Privacy Policy — SHAK.R Cocktails

 

As data controller, SPIRIBAM explains how we collect, process, and use your personal data to provide services while respecting your rights. We protect your privacy by ensuring the protection, confidentiality, integrity, availability, and security of the personal data you entrust to us across all our channels.

When We Collect Your Data

We may collect data when you contact us via forms; create an account on our websites/apps; browse our sites (cookies may be used); purchase in‑store or online; subscribe to our newsletter; call customer service; interact with us (including on social networks); enter competitions; or exercise your data rights.

What We Collect

We collect information you provide in our commercial relationship, including account creation/loyalty enrolment, order management, interactions with customer service/store service/web pages, and contest participation. Mandatory items are marked with an asterisk (e.g., name, postal address, email, phone, loyalty card numbers). We also collect purchase‑related information (amounts, nature of purchases, orders, invoices, online journey). We do not collect special category data (e.g., racial/ethnic origin, political opinions, religious beliefs, health, sexual life/orientation, biometrics, genetics).

How We Use Your Data (Purposes & Legal Bases)

Website navigation (consent); order processing & customer obligations (contract performance); payment recovery & anti‑fraud (contract performance); advertising operations for the controller (consent); service communications (contract performance); customer experience improvements (consent, unless you object); partner targeted advertising (consent, or legitimate interest for similar products/services from SPIRIBAM); legal/regulatory requests (legal obligation).

Recipients, Storage, and Retention

Data may be accessed by authorized SPIRIBAM staff and service providers (e.g., delivery, online payments, targeted campaigns) strictly as needed. If a provider operates outside the EU, we use EU Commission standard clauses. Retention follows CNIL guidance/legal requirements (e.g., customer accounts and loyalty data 3 years after last contact; connection data 6–12 months; cookies up to 13 months; invoices 10 years; prospects 3 years; identification data up to 1 year). Data may be archived for legal limitation periods.

Your Rights & How to Exercise Them

You may access, rectify, erase, restrict, port, object (including to profiling and direct marketing), set post‑mortem directives, and withdraw consent at any time (including for cookies). Contact: dpo@gbh.fr (proof of identity may be requested). We reply as soon as possible and, in any case, within one month. You may also lodge a complaint with the CNIL.

Security Measures

We apply organizational and technical measures proportionate to the sensitivity of your data (including pseudonymization/anonymization where possible). Access is limited to personnel/providers who need it and are bound by confidentiality. Contracts with third‑party recipients ensure data protection and rights. We also encourage you to secure your devices (strong passwords, regular changes, logout on shared devices).