🚚 Delivery in 5 days

PRIVACY

Privacy Policy

This Privacy Policy describes how Enlapharex SAS, as data controller, collects, uses, protects and shares personal data of its customers and visitors as part of the use of enlapharex.com. We attach the utmost importance to the protection of your privacy. All our processing operations are carried out in strict compliance with Regulation (EU) 2016/679 of 27 April 2016, known as the General Data Protection Regulation (GDPR), and applicable national data protection laws. By browsing our Site and/or placing an order, you acknowledge that you have read the provisions below.

1. Data collected

We only collect data strictly necessary for the provision of our services and the proper processing of your order, namely: • Identification data: surname, first name, date of birth where relevant. • Contact details: full delivery and billing postal address, email address, telephone number. • Order data: purchase history, order numbers, product preferences, amount and frequency of purchases. • Payment data: the transaction is processed directly by our PCI-DSS certified banking provider. No banking data is kept on our servers. • Technical data: IP address, browser type, operating system, connection data, pages viewed, session duration, trackers and cookies (subject to your consent).

2. Purposes of processing

The data collected is processed for the following purposes, on the legal bases of the contract, consent, legitimate interest and legal obligation, as the case may be:

  • Processing, monitoring and shipping of orders placed on the Site.
  • Communication relating to your order, your customer account and our after-sales service.
  • Improving the user experience, statistical analysis and optimisation of the purchasing journey.
  • Sending, subject to your consent, commercial communications, exclusive offers and health advice related to Enlapharex.
  • Compliance with our legal, tax and accounting obligations, in particular regarding the retention of supporting documents.

3. Security measures

Enlapharex SAS implements all appropriate technical and organisational measures to preserve the security, integrity and confidentiality of your data: 256-bit TLS/SSL encryption, hosting in Luxembourg with an ISO 27001 certified provider, strict access control, logging of sensitive operations, regular backups, and training of our staff in data protection. Payment data is never kept by Enlapharex SAS: it transits only through our authorised payment provider, in a secure environment compliant with the PCI-DSS standard.

4. Data sharing

Your data is in no case sold, rented or transferred to third parties for commercial purposes. It can only be communicated: • To our technical subcontractors (carriers, payment provider, host, email sending platform), strictly within the limits of what is necessary for carrying out their missions, and according to contractual commitments compliant with the GDPR. • To administrative or judicial authorities, by legal requisition or court decision. All our subcontractors are located within the European Union or in a country recognised as adequate by the European Commission. No transfer is made to a third country without appropriate safeguards (standard contractual clauses, binding corporate rules).

5. Cookies and trackers

Our Site uses cookies to ensure its proper functioning, remember your preferences (language, basket), measure its audience and improve the user experience. So-called "essential" cookies are essential for navigation. Analytical and personalisation cookies are only placed after your explicit consent via our cookie banner. You can change your preferences at any time by clicking on "Manage my cookies" accessible from the footer. For more details, see our dedicated Cookie Policy.

6. Your rights

In accordance with the regulations in force, you have the following rights over your data: • Right of access: obtain a copy of the data concerning you. • Right of rectification: correct any inaccurate or incomplete data. • Right to erasure (right to be forgotten): request the deletion of your data in the cases provided for by law. • Right to limit processing: suspend the use of your data in certain situations. • Right to object: refuse, on legitimate grounds, the processing of your data. • Right to portability: receive your data in a structured, machine-readable format. • Right to define directives concerning the fate of your data after your death. These rights can be exercised at any time, free of charge, by writing to contact@enlapharex.com with a copy of an identity document. You also have the right to lodge a complaint with the relevant supervisory authority.

7. Retention period

Data is retained for the period strictly necessary for the purposes for which it was collected: • Customer data: 3 years from last contact. • Order data and invoices: 10 years, in accordance with accounting and tax obligations. • Marketing data: 3 years from last contact in the absence of purchase. • Analytical cookies: maximum 13 months, in line with regulatory recommendations. At the end of these periods, the data is either anonymised or permanently deleted.

8. Data Protection Officer

For any question relating to the processing of your data or the exercise of your rights, you can contact our Data Protection Officer (DPO): Enlapharex SAS — DPO Department 21 Bd de Kockelscheuer 1821 Gasperich, Luxembourg Email: contact@enlapharex.com

Last update: July 2025.