DENSÏA

Privacy Policy

Last updated: May 18, 2026 Effective date: May 18, 2026

1. Who We Are

DENSÏA is a hair care brand operated by DORIAN E-SHOP, a simplified joint-stock company (Société par Actions Simplifiée Unipersonnelle — SASU) incorporated under French law.

Registered with the Registre du Commerce et des Sociétés de Saint-Malo under number 931 965 362.

Registered office: 16 Chemin du Berceul, 35780 La Richardais, France.

Contact for privacy matters: densiacontact@gmail.com

As a French legal entity, DORIAN E-SHOP is subject to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and French data protection law. As an operator selling to residents of the United States, DORIAN E-SHOP is also subject to applicable US state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

2. Scope of This Policy

This Privacy Policy explains how DORIAN E-SHOP collects, uses, stores, shares, and protects the personal information of visitors and customers of the DENSÏA website (densia.com) and related digital properties (collectively, the “Site”).

This Policy applies to:

  • All visitors to the Site, regardless of location
  • All customers who place orders through the Site
  • All individuals who subscribe to our email communications or marketing programs
  • All individuals who interact with our advertisements on third-party platforms

3. Information We Collect

3.1 Information You Provide Directly

We collect personal information that you voluntarily provide, including:

  • Contact information: first name, last name, email address, phone number (if provided)
  • Shipping and billing information: delivery address, billing address
  • Payment information: payment card details are processed directly by Shopify Payments and are not stored by DENSÏA
  • Account information: email address and password if you create an account
  • Communications: messages you send us via email or contact forms
  • Subscription preferences: your choices regarding subscription frequency and product selection

3.2 Information Collected Automatically

When you visit the Site, we and our service providers automatically collect:

  • Device and browser information: browser type and version, operating system, device type
  • Usage data: pages visited, time spent on pages, referring URLs, clicks
  • IP address and approximate geographic location derived from it
  • Cookie identifiers and similar tracking data (see Section 6)
  • Session data: how you navigate through the Site

3.3 Information from Third Parties

We may receive information about you from:

  • Meta Platforms, Inc.: interaction data from our advertisements (impressions, clicks, conversions)
  • Klaviyo, Inc.: email engagement data (opens, clicks, unsubscribes)
  • Shopify, Inc.: order and transaction data processed through their platform

4. How We Use Your Information

4.1 Order Fulfillment and Customer Service

  • Processing and fulfilling your orders
  • Sending order confirmations, shipping notifications, and tracking information
  • Responding to your inquiries, refund requests, and support tickets
  • Managing returns and the 90-day money-back guarantee process

4.2 Marketing and Communications

  • Sending promotional emails and newsletters (with your consent)
  • Personalizing marketing content based on your purchase history and preferences
  • Managing subscription communications through Klaviyo
  • Running targeted advertising campaigns on Meta platforms

4.3 Business Operations

  • Preventing fraud and ensuring platform security
  • Analyzing Site performance and improving user experience
  • Complying with legal obligations and enforcing our terms
  • Processing subscription management through Katching

5. Legal Basis for Processing (GDPR)

For individuals located in the European Economic Area, the United Kingdom, or Switzerland, we process personal data on the following legal bases:

  • Performance of a contract (Article 6(1)(b) GDPR): processing necessary to fulfill your order, manage your account, and provide customer service
  • Legitimate interests (Article 6(1)(f) GDPR): fraud prevention, security, improving our services, and direct marketing to existing customers
  • Consent (Article 6(1)(a) GDPR): for email marketing to new subscribers, cookies and tracking technologies beyond strictly necessary cookies
  • Legal obligation (Article 6(1)(c) GDPR): compliance with tax, accounting, and regulatory requirements

You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

6. Third-Party Services and Data Sharing

We do not sell your personal information. We share data only with the service providers listed below, strictly for the purposes described.

6.1 Shopify, Inc.

  • Role: Data processor / service provider
  • Purpose: E-commerce platform, payment processing, order management, hosting
  • Data shared: Name, email, address, order details, device and browsing data
  • Privacy policy: shopify.com/legal/privacy

6.2 Meta Platforms, Inc. (Facebook / Instagram)

  • Role: Independent controller / advertising partner
  • Purpose: Advertising, retargeting, conversion tracking via Meta Pixel
  • Data shared: Hashed email address, browsing events, purchase events, IP address (hashed), device identifiers
  • Note: Meta may use this data in accordance with its own privacy policy for its own advertising products. California residents may opt out of this sharing (see Section 10).
  • Privacy policy: facebook.com/privacy/policy

6.3 Klaviyo, Inc.

  • Role: Data processor / service provider
  • Purpose: Email marketing automation, subscriber management, behavioral tracking for email personalization
  • Data shared: Email address, name, purchase history, browsing behavior on the Site, email engagement data
  • Privacy policy: klaviyo.com/legal/privacy

6.4 Katching (Subscription Management)

  • Role: Data processor / service provider
  • Purpose: Managing recurring subscription orders
  • Data shared: Name, email address, subscription preferences, billing information (processed by Shopify Payments)

6.5 Other Disclosures

We may also disclose personal information:

  • To comply with legal obligations, court orders, or government requests
  • To protect the rights, property, or safety of DENSÏA, our customers, or others
  • In connection with a merger, acquisition, or sale of substantially all of our assets

7. Cookies and Tracking Technologies

7.1 What We Use

  • Strictly necessary cookies: required for the Site to function (shopping cart, session management). These cannot be disabled.
  • Analytics cookies: help us understand how visitors use the Site
  • Marketing cookies: used by Meta Pixel to measure ad performance and enable retargeting
  • Functional cookies: remember your preferences (currency, session)

7.2 Cookie Management

Upon first visiting the Site, you will be presented with a cookie consent banner. You may accept, reject, or customize non-essential cookies at any time through the cookie settings accessible in the footer of the Site.

7.3 Global Privacy Control (GPC)

We recognize and honor the Global Privacy Control (GPC) browser signal. If your browser sends a GPC signal, we will treat this as a valid opt-out of the sale and sharing of your personal information for targeted advertising purposes.

8. Email Marketing

We use Klaviyo to manage our email communications. By subscribing to our mailing list or making a purchase, you may receive transactional emails (order confirmations, shipping notifications) and marketing emails (promotions, product news).

You may unsubscribe from marketing emails at any time by clicking the “Unsubscribe” link in any email or by contacting us at densiacontact@gmail.com. Unsubscribing will not affect transactional communications related to active orders or subscriptions.

9. Your Privacy Rights

9.1 Rights Under GDPR (EU, EEA, UK, Switzerland)

  • Right of access: obtain a copy of your personal data we hold
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure: request deletion of your data, subject to legal retention obligations
  • Right to restriction of processing: limit how we use your data in certain circumstances
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: for processing based on consent, at any time

Supervisory authority: Commission Nationale de l’Informatique et des Libertés (CNIL) — www.cnil.fr

9.2 Rights Under CCPA/CPRA (California Residents)

  • Right to know: request disclosure of categories and specific pieces of personal information collected
  • Right to delete: request deletion of personal information we have collected
  • Right to correct: request correction of inaccurate personal information
  • Right to opt-out: direct us not to sell or share your personal information (see Section 10)
  • Right to non-discrimination: we will not discriminate against you for exercising any of these rights

To submit a request, contact us at densiacontact@gmail.com. We will respond within 45 days as required by law.

9.3 Other US State Rights

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Florida, Oregon, Montana, and other states with comprehensive privacy laws have similar rights to those described above. We extend these rights to all US residents where applicable.

10. Do Not Sell or Share My Personal Information

DENSÏA does not sell personal information for monetary consideration. However, under California law, certain sharing of personal information with Meta Platforms for cross-context behavioral advertising may constitute “sharing” of personal information.

California residents may opt out by:

11. Data Retention

  • Order and transaction data: 7 years (French commercial and tax law requirements)
  • Customer account data: for the duration of your account, plus 3 years after closure
  • Email marketing data: until you unsubscribe or withdraw consent, plus 3 years
  • Analytics and behavioral data: 13 months
  • Customer service records: 3 years from last interaction

12. International Data Transfers

DORIAN E-SHOP is a French entity and processes data primarily within the European Union. Our service providers — including Shopify, Meta, and Klaviyo — are headquartered in the United States and may transfer personal data internationally.

Such transfers are conducted using Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards. You may request a copy by contacting densiacontact@gmail.com.

13. Children’s Privacy

The Site is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe your child has provided us with personal information, please contact densiacontact@gmail.com and we will promptly delete it.

14. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including SSL/TLS encryption, restricted internal access, and Shopify’s certified payment security. No method of transmission is 100% secure. In the event of a personal data breach, we will notify relevant authorities and affected individuals as required by applicable law.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last Updated” date. For material changes, we will notify you via email or a prominent Site notice before the change becomes effective.

16. Contact Us

DORIAN E-SHOP — Privacy Officer

16 Chemin du Berceul, 35780 La Richardais, France

Email: densiacontact@gmail.com

DENSÏA is a brand of DORIAN E-SHOP SASU — RCS Saint-Malo 931 965 362