Privacy Policy
Privacy Policy
Effective date: 14 May 2026 Data controller: Soletti Eyewear LLC, doing business as Maison Soletti Registered office: 14 NE 1st Ave #1106, Miami, FL 33132, USA EU/UK representative: Not appointed — Soletti Eyewear LLC is US-based. A GDPR Article 27 representative will be appointed if and when EU-resident customer volume exceeds applicable thresholds. Until then, please direct GDPR enquiries to concierge@maisonsoletti.com. Data Protection contact: choucroun123@gmail.com
This policy explains what personal data Maison Soletti collects, why, how it is used, with whom it is shared, and what rights you have over it. It is written to comply with the EU General Data Protection Regulation (Regulation 2016/679), the UK GDPR and Data Protection Act 2018, and the California Consumer Privacy Act of 2018 as amended by the CPRA (collectively, "applicable privacy law").
1.0 Data we collect
1.1 Information you provide
- Full name
- Email address
- Shipping and billing addresses
- Telephone number
- Payment instrument details (handled by our payment processors; we do not store full card numbers)
- Order history, returns, and customer service correspondence
- Account credentials, where you create an account
1.2 Information collected automatically
- IP address and approximate geolocation derived from it
- Browser type, operating system, device identifiers, and browser fingerprint
- Pages viewed, products viewed, time on site, referring URL
- Cookies and similar technologies (see section 7.0)
1.3 Information from third parties
- Fraud and identity signals from our payment processors
- Marketing engagement signals from email and advertising platforms, where you have consented
We do not knowingly collect personal data from children under 16.
2.0 Why we use your data and the legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Processing and shipping your order | Performance of a contract — Art. 6(1)(b) |
| Customer service and warranty handling | Performance of a contract — Art. 6(1)(b) |
| Tax, accounting, and anti-fraud records | Legal obligation — Art. 6(1)(c) |
| Marketing emails and SMS | Consent — Art. 6(1)(a) |
| Site analytics and product improvement | Legitimate interests — Art. 6(1)(f) |
| Personalised advertising | Consent — Art. 6(1)(a) |
You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
3.0 Who we share your data with
We share personal data only with the following categories of recipient, each acting as a processor or independent controller as indicated:
- Shopify Inc. — e-commerce platform and order processor (processor)
- Shopify Payments / Stripe Inc. — payment processing (independent controller for fraud and compliance)
- Klaviyo, Inc. — email and SMS marketing platform (processor)
- Google LLC — Google Analytics 4, IP-anonymised (processor)
- Meta Platforms, Inc. — Meta Pixel, configured for anonymised conversion measurement (joint controller, consent-gated)
- DHL, FedEx, and equivalent carriers — order delivery (independent controllers)
- Our accountants, auditors, and legal advisors — under written confidentiality (processors)
- Government and tax authorities — where required by law
We do not sell your personal information for monetary consideration. Certain analytics and advertising cookies may constitute "sharing" or a "sale" under the CCPA/CPRA; see section 8.0 for the California opt-out.
4.0 International transfers
Personal data of EU and UK residents may be transferred to the United States and other countries that have not received an adequacy decision from the European Commission or the UK Information Commissioner. Where this occurs, transfers are protected by:
- The European Commission's Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum
- Supplementary technical measures, including encryption in transit and at rest
- Reliance on the EU–US Data Privacy Framework where our processors are certified
A copy of the safeguards in place is available on request to choucroun123@gmail.com.
5.0 How long we keep your data
- Order and transaction records: seven (7) years after the date of purchase, for tax compliance
- Customer account data: for as long as the account is active, plus one year
- Marketing consent records: until consent is withdrawn, plus three years for proof of consent
- Customer service correspondence: three years from the last interaction
- Analytics data: 14 months (Google Analytics 4 default)
After these periods, data is deleted or irreversibly anonymised.
6.0 Your rights
Under GDPR Articles 13 to 22 and equivalent UK and California law, you have the right to:
- Access the personal data we hold about you (GDPR Art. 15)
- Rectify inaccurate or incomplete data (GDPR Art. 16)
- Erase your data, subject to legal retention obligations (GDPR Art. 17)
- Restrict processing in specified circumstances (GDPR Art. 18)
- Receive your data in a portable, machine-readable format (GDPR Art. 20)
- Object to processing based on legitimate interests, including direct marketing (GDPR Art. 21)
- Not be subject to a decision based solely on automated processing (GDPR Art. 22) — we do not currently engage in such decision-making
- Withdraw consent at any time, where consent is the basis for processing
- Lodge a complaint with your supervisory authority — in the EU, the relevant Data Protection Authority; in the UK, the Information Commissioner's Office (ico.org.uk)
To exercise any of these rights, write to choucroun123@gmail.com. We will respond within thirty (30) days. We may ask for proof of identity before acting on a request.
7.0 Cookies and similar technologies
Maison Soletti uses three categories of cookie:
- Strictly necessary — required to operate the site, the cart, and checkout. Always on; cannot be disabled.
- Analytics — Google Analytics 4 and equivalent. Opt-in via the consent banner.
- Marketing — Meta Pixel, Klaviyo, and equivalent. Opt-in via the consent banner.
You can change your preferences at any time via the "Cookie settings" link in the site footer.
8.0 California residents (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, disclose, and share
- Request deletion of your personal information
- Correct inaccurate personal information
- Opt out of the sale or sharing of your personal information for cross-context behavioural advertising
- Limit the use of sensitive personal information
- Be free from retaliation for exercising your rights
To opt out, use the "Do Not Sell or Share My Personal Information" link in the site footer, or write to choucroun123@gmail.com. We honour Global Privacy Control (GPC) signals as a valid opt-out request.
We do not sell personal information of any consumer we know to be under 16.
9.0 Security
We apply technical and organisational measures appropriate to the risk, including TLS encryption in transit, encryption at rest where supported by our processors, access controls, and supplier due diligence. No system is perfectly secure; in the event of a personal data breach affecting EU or UK residents, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, and affected individuals where required by law.
10.0 Changes to this policy
We will post any material change to this policy on this page and update the effective date. Where the change is significant, we will notify customers by email at least 30 days before the change takes effect.
Maison Soletti is the trade name of Soletti Eyewear LLC, a Florida limited liability company