Privacy policy
This privacy policy informs users of this website about how their personal data is collected and processed, in accordance with French Law No. 78-17 of 6 January 1978 as amended, and Regulation (EU) 2016/679 of 27 April 2016 (GDPR).
Article 1. Definitions
The following terms, beginning with a capital letter, are defined as follows:
Data Controller:
TYLAË GIU, a single-member limited liability company (EURL) with a share capital of €1,000, whose registered office is located at 58 rue de Monceau, 75008 Paris, France, registered with the Paris Trade and Companies Register under number 984 382 283, represented by Ms. Melany Bourguignon, in her capacity as Manager.
Website:
The website operated by the Data Controller.
User:
Any person accessing and browsing the Website.
Personal Data:
Any information relating to an identified or identifiable natural person (e.g., first and last name, age, email or postal address, location data, etc.).
Processing of Personal Data:
Any operation or set of operations performed on Personal Data, regardless of the means used (collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission or dissemination, or any other form of making data available, alignment, etc.).
Article 2. Processing of Personal Data
Browsing the Website
While browsing the Website, the Data Controller may automatically collect technical data about your device, actions, and browsing patterns, particularly through cookies.
Please refer to the cookie policy below for more information about the purpose of the data processing, retention periods, and your rights.
Contact Form
When you submit a request via the contact form, the Data Controller collects your name and your email address, as well as any information you may include in your message. We encourage you not to share any sensitive information in your message.
The legal basis for the processing is the Data Controller’s legitimate interest.
The data provided as part of a contact request is retained for three (3) years from the date the request is closed. If the contact leads to the conclusion of a contract, the data is retained for the duration of the contract and for the periods required to comply with legal and regulatory obligations.
Newsletter Subscription
When you subscribe to the newsletter, you consent to receive promotional and advertising information by email. You provide your email address, first and last name, and optionally your date of birth and bra size (including the size system used).
The legal basis for this processing is consent. You may withdraw your consent at any time by clicking the unsubscribe link included in each email.
The Data Controller may also send you marketing communications by email regarding products and services similar to those already provided.
The legal basis for this processing is the Data Controller’s legitimate interest. You may unsubscribe at any time by clicking the link provided in each email.
Your email address will be retained until you unsubscribe or for three (3) years following the last contact with the Data Controller (e.g., clicking a link in an email).
Before deleting your email address, the Data Controller may contact you to confirm whether you wish to maintain your subscription.
Subscription to SMS Alerts
When you subscribe to SMS alerts, you consent to receiving promotional and marketing information by SMS. For this purpose, you provide your mobile phone number.
The legal basis for this processing is consent. You may withdraw your consent at any time by clicking on the unsubscribe link included in each SMS.
The Data Controller may send you commercial communications by SMS relating to products and services similar to those already provided.
The legal basis for this processing is consent. You may withdraw your consent at any time by clicking on the unsubscribe link included in each SMS.
Your mobile phone number is retained until you unsubscribe, or for three (3) years from the last contact between you and the Data Controller (e.g., clicking on an element within an SMS). Before deleting your phone number from the database, the Data Controller may contact you to ask whether you wish to keep your subscription to SMS alerts.
Customer Account Creation
When creating a customer account, the following Personal Data are collected: name, surname, and email address.
The legal basis for this processing is the performance of contractual or pre-contractual measures.
Customer account data is retained for two (2) years after your last login.
Before permanent deletion, you will receive an email inviting you to confirm whether you wish to keep or delete your account.
Order Processing
When you place an order, you provide a number of personal data necessary for processing your order (invoice management, delivery and payment, tracking, customer reviews management and after-sales service): name; surname; postal address; email address; phone number for delivery.
This information is intended solely for the Data Controller, who may transmit it to partners, particularly logistics partners, strictly for the purpose of processing the order.
The legal basis for this data processing is the performance of the contract concluded when placing the order online.
The following retention periods apply to personal data collected in connection with orders placed on the site:
• Pending, failed, or cancelled orders: 6 months
• Completed orders: 2 years in active storage, then 3 years in intermediate archiving
• Invoices: 10 years in intermediate archiving
User Questionnaire
The information collected in the questionnaire is stored in a computerised file managed by the Data Controller.
The legal basis for the processing is consent.
Data marked with an asterisk in the questionnaire must be provided. They are retained for a period of 3 years.
Customer Reviews
When you submit a review for a product after purchasing it, the Data Controller collects your name and email address as well as any information you may include in your message. We encourage you not to include any sensitive information in your message.
The legal basis for this processing is consent. You may withdraw your consent at any time by sending an email requesting the removal of your review to the contact details indicated in Article 6.
Data provided as part of a customer review are retained for three (3) years from the date the review is posted on the site.
Article 3. Data Recipients
The Data Controller may share your data with the following categories of recipients:
-
Authorized internal staff in the performance of their duties;
-
Service providers for newsletter ;
-
Subcontractors assisting in the Data Controller’s operations, all of whom are contractually bound to maintain data security and confidentiality, process data lawfully, and act only on instructions from the Data Controller;
-
Professional advisors bound by confidentiality (legal, accounting, banking, insurance);
-
Third parties, when required by public or administrative authorities, by law, or to defend the Data Controller’s rights in court.
Article 4. Data Transfers Outside the European Union
The Data Controller may share your data with service providers located outside the European Economic Area (EEA).
In such cases, the Data Controller ensures that your data is transferred to countries recognized by the European Commission as providing an adequate level of protection, or, where this is not the case, implements appropriate safeguards such as standard contractual clauses approved by the European Commission.
Article 5. Data Security
The Data Controller implements appropriate technical and organizational measures to prevent unauthorized access, alteration, or disclosure of data.
When you provide credit card information during a payment, SSL encryption technology is used to secure your transaction.
Article 6. User Rights and How to Exercise Them
Users have the following rights:
-
Right of access: to obtain confirmation as to whether data concerning them is being processed and access to such data;
-
Right to rectification: to have inaccurate or incomplete data corrected as soon as possible;
-
Right to restriction of processing: to request that processing of their data be limited (data frozen but not deleted);
-
Right to object: to object at any time to the processing of their data, unless the Data Controller has compelling legitimate grounds;
-
Right to withdraw consent at any time (e.g., unsubscribe from the newsletter);
-
Right to data portability: to receive data provided to the Data Controller and transfer it to another controller;
-
Right to give instructions regarding the handling of their data after death.
To exercise these rights, Users may submit a request:
- By email : hello@tylaegiu.com
-
By post: TYLAË GIU EURL, 58 rue de Monceau, 75008 Paris, France
Requests are processed within one (1) month of receipt.
If identity verification is necessary, the Data Controller may request proof of identity, which will be retained for one year. Data relating to the management of your request (title, name, nature of request, response provided) will be stored for three years.
In the absence of specific instructions from the User, post-mortem data will be handled in accordance with applicable French law (Loi Informatique et Libertés).
If you believe that your personal data or your rights have not been respected, you may file a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés):
3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07, France.
Article 7. Updates
This policy may be updated at any time, particularly to reflect new data processing activities or changes in legal or regulatory requirements.
We encourage you to check this page regularly to view the latest version before browsing.
Article 8. Cookie Management Policy
The Data Controller uses cookies.
A “cookie” is a small text file containing information specific to the user, stored on their device and readable only by the server that placed it.
Cookies help us remember your login details, understand how you interact with our content, and improve our services accordingly.
Some cookies are essential for the site’s operation; others are optional and require your consent.
You may configure your browser to block cookies. However, blocking essential cookies may affect website functionality.
No non-essential cookies are placed upon your arrival on the site. A pop-up window allows you to manage your preferences — accept all cookies, continue without accepting, or configure individual choices. You may change your preferences or withdraw consent at any time via the dedicated interface or link provided.
| Name | Description | Category | Provider | Duration |
|---|---|---|---|---|
| cookieconsent_status | This cookie is associated with the app Consentmo GDPR Compliance and is used for storing the customer's consent. | Necessary | Consentmo | 1 year |
| cookieconsent_preferences_disabled | This cookie is associated with the app Consentmo GDPR Compliance and is used for storing the customer's consent. | Necessary | Consentmo | 1 day |
| _ab | Used to control when the admin bar is shown on the storefront. | Necessary | Shopify | 1 year |
| _abv | Persist the collapsed state of the admin bar. | Necessary | Shopify | 1 year |
| _checkout_queue_token | Used when there is a queue during the checkout process. | Necessary | Shopify | 1 year |
| _identity_session | Merchant authentication: Main session cookie for Identity authentication. This is the underlying Rails session cookie. It contains the SID. | Necessary | Shopify | 2 years |
| _master_udr | Permanent device identifier. | Necessary | Shopify | Session |
| _merchant_essential | Contains essential information for the correct functionality of merchant surfaces such as the admin area. | Necessary | Shopify | 1 year |
| _pay_session | The Rails session cookie for Shopify Pay | Necessary | Shopify | Session |
| _shopify_country | Used for Plus shops where pricing currency/country is set from GeoIP by helping avoid GeoIP lookups after the first request. | Necessary | Shopify | 30 minutes |
| _shopify_essential | Contains essential information for the correct functionality of a store such as session and checkout information and anti-tampering data. | Necessary | Shopify | 1 year |
| _shopify_essential_ | Contains an opaque token that is used to identify a device for all essential purposes. | Necessary | Shopify | 1 year |
| _shopify_test | Used to check cookie capabilities on the client. | Necessary | Shopify | 1 minute |
| _storefront_u | Used to facilitate updating customer account information. | Necessary | Shopify | 1 minute |
| _tracking_consent | Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region. | Necessary | Shopify | 1 year |
| auth_state_* | Stores authentication state before redirecting customers to third party for authentication. | Necessary | Shopify | 25 minutes |
| cart | Contains information related to the user's cart. | Necessary | Shopify | 2 weeks |
| cart_currency | Used after a checkout is completed to initialize a new empty cart with the same currency as the one just used. | Necessary | Shopify | 2 weeks |
| checkout | Used by checkout to identify the user. | Necessary | Shopify | 21 days |
| checkout_token | Used by checkout to identify the user. | Necessary | Shopify | Session |
| customer_account_locale | Used to keep track of a customer account locale when a redirection occurs from checkout or the storefront to customer accounts. | Necessary | Shopify | 1 year |
| discount_code | Stores a discount code (received from an online store visit with a URL parameter) in order to the next checkout. | Necessary | Shopify | Session |
| hide_shopify_pay_for_checkout | Set when a buyer dismisses the Shop Pay login modal during checkout, informing display to buyer. | Necessary | Shopify | Session |
| identity-state | Stores a hash of the oauth flow state between redirects. | Necessary | Shopify | 1 day |
| identity_customer_account_number | Stores an identifier used to facilitate login across the customer's account and storefront domains. | Necessary | Shopify | 12 weeks |
| in_checkout_profile_preview | Used to determine if a merchant is in a checkout profile preview session. | Necessary | Shopify | Session |
| keep_alive | Used when international domain redirection is enabled to determine if a request is the first one of a session. | Necessary | Shopify | Session |
| localization | Used to localize the cart to the correct country. | Necessary | Shopify | 2 weeks |
| login_with_shop_finalize | Used to facilitate login with Shop. | Necessary | Shopify | 5 minutes |
| master_device_id | Merchant authentication: Permanent device identifier, public version. | Necessary | Shopify | 1 year |
| order | Used to allow access to the data of the order details page of the buyer. | Necessary | Shopify | 3 weeks |
| profile_preview_token | Used for previewing checkout customizations. | Necessary | Shopify | 5 minutes |
| shop_pay_accelerated | Indicates if a buyer is eligible for Shop Pay accelerated checkout. | Necessary | Shopify | 1 year |
| shopify_pay | Used to log in a buyer into Shop Pay when they come back to checkout on the same store. | Necessary | Shopify | 1 year |
| shopify_pay_redirect | Used to accelerate the checkout process when the buyer has a Shop Pay account. | Necessary | Shopify | 1 year |
| skip_shop_pay | Disables Shop Pay as a payment method for a checkout. | Necessary | Shopify | 1 year |
| storefront_digest | Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected. | Necessary | Shopify | 1 year |
| theme | Used to determine the theme of the storefront. | Necessary | Shopify | 1 weeks |
| user | Used in connection with Shop login. | Necessary | Shopify | 1 year |
| user_cross_site | Used in connection with Shop login. | Necessary | Shopify | 1 year |
| _landing_page | Capture the landing page of visitor when they come from other sites. | Statistics | Shopify | 2 weeks |
| _merchant_analytics | Contains analytics data for the merchant session. | Statistics | Shopify | 1 year |
| _orig_referrer | Allows merchant to identify where people are visiting them from. | Statistics | Shopify | 2 weeks |
| _shopify_analytics | Contains analytics data for buyer surfaces such as the storefront or checkout. | Statistics | Shopify | 1 year |
| _shopify_ga | Contains Google Analytics parameters that enable cross-domain analytics measurement to work. | Statistics | Shopify | Session |
| _shopify_s | Used to identify a given browser session/shop combination. Duration is 30 minute rolling expiry of last use. | Statistics | Shopify | 30 minutes |
| _shopify_y | Shopify analytics. | Statistics | Shopify | 1 year |
| shop_analytics | Contains the required buyer information for analytics in Shop. | Statistics | Shopify | 1 year |
| _shopify_marketing | Contains marketing data for buyer surfaces such as the storefront or checkout. | Marketing | Shopify | 1 year |
| __kla_id | When Klaviyo’s JavaScript is enabled, the __kla_id cookie can track and identify site visitors through an auto-generated ID. This cookie can temporarily hold personally identifiable information. Once a visitor is identified, the cookie can pass their data into Klaviyo. | Marketing | Klaviyo | 2 years |
| VISITOR_INFO1_LIVE | Tries to estimate the users' bandwidth on pages with integrated YouTube videos. Also used for marketing | Marketing | Youtube | 179 days |
| VISITOR_PRIVACY_METADATA | Youtube visitor privacy metadata cookie | Marketing | Youtube | 180 days |
| shopify_override_user_locale | Used as a mechanism to set User locale in admin. | Preferences | Shopify | 1 year |
| YSC | Registers a unique ID to keep statistics of what videos from YouTube the user has seen. | Preferences | Youtube | Session |
Last updated: November 2025