Privacy policy

This Privacy Policy explains how AXELLE VERGER LLC (“we”, “us”, “our”) collects and processes personal data of users and customers of this website, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and — where applicable — the EU GDPR for visitors located in the European Economic Area.

We are committed to processing your personal data lawfully, fairly, transparently and only for the purposes set out in this policy.

AXELLE VERGER LLC, registered office at 8206 Louisiana Blvd Ne, Ste A #9117, Albuquerque, New Mexico 87113 Us, is the data controller for personal data collected through this website. You can contact us at admin@alaxella.shop. A Data Protection Officer (DPO) will be appointed if and when our activities trigger the obligation under Article 37 of the UK GDPR.

Depending on how you interact with the site, we may collect the following categories of personal data:

• Identification data: title, first name, last name, date of birth where relevant.
• Contact details: postal address (shipping and billing), email address, phone number.
• Account data: username, password (stored in hashed form), order history, wishlists, saved preferences.
• Transactional data: contents of the order, amount, payment method used (full card details are never stored by us — see section on Security).
• Communications data: content of messages sent via contact forms, customer service interactions, product return communications.
• Technical and browsing data: IP address, session ID, browser type, operating system, pages visited, time on page, traffic source, cookies (see Cookie Policy).
• Marketing data: communication preferences, newsletter consent, personalisation segments.

Data is collected directly from you when you create an account, place an order, send a message or browse the site. Some fields are mandatory to provide the service (delivery, billing, payment) — their absence prevents the order from being completed. Optional fields are clearly indicated as such.

Your data is processed for the following purposes:

• Order management and contract performance: order processing, payment, delivery, invoicing, after-sales service. Legal basis: performance of the contract (Article 6(1)(b) UK GDPR).
• Customer account management: creating, accessing, modifying and deleting your account. Legal basis: performance of the contract.
• Customer service and responses to enquiries: handling enquiries via forms, email, complaints, returns. Legal basis: contract performance or legitimate interest in providing support.
• Marketing communications: sending newsletters, promotions, news. Legal basis: consent (Article 6(1)(a) UK GDPR), withdrawable at any time.
• Audience measurement and service improvement: aggregated statistics, journey analytics, A/B testing. Legal basis: legitimate interest, or consent where required by PECR.
• Fraud prevention: anti-fraud checks on orders (notably unusual payment patterns). Legal basis: legitimate interest in protecting our customers and business.
• Legal and accounting obligations: retention of invoices, accounting records, response to requests from public authorities. Legal basis: legal obligation (Article 6(1)(c) UK GDPR).

We retain your data only for as long as necessary for the purposes for which it was collected:

• Active customer account: for the duration of the relationship plus 3 years from the last activity, after which the account may be archived and then deleted.
• Order and invoicing data: 6 years from the end of the relevant accounting period, in line with UK record-keeping requirements (Companies Act 2006, HMRC guidance).
• Marketing data (newsletter): 3 years from the last active engagement (open, click, purchase).
• Cookies: a maximum of 13 months for analytics cookies, in line with regulatory guidance; variable duration for third-party cookies (see Cookie Policy).
• Connection logs and security records: 1 year in line with applicable statutory periods.

Your data is accessible only to those who need it for the purposes described:

• Authorised staff of customer service, logistics and accounting departments of AXELLE VERGER LLC;
• IT hosting and backup providers (Vercel, database vendors);
• Payment service providers (acquiring banks, regulated PSPs) for processing transactions;
• Carriers and logistics providers for delivery;
• Transactional and marketing email service providers;
• Anonymous analytics tools;
• Public authorities where required by a legal obligation.

All our processors are selected on strict security criteria and are bound by contract in accordance with Article 28 of the UK GDPR.

Some of our processors (notably for hosting, analytics and payments) may be located outside the UK and the EEA. Where this is the case, we rely on the safeguards provided for in Articles 44 et seq. of the UK GDPR: UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (with UK addendum), enhanced encryption measures, regular audits, and where applicable adherence to the EU-US Data Privacy Framework.

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

• Right of access: confirmation that we process your data and a copy of it.
• Right of rectification: have inaccurate or incomplete data corrected.
• Right to erasure ('right to be forgotten'): request deletion of your data, subject to any legal obligation requiring retention.
• Right to restrict processing: ask us to temporarily suspend processing.
• Right to object: on grounds relating to your particular situation, and at any time without justification for direct marketing.
• Right to data portability: receive your data in a structured, commonly used and machine- readable format.
• Right to withdraw consent: at any time, without affecting the lawfulness of earlier processing.

To exercise your rights, please contact us at admin@alaxella.shop, attaching proof of identity where required. We will respond within one month (extendable by two months for complex requests). If you are not satisfied with our response, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We may use automated techniques for payment fraud prevention and marketing personalisation (segmentation, product recommendations). These processes do not produce legal effects concerning you and are subject to human oversight. You can object to these processes at any time by contacting us.

We implement appropriate technical and organisational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Measures include end-to-end TLS encryption, password hashing, role-based access controls, audit logging of sensitive operations, regular backups, environment segregation, ongoing patching of our systems and periodic security testing.

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 of the UK GDPR and report the breach to the ICO within 72 hours where required.

Our services are not aimed at children under the age of 13. We do not knowingly collect data relating to children. If you believe a child has shared personal data with us, please contact us so we can delete it.

This policy may evolve to reflect legal or technical changes. Any material amendment will be notified by email or via a banner on the site. We invite you to review this page from time to time.

AXELLE VERGER LLC — 8206 Louisiana Blvd Ne, Ste A #9117, Albuquerque, New Mexico 87113 Us — Email: admin@alaxella.shop — Phone: +33 7 45 35 76 49.