Policy Confidentiality

For the purposes of the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and the Luxembourg law of 1 August 2018 concerning the organization of the National Commission for Data Protection, the controller of your personal data is:

• Company : STATIONARY Saarl, a subsidiary of NEXUS INVEST Saarl
• Head office: 202 ZAE Wolser, L-3225 Bettembourg, Grand Duchy of Luxembourg
• Email : contact@macentrale.com

As the data controller, MACENTRALE Sàrl determines the purposes and means of the processing of personal data implemented within the framework of its e-commerce activity and the management of its website. The company undertakes to process your data in strict compliance with applicable regulations and to implement all necessary technical and organizational measures to guarantee the security and confidentiality of your information.

MACENTRALE Sàrl collects only the personal data strictly necessary to achieve the purposes described in this policy. Data collection is based on the principle of data minimization, in accordance with Article 5 of the GDPR.

• Name, surname and title
• Email address (account ID)
• Landline or mobile phone number
• Full postal address for delivery and/or billing

• Complete history of orders placed and in progress
• Products viewed, added to favorites or added to cart
• Payment information: type of payment method, date and amount of the transaction (full bank details are never stored by MACENTRALE Sàrl and are processed exclusively by our PCI-DSS certified payment provider)
• General terms and conditions of sale accepted and date of acceptance

• Login credentials (email and encrypted password)
• Date and time of account creation
• Account preferences and custom settings
• History of interactions with customer service

• IP address and approximate geolocation data
• Internet browser type, version and language
• Operating system of the terminal used
• Pages visited, visit duration, and navigation paths
• Acquisition source (search engine, direct link, advertising campaign)
• Data from cookies and tracking technologies (see section 7)

• Data entered in contact or information request forms
• Product reviews and ratings submitted voluntarily
• Email address provided when subscribing to the newsletter

Each processing of personal data implemented by MACENTRALE Sàrl is based on one of the legal bases provided for in Article 6 of the GDPR. The applicable legal basis is specified for each purpose:

• Order management and logistics tracking — Processing, shipping and tracking of your orders, handling of returns and refunds — Legal basis: performance of the sales contract (art. 6.1.b)
• Creating and managing your customer account — Opening, maintenance and securing your personal space — Legal basis: performance of the contract (art. 6.1.b)
• Transactional communications — Sending order confirmations, invoices, delivery notifications and security alerts — Legal basis: performance of the contract (art. 6.1.b)
• Customer service and dispute resolution — Processing your requests, complaints and exercising your legal rights of withdrawal or guarantee — Legal basis: performance of the contract and legal obligations (art. 6.1.b and 6.1.c)
• Sales prospecting and newsletter — Sending marketing communications, promotional offers, new products — Legal basis: prior consent revocable at any time (art. 6.1.a)
• Improving our services — Analysis of browsing behavior, A/B testing, satisfaction surveys, development of new features — Legal basis: legitimate interest of MACENTRALE Sàrl (art. 6.1.f)
• Accounting and tax obligations — retention of accounting records, tax returns, invoicing — Legal basis: legal obligation (art. 6.1.c)
• Fraud prevention and security — detection and prevention of fraudulent transactions, protection of computer systems — Legal basis: legitimate interest (art. 6.1.f)
• Personalizing the experience — Product recommendations, display of content tailored to your preferences — Legal basis: consent (art. 6.1.a) or legitimate interest as applicable

Your personal data is processed confidentially by MACENTRALE Sàrl. It may be disclosed to the following categories of recipients, strictly within the framework of the purposes defined above and based on a proven need:

• Authorized internal personnel: Members of the MACENTRALE team who need access to the data as part of their duties (customer service, logistics, accounting, management)
• Secure payment providers: PCI-DSS certified payment institutions responsible for the secure processing of transactions
• Carriers and logistics providers: delivery and returns management companies to which delivery data is communicated
• Technical service providers: hosting provider (IONOS SE), IT maintenance and cybersecurity providers, under subcontracting agreements compliant with the GDPR
• Email and marketing tools: service providers such as Brevo (formerly Sendinblue) for sending newsletters and marketing communications
• Audience analysis and measurement tools: analytics providers that allow you to analyze website traffic and usage
• Competent authorities: tax authorities, judicial or regulatory authorities, in the event of a legal obligation or judicial requisition

Personal data is retained only for a period strictly limited to the purposes for which it was collected, in accordance with the principle of data minimization set out in Article 5 of the GDPR. Beyond these periods, the data is either irreversibly deleted or anonymized.

In accordance with the GDPR, you have the following rights regarding your personal data, which you can exercise at any time with MACENTRALE Sàrl:

To exercise your rights, please send your request by email to: contact@macentrale.com Please specify your identity and the nature of your request. MACENTRALE Sàrl undertakes to respond within one month of receiving the request (this period may be extended by two additional months in the event of complexity or a high volume of requests).

The MACENTRALE website uses cookies and other tracking technologies (tracking pixels, web beacons, local storage) to ensure the proper technical functioning of the site, improve your browsing experience, and analyze audience traffic. In accordance with applicable regulations, some cookies require your prior consent.

• User session management and maintaining connection to the customer account
• Remembering the contents of the current shopping cart
• Form security (CSRF protection)
• Remembering your cookie preferences

• Audience measurement and analysis of browsing behavior (Google Analytics or equivalent)
• Analysis of page and conversion funnel performance
• A/B testing and website usability optimization

• Personalization of advertisements displayed on partner websites (retargeting)
• Sharing content on social media (share buttons)
• Product recommendations based on browsing history

You can manage your cookie preferences at any time via the consent manager accessible on the website, or via your browser's privacy settings. Refusing analytical or marketing cookies does not affect the essential functioning of the website. Your consent is valid for a maximum of 13 months.

MACENTRALE Sàrl implements appropriate technical and organizational measures, in accordance with Article 32 of the GDPR, to ensure a level of security appropriate to the risk presented by the processing operations carried out. These measures include, in particular:

• Encrypting communications: HTTPS protocol with SSL/TLS certificate across the entire site, guaranteeing the confidentiality of communications between your browser and our servers.
• Password encryption: Customer account passwords are systematically hashed using secure algorithms (bcrypt or equivalent) and are never stored in plain text.
• Access control: Access to personal data is strictly limited to authorized personnel, according to the principle of least privilege.
• Regular backups: automated data backup procedures, with periodic restoration tests
• Incident monitoring and detection: Real-time monitoring and alert systems to detect any abnormal activity or attempted intrusion
• Data breach management: documented incident response procedure, including notification to the CNPD within 72 hours in the event of a breach likely to pose a risk to individuals

Despite the measures implemented, no IT security system is infallible. Should a security vulnerability be discovered that could affect your data, MACENTRALE Sàrl undertakes to inform you as soon as possible in accordance with applicable legal obligations.

MACENTRALE Sàrl prioritizes the processing of your data within the European Union and the European Economic Area. However, some of our service providers may be located in third countries. In this case, MACENTRALE Sàrl ensures that transfers are governed by appropriate safeguards in accordance with Chapter V of the GDPR, including:

• An adequacy decision from the European Commission recognizing the level of protection of the recipient country
• Standard contractual clauses (SCCs) adopted or approved by the European Commission
• Binding Corporate Rules approved by a supervisory authority

Upon request addressed to contact@macentrale.com, MACENTRALE Sàrl can provide you with the list of recipient third countries and the safeguards put in place to regulate these transfers.

The MACENTRALE website is intended for an adult audience. MACENTRALE Sàrl does not knowingly collect personal data relating to children under 16 years of age without the prior and verifiable consent of their parents or legal guardians, in accordance with Article 8 of the GDPR.

If you are a parent or legal guardian and you are aware that your minor child has provided us with personal data without your consent, we urge you to contact us immediately at contact@macentrale.com so that we can proceed with the deletion of this data as soon as possible.

MACENTRALE Sàrl reserves the right to modify this Privacy Policy at any time, in particular to comply with legislative and regulatory developments, decisions of supervisory authorities, new recommendations of the CNPD or changes in our data processing practices.

In the event of a substantial change affecting your rights or the processing carried out, MACENTRALE Sàrl will inform you by email (if you have a customer account) and/or by a notice visible on the website at least 15 days before the changes take effect. The applicable version is the one published online, identifiable by its update date indicated in the document header.

For any questions, requests to exercise your rights, or complaints relating to this Privacy Policy and the processing of your personal data:

• Email : contact@macentrale.com
• Mail : MACENTRALE Sàrl — Data Protection Officer, 202 ZAE Wolser, L-3225 Bettembourg, Grand Duchy of Luxembourg

MACENTRALE Sàrl undertakes to acknowledge receipt of your request within 5 business days and to provide a complete response within one month. In the case of a particularly complex or voluminous request, this period may be extended by an additional two months, after prior notification from you.