Privacy Policy

AVA Privacy Policy

Effective date: August 21, 2025

This Privacy Policy explains how AVA (“AVA,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit our websites, shop with us, contact us, or otherwise interact with our services (collectively, the “Services”).

If you do not agree with this Policy, please do not use the Services.

1) Who we are & how to contact us

Controller/Operator: AVA (legal entity: [AVA Commerce SAS])
Registered address: [Address, City, Country]
Email: [privacy@ava.example]
DPO/Privacy contact (if applicable): [Name, email]

2) Scope

This Policy applies to:

  • Websites we operate that link to it,

  • Accounts you create with us,

  • Purchases made online,

  • Customer support channels, email/SMS marketing, and social media pages.

3) Information we collect

  • Identifiers & contact data: name, email address, phone number, shipping/billing addresses.

  • Account & profile data: username, password, order history, saved items, preferences.

  • Order & payment data: products purchased, order value, transaction details. Payments are processed by third-party processors; we do not store full card numbers.

  • Device & usage data: IP address, device and browser type, operating system, app version, pages viewed, links clicked, time stamps, crash logs.

  • Approximate location: derived from IP or shipping address.

  • Marketing & communications: your consents, opt-ins/opt-outs, campaign interactions.

  • User content: product reviews, photos, survey responses, messages to support.

  • Social sign-in data: if you connect via a social platform, we receive information that platform shares with us per your settings.

  • Cookies & similar tech: pixels, SDKs, tags, and local storage (see Cookies below).

Sources: directly from you, automatically from your device, from service providers (e.g., payment, delivery, analytics, advertising), and from publicly available sources where lawful.

4) How we use your information

  • Provide the Services: create/manage your account, fulfill and deliver orders, process payments, returns, and customer support.

  • Improve & personalize: troubleshoot, analyze performance, develop new features, personalize content and recommendations.

  • Marketing & promotions: send newsletters, offers, and updates (with your consent where required).

  • Security & fraud prevention: detect, investigate, and prevent fraud, abuse, security incidents, and illegal activities.

  • Legal compliance: comply with tax, accounting, and other legal obligations; enforce our terms; protect our rights.

Legal bases (EEA/UK/Swiss GDPR)

We process personal data where:

  • Contract: to provide the Services you request.

  • Consent: for email/SMS marketing, certain cookies, and where otherwise required.

  • Legitimate interests: to secure our Services, prevent fraud, personalize non-essential features, and improve offerings (balanced against your rights).

  • Legal obligation: to satisfy regulatory and record-keeping duties.

5) How we share information

We do not sell personal information. We share it with:

  • Service providers/processors: payment, hosting/cloud, logistics & delivery, customer support, communications, analytics, and marketing tools—bound by contract to use data only for our instructions.

  • Business partners & affiliates: for operations, reporting, and consistent customer experience.

  • Legal & safety: to comply with law or respond to lawful requests; to protect rights, property, and safety.

  • Business transfers: in connection with a merger, acquisition, reorganization, or asset sale (we will notify you of material changes).

Some disclosures for targeted advertising or analytics may constitute “sharing” under certain laws (e.g., California). See Your Rights and Cookies for opt-out choices.

6) International transfers

If we transfer your data outside your country (including outside the EEA/UK/Switzerland), we implement appropriate safeguards, such as Standard Contractual Clauses and supplementary measures, as required by law.

7) Retention

We keep personal information only as long as needed for the purposes described, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Criteria include the type of data, the length of our relationship, and legal requirements.

8) Your privacy rights

EEA/UK/Switzerland

You may have the right to access, rectify, erase, restrict, or object to processing, and to data portability. Where processing relies on consent, you may withdraw consent at any time. You can also lodge a complaint with your local supervisory authority (e.g., CNIL in France or the ICO in the UK).

California (CPRA)

California residents may have the right to:

  • Know categories and specific pieces of personal information we collected, the sources, purposes, and categories of third parties.

  • Delete personal information, subject to exceptions.

  • Correct inaccurate personal information.

  • Opt out of “sale”/“sharing” of personal information for cross-context behavioral advertising.

  • Limit use/disclosure of sensitive personal information where applicable.

  • Non-discrimination for exercising rights.

To exercise rights: email [privacy@ava.example] or use [web form link]. We will verify your request and may require additional information. You may use an authorized agent with proper documentation.

Other regions

Depending on your location, you may have similar rights. Contact us to exercise them.

9) Your choices

  • Email & SMS marketing: unsubscribe via links in our messages or by contacting us.

  • Account settings: update profile, preferences, and saved addresses after signing in.

  • Targeted advertising/analytics: use our cookie banner/manager to opt in/out where available; enable a browser-level Global Privacy Control (GPC) signal—we honor it where required.

  • Device settings: reset ad identifiers and manage permissions (e.g., location, push notifications).

10) Cookies & similar technologies

We use:

  • Essential cookies (required for the site to function),

  • Performance/analytics (e.g., understanding how features are used),

  • Functionality (remembering choices),

  • Advertising/retargeting (showing relevant offers).

Manage preferences via our Cookie Settings link and your browser settings. Blocking some cookies may affect site functionality.

11) Security

We use administrative, technical, and physical safeguards designed to protect personal information (e.g., encryption in transit, access controls, monitoring). No method of transmission or storage is 100% secure.

12) Children’s privacy

Our Services are not directed to children. We do not knowingly collect personal information from children under the age of 13 (or a higher age where required by local law). If you believe a child provided data to us, contact us to request deletion.

13) Third-party links & features

Our Services may link to third-party sites or include third-party features. Their privacy practices are governed by their policies.

14) Automated decision-making

We do not engage in solely automated decisions that produce legal or similarly significant effects without human review. If this changes, we will provide required notices and safeguards.

15) Changes to this Policy

We may update this Policy from time to time. Material changes will be posted on this page with a new effective date and, where required, we will notify you.

16) Contact us

Questions or requests about this Policy or your personal information:
Email: [privacy@ava.example]
Postal: [AVA Privacy, Address, City, Country]