Shipment protection for loss or theft
Your cart is empty.
Go to shop
TOTAL: €0.00 EUR
Privacy & Data Protection
At Carlstone, your privacy and personal information are of the highest importance.
Information Collection
We collect personal data in the following situations:
At Purchase / Checkout
- Full name
- Email address
- Shipping address
- Billing address (if different)
- Phone number
- Order details and purchase history
Email Newsletter Signup
- Email address
- First name (optional)
Contact Form
- Name
- Message content
Payment Processing
Payment card details are NOT collected or stored by us. All payment processing is handled by third-party payment processors. We do not have access to your full card information.
Website Analytics & Cookies
- IP address
- Browser and device information
- Pages visited and time spent
- Referral source
- Cookies and tracking pixels
Purpose of Data Processing
Your data is collected and used for:
- Processing and fulfilling your orders
- Sending order confirmations and shipping updates
- Handling customer support requests
- Sending marketing emails (if you’ve opted in to our newsletter)
- Fraud prevention and payment security
- Analyzing site traffic and improving user experience
- Complying with legal and tax obligations
Legal Basis for Processing
We process your data based on:
- Contract: executing your purchase and fulfilling your order
- Consent: for marketing emails and newsletter subscriptions
- Legal obligation: tax and accounting requirements
- Legitimate interest: fraud prevention, analytics, customer service
Data Recipients (Third Parties)
Your data may be shared with:
- Payment processors: for secure payment processing and fraud detection
- Email service providers: for newsletter distribution and marketing communications
- Shipping & logistics partners: for order fulfillment and delivery tracking
- Hosting providers: for website infrastructure and data storage
- Analytics providers: for website performance and user behavior analysis
- Legal authorities: only if required by law
We do not sell your data to third parties.
Data Retention
- Order data: 6 years (legal/tax requirement)
- Customer accounts: until account deletion + 12 months
- Newsletter subscribers: until unsubscribe + 12 months
- Contact form inquiries: 24 months
- Analytics data: 26 months
- After deletion: permanently removed from all systems
Your GDPR Rights
You have the following rights under GDPR:
- Right of Access: request a copy of your personal data
- Right to Rectification: correct inaccurate information
- Right to Erasure (“Right to be Forgotten”): request deletion of your data
- Right to Restrict Processing: limit how we use your data
- Right to Data Portability: receive your data in a readable format
- Right to Object: opt-out of marketing and certain processing
- Right to Withdraw Consent: unsubscribe from emails at any time
How to Exercise Your Rights
Email: hello@carlstone.club
Response time: 30 days maximum.
Data Security
We implement the following security measures:
- HTTPS encryption on all pages
- Secure hosting with automated backups
- Restricted access to sensitive customer data
- Regular security updates and monitoring
- PCI DSS compliance for payment processing
Note: No online system is 100% secure. While we implement industry-standard protections, we cannot guarantee absolute security.
International Data Transfers
Your data is stored and processed within the European Union. Some service providers may process data in the EU or other locations under appropriate safeguards (Standard Contractual Clauses, Adequacy Decisions).
Cookies & Tracking
Our site uses:
- Session cookies: for shopping cart and login functionality
- Analytics cookies: to understand site usage (anonymized)
- Marketing pixels: to measure ad performance and retargeting
You can disable cookies in your browser settings, though some site features may not work properly.
Marketing Communications
Email Marketing: We only send marketing emails to users who have explicitly opted in. You can unsubscribe at any time by clicking the “unsubscribe” link in any email.
Right to Object: You can object to marketing communications at any time by contacting us at hello@carlstone.club
Children's Data
Our site is not intended for children under 16. We do not knowingly collect data from children. If we become aware that a child has provided data, we will delete it immediately.
Data Breach Notification
If we discover a data breach that poses a risk to your rights or freedoms, we will notify you and the relevant authorities within 72 hours as required by GDPR.
Complaints to Supervisory Authority
If you believe our processing of your data violates your GDPR rights, you can lodge a complaint with your national data protection authority. For EU residents:
France: CNIL — www.cnil.fr
Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
Policy Updates
We may update this policy to reflect changes in law or our practices. The “Last Updated” date at the top indicates the most recent revision. Continued use of our site constitutes acceptance of any updates.
Contact Us
For questions about this policy or your data:
Email: hello@carlstone.club
Data Controller
Dmytro Sych, Sole Trader
SIRET: 949 799 423 00015
Location: Clamart, France
Email: hello@carlstone.club
Data Protection Officer: Dmytro Sych — hello@carlstone.club