Privacy Policy – Happer SAS

1. Identity and Contact of the Data Controller

The company Happer SAS (hereinafter "Happer", "we", "our", "the Company") is responsible for processing your personal data collected in the context of the use of our online platform, our mobile application, as well as all associated services.

Legal Information:

- Corporate name : Happer SAS

- Legal form : Simplified Joint Stock Company with a Sole Shareholder (SASU)

- Share capital : €1,000 (modifiable according to statutes)

- Registered office : 6 Rue d’Armaillé, 75017 Paris, France

- Main contact : support@happer.fr

As the data controller, we define the purposes (why we collect your data) and the means (how it is collected, stored, protected, and shared).

Concrete example: when you place an order on Happer, we collect your contact details to fulfill delivery. It is Happer SAS that is legally responsible for this processing, even if a partner brand ships the package.

2. Data Protection Officer (DPO)

In accordance with the GDPR, certain companies must appoint a Data Protection Officer (DPO) when their activities involve large-scale monitoring or sensitive data.

- As of today, Happer SAS has not appointed a mandatory DPO , since our processing mainly concerns standard personal data (identity, contacts, browsing, purchase history).

- However, we have appointed an internal GDPR officer who ensures regulatory compliance and follows up on user rights requests.

- If you wish to contact our GDPR officer, you can write to: support@happer.fr

We reserve the right to formally appoint a DPO if the evolution of our services or the geographical expansion of our activities makes it necessary.

3. Purposes and Legal Bases of Processing

a. Use of your data for service execution

We process your data in order to:

- Create and manage your user account,

- Allow access to the app and its features,

- Manage your orders and payments,

- Ensure product delivery (including in cooperation with our partner brands),

- Provide after-sales service, invoicing, and complaint management.

Legal basis: Performance of the contract between you and Happer.

b. Communication and customer relationship

We use your contact details to:

- Inform you about the progress of your orders,

- Send you notifications related to your purchases,

- Respond to your requests sent to our customer service.

Legal basis: Legitimate interest in ensuring a good customer experience.

c. Marketing, advertising, and personalized recommendations

Your browsing data and purchase history may be used to:

- Send you newsletters, promotional offers, and invitations to exclusive sales,

- Personalize the content you see in the app,

- Display product recommendations matching your tastes and preferences.

Legal basis: Explicit consent (opt-in), which you can withdraw at any time.

d. Continuous improvement and security

We analyze your data (in aggregated form) to:

- Improve the usability and performance of our services,

- Detect and prevent fraud or misuse,

- Produce anonymized statistics on platform usage.

Legal basis: Legitimate interest in ensuring the security, reliability, and development of our services.

4. Categories of Data Collected

Identification data

- First name, last name, email address, phone number, user ID.

Transactional data

- Purchase history, products viewed or added to cart, billing/delivery addresses, payment method.

Delivery data specific to Happer

- Important: Each order may include products shipped directly by different partner brands.

- Therefore, your invoice may include several delivery fee lines, corresponding to each brand applying its own pricing conditions.

Browsing data and cookies

- IP address, device type, operating system, pages visited, session duration.

- Necessary cookies (technical), analytics cookies, advertising cookies (with your consent).

Data from third parties

- Payment information transmitted by payment providers (Stripe, PayPal, etc.),

- Data from social networks if you log in with your account (login via Google, Apple, Facebook).

5. Data Recipients

Internal recipients

- Happer teams (support, technical, marketing, finance).

External recipients

- Partner brands: only for order execution (delivery and after-sales).

- Technical providers : cloud hosting, CRM solutions, payment providers, email/SMS delivery services.

- Legal authorities : only in case of legal or judicial obligation.

We commit to never selling your data to third parties.

6. Data Retention Period

- User account : retained as long as the account is active, then deleted after 3 years of inactivity.

- Orders and invoices : retained for 5 years to comply with accounting obligations.

- Browsing data (cookies) : maximum 13 months.

- Marketing data : retained until you withdraw your consent.

Retention periods may be adjusted if the law requires longer storage.

7. Your Rights

Under the GDPR, you have the following rights:

- Access : obtain a copy of your data,

- Rectification : correct inaccurate data,

- Erasure : ("right to be forgotten"),

- Objection : refuse the use of your data for marketing purposes,

- Portability : receive your data in a usable format,

- Restriction : request temporary suspension of processing,

- Withdrawal of consent at any time.

You can exercise your rights by writing to: support@happer.fr

In case of disagreement, you have the right to file a complaint with the CNIL (www.cnil.fr).

8. Transfers outside the European Union

Some of our technical providers (e.g. hosting, emailing solutions, tracking tools) may be located outside the European Economic Area.

In this case, Happer SAS ensures that such transfers comply with regulations through:

- Standard Contractual Clauses issued by the European Commission,

- Providers’ adherence to the Data Privacy Framework or equivalent mechanisms,

- Additional measures (encryption, pseudonymization).

9. Data Security

We apply appropriate technical and organizational measures:

- SSL/TLS encryption of data in transit,

- Encryption of sensitive databases,

- Regular and secure backups,

- Strict server access control,

- Regular staff training on GDPR and cybersecurity.

In the event of a data breach, we commit to notifying the CNIL within 72 hours, and informing you if a high risk to your rights and freedoms exists.

10. Consent and Transparency

Your consent is:

- Collected via clear, non-pre-checked boxes,

- Documented in our systems,

- Withdrawable at any time from your user settings or by a simple email.

We guarantee clear and accessible information, available from all pages of our website and application.

11. Accountability

Happer SAS undertakes to:

- Maintain a record of processing activities in compliance with Article 30 of the GDPR,

- Carry out Data Protection Impact Assessments (DPIA) in case of high-risk processing,

- Document all internal procedures related to data management,

- Regularly check compliance of its partners.

12. Policy Updates

This privacy policy may be updated. The date of the last update will be indicated at the top of the document.

In case of substantial modification (e.g. new purpose, new recipients), we will inform you by notification or email to collect your consent again if necessary.

🌐
Change Language
Français
French
English
English