Privacy Policy

Date of last update: July 2020

The protection of your personal data is part of SMCP Group's values (brand Sandro). By using our website (the “Website”), or visiting one of our stores, you acknowledge that you have read this privacy policy (“Privacy Policy") which regulates the protection of your personal data collected while using our Website, meaning any information identifying you either directly or indirectly ("Data" or "Personal Data"), such as your surname, first name, postal address, email, customer number, etc.

  1. Who are the Data Controller and the Data Protection Officer?

  2. Which Personal Data do we collect?

  3. Why do we use your Personal Data?

  4. What are your rights with regard to your Personal Data?

  5. Who are the recipients of your Personal Data?

  6. Transfer of your Personal Data outside the European Union

  7. Security and privacy of your Personal Data

  8. For how long do we store your Personal Data?

  9. Miscellaneous

1. Who are the Data Controller and the Data Protection Officer?

Within the context of the protection of your Data, the regulations define two key roles:

- The Data Controller, who determines the purposes for which your Data is collected. The company is Sandro, whose registered office is located at 150 boulevard Haussmann 75 008 Paris, registered on the Trade & Companies Register of Paris under the number 319 427 316 ("Sandro", "we"), which can be contacted by telephone at 00 800 726 376 00 and by email by completing the contact form, under "Personal Data" located on the contact page of the Website;

- The Data Protection Officer, who advises and supports our company with the compliance of our procedures with personal data regulations. The Data Protection Officer may be contacted for any questions relating to your Personal Data by email at the following address: dpo@smcp.com or by post at: DPO, Sandro, 49 rue Etienne Marcel 75 001 Paris.



2. Which Personal Data do we collect?

Your Personal Data is collected, for example, when you enter it in the dedicated forms on the Website or when you create your customer account in store, when you place an order on the Website, when you correspond with Customer Services and, more generally, when you browse our Website. The following Personal Data is involved:

3. Why do we use your Personal Data?

We use your Personal Data for several reasons.

Our primary objective is, of course, to satisfy you as customer. For this reason, we collect most of your Data within the context of your purchases, particularly to deliver your orders and to give you the support you may request.

On the other hand, we may collect your Data when you give us your consent for purposes that will enhance your experience with our brand.

Finally, other Data is collected because it arises from a need based on a legitimate interest (for example, to facilitate the access to our Website and its use).

You will find further examples below of the purposes for which Data is collected:

Legal basis

Processing purposes

Your purchasing

Ensure the delivery of the products you have ordered

Manage the customer relationship and any complaints you might have

Manage any requests related to the exercise of your rights in relation to personal data

Your consent

Receive our newsletters and customised offers

Benefit from a browsing experience customised according to your purchasing history and your browsing on the Website

Benefit from our customised advertising promotions on third-party media

Our legitimate interest

Access to the Website and its usage

Analyse and improve the quality and the performance of services

Monitor use of the Website and improve your experience

Preserve our rights

Manage transactions and combat fraud

Generate statistics and segment information, investigations and analyses in order to improve our knowledge of our customers

Share data within the SMCP Group in order to improve our knowledge of our customers

4. What are your rights with regard to your Data?

In accordance with the relevant regulations relating to personal data, you hold and may exercise the following rights with us:

In order to exercise your right, you may send us an email with a completed contact form, under the ground "Personal data", located on the contact page of the Website, or send us a letter to the following address: DPO, Sandro, 49 rue Etienne Marcel 75 001 Paris. We may ask you to provide us with proof of identity.

We commit to replying as quickly as possible and as soon as our services have received your request.

If you no longer wish to receive our newsletters, you may click on the unsubscribe link located at the bottom of our emails, or reply "STOP" by text message or configure the newsletter settings in your account, if you have created one.

5. Who are the recipients of your Personal Data?

Your Data is intended principally to be used by our services. It may sometimes be sent to external recipients for the reasons described below. In any event, we select the recipients of your Data on the basis of their competence in data security and privacy. We conclude contracts with these recipients allowing us to ensure the high level of security of their systems. It is our service providers responsible for improving the functioning of our Websites, implementing your transactions and payment security, those of our service providers responsible for logistics (storage, preparation and delivery of your products), our Customer Services, our service provider tasked with performing marketing or commercial surveys or advertising agencies.

Your Data may also be transferred to third parties, (1) subject to your prior consent, for processing in accordance with the purpose(s) for which your Data has been collected or (2) in the event that we are obliged to do so by the law, as part of legal proceedings, or if an imperative request has been made by a public body or (3) if we are involved in a merger or acquisition operation, or asset sale.

6. Transfer of your Personal Data outside the European Union

In the event that the Personal Data is transferred to a country located outside the European Union, we commit ourselves to taking the technical and organisational measures required in order to guarantee an adequate level of security for your Data as if it had remained within the European Union.

Indeed, we demand to these Data recipients that they implement the measures required in order to ensure the same level of protection as demanded by the European regulations relating to personal data; for example, by using the standard contractual clauses of the European Commission or the Binding Corporate Rules (BCR).

7. Security and privacy of your Personal Data

We implement technical and organisational measures in order to ensure the security, integrity, authenticity and privacy of the Personal Data. We ensure that our partners maintain a level of protection comparable to ours in relation to your Personal Data. We also ensure that your transactions are secure by implementing adequate measures, as well as measures to combat fraud.

8. For how long do we store your Personal Data?

We store your Personal Data only for the period that is strictly required for achieving the purposes for which they were collected. Hence, we store:

Your bank details are stored by our payment partners, Hipay and Adyen. When you make purchases on-line, you are required to enter your bank details into the fields provided for that purpose. If you provide your consent, and in order to facilitate your payments, you may choose for our payment service provider to store your bank details in a secure manner so that they can be used for your next purchases. If this is the case, you can tick the "Save your payment details" option when you pay for your order. You may, at any moment, ask us to delete the registered bank card by consulting your account, under the heading "My payment options", or by writing to us via our contact form.

Once your Data has been deleted from our database, some of your Data may be stored in an archived form with limited access, strictly limited to the objectives of satisfying our legal, accounting and fiscal obligations, but also for the purposes of managing any complaints or guarantee claims you might have within the applicable limits of any limitation periods.

Once your Personal Data is no longer required for these purposes or for archiving purposes in order to comply with our legal obligations or for the purposes of the applicable limitation, your data will be irreversibly anonymised.

You may, at any time, request that we erase all or part of your Data, object to its processing or request that it is restricted, in compliance with Article 4 above. In the event that you request for your Data to be erased, it will be erased from our database and stored in an archived form as described above.

9. Miscellaneous

In the event of any changes to these terms for the processing of your Data, we will update our Privacy Policy and keep you informed of them.

Belgium :

Finally, we inform you that if you have any complaints relating to the protection of your Personal Data, you may also contact the Belgian supervisory authority, the Autorité de Protection des Données Personnelles, whose website is located at the following address: https://www.autoriteprotectiondonnees.be/  

Austria :

Finally, we inform you that if you have any complaints relating to the protection of your Personal Data, you may also contact the Austrian supervisory authority, the Österreichischen Datenschutzkommission, whose website is located at the following address: https://www.dsb.gv.at/ 

Greece :

Finally, we inform you that if you have any complaints relating to the protection of your Personal Data, you may also contact the Greek supervisory authority, the Hellenic Data Protection Authority, whose website is located at the following address: http://www.dpa.gr/

Netherlands :

Finally, we inform you that if you have any complaints relating to the protection of your Personal Data, you may also contact the Dutch supervisory authority, the Dutch Data Protection Authority, whose website is located at the following address: https://www.autoriteitpersoonsgegevens.nl/

Luxembourg :

Finally, we inform you that if you have any complaints relating to the protection of your Personal Data, you may also contact the Luxembourg supervisory authority, the Commission nationale pour la protection des données, whose website is located at the following address: http://www.cnpd.lu/

Ireland :

Finally, we inform you that if you have any complaints relating to the protection of your Personal Data, you may also contact the Irish supervisory authority, the Office of the Data protection Commissioner, whose website is located at the following address: http://www.dataprivacy.ie/

Portugal :

Finally, we inform you that if you have any complaints relating to the protection of your Personal Data, you may also contact the Portuguese supervisory authority, the Comissão Nacional de Protecção de Dados, whose website is located at the following address: https://www.cnpd.pt/