Welcome to Pômesse Paris | Shipping available worldwide | Complimentary travel size samples with orders over €100

FR

Privacy Policy

Version 1.0 – effective from 02/01/2026
Last updated: 02/01/2026

1. Purpose of This Policy

This privacy policy (hereinafter referred to as the 'Privacy Policy') aims to inform users of the website accessible at www.pomesse-paris.com (hereinafter the 'Site') about how the company PÔMESSE PARIS processes their personal data.

It is established in accordance with Law No. 78-17 of January 6, 1978, as amended, known as 'Data Protection and Freedoms' and the Regulation (EU) 2016/679 of April 27, 2016 regarding the protection of personal data ('GDPR').

The terms defined in the General Terms and Conditions of Sale ('GTCS') and/or the General Terms and Conditions of Use ('GTCU') retain the same meaning in this Privacy Policy.

The data controller is:

PÔMESSE PARIS, a simplified joint-stock company (SAS) with a capital of 30,000 euros, registered in the Nantes Trade and Companies Register under number 989 324 330, whose registered office is located at 144 rue Paul-Bellamy, CS 12417, 44000 Nantes, France, and having a secondary establishment at 7 boulevard Péreire, 75017 Paris, France.

VAT number: FR79989324330


Contact email: support@pomesse-paris.com

Data protection officer: dpo@pomesse-paris.com

(hereinafter 'PÔMESSE PARIS' or 'we').

2. What data is collected and in what context?

PÔMESSE PARIS may collect and process the following categories of data:

  1. Identification and contact data

    • First name, last name

    • Billing and delivery postal address

    • Email address

    • Phone number (optional unless required for delivery / customer service)

  2. Customer account data

    • Login ID

    • Password (encrypted, not readable by PÔMESSE PARIS)

    • Order history

    • In case of login via social networks (including Facebook/Google/Apple), PÔMESSE PARIS collects strictly necessary authentication information provided by these platforms (name, first name, email, and social ID). The social network provider acts as an independent data controller for authentication. PÔMESSE PARIS only receives the strictly necessary data transmitted by this provider.

  3. Order and payment data

    • Order number

    • Ordered products, amount, purchase date

    • Payment method, payment status

Bank details are processed only by certified providers; PÔMESSE PARIS never accesses or stores these data.

  1. Customer relationship data

    • Interactions with customer service (emails, messages through contact form or chat)

    • Complaints, requests for exercising GDPR rights

  2. Prospecting / communication data

    • Newsletter subscription (email)

    • Communication preferences (opt-in/opt-out)

    • Opening/click history

  3. Browsing data and cookies

    • IP address, browser type, pages visited, visit duration

    • Traffic source (campaigns, social networks, search engines)

    • Information from cookies and other trackers placed on the terminal, in accordance with Article 8 below and, where applicable, the Cookies Policy.

The collection and reading of marketing cookies are subject to your consent via the dedicated module.

  1. Product reviews and user-generated content data

    • Reviews, comments, ratings left on products

    • Published content (texts, possibly photos or videos, etc.)

PÔMESSE PARIS does not collect any health data under the GDPR unless you report an adverse effect related to a cosmetic product or food supplement. Only in this context, we may be required to collect information related to your health status (symptoms, reactions, allergies, photos, context), exclusively to meet our legal obligations of cosmetovigilance or nutrivigilance. These data may be transmitted to health authorities or our laboratory, they are never used for commercial or marketing purposes. They are limited to what is strictly necessary for processing the report and preserved according to the periods specified by applicable regulations before secure archiving or deletion.

Information potentially provided on your skin, wellbeing, or routine preferences is used solely to personalize content and recommendations, without a medical purpose.

Mandatory data are indicated at the time of collection by an asterisk or equivalent. Failure to provide these data may result in certain functionalities of the Site (account creation, placing orders, delivery, etc.) being unavailable.

4. Data Retention Periods

PÔMESSE PARIS retains your data only for the duration necessary for the purposes pursued, extended by the legal prescription periods if applicable. Access and security logs: stored for 12 months based on legitimate interest related to site security and fraud prevention.

For your information:

  • Account and commercial relationship data

    • Throughout the entire duration of the contractual relationship.

    • Then up to 3 years from your last contact (account login, email click, order, etc.), for prospecting purposes, unless you object or withdraw consent.

  • Order and billing data

    • Invoices and accounting documents: 10 years (legal obligation).

    • Order history: kept for the duration of the contractual relationship and then archived for 5 years for evidential purposes.

  • Data used for prospecting purposes (newsletter)

    • Until you withdraw your consent or 3 years after the last contact.

  • Data related to cookies and trackers

    • Maximum retention period: 13 months for cookies subject to consent, in accordance with CNIL recommendations.

    • Information derived from cookies may be retained for a maximum of 25 months in an aggregated and irreversibly anonymized form.

  • Cosmetovigilance / Nutrivigilance:

    • Specific legal durations

  • Data relating to claims, disputes, and litigation

    • For the entire duration necessary for processing and then for the applicable prescription period.

Beyond these periods, the data is either deleted or irreversibly anonymized.


5. Who has access to your data? Recipients and subcontractors

Your data is processed by authorized teams at PÔMESSE PARIS (including commercial, marketing, customer service, logistics, and accounting teams), within the scope of their respective missions.

They may also be transmitted, in a controlled manner, to service providers and subcontractors acting on behalf of PÔMESSE PARIS, especially for: hosting the Site and managing e-commerce operations, secure payment processing, sending emails and SMS, establishing marketing campaigns, audience analytics, logistics and delivery, collecting and managing reviews. These providers only act on the instructions of PÔMESSE PARIS, exclusively for the purposes described herein, and are contractually bound to strict confidentiality and security obligations.

Additionally, your data may be disclosed to:

  • the competent administrative or judicial authorities, upon request, to comply with a legal or regulatory obligation;

  • the external advisors of PÔMESSE PARIS (lawyers, accountants, etc.) if necessary for the defense of its rights or company management;

  • in the event of restructuring, merger, acquisition, business or asset transfer, to the relevant buyer or partner, in compliance with applicable regulations.

PÔMESSE PARIS does not sell your personal data. All subcontractors handling personal data are bound to PÔMESSE PARIS by a contract compliant with Article 28 of the GDPR. The main service providers likely to intervene include notably the e-commerce platform (Shopify), the Site host, audience measurement tools, email marketing tools, and advertising partners.

6. Data Transfers Outside the European Union

PÔMESSE PARIS prioritizes data hosting within the European Union. However, some service providers may be required to process data from countries outside the EU.

When these countries benefit from a European Commission adequacy decision—particularly within the framework of the EU-US Data Privacy Framework—transfers are carried out on this basis. In other cases, PÔMESSE PARIS ensures they are governed by the Standard Contractual Clauses adopted by the European Commission, accompanied, when necessary, by additional safeguards.

PÔMESSE PARIS ensures that each of its providers implements appropriate technical and organizational measures to guarantee a level of protection equivalent to that of the European Union.


7. Your Rights Regarding Your Data

In accordance with the GDPR and the French Data Protection Act, you have the following rights regarding your personal data:

  • Right of access: obtain confirmation that processing concerning you is underway and, if so, receive a copy.

  • Right of rectification: correct or complete inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”): request the deletion of your data in the cases provided for by the regulations.

  • Right to restrict processing: request the temporary suspension of all or part of the processing.

  • Right to object:

    • at any time to the processing of your data for commercial prospecting purposes (including profiling related to such prospecting). You can also object to marketing profiling at any time by withdrawing your consent to non-essential cookies.

    • for reasons related to your particular situation, to other processing based on the legitimate interest of PÔMESSE PARIS.

  • Right to data portability: receive the data you have provided, in a structured, commonly used, and machine-readable format, and transmit it to another controller where technically feasible.

  • Right to withdraw your consent at any time when processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal.

  • Right to set guidelines regarding the fate of your data after your death.

  • Newsletter unsubscription : Each commercial communication includes an unsubscribe link allowing you to withdraw your consent at any time.

To exercise your rights, you may contact PÔMESSE PARIS at the following address:

Email: dpo@pomesse-paris.com

Postal address: PÔMESSE PARIS – Personal Data,
144, rue Paul Bellamy – CS 12417, 44000 Nantes, France.

You will need to specify your identity (and attach verification if necessary in case of reasonable doubt) as well as the object of your request.

Exercising your rights is free. However, PÔMESSE PARIS may charge you reasonable fees for manifestly unfounded or excessive (repetitive) requests, in accordance with the GDPR.

PÔMESSE PARIS will respond within one (1) month from the receipt of your request. This period may be extended by two (2) months considering the complexity and number of requests; in such cases, you will be informed.

In case of an unresolved difficulty, you have the right to lodge a complaint with the competent supervisory authority, particularly the National Commission for Computing and Liberties (CNIL).

8. Cookies and other trackers

While browsing the Site, cookies and other trackers may be placed on your device (computer, tablet, smartphone).

8.1. What is a cookie?

A cookie is a small text file saved on your device when visiting a site. It allows, in particular:

  • to remember your browsing preferences;

  • to keep your session open;

  • to measure the Site's audience;

  • to offer tailored content and advertisements.

Consent management allows you to accept, refuse, or set non-essential cookies.

8.2. Types of cookies used

Subject to your choices, PÔMESSE PARIS and/or its partners may use:

  1. Cookies strictly necessary for the operation of the Site

    • Essential for navigation, basket management, order processing, and Site security.

    • Their removal may cause malfunctions.

  2. Functionality cookies

    • Enable the memorization of your preferences (language, display settings, etc.) and improve your user experience.

  3. Audience measurement and performance cookies

    • Used to create anonymized statistics of the Site's traffic and usage (most visited pages, journeys, etc.).

    • Issued notably by Google Analytics, under the conditions provided by their privacy policies.

  4. Marketing and advertising cookies

    • Enable personalization of ads and content based on your browsing, including on third-party sites (retargeting).

    • Issued, where applicable, by our partners: Meta (Facebook/Instagram), Google Ads, TikTok, etc.

8.3. Managing your choices

During your first visit to the Site, a banner informs you of the presence of cookies and allows you via the "Cookie management" icon permanently accessible at the bottom of the Site:

  • to accept,

  • to refuse,

  • or to customize the placement of non-essential cookies.

You can modify your choices at any time:

  • via the cookie management module accessible at the bottom of the Site page;

  • by configuring your browser (systematic refusal, deletion of existing cookies, etc.).

Refusing certain cookies may degrade some features of the Site (for example, basket memorization, personalization).

9. Safety

PÔMESSE PARIS implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks, including:

  • access control to data within teams;

  • hosting with providers that offer security and compliance assurances;

  • encryption of data flows during payments (SSL/TLS protocol);

  • internal incident management procedures.

However, no system is infallible, and PÔMESSE PARIS cannot guarantee absolute security. In the event of a data breach likely to result in a high risk to your rights and freedoms, PÔMESSE PARIS will inform you as required by regulations.

PÔMESSE PARIS notifies any personal data breach to the supervisory authority when required by regulations.

10. Privacy Policy Update

This Privacy Policy may evolve, particularly to take into account:

  • any legislative or regulatory changes;

  • any advancements in the processing implemented by PÔMESSE PARIS;

  • any changes in the list of our providers or partners involving data processing.

The applicable version is the one accessible online on the Site at the date of your browsing. In case of substantial modification (for example, changes in purposes, legal bases, or categories of data), PÔMESSE PARIS will inform you by an appropriate means (email, banner on the Site, etc.) in order to collect, if necessary, your consent when the law requires it.

11. Contacts and Mediation

For any questions related to this Privacy Policy or to exercise your rights, you can contact:

dpo@pomesse-paris.com or PÔMESSE PARIS – Personal Data 144 rue Paul Bellamy – CS 12417 – 44000 Nantes – France

For any complaints related to the protection of personal data, you can submit them to the CNIL.
The CM2C mediation concerns only consumer disputes related to a purchase and not questions related to personal data protection.