🌸 Mother's Day is coming soon · The ready-to-gift box → Free shipping in France from €50 · Shipped within 24 h 🎁 First order: -15% with code BIENVENUE15 · Get my code → 4.9/5 on Google · 166 verified reviews 💄 Discover our Signature Rituals · -15% included
Skip to content

Privacy Policy

Last updated: 15 May 2026

At New Black Cosmetics, protecting your personal data is a priority. This policy explains in a clear and transparent way how we collect, use, store and safeguard your information when you visit our site, create an account or place an order on newblackcosmetics.com.

It is drawn up in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and the French Data Protection Act of 6 January 1978, as amended.

1. Data controller

The controller of your personal data is:

New Black Cosmetics SAS
34 Avenue des Champs-Élysées, 75008 Paris, France
RCS Paris 914 912 282
Email: [email protected]

New Black Cosmetics SAS has not appointed a Data Protection Officer (DPO), as such an appointment is not mandatory given the nature and scale of its processing activities. Any question regarding your personal data may be sent to [email protected].

2. Data collected

We collect only the data strictly necessary for the purposes described below. You provide some information directly (form, order, account); other information is collected automatically (browsing, cookies).

2.1. Data provided directly

  • Identity: title, first name, surname
  • Contact details: postal address (delivery and billing), email, telephone number
  • Customer account: username, password (encrypted), order history, wishlist
  • Order & payment: products ordered, amounts, payment method (full bank card details never pass through our servers — see section 5)
  • Customer service exchanges: messages, attachments, history of enquiries via the contact form or by email
  • Marketing preferences: consent to receive our newsletter, communication preferences

2.2. Data collected automatically

  • Browsing data: IP address, device type, browser, operating system, pages viewed, length of visit, referrer
  • Cookies and trackers: see section 9 “Cookies”

3. Purposes and legal bases

Each processing of your data relies on a specific legal basis, in accordance with Article 6 of the GDPR:

3.1. Performance of the contract

  • Creating and managing your customer account
  • Processing and dispatching your orders
  • Managing payment and invoicing
  • Tracking deliveries (sharing with the carrier)
  • Managing returns, refunds and warranties
  • Responding to customer service enquiries

3.2. Consent

  • Sending our newsletter and marketing communications (explicit opt-in)
  • Placing cookies that are not strictly necessary (analytics, audience measurement)
  • Joining the WhatsApp club “Le Cercle New Black”

3.3. Legal obligations

  • Retention of invoices and accounting records (10 years, French Commercial Code)
  • Prevention of payment fraud
  • Responses to judicial or administrative requests

3.4. Legitimate interest

  • Improving the shopping experience and our products
  • Site security (detecting suspicious behaviour, preventing intrusions)
  • Commercial communications about similar products to existing customers (Article 21 GDPR, with the right to object guaranteed at any time)

4. Retention periods

  • Customer account: duration of the contractual relationship, then 3 years after the last purchase or last login (commercial prospect), before archiving or deletion
  • Orders & invoices: 10 years from the close of the accounting financial year (legal obligation)
  • Payment data: not retained by New Black Cosmetics (handled by payment providers, see section 5)
  • Newsletter & marketing consents: until consent is withdrawn, then archived for 3 years as evidence
  • Analytics cookies: 13 months maximum (CNIL recommendation)
  • Login / security logs: 12 months maximum
  • Customer service exchanges: 3 years from the last contact

5. Recipients and processors

Your data is never sold or transferred to third parties. It is strictly reserved for the teams of New Black Cosmetics SAS and our technical processors, who act under our responsibility under an agreement compliant with Article 28 of the GDPR.

  • Hostinger International Ltd (Cyprus, EU) — site hosting and sending of transactional emails
  • Cloudflare, Inc. (United States) — CDN proxy and network security
  • Stripe Payments Europe Ltd (Ireland, EU) — processing of card payments, Apple Pay and Google Pay
  • PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg, EU) — PayPal payment processing and instalment payments
  • La Poste / Colissimo (France, EU) — home delivery
  • Mondial Relay (France, EU) — pickup point delivery
  • Brevo (formerly Sendinblue) (France, EU) — sending of newsletters and marketing campaigns
  • Google LLC (United States) — audience measurement via Google Analytics and Google Search Console (integrated through Site Kit)
  • Meta Platforms, Inc. (United States) — running the “Le Cercle New Black” club on WhatsApp (only if you voluntarily join)

Your data may also be disclosed to administrative or judicial authorities where required by law.

6. Transfers outside the European Union

Some of our processors are established in the United States (Cloudflare, Google, Meta). These transfers are covered by the following safeguards:

  • Adherence to the Data Privacy Framework (DPF) between the European Union and the United States, validated by the European Commission’s adequacy decision of 10 July 2023
  • Standard Contractual Clauses (SCCs) of the European Commission, where applicable
  • Additional technical and organisational security measures (encryption, pseudonymisation)

7. Data security

We implement appropriate technical and organisational measures to protect your data against any loss, unauthorised access, disclosure or destruction:

  • Encryption of exchanges (HTTPS / TLS) across the entire site
  • Passwords hashed in the database
  • Restricted and logged access to sensitive data
  • Regular encrypted backups
  • Regular security updates of the site and plugins
  • Payment processors certified PCI-DSS

8. Your rights

In accordance with Articles 15 to 22 of the GDPR, you have the following rights regarding your personal data at any time:

  • Right of access: obtain a copy of the data concerning you
  • Right of rectification: correct inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”): request the deletion of your data, subject to our legal retention obligations
  • Right to restriction of processing: temporarily freeze the use of your data
  • Right to portability: receive your data in a structured, machine-readable format, or have it transferred to another controller
  • Right to object: refuse certain processing, in particular for direct marketing purposes
  • Right to withdraw your consent at any time, without affecting the lawfulness of processing carried out beforehand
  • Right to set directives regarding the fate of your data after your death

To exercise these rights, you may write to us at [email protected] or by post to our registered office. We may ask you for proof of identity in order to safeguard the security of your data.

We undertake to respond to your request within a maximum of one month of receipt, extendable by two months in case of complexity.

If, after contacting us, you consider that your rights have not been respected, you may lodge a complaint with the French Data Protection Authority (CNIL): cnil.fr/fr/plaintes.

9. Cookies

A cookie is a small file placed on your device when you visit the Site. It allows the Site to recognise your device and remember certain information about your browsing.

9.1. Strictly necessary cookies

Essential for the operation of the Site, they do not require your consent: shopping basket, login session, language preferences, security. Duration: session or 13 months maximum.

9.2. Audience measurement cookies

Placed only with your consent, they help us understand how the Site is used in order to improve it. Tools used: Google Analytics 4 and Google Search Console (via Google Site Kit). Duration: 13 months maximum.

9.3. Managing your cookie preferences

You may at any time accept, refuse or change your cookie preferences via the consent banner displayed on your first visit, or by clearing the cookies in your browser.

10. Minors

The Site is not intended for persons under 15 years of age. We do not knowingly collect data concerning minors without the prior consent of the holder of parental authority. If you become aware that a minor has shared their data with us, please contact us for immediate deletion.

11. Changes to this policy

New Black Cosmetics SAS reserves the right to amend this policy at any time, in particular to reflect changes in legislation or in its activities. The date of the most recent update appears at the top of the page. In the event of substantial changes, you will be informed by email or by a clearly visible notice on the Site.