May 2026

Privacy Policy

1. Introduction

Ashbury Secure respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard information when you visit our website, purchase our physical security and privacy products, or use our services.

By using our website, you agree to the practices described in this Privacy Policy.


2. Data Controller

The data controller responsible for your personal data is:

Paola Iraca
Sole Proprietor (Individual Entrepreneur)
Company Status: Active since 13 February 2026
APE Code: 62.01Z
SIREN: 101 164 473
SIRET: 101 164 473 00015
29 Boulevard d’Alsace
06400 Cannes
France

For any privacy-related queries or to exercise your data rights, please contact us at the address above or via the contact details provided on our website.


3. Information We Collect

We may collect the following types of information:

Personal Information

  • Name
  • Email address
  • Billing and shipping address
  • Phone number (where provided)
  • Account details
  • Contact information
  • Order and purchase history

Technical Information

  • IP address
  • Browser type and version
  • Device information
  • Pages visited
  • Website usage data
  • Cookies and similar tracking technologies

Payment Information

Payments are securely processed through our third-party payment service provider, myPOS. We do not store, process, or transmit full payment card information on our servers. All card data is handled directly by myPOS in accordance with PCI DSS (Payment Card Industry Data Security Standard) requirements. myPOS acts as an independent data controller for payment processing purposes and is subject to its own privacy policy, available at www.mypos.com.


4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR) and applicable French data protection law:

  • Performance of a contract: Processing your data is necessary to fulfil your order, arrange delivery, provide our services, and manage your account.
  • Legal obligation: We may process your data to comply with legal obligations, including tax, accounting, customs, and fraud prevention requirements.
  • Legitimate interests: We may process your data for our legitimate business interests, such as improving our services, preventing fraud, and ensuring website security, provided these interests are not overridden by your rights.
  • Consent: Where you have provided explicit consent (e.g., for marketing communications), we process your data on that basis. You may withdraw consent at any time.

5. How We Use Your Information

We use the information we collect to:

  • Process and fulfil your orders, including arranging physical delivery of products
  • Communicate with you about your order status, dispatch, and delivery
  • Manage your account and provide customer support
  • Send order confirmations, receipts, and important service updates
  • Handle returns, exchanges, and after-sales enquiries
  • Send marketing communications (only where you have given consent or where permitted by law)
  • Improve our website, product range, and services
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Comply with legal and regulatory obligations
  • Respond to your enquiries and requests

6. Payment Processing via myPOS

We use myPOS as our payment gateway provider to securely process card payments and transactions on our platform. When you make a payment through our website, you will be redirected to or interact with myPOS’s secure payment interface.

How myPOS processes your data:

  • myPOS collects and processes your payment card details, billing information, and transaction data directly in a secure, PCI DSS-compliant environment.
  • myPOS may collect additional information required for fraud screening and prevention, such as IP address and device information.
  • Payment data is encrypted using SSL/TLS technology during transmission.
  • myPOS is authorised and regulated as a payment institution and operates in accordance with applicable EU/EEA financial regulations.

We receive from myPOS only the information necessary to confirm and fulfil your transaction (such as a transaction ID, confirmation status, and masked card details). We never receive or store your full card number, CVV, or card PIN.

For full details on how myPOS processes your data, please refer to the myPOS Privacy Policy.


7. Sharing and Disclosing Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your data only in the following circumstances:

  • Payment processors: Your payment information is shared with myPOS solely for the purpose of processing your transaction.
  • Delivery and logistics providers: We share your name and delivery address with our courier and postal service partners solely for the purpose of delivering your physical order.
  • Service providers: We work with trusted third-party service providers (e.g., website hosting, email delivery, analytics) who process data on our behalf under strict data processing agreements.
  • Legal requirements: We may disclose your information where required by law, court order, or regulatory authority, or to protect our legal rights.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the relevant third party, subject to equivalent privacy protections.

All third-party processors are required to handle your data in compliance with applicable data protection laws, including GDPR.


8. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, by third-party service providers or delivery partners), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms, to protect your data.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Transaction and order records: Retained for a minimum of 10 years to comply with French accounting and tax law requirements (Article L.123-22 of the French Commercial Code).
  • Delivery and shipping information: Retained for as long as necessary to resolve any delivery disputes or after-sales queries, and for up to 3 years thereafter.
  • Account information: Retained for as long as your account is active, and for up to 5 years after account closure or last interaction.
  • Marketing data: Retained until you withdraw consent or opt out, or for 3 years from the last interaction.
  • Technical/log data: Generally retained for up to 12 months.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and support our marketing activities. Cookies are small text files placed on your device when you visit our website.

Types of cookies we use:

  • Essential cookies: Necessary for the website to function properly (e.g., session management, shopping cart). These cannot be disabled.
  • Analytics cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). We use this data in anonymised or aggregated form.
  • Marketing/advertising cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.
  • Preference cookies: Remember your settings and preferences to improve your experience.

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website, including the shopping cart. You may also manage your cookie preferences through our cookie consent banner when you first visit the site.


11. Your Rights Under GDPR

As a data subject under the GDPR and French data protection law (Loi Informatique et Libertés), you have the following rights:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”): You may request the deletion of your personal data where there is no compelling reason for us to continue processing it.
  • Right to restriction of processing: You may request that we limit the processing of your personal data in certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
  • Right to object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right not to be subject to automated decision-making: You have the right not to be subject to decisions made solely through automated processing that significantly affects you.

To exercise any of these rights, please contact us at the address listed in Section 2 (Data Controller). We will respond to your request within one month. You also have the right to lodge a complaint with the French data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), at www.cnil.fr.


12. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:

  • SSL/TLS encryption for data transmitted via our website
  • Secure, access-controlled server environments
  • Regular security assessments and monitoring
  • Staff training on data protection obligations
  • Use of PCI DSS-compliant payment processing through myPOS
  • Secure handling of shipping and fulfilment data shared only with authorised delivery partners

While we take all reasonable steps to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee the absolute security of information transmitted to our website.


13. Children’s Privacy

Our website and products are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such information, please contact us immediately and we will take steps to delete it.


14. Links to Third-Party Websites

Our website may contain links to third-party websites. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the privacy practices or content of external websites.


15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The most current version will always be available on our website, with the date of the last update noted at the top of this page. We encourage you to review this policy periodically.

Where changes are material, we will notify you by email (where we hold your email address) or by a prominent notice on our website prior to the changes taking effect.


16. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:

Paola Iraca
29 Boulevard d’Alsace
06400 Cannes
France

You may also use the contact form available on our website.

Last updated: May 2026

Shopping Cart
  • Your cart is empty.