🌸 Mother's Day is coming soon · The ready-to-gift box → Free shipping in France from €50 · Shipped within 24 h 🎁 First order: -15% with code BIENVENUE15 · Get my code → 4.9/5 on Google · 166 verified reviews 💄 Discover our Signature Rituals · -15% included
Skip to content

Privacy Policy

Last updated: May 15, 2026

At New Black Cosmetics, protecting your personal data is a priority. This policy clearly and transparently explains how we collect, use, store and protect your information when you visit our website, create an account or place an order on newblackcosmetics.com.

It is established in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and the French Data Protection Act of January 6, 1978, as amended (Loi Informatique et Libertes).

1. Data Controller

The controller of your personal data is:

New Black Cosmetics SAS
34 Avenue des Champs-Elysees, 75008 Paris, France
Paris Trade and Companies Register (RCS) 914 912 282
Email: [email protected]

New Black Cosmetics SAS has not appointed a Data Protection Officer (DPO), as such appointment is not mandatory given the nature and scope of its processing activities. Any question regarding your personal data may be sent to [email protected].

2. Data Collected

We only collect data strictly necessary for the purposes described below. You provide some information directly (forms, orders, account); other data is collected automatically (browsing, cookies).

2.1. Data You Provide Directly

  • Identity: title, first name, last name
  • Contact details: postal address (shipping + billing), email, phone number
  • Customer account: username, password (encrypted), order history, wishlist
  • Order & payment: products ordered, amounts, payment method (full payment card details never pass through our servers — see section 5)
  • Customer service exchanges: messages, attachments, history of inquiries through our contact form or by email
  • Marketing preferences: consent to receive our newsletter, communication preferences

2.2. Data Collected Automatically

  • Browsing data: IP address, device type, browser, operating system, pages viewed, visit duration, referrer
  • Cookies and trackers: see section 9 “Cookies”

3. Purposes and Legal Bases

Each processing of your data relies on a specific legal basis, in accordance with Article 6 of the GDPR:

3.1. Performance of Contract

  • Creating and managing your customer account
  • Processing and shipping your orders
  • Managing payment and invoicing
  • Shipment tracking (transmission to the carrier)
  • Handling returns, refunds and warranties
  • Responding to customer service inquiries

3.2. Consent

  • Sending our newsletter and marketing communications (explicit opt-in)
  • Placement of non-strictly-necessary cookies (analytics, audience measurement)
  • Subscription to the WhatsApp club “Le Cercle New Black”

3.3. Legal Obligations

  • Retention of invoices and accounting records (10 years, French Commercial Code)
  • Payment fraud prevention
  • Responses to judicial or administrative requisitions

3.4. Legitimate Interest

  • Improving the shopping experience and our products
  • Site security (detection of suspicious behavior, intrusion prevention)
  • Commercial solicitations for similar products to existing customers (Article 21 GDPR, right to object guaranteed at any time)

4. Retention Periods

  • Customer account: duration of the contractual relationship, then 3 years after the last purchase or last login (commercial prospect), before archiving or deletion
  • Orders & invoices: 10 years from the close of the accounting year (legal obligation)
  • Payment data: not retained by New Black Cosmetics (managed by payment providers, see section 5)
  • Newsletter & marketing consents: until consent is withdrawn, then archived for 3 years as proof
  • Analytics cookies: 13 months maximum (CNIL recommendation)
  • Connection / security logs: 12 months maximum
  • Customer service exchanges: 3 years from the last contact

5. Recipients and Sub-Processors

Your data is never sold or transferred to third parties. It is strictly reserved for the New Black Cosmetics SAS teams and our technical sub-processors, who act under our responsibility under an agreement compliant with Article 28 of the GDPR.

  • Hostinger International Ltd (Cyprus, EU) — website hosting and transactional emails
  • Cloudflare, Inc. (United States) — CDN proxy and network security
  • Stripe Payments Europe Ltd (Ireland, EU) — processing of card payments, Apple Pay and Google Pay
  • PayPal (Europe) S.a r.l. et Cie, S.C.A. (Luxembourg, EU) — processing of PayPal payments and pay-in-installments
  • La Poste / Colissimo (France, EU) — home delivery
  • Mondial Relay (France, EU) — pickup point delivery
  • Brevo (formerly Sendinblue) (France, EU) — sending newsletters and marketing campaigns
  • Google LLC (United States) — audience measurement via Google Analytics and Google Search Console (integrated via Site Kit)
  • Meta Platforms, Inc. (United States) — operation of the “Le Cercle New Black” club on WhatsApp (only if you voluntarily join)

Your data may also be disclosed to administrative or judicial authorities in case of legal obligation.

6. Transfers Outside the European Union

Some of our sub-processors are established in the United States (Cloudflare, Google, Meta). These transfers are governed by the following safeguards:

  • Adherence to the EU-U.S. Data Privacy Framework (DPF), validated by the European Commission’s adequacy decision of July 10, 2023
  • Standard Contractual Clauses (SCCs) of the European Commission, where applicable
  • Additional technical and organizational security measures (encryption, pseudonymization)

7. Data Security

We implement appropriate technical and organizational measures to protect your data against loss, unauthorized access, disclosure or destruction:

  • Encryption of communications (HTTPS / TLS) across the entire site
  • Encrypted (hashed) passwords in our database
  • Restricted and traced access to sensitive data
  • Regular encrypted backups
  • Regular security updates of the site and plugins
  • Payment sub-processors certified PCI-DSS

8. Your Rights

In accordance with Articles 15 to 22 of the GDPR, you have the following rights over your personal data at any time:

  • Right of access: obtain a copy of the data concerning you
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”): request deletion of your data, subject to our legal retention obligations
  • Right to restriction of processing: temporarily freeze the use of your data
  • Right to portability: receive your data in a structured, machine-readable format, or have it transferred to another controller
  • Right to object: refuse certain processing, in particular for direct marketing purposes
  • Right to withdraw your consent at any time, without affecting the lawfulness of previous processing
  • Right to set directives regarding the fate of your data after your death

To exercise these rights, you may write to us at [email protected] or by mail to our registered office address. We may request proof of identity to ensure the security of your data.

We commit to responding to your request within a maximum of one month from its receipt, extendable by two months in case of complexity.

If, after contacting us, you believe your rights are not respected, you may lodge a complaint with the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertes — CNIL): cnil.fr/fr/plaintes.

9. Cookies

A cookie is a small file placed on your device when you visit the Site. It allows the Site to recognize your device and store certain information about your browsing.

9.1. Strictly Necessary Cookies

Essential to the operation of the Site, they do not require your consent: shopping cart, login session, language preferences, security. Duration: session or 13 months maximum.

9.2. Audience Measurement Cookies

Placed only with your consent, they help us understand how the Site is used in order to improve it. Tools used: Google Analytics 4 and Google Search Console (via Google Site Kit). Duration: 13 months maximum.

9.3. Managing Your Cookie Preferences

You can accept, refuse or modify your cookie preferences at any time via the consent banner displayed on your first visit, or by clearing cookies in your browser.

10. Minors

The Site is not intended for persons under 15 years of age. We do not knowingly collect data concerning minors without the prior consent of the holder of parental authority. If you discover that a minor has provided us with their data, we invite you to contact us for immediate deletion.

11. Changes to This Policy

New Black Cosmetics SAS reserves the right to modify this policy at any time, in particular to adapt it to changes in legislation or its activities. The last update date appears at the top of the page. In case of substantial modification, you will be informed by email or by a clearly visible notice on the Site.