Privacy policy

Last update: August 18, 2025

This personal data management policy aims to inform and present to the various users of the website www.shark-helmets.com (hereinafter referred to as "the Website") how the PUBLISHER processes the personal data collected as the data controller. 

The data concerning users and customers in the context of the use of the Website and orders are processed by the PUBLISHER as the data controller under the conditions detailed below. 

The contact details of the PUBLISHER are listed in the legal notices. 

The PUBLISHER has appointed a Data Protection Officer (DPO) reachable: 

• by email dpo@shark-helmets.com 

• by postal mail at the following address: SHARK - DPO, 11 Traverse de la Buzine 13011 Marseille 

 

DESCRIPTION OF THE PROCESSING CARRIED OUT IN THE CONTEXT OF THE USE OF THE WEBSITE AND ORDERS 

 

As part of the operation of the Website and its activity, the PUBLISHER may collect and process personal data, as the data controller, according to the methods detailed below: 

 Account Creation 

 Data collected: first name, last name, email address, password (not stored in plain text), connection history, preferences, account creation date. 

Data collected in the context of the order and order history. 

Purposes: management of registration and customer account. 

 Legal basis: legitimate interests of the PUBLISHER to allow account creation and enable users to retrieve their information. 

 Data retention period: 

  • Active base: Retention during the account's activity period and until the account is deleted by the user or after an inactivity period of 2 years. The PUBLISHER will notify users of any account inactive for more than 2 years of the upcoming deletion of the account if no response from the user within 90 days. If there is no response from the user, the PUBLISHER will delete the account and archive the data.  
  • Archive base: the data may be retained for 5 years from the date of account deletion, based on the legitimate interests of the PUBLISHER for the purpose of establishing, exercising, or defending a legal right (statute of limitations). 

By exception to the foregoing, account connection logs are retained only for the duration of the account's activity. 

The mandatory or optional nature of the data entry is specified. during the collection. The mandatory communication of certain personal data is necessary for the PUBLISHER to implement the aforementioned purposes. Otherwise, the User will not be able to create their account. 

Product Order 

Data collected: account data and additionally, first name, last name, billing and delivery address if different, payment method, order details, delivery method, exchanges and correspondences regarding the order. 

 

Purposes:  

Execution of obligations related to the order such as delivery, billing, and warranty or after-sales service obligations, if applicable;

  • Management of returns and recalls; Conducting sales statistics. Data is anonymized for statistical purposes.   
  • Legal basis:  Execution of the contract (general terms of sale) and legal obligations related to billing, accounting, and warranty execution;
  • Legitimate interests of the publisher for conducting statistics. 

 

Data retention period: 

  • Active base: see account retention.  
  • Archive base: see account retention. 

Exceptionally, invoices are kept for 10 years (accounting obligations). Contracts worth more than 120 euros are archived for 10 years (legal obligation).  

The mandatory or optional nature of data entry is specified during collection. The mandatory communication of certain personal data is necessary for the PUBLISHER to implement the aforementioned purposes. Otherwise, the User will not be able to place an order. 

Contact Form  

Data collected: request category (dropdown menu), subject of the request, name, first name, email address, phone, country, city, and optionally, depending on the subject of the request: product serial number, defect details, attachment, comment.  

Purposes: respond to messages sent via the form and create a contact file. 

Legal basis:  Legitimate interests of the PUBLISHER in the context of its commercial prospecting activity. 

Retention period: 3 years from the last contact or until opposition.  

The mandatory or optional nature of data entry is specified during collection. The mandatory communication of certain personal data is necessary for the PUBLISHER to implement the aforementioned purposes. Otherwise, the User will not be able to use the contact form. 

 

Sending of newsletters 

Data collected: email address, newsletters sent, opening clicks and if available (account creation or order placement), name, first name, purchase history.  

Purposes: sending news emails and promotional offers concerning the PUBLISHER. 

Legal basis: legitimate interests of the PUBLISHER within the framework of its commercial prospecting activity for clients, consent for non-clients. 

Retention period: 3 years from the last contact or until opposition or withdrawal of consent.  

 

Customer reviews 

Collected data: First name or pseudonym, Email address, Rating (stars), Free comment, Submission date, Evaluated product reference 

Purposes: Public display of customer reviews on the site. Moderation and verification of reviews. Improvement of product and service quality. Internal statistics related to products. 

Legal basis: Legitimate interest of the PUBLISHER to allow other customers to benefit from a useful evaluation and maintain transparency 

Retention period: 3 years after publication for verification or moderation purposes. Reviews are retained as long as they are relevant to the referenced products and published anonymously via a pseudonym or first name. 

The mandatory or optional nature of data collection is specified during collection. The mandatory communication of certain personal data is necessary for the PUBLISHER to implement the aforementioned purposes. Otherwise, the User will not be able to create a review on a product. 

 

User-Generated Content  

Collected data: - Social account identifier (name/pseudonym). Shared content: photo, video, text. Associated metadata (publication date, possibly visible location, mentions). Explicit consent or dedicated hashtag: #SharkHelmets 

Purposes: Highlighting content on the site, social networks, newsletters, communication supports. Community enhancement. Marketing and product inspiration. 

Legal basis: Explicit consent (e.g., use of the hashtag #SharkHelmets, rights transfer form) 

OR 

Legitimate interest of the PUBLISHER in the case of unsolicited public shares and mention of the hashtag #SharkHelmets 

Retention period:  

- Content may be used up to 5 years after publication  
- Personal metadata (social account, mentions, private messages) are retained for a maximum of 3 years for evidence of consent or possible contact. 

The mandatory or optional nature of data collection is specified during collection. The mandatory communication of certain personal data is necessary for the PUBLISHER to implement the aforementioned purposes. Otherwise, the User will not be able to share content on the PUBLISHER's site. 

  

Cookies and trackers  

Data is collected via cookies placed on users' browsers when they visit the Website, as described on the cookie management console.  

Additionally, the user is informed that personal data may be collected and processed via cookies, according to the terms described below: 

Technical data: 

  • Data collected: IP address, browser type, language, operating system, timestamp, referring URL, device type
  • Purposes: Ensure site security, bug resolution, adapt display based on visors used. 
  • Legal basis: legitimate interests of the PUBLISHER within the framework of the functioning and security of the Website
  • Data retention period: 12 months from collection

 

Session cookie:  

  • Data collected: Temporary session identifier
  • Purposes: Maintain session open, secure browsing
  • Legal basis: legitimate interests of the PUBLISHER within the framework of the functioning of the Website 
  • Data retention period: duration of the user's session on the Website 

 

Performance cookies:  

  • Data collected: Loading time, errors, user journey, time spent, bounce rate
  • Purposes: understand user behavior on the website, optimize content and improve Website performance.
  • Legal basis: consent
  • Retention period: 13 months maximum after collection

 

Functionality cookies: 

  • Data collected: Display preferences, language, user options
  • Purposes: Personalize the user experience based on the user's choices and preferences
  • Legal basis: consent
  • Retention period: 6 to 13 months depending on the nature of the preference

  

Preference cookies: 

  • Data collected: Language choice, region, viewed products
  • Purposes: Provide personalized navigation and retain user choices
  • Legal basis: consent 
  • Retention period: 6 to 13 months, renewable upon new interaction

 

Audience measurement cookies : 

  • Data collected: Page views, time spent, clicks, traffic source
  • Purposes: Website traffic analysis and improvement of User Experience
  • Legal basis: consent 
  • Retention period: 13 months maximum

 

Targeting or advertising cookies: 

  • Data collected: Advertising identifiers, browsing history, viewed products, clicks
  • Purposes: Adapting marketing campaigns to user interests, tracking browsing habits, linking with social networks, measuring advertising campaign effectiveness
  • Legal basis: consent 
  • Retention period: 13 months maximum

 

Regarding third-party cookies: the PUBLISHER and its partners act as joint controllers for the processing of personal data collected via the cookies of its partners. Information about the partners is available in the cookie management console. 


Cookies used on our site

Our site uses different cookies to ensure its proper functioning, improve your user experience, and comply with legal obligations regarding data protection (GDPR/CCPA). Here is the list of cookies deposited by our partners:

Publisher Cookie name Retention period Function
Shopify _shopify_essential 150 days Essential technical cookie for the operation and security of the site
_shop_app_essential 12 months Used by Shop Pay to secure and facilitate payment
cart 30 days Stores information of the current cart
cart_currency 14 days Remembers the currency chosen by the user
localization 12 months Saves language and location preferences
keep_alive Session Keeps the user session active
shopify_pay_redirect 27 days Used to redirect the user to Shop Pay
_shopify_s Session Session identifier for internal audience measurement
_shopify_y 1 year Visitor identifier for internal audience measurement
_landing_page 14 days Records the landing page of the visit
_orig_referrer 14 days Retains the initial referral URL of the visit
_tracking_consent 12 months Stores the cookie consent status
Google _ga 13 months Unique identifier for audience measurement (Google Analytics)
_ga_D0FHK0HV4Z 13 months Additional cookie for Google Analytics 4
AMP_… (AMP client ID) 13 months Identifier used to measure audience on AMP pages
Meta (Facebook) _fbp 3 months Used for ad retargeting and Meta campaign measurement
Klaviyo __kla_id 13 months Visitor tracking and marketing attribution from emails
Axeptio (CMP) axeptio_cookies 6 months Preserves choices made regarding cookies
axeptio_all_vendors 6 months List of partners to whom consent has been given
axeptio_authorized_vendors 6 months List of authorized partners according to consent
Various / Shopify shopify_pay_redirect 27 days Management of redirection to Shop Pay



RECIPIENTS OF PERSONAL DATA 

 

Data controller: the data controller of this data is the company the PUBLISHER whose complete details are in the legal notice

 

Recipients: in accordance with the purposes outlined above, the personal data of the User and the User may be communicated:  

  • To the staff of the PUBLISHER for the management of accounts and website functionalities as well as of the commercial management, contract monitoring and execution of orders and after-sales service; 
  • To the technical suppliers of the PUBLISHER (host, IT service providers) as well as to payment institutions, delivery providers and its advisors if necessary.  

 

 

USER RIGHTS ON THEIR PERSONAL DATA 

 

Individuals whose data is collected by the PUBLISHER have the following rights at any time over their personal data:  

  • Right of access: obtain confirmation of the processing of their personal data as well as a certain amount of information on the processing, it being understood that this information is in any case given in this personal data protection policy

  • Right of rectification: obtain the rectification of their personal data when it is inaccurate or incomplete; 

  • Right to erasure ("right to be forgotten"): obtain the erasure of their personal data when it is no longer necessary for the purposes for which it was collected or in case of opposition to the processing of their personal data.  

 

The right to erasure is not enforceable in the cases provided for in Article 17.3 of the GDPR. In particular, this right is not open as long as the user wishes to use the platform, as this personal data is necessary for the PUBLISHER to provide the service. 

  • Right to restriction of processing: obtain the restriction of processing of their personal data, especially in case of dispute regarding the accuracy of the data, when the data retention period has expired but the person whose data is processed still needs to keep this personal data for the establishment, exercise or defense of a legal claim; 

  • Right to data portability: obtain the communication of personal data communicated to the PUBLISHER in a readable format, or request that the PUBLISHER transmit the communicated personal data to another data controller; 

  • Right to object: object at any time, for reasons related to their personal situation, to the processing of their personal data based on the legitimate interest of the PUBLISHER, except for compelling reasons of the PUBLISHER;

  • Right to withdraw consent: withdraw their consent for data processing based on it, the withdrawal of consent being applicable for the future;

  • Right to lodge a complaint: lodge a complaint with the National Commission on Informatics and Liberty if the person whose data is processed considers that the processing carried out by the PUBLISHER constitutes a violation of their personal data;

  • Right to define directives regarding the fate of their personal data after their death. 

 

These rights can be exercised at any time with the PUBLISHER: 

  • By email at the following address: customer.care@shark-helmets.com

  • By postal mail at the following address: Shark Helmets – Customer Service – 11 traverse de la buzine, 13011, Marseille, France