Privacy Policy

Privacy Policy

This Privacy Policy describes how LYS (hereinafter "we", "our" or "us") collects, uses and protects the personal information you provide to us when you use our website https://whoislys.com and our services. We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679) and applicable French laws.

We invite you to read this policy carefully to understand our practices regarding your personal data.

Identity of the Data Controller

The data controller for your personal data is:

LYS
30 N Gould St, Ste N, Sheridan, WY 82801, United States
Email address: hello@whoislys.com
Website: https://whoislys.com

Data Collected

We collect different categories of personal data, depending on the nature of your interaction with our services:

Data you provide to us directly:

  • Identification data: last name, first name, email address, postal address, phone number.
  • Order data: information related to purchased products, order history.
  • Payment data: information necessary for processing payments (credit card number, expiration date, security code). This data is processed directly by our secure payment providers and is not fully stored by LYS.
  • Communication data: content of messages you send us via contact forms, emails or social media.
  • Preference data: marketing preferences, newsletter subscription.

Automatically collected data:

  • Connection and usage data: IP address, browser type, operating system, pages visited, visit duration, website referrals, interactions with the site.
  • Location data: general location information deduced from your IP address.
  • Cookies and similar technologies: information collected via cookies, pixels and other trackers to improve your experience, analyze site usage and personalize advertisements. See the "Cookie Policy" section for more details.

Purposes and Legal Bases for Processing

We process your personal data for the following purposes, relying on the appropriate legal bases:

Purpose of processing Data concerned Legal basis
Management and processing of your orders Identification, order, payment, delivery Performance of a contract
Customer relationship management (customer service, questions) Identification, order, communication Performance of a contract, Legitimate interest
Sending newsletters and commercial offers Identification (email), preferences Consent (for direct marketing), Legitimate interest (for existing customers)
Improvement of our products and services Site usage, order history Legitimate interest
Personalization of user experience Site usage, preferences Legitimate interest, Consent (for cookies)
Audience and site traffic analysis Connection, site usage (via cookies) Consent (for non-essential cookies)
Fraud prevention and site security Connection, payment, order Legitimate interest, Legal obligation
Compliance with legal and regulatory obligations All necessary data Legal obligation
Management of customer reviews and comments Identification, review content Legitimate interest, Consent
Targeted advertising and retargeting Connection, site usage (via pixels) Consent

Data Retention Period

We retain your personal data only for the period necessary to fulfill the purposes for which it was collected, in accordance with legal and regulatory requirements.

  • Customer data: Data related to your orders is retained for the duration of the commercial relationship, then archived for a period of 5 years for evidentiary purposes and dispute management. Accounting data is retained for 10 years.
  • Prospect data: Prospect data (non-customers) is retained for 3 years from the last contact initiated by the prospect.
  • Connection data and cookies: Connection data and cookies are retained for a maximum period of 13 months.
  • Communication data: Exchanges with customer service may be retained for 3 years after the last interaction.
  • Payment data: Payment data is retained for the duration of the transaction and archived for the legal retention period of payment proofs (generally 13 months after the debit date).

Beyond these periods, the data is either deleted or irreversibly anonymized.

Recipients of Data

Your personal data may be shared with the following recipients:

  • LYS Personnel: Our authorized internal teams (customer service, marketing, sales, technical) who need access to the data for the performance of their duties.
  • Third-party service providers:
    • Website host: Shopify Inc. (for hosting our e-commerce platform).
    • Payment providers: Banks and secure payment companies (e.g., Stripe, PayPal) for processing your transactions.
    • Delivery providers: Transport and logistics companies for shipping your orders.
    • Marketing and advertising providers: Companies managing our advertising and analytics campaigns (e.g., Google Analytics, Meta Platforms Inc. for Facebook/Instagram, TikTok Inc. for TikTok Ads).
    • Technical providers: Companies ensuring the maintenance and development of our website.
  • Legal and administrative authorities: In case of a legal obligation, we may be required to disclose your data to competent authorities (administrations, courts, police).

We ensure that these third parties respect the confidentiality and security of your data and that they only use it within the scope of the specified purposes and in accordance with applicable legislation.

Data Transfers Outside the European Union

Your personal data may be transferred to countries located outside the European Union (EU) or the European Economic Area (EEA).

  • Shopify Inc. (Canada): Our site is hosted by Shopify Inc., whose headquarters are located in Canada. The European Commission has recognized that Canada offers an adequate level of protection for personal data (Adequacy Decision of December 20, 2001, updated in 2023). The transfer of your data to Shopify is therefore based on this adequacy decision.
  • Other providers (e.g., Meta, TikTok, Google): Some of our providers (particularly for audience analysis and targeted advertising) may be located in the United States or other countries outside the EU/EEA. In these cases, we ensure that the transfer is governed by appropriate safeguards, such as the Standard Contractual Clauses (SCCs) adopted by the European Commission, or your explicit consent when required.

We take all necessary measures to ensure that your data benefits from a level of protection equivalent to that of the EU.

Your Data Protection Rights

In accordance with the GDPR, you have the following rights regarding your personal data:

  • Right of access: Obtain confirmation that your data is being processed and, if so, access it.
  • Right to rectification: Request the correction of inaccurate or incomplete data concerning you.
  • Right to erasure ("right to be forgotten"): Request the deletion of your data under certain conditions (e.g., data not necessary for the purposes).
  • Right to restriction of processing: Request the suspension of the processing of your data in certain situations (e.g., dispute over accuracy).
  • Right to data portability: Receive your data in a structured, commonly used and machine-readable format, and transmit it to another data controller.
  • Right to object: Object to the processing of your data for reasons relating to your particular situation, or to commercial prospecting.
  • Right to withdraw your consent: Withdraw your consent at any time for processing based on this legal basis.
  • Right to define post-mortem directives: Organize the fate of your data after your death.

To exercise these rights, please contact us at the following address:

Email: hello@whoislys.com

In order to process your request, we may ask you to prove your identity. We commit to responding to your request within one month of its receipt.

Cookie Policy

Our website uses cookies and similar technologies to improve your browsing experience, analyze site usage, and personalize content and advertisements.

What is a cookie?

A cookie is a small text file stored on your device (computer, tablet, smartphone) by your web browser when you visit a site. It allows the site to "remember" your actions or preferences over a given period.

Types of cookies used:

  • Strictly necessary cookies: Essential for the proper functioning of the site (e.g., shopping cart management, secure login). They do not require your consent.
  • Functionality cookies: Allow us to remember your choices and preferences (e.g., language, region) for a more personalized experience.
  • Analytics and performance cookies: Help us to understand how visitors interact with our site (number of visitors, most visited pages, traffic sources). We notably use Google Analytics for this purpose.
  • Advertising and targeting cookies: Used to display advertisements relevant to you and your interests. They are often placed by third parties with our permission. We notably use:
    • Meta Pixel (Facebook/Instagram): To measure the effectiveness of our advertising campaigns on Facebook and Instagram, and to offer you targeted advertisements.
    • TikTok Pixel: To measure the effectiveness of our advertising campaigns on TikTok and to offer you targeted advertisements.

Managing cookies:

During your first visit to our site, a cookie consent banner allows you to choose whether to accept or refuse non-essential cookies. You can change your preferences at any time.

You can also configure your browser to refuse all cookies, or to alert you when a cookie is sent. However, some site functionalities may not work correctly without cookies.

For more information on managing cookies, you can consult your browser's help pages: Chrome, Firefox, Safari, Edge.

Contact of the Data Protection Officer (DPO)

LYS is not legally obliged to appoint a Data Protection Officer (DPO). However, for any questions regarding the protection of your personal data, you can contact our dedicated point of contact:

Email: hello@whoislys.com

Complaints to the CNIL

If you believe that your rights have not been respected after contacting us, you have the right to lodge a complaint with the competent data protection supervisory authority. In France, this is the CNIL:

Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Website: https://www.cnil.fr/fr/plaintes

Privacy Policy Update

This Privacy Policy may be updated periodically. We invite you to consult it regularly to be aware of any changes. The date of the last update is indicated below.

Last updated: 2026-05-31