Last updated: April 2026


1. Data Controller

The data controller is Le Petit Lunetier Paris, a French SAS with share capital of €1,000, registered with the Paris Trade and Companies Register under number 809 676 356, with its registered office at 155 rue de Charonne, 75011 Paris, France.

Contact: contact@lepetitlunetier.com


2. Data Collected and Purposes

We collect the following categories of data:

  • Identification data: last name, first name, email address, postal address, telephone

  • Order data: products ordered, order history, payment methods (via our secure payment provider)

  • Health data: medical prescriptions, in the context of the sale of prescription lenses, processed by our qualified optician

  • Browsing data: IP address, pages viewed, cookies (see section 7)


The processing purposes and corresponding legal bases are as follows:

  • Performance of contract (Art. 6.1.b GDPR): account management, order processing, delivery, invoicing, after-sales service, right of withdrawal

  • Legal obligations (Art. 6.1.c GDPR): accounting records, traceability of medical devices, fraud prevention

  • Legitimate interest (Art. 6.1.f GDPR): service improvement, fraud prevention, security measures, usage statistics

  • Consent (Art. 6.1.a GDPR): newsletters, promotional SMS, non-essential cookies

  • Protection of vital interests (Art. 6.1.d and 9.2.h GDPR): processing of prescriptions by a qualified healthcare professional bound by professional secrecy


3. Retention Period

Data is retained for the following periods:

  • Customer account data: until account deletion, then 3 years in intermediate storage

  • Order data: 10 years (accounting obligation)

  • Medical prescriptions: period necessary for equipment traceability and warranty management

  • Marketing data (prospects, newsletter): 3 years from last contact

  • Cookies: 13 months maximum


4. Data Recipients

Your data is processed by Le Petit Lunetier's internal teams and by the following subcontractors:

  • Shopify Inc. (Canada): e-commerce platform and hosting

  • Payment providers: Stripe, PayPal, Alma (3x interest-free)

  • Logistics providers: carriers for delivery (Colissimo, Mondial Relay, Chronopost, etc.)

  • Klaviyo (USA): marketing email delivery

  • Postscript (USA): SMS delivery

  • Google Analytics (USA): audience measurement (with consent)

  • Meta Platforms (USA): advertising retargeting (with consent)

  • Acuity Scheduling: in-store appointment booking


Transfers outside the European Union are governed by standard contractual clauses approved by the European Commission or by adequacy decisions.


We may also disclose your data to administrative and judicial authorities when required by law.


5. Your Rights


In accordance with the General Data Protection Regulation (GDPR) and the amended French Data Protection Act, you have the following rights:

  • Right of access to your data

  • Right to rectification

  • Right to erasure (right to be forgotten)

  • Right to restriction of processing

  • Right to data portability

  • Right to object to processing

  • Right to withdraw your consent at any time

  • Right to define instructions regarding the fate of your data after your death (Art. 85 French Data Protection Act)


To exercise these rights, you may contact us at contact@lepetitlunetier.com or by post to: Le Petit Lunetier, Customer Service, 155 rue de Charonne, 75011 Paris, France.


You also have the right to lodge a complaint with the CNIL (French Data Protection Authority): www.cnil.fr.


6. Data Security


Le Petit Lunetier implements all appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration or disclosure. The site uses SSL/TLS encryption for all transmissions.


7. Cookies


During your first visit to the site, a banner allows you to accept or refuse non-essential cookies. You can change your preferences at any time via the "Cookie Settings" link at the bottom of the page.


Categories of cookies used:

  • Strictly necessary cookies: cart, session, security (no consent required)

  • Audience measurement cookies: Google Analytics, Shopify Analytics (consent required)

  • Personalization cookies: Meta retargeting, Pinterest, TikTok (consent required)

  • Advertising cookies: Google Ads, retargeting partners (consent required)


You can refuse or delete cookies via your browser settings. More information at www.cnil.fr.


8. Changes to This Policy


This policy may be modified at any time. The applicable version is the one available online at the date of your visit.