Privacy Policy

Last Updated: 01/27/2025

Preamble
This Privacy Policy is addressed to you as a user of the website https://pensato.com/ (hereinafter referred to as the “Website”) and aims to inform you about how your personal information may be collected and processed by PENSATO SARL.

Respecting your privacy and personal data is a priority for us, and we are committed to processing your data in strict compliance with the French Data Protection Act of January 6, 1978 (hereinafter “DPA”) as amended, and the EU General Data Protection Regulation of April 27, 2016 (hereinafter “GDPR”).

In any case, we are committed to adhering to the following key principles:

You remain in control of your personal data; and
Your data is processed transparently, confidentially, and securely.

1. Personal Data Definition

Personal data refers to information that can directly or indirectly identify you (“Personal Data”). It includes details such as your name, first name, postal address, email address, and phone number, as well as other information like your purchase history, interactions with customer service, responses to surveys, and products you have viewed.

2. Identity & Contact Information of the Data Controller

The data controller for your information is the limited liability company PENSATO SARL, with a share capital of €146,000, registered with the RCI of Monaco under number 11S05600, whose registered office is located at 2 Blvd d’Italie, 98000 Monaco, MONACO.

For any questions regarding the management and use of your personal data, you can contact us:

By email: contact@pensato.com
By mail: PENSATO SARL, 2 Blvd d’Italie, 98000 Monaco, MONACO
By phone: +377 99 90 52 90 (non-premium number), Monday to Friday, 9 AM to 5 PM.

3. Data Collection & Origin

All data concerning you is collected either directly from you (information provided when registering on the Website, ordering products, or using the contact form available on the Website) or indirectly during your visit to our Website (connection and browsing data).

In any case, your data is collected and processed solely to:

Manage your registration on the Website;
Ensure the delivery of your products;
Provide you with access to all features and services offered;
Offer you commercial promotions;
Improve our services; and
Maintain effective commercial follow-up.

Details on how your data is collected and processed are outlined in this Privacy Policy.

When necessary, we are committed to obtaining your consent and/or allowing you to object to the use of your data for specific purposes, such as sending you commercial offers or placing third-party cookies on your device for audience measurement, targeted advertising, and tailored commercial offers based on your interests.

4. Data Collected and Processed
PENSATO SARL collects and processes data related to the following categories:

Identity Data: such as name, first name, and email address;
Operational and Contractual Data: such as order history;
Commercial Relationship and After-Sales Data: such as delivery issues or claims made to customer service; and
Marketing Data: such as cookies and products viewed.

Some data is automatically collected through your actions on the Website. The mandatory or optional nature of the data is indicated during collection with an asterisk.

5. Purpose of Data Collection
PENSATO SARL collects and processes your personal data for specific purposes. Data is collected particularly during:

The creation of your account on the Website;
Placing an order on the Website;
Browsing the Website and viewing product pages;
Interacting with customer service; and
Engaging with our communications.

Below are the purposes for which your personal data may be processed:

5.1 For the Management and Monitoring of Your Account, Contracts, Orders, Deliveries, Invoices, and Customer Relationship

Identification and Contact Information: such as name, first name, and email address, necessary for your identification when using our services.
Transactional Information: required to process your order (selected items, delivery and billing address, phone number, email address, payment method, anonymized banking data).
Following an order or as part of customer service follow-up, you will automatically receive emails or SMS communications to help track your order or claim (order confirmations, delivery updates, etc.). These service messages are necessary for the proper execution of the orders and services you have requested. Receiving these messages is independent of your preferences for newsletters and promotional offers.
Customer Service Interaction Information: data collected during your calls to our Customer Service team.

5.2 For PENSATO Communications
Following the creation of your account or subscription to the newsletter on the Website—or if you are already subscribed to the PENSATO newsletter—you will receive our newsletter. These newsletters keep you informed about updates and collections. To tailor our email communications, we measure the open rates and clicks on our emails.

The data collected includes:

Email Address: for sending newsletters;
Interaction Data: such as email opens, clicks, and unsubscribe actions.

You can adjust the type of information you wish to receive or unsubscribe at any time by clicking the link at the bottom of each newsletter.

5.3 For Interactions with Customer Service
The PENSATO Customer Service team is responsible for assisting customers or prospects with inquiries related to orders, deliveries, payment methods, products, store locations, or online accounts.

To perform these tasks, they access personal records associated with any order with delivery, account creation, or online purchase that requires customer identification.

Name, first name, email address, phone number, postal address; and
Details related to the order, payment, delivery, or any product-related inquiry.

5.4 Payment Using Bank Data
When you finalize your orders, your payments are secured. Payment data is not collected by PENSATO SARL, only a payment identifier is retained to recognize the card used for payment. Your banking details are collected exclusively by our payment service provider Lyra Collect (https://www.lyra.com/).

5.5 For Compliance with Legal Obligations
As part of our professional activity, we are subject to legal obligations such as invoicing and accounting. To fulfill these obligations, we process information related to any order with delivery, including:

Name, first name, email address, phone number, postal address; and
Details related to the order, payment, delivery, or any product-related inquiry.

6. Recipients of Your Data
Within their respective areas of responsibility and for the purposes outlined in sections 3 and 5, the following individuals or entities may have access to your data:

Authorized personnel from PENSATO SARL’s various departments (administrative, accounting, marketing, sales, logistics, and IT);
Companies responsible for managing the Website;
Companies responsible for transporting and delivering products;
Companies providing online payment services;
Service providers managing our activities (CRM, emailing, invoicing software, data storage, etc.); and
Authorized personnel from our subcontractors (if applicable).

PENSATO SARL remains responsible for the data processing carried out and ensures compliance with data use and security standards.

7. Data Retention Period
We retain your data only for as long as necessary to fulfill the purposes outlined in sections 3 and 5:

7.1 For the Management and Monitoring of Your Account, Contracts, Orders, Deliveries, Invoices, and Customer Relationship
Data related to customer service interactions is retained for the duration of the commercial relationship and up to five (5) years after its conclusion for evidence retention purposes.

7.2 For PENSATO Communications
Data is retained as long as the individual does not unsubscribe from newsletters.

7.3 For Interactions with Customer Service
Data related to customer service interactions is retained for the duration of the commercial relationship and up to five (5) years after its conclusion for evidence retention purposes.

7.4 Payment Using Bank Data
Your bank data is stored by our secure payment provider for no more than thirteen (13) months from the debit date or fifteen (15) months in the case of deferred debit cards, for evidence purposes.

7.5 For Compliance with Legal Obligations
Your data is retained for up to ten (10) years to comply with tax and accounting obligations.

8. Your Rights
Under the DPA and GDPR, you have the following rights:

Right of Access (Article 15 GDPR), Right of Rectification (Article 16 GDPR), and Right to Update or Complete Your Data;
Right to Erasure of your personal data (Article 17 GDPR) when the data is inaccurate, incomplete, ambiguous, outdated, or its collection, use, communication, or retention is prohibited;
Right to Withdraw Consent at any time (Article 13-2c GDPR);
Right to Restriction of Processing (Article 18 GDPR);
Right to Object to the processing of your data (Article 21 GDPR);
Right to Data Portability for data you have provided when it is subject to automated processing based on your consent or a contract (Article 20 GDPR);
Right to Determine the Fate of Your Data After Your Death and to choose whether we may (or may not) share your data with a third party designated by you; and
Right to Request Human Intervention in the case of automated decision-making (Article 22 GDPR).

In the event of your death, and absent specific instructions from you, we commit to deleting your data unless its retention is required for evidence purposes or to meet a legal or regulatory obligation.

You can exercise your rights by sending an email to contact@pensato.com or by mail to the following address:
PENSATO SARL, 2 Blvd d’Italie, 98000 Monaco, MONACO.

9. Connection Data and Cookies
Our Website uses connection data (date, time, internet address, protocol of your device, pages viewed) and cookies (small files stored on your computer) to identify you, remember your visits, including the pages you have viewed, and measure the use of our Website.

You have the option to consent to, refuse, or select the types of cookies you accept to be stored on your devices.

10. Data Security
PENSATO SARL and its subcontractors, if applicable, are committed to implementing all technical and organizational measures to ensure the security of personal data processing and the confidentiality of your data, in compliance with the DPA and GDPR.

PENSATO SARL takes appropriate precautions, given the nature of your data and the risks associated with our processing, to protect data security and prevent it from being altered, damaged, or accessed by unauthorized third parties. Measures include, but are not limited to:

Physical protection of facilities;
Authentication processes for our clients, with secure personal access via confidential usernames and passwords;
Encryption of certain data.