligations for accounting and taxation.
- Newsletter and marketing data, including subscription information and email preferences collected through FluentCRM, are retained until you withdraw your consent (e.g., by unsubscribing), or for up to 3 years after your last interaction with our marketing communications.
- Contact form submissions and customer support requests are kept for up to 3 years after the last correspondence, to ensure proper follow-up and customer service.
- Analytics and tracking data collected through tools such as Google Analytics are retained for a maximum of 14 months, as configured within the analytics platform.
- Cookies and similar tracking technologies are stored for no longer than 13 months after being placed on your device, in accordance with applicable ePrivacy and GDPR rules.
- Server logs that may include IP addresses and technical identifiers are retained for up to 1 year for security, maintenance, and troubleshooting purposes.
- Social media interactions (such as messages, comments, and mentions on platforms like YouTube, X/Twitter, Instagram, or Meta) are subject to the retention policies of those platforms. We do not independently store this data beyond what is necessary to manage interactions or communications.
After these retention periods, or upon your request, we will either anonymize or permanently delete your personal data. You may also request deletion of your personal information at any time, in accordance with your rights under the GDPR, as outlined in the section “Your Rights.”
13. Your Choices and Rights
Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have several rights regarding your personal data:
Right of Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You can request correction of inaccurate or incomplete data.
Right to Erasure (“Right to be Forgotten”): You may request deletion of your data, unless retention is required by law.
Right to Restrict Processing: You may ask us to temporarily limit how we use your data.
Right to Data Portability: You may request to receive your data in a structured, commonly used format or have it transferred to another controller.
Right to Object: You may object to processing based on legitimate interests, including direct marketing.
Right to Withdraw Consent: If processing is based on your consent (e.g. newsletter subscription), you may withdraw it at any time without affecting prior processing.
Right to Lodge a Complaint: You may file a complaint with your local data protection authority (in France, the CNIL – www.cnil.fr).
To exercise any of these rights, please contact us through our contact form.
We will respond to all legitimate requests within one month, unless extensions are required under GDPR.
You also have the right to manage your choices directly:
You can unsubscribe from newsletters using the link in each email.
You can adjust cookie preferences at any time via our cookie banner or browser settings.
You can update your account information by logging into your profile.
14. International Transfers
We primarily store and process your personal data on servers located within the European Economic Area (EEA). However, some of our service providers may operate or store data outside the EEA, including in countries such as the United States.
Whenever your personal data is transferred to a country outside the EEA, we ensure that appropriate safeguards are in place to protect your privacy and ensure compliance with GDPR requirements.
Transfers to Third Countries
Some of our partners and third-party processors—such as Google (Analytics), Brevo/Sendinblue, FluentCRM integrations, or social media platforms—may process data outside the EEA.
Safeguards Implemented
To ensure your data remains protected, we rely on one or more of the following mechanisms:
Adequacy Decisions: Transfers to countries recognized by the European Commission as providing an adequate level of data protection.
Standard Contractual Clauses (SCCs): Legally binding contracts approved by the European Commission that oblige recipients to protect your data according to EU standards.
Additional Technical and Organizational Measures: Such as encryption, access controls, and pseudonymization, to further secure your data.
Examples of International Transfers
Google Analytics: Data may be processed in the United States under SCCs and supplementary safeguards.
Email Delivery Services (e.g., Brevo): Some operations may involve data centers outside the EEA, protected through SCCs and internal compliance frameworks.
Cloud Hosting or Backup Providers: If used, they are contractually bound to respect GDPR standards.
We continuously review our partners to ensure they maintain strong privacy and security protections.
Your Rights
If your personal data is transferred outside the EEA, you have the right to request:
A copy of the safeguards applied to the transfer,
Information on the specific mechanisms used.
15. Contact Us
Questions or requests regarding privacy: Contact Page
