Privacy policy

Privacy Policy – Vintage Heat Box

1. Introduction

At Vintage Heat Box, we are committed to protecting your privacy and handling your personal data with transparency and care.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, place an order, create an account, contact us, or otherwise interact with our services.

By using our website and services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for the processing of your personal data is:

Vintage Heat Box
51 rue Carnot
74000 Annecy
France
E-mail : info@vintageheatbox.com

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information you provide directly

When you place an order, create an account, contact us, subscribe to our newsletter, or otherwise interact with us, we may collect:

  • full name,
  • billing address,
  • shipping address,
  • email address,
  • phone number,
  • account login details,
  • order and purchase information,
  • payment-related details (processed securely via third-party providers),
  • any information you voluntarily provide in customer support requests or communications.

3.2 Information collected automatically

When you browse our website, we may automatically collect certain technical and usage data, including:

  • IP address,
  • browser type and version,
  • device type,
  • operating system,
  • language preferences,
  • referring website,
  • pages visited,
  • time spent on pages,
  • browsing behaviour,
  • date and time of access,
  • cookies and similar tracking technologies.

3.3 Information from third parties

We may receive information from third-party providers and partners, including:

  • payment processors,
  • shipping and logistics providers,
  • analytics providers,
  • advertising and marketing platforms,
  • social media platforms where applicable.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

4.1 To process and fulfil orders

Including to:

  • process payments,
  • prepare and ship your order,
  • send order confirmations and tracking updates,
  • manage returns, refunds, and claims.

4.2 To manage your customer account

Including to:

  • create and maintain your account,
  • authenticate your access,
  • provide account-related support.

4.3 To provide customer service

Including to:

  • respond to your questions,
  • handle complaints or disputes,
  • provide after-sales support.

4.4 To improve our website and services

Including to:

  • analyse website traffic and user behaviour,
  • improve site performance, functionality, and user experience,
  • develop new products, offers, and services.

4.5 For marketing and communications

Including to:

  • send newsletters,
  • send promotional emails and SMS (where consent is required),
  • show you relevant advertising and retargeting campaigns,
  • personalise offers and content.

4.6 To ensure security and prevent fraud

Including to:

  • detect suspicious or fraudulent transactions,
  • protect our website and systems,
  • enforce our legal rights and Terms.

4.7 To comply with legal obligations

Including to:

  • maintain accounting and tax records,
  • respond to legal requests,
  • comply with applicable laws and regulations.

5. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data on one or more of the following legal bases:

  • Performance of a contract: when processing is necessary to fulfil your order or provide our services;
  • Legal obligation: when processing is required by law;
  • Legitimate interests: where we have a legitimate business interest that does not override your rights and freedoms;
  • Consent: where required by law, for example for certain marketing communications or non-essential cookies.

6. Sharing of Personal Data

We may share your personal data with trusted third parties only where necessary for the purposes described in this Policy.

These may include:

6.1 Service providers

Such as providers of:

  • website hosting,
  • e-commerce infrastructure,
  • payment processing,
  • fraud prevention,
  • order fulfilment,
  • shipping and delivery,
  • email and SMS marketing,
  • customer support,
  • analytics and performance tracking.

6.2 Advertising and analytics partners

We may share certain data with advertising and analytics partners such as those used for:

  • website analytics,
  • ad performance measurement,
  • audience building,
  • retargeting campaigns.

6.3 Legal and regulatory authorities

We may disclose personal data where required to do so by law, regulation, court order, or governmental request, or where necessary to protect our legal rights.

6.4 Business transfers

If all or part of our business is sold, transferred, merged, or reorganised, your personal data may be transferred as part of that transaction.

We do not sell your personal data in the ordinary sense of directly selling customer lists for money.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to ensure proper website functionality, improve performance, analyse traffic, and personalise content and advertising.

These may include:

  • strictly necessary cookies,
  • analytics cookies,
  • functional cookies,
  • advertising and retargeting cookies.

Where legally required, non-essential cookies will only be placed after you have provided your consent through our cookie banner or consent management tool.

You can manage or withdraw your cookie preferences at any time through your browser settings or our cookie settings tool where available.

8. Marketing Communications

If you subscribe to our newsletter or agree to receive marketing messages, we may send you promotional communications by email and/or SMS.

You can unsubscribe at any time by:

  • clicking the unsubscribe link in our emails,
  • replying STOP to SMS messages where applicable,
  • or contacting us at info@vintageheatbox.com.

Please note that even if you opt out of marketing communications, we may still send you transactional or service-related messages, such as order confirmations or shipping updates.

9. International Data Transfers

Some of our service providers may process your personal data outside your country of residence, including outside the European Economic Area.

Where personal data is transferred outside the EEA, we take appropriate safeguards to ensure an adequate level of protection, such as:

  • reliance on adequacy decisions,
  • use of Standard Contractual Clauses approved by the European Commission,
  • or other legally recognised transfer mechanisms.

10. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this Privacy Policy, including for:

  • fulfilling contractual obligations,
  • complying with legal, tax, accounting, or regulatory requirements,
  • resolving disputes,
  • enforcing our legal rights.

Retention periods may vary depending on the type of data and the legal or operational necessity.

11. Your Rights

If you are located in the European Union or otherwise benefit from applicable privacy laws, you may have the following rights regarding your personal data:

  • Right of access – to know what personal data we hold about you;
  • Right to rectification – to correct inaccurate or incomplete data;
  • Right to erasure – to request deletion of your data in certain circumstances;
  • Right to restriction of processing – to limit how we use your data in certain cases;
  • Right to object – to object to certain processing, including direct marketing;
  • Right to data portability – to receive your data in a structured, commonly used, machine-readable format;
  • Right to withdraw consent – where processing is based on consent;
  • Right to lodge a complaint – with your local data protection authority.

To exercise any of these rights, please contact us at:

info@vintageheatbox.com

We may request proof of identity before processing certain requests.

12. Data Security

We implement reasonable technical, organisational, and administrative security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

However, no method of transmission over the Internet or method of electronic storage is completely secure. As such, while we take security seriously, we cannot guarantee absolute security.

13. Third-Party Services and External Links

Our website may contain links to third-party websites, apps, or services.

We are not responsible for the privacy practices, policies, or content of third-party websites or services. We encourage you to review their privacy policies before providing them with any personal data.

14. Children’s Privacy

Our website and services are not directed to children under the age of 16, and we do not knowingly collect personal data from children.

If you believe that a child has provided us with personal data, please contact us so that we can take appropriate action.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our legal obligations, business operations, or services.

Any changes will become effective upon publication on the Website.

We encourage you to review this page regularly to stay informed.

16. Contact

If you have any questions about this Privacy Policy or about how we handle your personal data, you may contact us at:

Vintage Heat Box
51 rue Carnot
74000 Annecy
France
E-mail : info@vintageheatbox.com

17. Complaints

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the competent data protection authority in your country of residence.

If you are located in France, you may contact the CNIL (Commission Nationale de l’Informatique et des Libertés):
CNIL Official Website