Privacy and Cookies Policy

Published on 24 March 2026

 

KAOKA is committed to respecting the right to privacy and protecting the personal data (hereinafter “Personal Data”) of individuals who visit, browse and, where applicable, place orders for products on its website accessible at http://www.kaoka.fr (hereinafter the “Website”) (hereinafter the “Users”) .

The purpose of this document (hereinafter the “Privacy and Cookies Policy”) is to inform Users of the conditions under which KAOKA collects, stores, uses and processes their Personal Data and uses cookies on its Site.

Users may consult the Privacy and Cookies Policy at any time at the bottom of the Site’s page. Any User who does not agree with this document is advised not to use the Site.

KAOKA reserves the right to amend the Privacy and Cookies Policy at any time, in particular to comply with any legislative, regulatory, judicial, editorial or technical developments, or in the event of changes to its services affecting the collection and processing of Site Users’ personal data.

KAOKA encourages Users to regularly consult the latest version of the Privacy and Cookies Policy whenever they visit the Website or wish to place an order.

 

1.      PRIVACY POLICY

1.1 Data controller

The processing of Personal Data is carried out by KAOKA, a simplified joint-stock company with a share capital of €300,000, registered with the Avignon Trade and Companies Register under number 392 925 434, whose registered office is situated at 340 Rue Eugène Guerin, 84200 CARPENTRAS, which publishes the Website and acts as the Data Controller within the meaning of the Regulations (hereinafter “KAOKA” or the “Data Controller”).

KAOKA has appointed a person responsible for its data protection policy whom any User may contact (hereinafter the “Data Protection Officer” or “DPO”):

· at the following email address: rgpd@kaoka.fr;

· using the contact form

· by post sent to the following address:

KAOKA
For the attention of the DPO
340 Eugène Guérin
84200 CARPENTRAS

 

The User must provide the DPO with proof of their identity by any means and clearly state their surname, first name and the address to which they wish the reply to be sent.

 

KAOKA ensures that the Personal Data of Users collected is processed in accordance with the provisions of Law No. 78-17 of 6 January 1978, known as the ‘Data Protection Act’, and its subsequent amendments, as well as with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the “GDPR” (hereinafter collectively referred to as the “Regulations”).

 

1.2 Personal data collected

 

Personal data is information that enables an individual to be identified, either directly or indirectly through combination with other personal data, in particular by reference to an identifier or a name.

 

Personal Data is collected by KAOKA:

  • Either directly when Users voluntarily provide information via the forms on the Website, in particular when subscribing to the newsletter or placing an order for a product.
  • Or indirectly when Users browse the Website (personal connection and browsing data necessary for the provision of services by KAOKA).

 

The Personal Data that may be collected from Users is as follows:

  • Identification or contact details: surname, first name, email address, postal address, telephone number;
  • Personal data provided by the User when registering their customer account (e.g. date of birth);
  • Data relating to orders and the management of the commercial relationship: billing address, delivery address, order details, purchase history;
  • Login details: login credentials, passwords;
  • Browsing data: date, time of connection and/or browsing, browser type, browser language, IP address, location data and geolocation;
  • Banking details: payment method details (e.g. credit card number, expiry date, security code, authorisation number);
  • Any other information that the User provides to KAOKA in connection with a contact request or correspondence with customer service.

 

Personal Data is required to fulfil the purposes described in Article 1.3 below. Failure to provide this information may delay or prevent KAOKA from supplying its products or services.

 

KAOKA does not collect any sensitive personal data relating to Users (such as personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, or sexual orientation).

 

1.3 Purposes of data collection, retention period, legal basis

 

KAOKA is committed to processing Personal Data fairly and transparently, taking care to inform Users of each processing operation it carries out.

 

Personal Data is retained for a period commensurate with the purpose for which it was collected, unless laws and regulations require a different retention period.

 

Objectives Retention periods Legal basis for processing
Creation and management of user accounts Until the account is deleted from the Website or if the account remains inactive for three years from the date of the last login Processing necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject’s request (Article 6(1)(b) of the GDPR) or Legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR)
Management and tracking of orders and deliveries

For the duration of the active contractual relationship, followed by 5 years in intermediate storage (excluding personal banking data). Personal banking data: retained by the payment service provider for XX months for the purpose of providing evidence in the event of a dispute regarding the transaction; stored in intermediate archives for a period of 13 months following the debit date. This period may be extended to 15 months to allow for the use of deferred debit cards. No storage of personal data relating to the security code or CVV2

Processing necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject’s request (Article 6(1)(b) of the GDPR)
Claims management

The period during which the request is processed in the active database, followed by three years in intermediate storage

Legitimate interest pursued by the data controller (Article 6(1)(f) of the GDPR)
Handling enquiries submitted via the contact form

The time taken to process the request while it is in the active database, followed by one year in intermediate storage

Consent of the data subject for one or more specific purposes (Article 6(1)(a) of the GDPR)
Distribution of newsletters, promotional messages and special offers

3 years from the last contact or until consent is withdrawn

Consent of the data subject for one or more specific purposes (Article 6(1)(a) of the GDPR)
Compliance with the legal obligations applicable to KAOKA’s business

For invoices: 10 years / For personal data relating to transactions (excluding banking details): 5 years

Compliance with a legal obligation to which the data controller is subject (Article 6(1)(c) of the GDPR)
Management and monitoring of requests from Users to exercise their rights regarding their Personal Data

Request for proof of identity: time required to verify identity / Right of access, rectification, erasure and restriction: 1 year, followed by anonymisation at the end of this period / Right to object: 6 years, followed by anonymisation at the end of this period

Compliance with a legal obligation to which the data controller is subject (Article 6(1)(c) of the GDPR)

 

Data held in interim storage may only be accessed on an ad hoc basis and for specific reasons by persons with the appropriate authorisation.

 

1.4 Recipients of Personal Data

 

The persons who may have access to Personal Data are:

Authorised KAOKA staff;

  • Companies hosting Personal Data;
  • Authorised staff of KAOKA’s subcontractors where applicable (newsletter delivery service providers, audience measurement and analysis service providers, secure payment service providers);
  • Third parties who may place functional cookies;
  • Any judicial or administrative authority, upon request, in order to comply with legal obligations.

 

Personal Data is disclosed only after obtaining a commitment and assurances from them regarding their ability to meet security and confidentiality requirements.

 

KAOKA enters into contracts with its subcontractors that clearly set out the terms and conditions governing the processing of personal data by those subcontractors, in accordance with data protection regulations.

 

1.5 Transfer of personal data outside the European Union

 

Where Personal Data is collected or held in a country outside the European Union and the European Economic Area (United States: Google Analytics, WooCommerce), KAOKA undertakes to ensure an adequate and appropriate level of protection for Personal Data within the meaning of the Regulations.

 

Where applicable, data transfer agreements will be entered into, ensuring that third parties are certified under the relevant data protection schemes.

 

1.6 Safety measures

 

As the Data Controller, KAOKA undertakes to implement all appropriate technical and organisational measures, commensurate with the sensitivity of the Personal Data, in order to safeguard the integrity, security and confidentiality of the Personal Data, in accordance with the Regulations, in particular to prevent the data from being altered, distorted or accessed by unauthorised third parties.

 

However, KAOKA shall not be liable in the event of any risk of misuse or hacking.

 

In the event of a personal data breach, KAOKA undertakes to notify the CNIL in accordance with the Regulations. Should a data breach pose a high risk to a User’s rights and freedoms, KAOKA will inform the User as soon as possible, in accordance with the provisions of the Regulations.

 

1.7 Users’ Rights

 

All Users have a number of rights regarding their Personal Data, which they may exercise at any time, in accordance with the Regulations:

 

  • Right to information (Articles 13 and 14 of the GDPR)
    You acknowledge that this Privacy and Cookies Policy informs you of the purposes, the legal basis, the legitimate interests, the recipients or categories of recipients with whom your Personal Data is shared, and the possibility of data being transferred to a third country. In addition to this information, and in order to ensure the fair and transparent processing of your Personal Data, you confirm that you have received further information regarding:
    • the retention period for your personal data;
    • the rights you are entitled to and how to exercise them.

 

  • Right of access (Article 15 of the GDPR)
    By exercising this right, you can confirm whether or not your personal data is being processed and, if it is, you have the right to request a copy of your personal data and information regarding:

    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipients and, where applicable, if such disclosures are to be made, the international organisations to which the personal data have been or will be disclosed, in particular recipients established in third countries;
    • where possible, the envisaged retention period for the Personal Data or, where this is not possible, the criteria used to determine this period;
    • the existence of the right to request from the Data Controller the rectification or erasure of your Personal Data, the right to request a restriction on the processing of your Personal Data, and the right to object to such processing;
    • the right to lodge a complaint with a supervisory authority;
    • information regarding the source of the Personal Data where it is not collected directly from the data subjects;
    • the existence of automated decision-making, including profiling, and in the latter case, meaningful information regarding the underlying logic, as well as the significance and the envisaged consequences of such processing for the data subjects.

 

  • Right to rectification (Article 16 of the GDPR)
    You may request that your Personal Data be rectified or supplemented, as appropriate, if it is inaccurate, incomplete, ambiguous or out of date.

 

  • Right to erasure (Article 17 of the GDPR)
    You may request the erasure of your Personal Data and prohibit any future collection thereof in the cases provided for by law and regulations. Where applicable, requests received during the period of a competition will be assessed in accordance with the competition rules.

 

  • Right to restriction of processing (Article 18 of the GDPR)
    You may request that the processing of your personal data be restricted in the circumstances provided for by law and regulations.

 

  • Right to data portability (Article 20 of the GDPR)
    You have the right to receive your Personal Data in a standard, machine-readable format and to request that it be transferred to a recipient of your choice. Please note that this is not a general right. Not all data from all processing operations is portable, and this right applies only to automated processing, excluding manual or paper-based processing. This right is limited to processing operations where the legal basis is your consent or the performance of pre-contractual measures or a contract.

 

  • Right to object (Article 21 of the GDPR)
    You have the right to object at any time, on grounds relating to your particular situation, to the processing of your Personal Data where the legal basis is the legitimate interest pursued by the Data Controller, unless there are legitimate and compelling grounds for the processing that override the interests, rights and freedoms of the User, or for the establishment, exercise or defence of legal claims.

 

  • Right to lodge a complaint with the relevant supervisory authority (Article 77 of the GDPR)
    You have the right to lodge a complaint with the CNIL if your personal data is processed in breach of the regulations.

 

  • Right to withdraw consent (Article 7 of the GDPR)
    Where the processing of your personal data is based on your consent, you may withdraw that consent at any time. We will then cease processing your personal data, without this affecting the lawfulness of any processing carried out prior to your withdrawal of consent.

 

  • Right to set out post-mortem instructions (Article 85 Loi Informatique et Libertés)
    You also have the option to set out specific instructions regarding the retention, erasure and disclosure of your Personal Data following your death. These specific instructions apply only to the processing carried out by us and will be limited to that scope alone.

 

 

Users may exercise all the rights described above by writing to KAOKA at the following address:

  • By email: rgpd@kaoka.fr
  • By post: KAOKA – For the attention of the DPO – 340 Rue Eugène Guerin – 84200 CARPENTRAS

 

In such cases, KAOKA reserves the right to ask the User to provide additional information or documents to verify their identity, including a copy of their ID.

 

If, after contacting KAOKA, the User considers that their request to exercise their rights has not been processed or taken into account within the statutory time limits, they have the right to lodge a complaint with the CNIL:

  • Via the procedure set out on its website: https://www.cnil.fr/fr/plaintes
  • By post: CNIL – Complaints Department – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07

 

1.8 Links to third-party websites

 

The Website may, where applicable, provide links to other websites that may be operated by third-party companies. KAOKA is not responsible for the processing of personal data by these third-party websites. Users should consult the relevant privacy policies.

 

 

2.      COOKIE POLICY

When visiting the Website, certain information relating to the User’s browsing activity and behaviour on the Website may be stored in text files known as ‘cookies’ (hereinafter ‘Cookies’) installed on the User’s device (computer, tablet, mobile phone).

 

When connecting to the Website, the User is informed, via a banner, that Cookies may be automatically installed on their browser during their visits to the Website. They are also informed of the purpose of Cookies and of the option to accept or refuse them and to change the settings by clicking on the “Cookie Settings” link.

 

2.1 Use of Cookies

 

KAOKA uses cookies for various purposes, including to facilitate or improve the User’s browsing experience, personalise the content of the Website, tailor advertising to the User’s interests, and measure the use of the Website for statistical purposes.

 

2.2 Types of cookies used

 

KAOKA uses the following cookies:

 

  • Strictly necessary cookies:

These cookies are essential for the website to function and cannot be disabled in KAOKA’s systems. They are generally set in response to actions taken by the user that amount to a request for services, such as setting the user’s privacy preferences, logging in or filling in forms. The User may configure their browser to block or alert them about these cookies; however, certain parts of the site may not function. These cookies do not store any personally identifiable information.

 

  • Functional cookies:

 

These cookies enable the website to offer enhanced functionality and personalisation. They may be set by KAOKA or by third-party providers. If the user does not allow these cookies, some or all of these services may not function properly.

 

  • Performance cookies:

 

These cookies enable KAOKA to count visits and track traffic sources in order to measure and improve the website’s performance. They help KAOKA identify which pages are the most and least popular and understand how visitors navigate the site. All information collected by these cookies is aggregated and therefore anonymous. If the User does not allow these cookies, KAOKA will not be informed of their visit to the Website.

 

  • Targeting cookies:

 

These cookies may be set via the Website by KAOKA’s advertising partners to profile the User’s interests and display relevant adverts to them on other websites. They do not directly store personal information, but are based on the unique identification of the User’s browser and internet device. If the User does not allow these cookies, they will receive fewer targeted advertisements.