Privacy Policy

Last update : 16 février 2026

This Privacy Policy describes how Arashev SARL (NomoPhone) collects, uses and protects your personal data when you use our website www.nomophone.fr, in accordance with the General Data Protection Regulation (GDPR - EU 2016/679) and the amended Data Protection Act.

Important information: We invite you to read this policy carefully. By using our site, you accept the practices described in this policy. If you do not accept this policy, please do not use our site.

1. Data controller and contact details

The person responsible for processing personal data is :

Arashev SARL (NomoPhone)

19-21 RUE DENIS PAPIN

51100 REIMS

France

Email : contact@nomophone.fr

If you have any questions about the processing of your personal data or if you wish to exercise your rights, you can contact us at the above e-mail address.

Note: In accordance with the RGPD, we are not required to appoint a Data Protection Officer (DPO) as our data processing does not fall within the mandatory cases set out in Article 37 of the RGPD. If you have any questions, please contact us directly.

2. Categories of personal data collected

We collect and process the following categories of personal data, depending on your interactions with our site:

A. Identification and contact details

Surname and first name (required for account creation and orders)
Email address (mandatory, used as login)
Telephone number (optional but recommended for delivery)

B. Professional data (for professional customers)

Company name (if you are a business customer)
SIRET number (if you are a business customer)
VAT number (if applicable)

C. Address data

Delivery address (mandatory for orders)
Invoice address (mandatory for orders)
You can save several addresses in your account

D. Payment and financial data

Credit card information: processed exclusively by Stripe, we never store credit card numbers on our servers.
IBAN/RIB: for payment of telephone trade-ins (if you are selling a handset)
Transaction information and payment history

Security: Payment data is encrypted and secured by Stripe, which complies with the PCI-DSS standard. We never have access to full credit card numbers.

E. Order and transactional data

Order history (order number, products, prices, dates)
Order status and modification history
Delivery tracking numbers
Invoices and transaction documents
Customer notes and delivery instructions

F. Data relating to trade-in requests

Type of appliance, make, model, condition
Description of the device and photos
Copy of identity card (compulsory for trade-ins, stored securely)
IBAN for the trade-in payment

G. Authentication data

Password (stored encrypted and hashed, never in clear text)
Date and time of last connection
Account status (active, inactive, suspended)

H. Navigation and technical data

IP address
Browser type and version
Operating system
Pages visited and navigation path
Length of visit
Source of traffic (search engine, direct link, etc.)
Cookies and similar technologies (see ourCookie Management Policy)

I. Communication data

Email correspondence
Messages via the contact form
Customer support requests
Customer reviews and product evaluations

J. Preferences and consents

Language preference
Newsletter subscription (yes/no)
Consent to marketing (yes/no)
Cookie preferences

Mandatory or optional

Certain data is mandatory for the execution of a contract (order, account): surname, first name, email address, delivery address and billing address. Refusal to provide this data will make it impossible to place an order or create an account.

Other data is optional (telephone, newsletter, marketing) and can be refused without any impact on the use of the site.

3. Purposes of processing and legal bases

Your personal data is collected and processed for the following purposes, with their respective legal basis:

A. Performance of the contract (Art. 6.1.b of the RGPD)

Managing and processing your orders
Managing your customer account
Management of telephone take-back requests
Delivery of products ordered
Payment processing (via Stripe)
Management of returns and refunds
Invoicing and issuing accounting documents
Communication relating to your orders (confirmations, dispatches, deliveries)

Data concerned : Identification data, addresses, order data, payment data, delivery data

B. Consent (Art. 6.1.a of the RGPD)

Sending commercial communications (newsletters, promotions, special offers)
Personalised marketing and targeted advertising
Analysis of your browsing behaviour and audience measurement (analytics cookies)
Profiling to improve your user experience

Data concerned: Email, marketing preferences, browsing data, purchase history (for personalisation)

Important information: You can withdraw your consent at any time by unsubscribing from the newsletter or changing your preferences in your account.

C. Legitimate interest (Art. 6.1.f of the RGPD)

Improving our services and your user experience
Fraud prevention and secure transactions
Customer relations and technical support management
Claims and after-sales service management
Anonymised statistical analysis of traffic (without personal identification)
Managing site security and preventing abuse

Data concerned : Browsing data, IP address, connection logs, transaction data, communication data

Your right to object: You may object to processing based on legitimate interest by contacting us, subject to compelling legitimate grounds.

D. Legal obligation (Art. 6.1.c of the RGPD)

Keeping invoices for 10 years (accounting and tax obligations)
Retention of transaction data for traceability purposes
Compliance with payment security and traceability obligations
Communication to the relevant authorities in the event of a legal obligation (tax authorities, customs authorities, etc.)

Data concerned : Order data, invoices, payment data, identification data

4. Recipients of personal data

Your personal data may be communicated to the following recipients, in strict compliance with the RGPD:

A. Authorised internal staff

Only authorised Arashev SARL (NomoPhone) staff who need to access your data to carry out their duties (order management, customer service, etc.).

B. Service providers (sub-contractors)

• Site host

Data and website hosting. Data is stored on secure servers located in the European Union.

• Stripe (payment processing)

Secure processing of credit card payments. Stripe is PCI-DSS level 1 certified, the highest level of certification for payment security.

Data transmitted: Payment information, transaction amount, customer email (for payment confirmation)

Stripe privacy policy : https://stripe.com/fr/privacy

• Carriers (delivery)

Transmission of data required for delivery (name, address, telephone number) to carriers (Chronopost, DHL, etc.) for delivery of your orders.

C. Competent authorities

In the event of a legal obligation, your data may be communicated to the competent authorities (tax services, customs, law enforcement agencies, etc.) as part of their legal duties.

Commitment: We never sell, rent or pass on your personal data to third parties for commercial purposes. All our service providers are subject to strict confidentiality and security obligations in accordance with the RGPD.

5. Data transfers outside the European Union

Some of our service providers may transfer data to servers located outside the European Union. In this case, we ensure that these transfers are carried out in compliance with the RGPD.

Stripe

Stripe may transfer certain payment data to the United States in order to process transactions. These transfers are governed by :

Standard contractual clauses approved by the European Commission
PCI-DSS level 1 certification for payment data security
Compliance with international data protection standards

For more information on Stripe's guarantees, please consult their privacy policy. https://stripe.com/fr/privacy.

Guarantees : All data transfers outside the EU are subject to appropriate safeguards that comply with the GDPR (standard contractual clauses, Privacy Shield, etc.) to ensure a level of protection equivalent to that in the European Union.

6. Data retention period

Your personal data will be stored for the following periods, determined according to the purpose of the processing and legal obligations:

Customer account details

Duration: For the lifetime of the account, then 3 years after the last activity (last connection or last order).

Legal basis: Performance of the contract + legitimate interest (customer relationship management)

Order data and invoices

Duration: 10 years from the date of the transaction (legal obligation to retain accounting and tax records - Art. L123-22 of the French Commercial Code).

Legal basis: Legal obligation (accounting retention)

Payment details

Duration: Full credit card details are never stored on our servers. Only transaction references are kept for 10 years (legal obligation).

Legal basis: Legal obligation (traceability of payments)

Browsing data and analytics cookies

Duration: 13 months maximum for analytics cookies (CNIL recommendation). The data is anonymised after this period.

Legal basis: Consent (analytics cookies)

Marketing data and newsletter

Duration: Until consent is withdrawn or unsubscription requested. If you unsubscribe, your data will be deleted within 30 days.

Legal basis: Consent

Copy of identity card (resumes)

Duration: Until the trade-in transaction is fully closed, then retained for 5 years for traceability purposes (legal obligation to combat fraud and money laundering).

Legal basis: Legal obligation + performance of contract

Communication data (support, after-sales)

Duration: While the request is being processed, then for 3 years for customer service traceability.

Legal basis: Legitimate interest (customer relationship management)

Deleting data

Once the retention periods have expired, your data will be securely and permanently deleted from our systems, unless there is a legal obligation to retain it for a longer period (e.g. invoices for 10 years).

You may also request the early deletion of your data in compliance with our legal obligations (see "Your rights" section).

7. Safety measures

We implement all appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration.

Technical measures

SSL/TLS encryption for all data transmissions
Password hashing with secure algorithm (bcrypt)
Secure authentication and access control
Secure data storage on servers hosted in the EU
Regular, secure back-ups
Regular updating of security systems
Protection against attacks (firewall, anti-virus)

Organisational measures

Access to data restricted to authorised personnel only
Data protection training for staff
Security incident management procedures
Regular safety audits
Compliance with security standards (RGPD, PCI-DSS for payments)
Confidentiality agreements with all service providers

Notification in the event of a breach : In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we undertake to notify you and the CNIL within 72 hours in accordance with the RGPD (Art. 33-34).

8. Your rights concerning your personal data

In accordance with the RGPD, you have the following rights regarding your personal data:

A. Right of access (Art. 15 RGPD)

You have the right to obtain confirmation that your personal data is being processed and, where appropriate, to obtain a copy of this data and information about its processing.

Terms and conditions: Contact us by email with proof of identity. Response within 1 month (extendable by 2 months if complex).

B. Right of rectification (Art. 16 RGPD)

You have the right to request the correction of inaccurate or incomplete data.

How: You can change most of your details directly in your customer account, or contact us to make the necessary changes.

C. Right to erasure (Art. 17 RGPD) - "Right to be forgotten

You have the right to request the deletion of your personal data in the following cases:

The data is no longer necessary for the purposes for which it was collected.
You withdraw your consent and there is no other legal basis
You object to the processing and there is no compelling legitimate reason for it
The data has been processed unlawfully

Exception: This right does not apply if storage is necessary to comply with a legal obligation (e.g. storage of invoices for 10 years).

D. Right to limit processing (Art. 18 RGPD)

You have the right to request that the processing of your data be restricted in the following cases:

While we are processing your request for rectification
Where processing is unlawful and you object to erasure
When we no longer need the data but you need it for a dispute

E. Right to portability (Art. 20 RGPD)

You have the right to retrieve your personal data in a structured, commonly used and machine-readable format and to transfer it to another controller, where the processing is based on your consent or the performance of a contract.

Format: We will supply your data in JSON or CSV format, depending on your preference.

F. Right to object (Art. 21 RGPD)

You have the right to object to the processing of your personal data if :

Processing is based on legitimate interests
For reasons relating to your particular situation
For commercial canvassing (opposition without cause)

Exception: We may continue processing if there are compelling legitimate grounds which override your interests.

G. Right to withdraw consent (Art. 7.3 RGPD)

Where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of the processing carried out prior to the withdrawal.

Terms and conditions: You can unsubscribe from the newsletter from your account or by clicking on the unsubscribe link in each email. You can also change your cookie preferences at any time.

H. Right to define post-mortem directives (Art. 85 RGPD)

You have the right to define directives concerning the fate of your personal data after your death. In the absence of directives, your heirs may exercise certain rights (access, rectification, deletion if necessary).

How to exercise your rights

To exercise any of these rights, you can :

By email : contact@nomophone.fr
By post: Arashev SARL (NomoPhone), 19-21 RUE DENIS PAPIN, 51100 REIMS, France
Via your customer account : Some data can be changed directly in your account

Documents required: For security reasons, a copy of an identity document may be requested to verify your identity before your application is processed.

Response time: We undertake to respond to your request within 1 month of receiving it. This period may be extended by a further 2 months depending on the complexity and number of requests.

Right to lodge a claim

If you believe that the processing of your personal data constitutes a breach of the GDPR, you have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged breach.

In France : Commission Nationale de l'Informatique et des Libertés (CNIL) (French Data Protection Authority)
Address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Telephone: 01 53 73 22 22
Website : https://www.cnil.fr/fr/plaintes

9. Profiling and automated decision-making

We use data to improve your user experience, in particular :

Personalised content: Display of products likely to be of interest to you based on your browsing and purchase history.
Product recommendations: Suggestions based on your preferences and behaviour
Behavioural analysis: To improve our services and the ergonomics of the site

Important information: We do not use fully automated decision-making (in particular automatic credit refusals) that could produce legal effects concerning you or significantly affect you. All important decisions (order validation, return processing, etc.) are taken with human intervention.

10. Cookies and similar technologies

Our site uses cookies and similar technologies to improve your browsing experience, analyse traffic and personalise content.

For more detailed information on the use of cookies, their purpose, how long they are kept and how to manage them, please consult ourCookie Management Policy.

11. Changes to this policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, our services, or for other operational, legal or regulatory reasons.

Any substantial modification will be communicated by a notice on this page with an updated "Last updated" date. We encourage you to check this page regularly for any changes.

Notification of major changes : If we make any significant changes to the way we process your personal data, we will inform you by email or by means of a notice visible on our website.

Useful links and resources

For more information on the protection of personal data:

Contact

If you have any questions about this Privacy Policy, the processing of your personal data, or to exercise your rights, you can contact us at :

Email : contact@nomophone.fr

Postal address: Arashev SARL (NomoPhone), 19-21 RUE DENIS PAPIN, 51100 REIMS, France

We undertake to respond to all your requests as quickly as possible, in accordance with the obligations of the RGPD.

Last update : 16 février 2026