Home
________________________________________________________________________________________________________

Privacy policy

Privacy Policy – Aptenys (by Usarea)

Last updated: June 17, 2026

1. Data Controller

The personal data collected on www.aptenys.com (hereinafter referred to as the “Website”) is processed by:

Usarea, a French limited liability company (SARL) with a share capital of €5,000
Registered office: 41 rue Jacquemars Giélée, 59800 Lille, France
SIREN: 932 498 504
Email: support@usarea.fr

2. Data Collected

The data that may be collected through the Website includes:

  • Identification data: first name, last name, email address, company name, VAT number where applicable;

  • Order and billing data: billing address, purchase history, payment method (payment card details are processed exclusively by Shopify Payments and/or Stripe);

  • Technical data: IP address, browser information, connection logs, cookies, and browsing statistics;

  • Marketing preferences: newsletter subscription status, language preferences, and email interaction history.

No sensitive personal data (health information, political opinions, etc.) is collected.

3. Purposes of Processing

The collected data is used for:

  • Managing orders and delivering digital templates;

  • Billing and accounting purposes;

  • Customer service and technical support;

  • Website security and fraud prevention;

  • Sending information related to template updates and changes to purchased content (contractual basis);

  • Sending newsletters, editorial content, and marketing communications related to Aptenys and Usarea, based on the user's explicit consent;

  • Producing anonymized statistics to improve services.

4. Legal Basis for Processing

Processing activities are based on:

  • Performance of a contract (orders, delivery, billing);

  • Legitimate interests (Website security, internal analytics, service improvement);

  • Explicit user consent for newsletter subscriptions and marketing email communications;

  • Explicit consent for non-essential cookies.

5. Data Recipients

Personal data is intended exclusively for Usarea and its technical service providers:

  • Shopify – e-commerce hosting and website management;

  • Stripe / Shopify Payments – secure payment processing;

  • FetchApp – secure delivery of digital files;

  • Brevo – management of mailing lists and newsletter distribution (identification data and marketing preferences);

  • Microsoft 365 (Office Suite) – professional email management and document storage.

These providers act as data processors within the meaning of the GDPR and ensure a level of protection compliant with European data protection regulations.

Data used for email communications is processed through Brevo, whose servers are located within the European Union.

6. Data Retention Period

Personal data is retained:

  • For 3 years after the last commercial interaction for prospective customers;

  • For 10 years for invoicing and accounting records, in accordance with legal obligations;

  • Until consent is withdrawn or the user unsubscribes, for data used for marketing communications and newsletters;

  • Until a deletion request is received for customer accounts that have been inactive for more than 3 years.

7. Data Subject Rights

In accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), individuals have the following rights:

  • Right of access;

  • Right to rectification;

  • Right to erasure;

  • Right to restriction of processing;

  • Right to object to processing;

  • Right to data portability;

  • Right to unsubscribe from the newsletter at any time via the unsubscribe link included in every email;

  • Right to withdraw consent at any time for processing activities based on consent.

These rights may be exercised by contacting:

Email: support@usarea.fr

or by post:

Usarea
41 rue Jacquemars Giélée
59800 Lille
France

All requests will be processed within a maximum period of one month (30 days).

8. Data Security

Usarea implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data, including:

  • SSL encryption;

  • Restricted access controls;

  • Secure password management;

  • Regular backups.

Backups are performed securely, and access to personal data is strictly limited to authorized team members.

Payments are processed through PCI-DSS-compliant platforms. No payment card data is stored on Usarea’s servers.

9. Cookies and Analytics

The Website uses cookies that are necessary for its operation (e.g., Shopify cookies, session cookies, shopping cart functionality).

Analytical cookies (such as Google Analytics or equivalent services) may be used only with the user's explicit consent.

Users may manage or withdraw their consent at any time through the Website's cookie banner or their browser settings.

Emails sent through Brevo may contain tracking pixels or audience measurement links to analyze open and click-through rates for statistical purposes and content improvement only.

10. Transfers Outside the European Union

Certain service providers (Shopify, Stripe, FetchApp) may host or process data outside the European Union (for example, in Canada or the United States).

Such transfers are governed by Standard Contractual Clauses (SCCs) or adequacy decisions issued by the European Commission, ensuring a level of protection equivalent to that required under the GDPR.

11. Contact and Complaints

For any questions regarding the protection of personal data, customers may contact:

support@usarea.fr

If a dispute remains unresolved, users have the right to lodge a complaint with the French Data Protection Authority (CNIL).

CNIL

12. Updates to This Policy

This Privacy Policy may be updated at any time.

The applicable version is the one published on the Website on the date of consultation.

In the event of a substantial modification to this Policy, users will be informed through a notice displayed on the Website or by email.