Privacy policy
Last updated: September 13, 2025
This page explains how EasyShopBuilder processes your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable French law. It applies to easyshopbuilder.com and its sub-pages.
1. Controller
EasyShopBuilder, contact: contact.ecomshopfrance@gmail.com.
Postal address: E-Com Shop, 60 rue Francois 1er, 75008 Paris, France.
2. Purposes, lawful bases and data processed
| Purpose | Lawful basis | Data | Retention |
|---|---|---|---|
| Newsletter delivery | Consent (Art. 6-1 a) | Email, subscription date/time, IP (anti-abuse), double opt-in status (if enabled) | Until consent withdrawal or 24 months of inactivity |
| Audience measurement (GA4) | Consent (Art. 6-1 a) — not loaded by default | Analytics identifiers/events (if opted in) | 13 months (common Analytics retention) |
| Anti-bot security (reCAPTCHA v3) (if enabled) | Legitimate interest (Art. 6-1 f) — secure forms | Technical browsing data assessed by Google | Per Google’s policy (see transfers) |
| Cookie consent log | Legal obligation + legitimate interest | Preferences, timestamp, session identifier (stored locally) | 13 months then purge |
3. Data sources
- Directly from you (newsletter form, cookie preferences).
- Automatic: only after Analytics consent (GA4 events) or for security (reCAPTCHA v3 if enabled).
4. Recipients and processors
- Hosting/delivery: Netlify, Inc. (United States) — public GDPR/CCPA commitments and DPA.
- Newsletter form: Google Apps Script (Web App) & Google Sheets (Google Ireland/LLC).
- Analytics & reCAPTCHA: Google (Google Ireland/LLC). GA4 loads only after your opt-in.
5. International transfers
Some providers (Netlify, Google) may process data outside the EU. We rely on mechanisms offered by these providers (DPAs, Standard Contractual Clauses, and where applicable, adequacy frameworks). Analytics data is sent only after your explicit consent.
6. Your rights
Under GDPR Articles 15–22: right of access, rectification, erasure, restriction, objection and portability. To exercise your rights: contact.ecomshopfrance@gmail.com. You may also lodge a complaint with a supervisory authority (e.g., CNIL).
7. Cookies & trackers
We use an opt-in consent banner with the following categories:
- Necessary (always active): consent preferences (localStorage), anti-spam (honeypot/delay), language/redirect.
- Analytics (optional): Google Analytics 4, loaded via
www.googletagmanager.comonly after your consent.
You can change your consent anytime via the “Cookie preferences” link (footer) or by clearing site data/localStorage in your browser.
8. Newsletter (Google Sheets)
The form stores your email in a Google Sheets spreadsheet owned by the publisher’s Google account. We use a honeypot and a delay as anti-bot measures. Optionally, reCAPTCHA v3 may be enabled for security; if so, the information is displayed and Google’s service/policies apply.
9. Security measures
- Encrypted transport (HTTPS/TLS) and HSTS.
- Restrictive CSP limiting sources (YouTube nocookie, Google Tag Manager, translate.googleapis.com, translate.google.com, gstatic.com, Apps Script domain).
- Strict Referrer-Policy, minimal Permissions-Policy.
- Script isolation: Analytics blocked until consent.
- Local consent log and the ability to withdraw at any time.
10. Retention
- Newsletter: until consent withdrawal or 24 months of inactivity, then deletion/anonymization.
- Cookie consent: 13 months.
- Security technical logs: up to 12 months if necessary.
11. Contact & complaints
For questions about this policy: contact.ecomshopfrance@gmail.com.
Supervisory authority: CNIL.
12. Changes
We may update this policy to reflect legal or technical changes. The last updated date appears at the top of the page.
This document is for general information only and does not constitute legal advice. Adapt it to your situation (list of processors, signed DPAs, specific lawful bases, country-specific notices).