top of page

Privacy Policy

Privacy policy


The Microenterprise offers for sale items on its website

The protection of your privacy and your personal data is important to us. This is why Maison Héliora only collects and uses your personal data in accordance with the legal provisions, in particular the General Data Protection Regulation («RGPD») and the French Law n°78-17 of January 6, 1978, known as Informatiques et Libertés. With this privacy policy, we wish to inform you about the nature, scope and purposes of the collection, use and processing of your personal data.


    1.    Person responsible / Contact


The person responsible for the processing of data within the meaning of the GDPR, other data protection laws in force in the Member States of the European Union and other legal provisions relating to data protection is :


Maison Héliora / Maison Léjuna Microenterprise

277 B chemin du pigeonnier

13150 Boulbon


If you have any questions about data protection, please contact us at or at the postal address given above.



2. Legal basis for the processing and storage of personal data


The processing of personal data requires a legal basis which we would like to present to you below.


For the processing of personal data for which we seek the consent of the data subject, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) of the GDPR serves as the legal basis. Processing operations necessary for the performance of pre-contractual measures are also covered by this provision.

Insofar as the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our enterprise or of a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not override the first-mentioned interest, Article 6(1)(f) of the GDPR shall serve as the legal basis for the processing. The legitimate interest of our enterprise lies in the performance of our business activities as well as in the analysis, optimization, and maintenance of the security of our online offering.


The personal data stored by us are deleted in accordance with legal requirements. We delete data as soon as it is no longer required for the purpose of processing, a given consent is revoked or other authorizations are no longer valid. 

Data that still needs to be stored, for example for commercial or tax law reasons, or whose storage is still necessary to assert, exercise or defend legal rights, are deleted as soon as this is no longer the case. 



3. Automatic collection of website access data


When you visit the website, your device automatically transmits certain data for technical reasons. The following data, which you may transmit to us, are stored: date, time of connection and/or navigation, type of browser, browser language, IP address, location and geolocation data.


The processing of the mentioned data takes place in accordance with Article 6 (1) sentence 1 (f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is stored for purely technical reasons. Data on access to the website is stored for the purpose of error analysis, ensuring system security and logging accesses.


4. Contacting us

If you contact us by e-mail or via the contact form, your data will be saved by us in order to answer your question(s). If you use the contact form on the website, the following data will be processed: First and last name, e-mail address. Required fields are marked with an asterisk. No other data is collected. The only purpose of the registration is to answer your request.

This data is used for the performance of the contract in accordance with Article 6 (1) sentence 1 (b) of the GDPR, as well as for the fulfillment of our legitimate interest in accordance with Article 6 (1) sentence 1 (f) of the GDPR to answer your questions in the context of our business relationship. 


5. Means of payment


Data relating to payment methods (credit card number, expiration date, visual cryptogram, security code) are collected directly by our service providers Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland and PAYPAL. The processing of your payment data takes place for the purpose of concluding a contract and is necessary in accordance with Article 6 (1) sentence 1 (b) of the GDPR. 

Maison Héliora does not have access to your payment data. In order to facilitate your subsequent purchases, and after Maison Héliora has obtained your express consent, you may choose to keep your bank details in your customer account beyond the transaction. You can modify or delete the storage of these bank details in your account at any time. 

For more information on data protection at Stripe and Paypal, see: and


6. Newsletter 


If you have registered for the newsletter on our website, we use your e-mail address to send you the newsletter regularly and to send you interesting information about our company. 

The legal basis for sending the newsletter is your consent (‘Article 6, paragraph 1, sentence 1, point a) of the GDPR). You can revoke your consent at any time to no longer receive the newsletter. 

To do so, you can click on «unsubscribe» at the end of the newsletter e-mail. You can also send us an e-mail to or a letter. 


For sending the newsletter, we use Ascend by Wix. LTD Foreign company, registered in the Commercial Register under number 808 452 825, registered office: 40 PORT OF TEL AVIV, TEL AVIV JAFFA 6350671. 

For more information about Wix’s processing of personal data, see


7. social media 

Our website uses features of Instagram, a social network of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. 


We want to use this presence to communicate with our active customers, interested persons and users and inform them about our services and our company through this.

The processing of the personal data of the users active there is based on our legitimate interests in communicating and transmitting information to and with the users. If, in the context of the relevant social platform, users have given their consent to the processing of data, the processing is carried out on the basis of this consent. 


If you visit our social media site, we are responsible, together with Instagram, for the data processing processes triggered during this visit. In principle, you can assert your rights both against us and against the operator of the relevant social platform.

We would like to point out that, despite the joint responsibility, we do not have full influence on the data processing processes of the social platform.


You can find more information on this in the Instagram data protection declaration at



8. Server Logfiles


The provider of the pages automatically collects and saves information in so-called server log files, which your browser automatically transmits to us. This information includes:


    - browser type/version

    - operating system used

    - Referrer URL

    - Host name of the computer accessing the site

    - Time of server request


This data cannot be attributed to specific individuals. We do not aggregate this data with other data sources. We reserve the right to check this data at a later date if we become aware of concrete indications of illegal use.



9. Cookies 

When you browse the website, information about your browsing activities may be stored by means of so-called «cookies» or «trackers». Cookies are small text files deposited on your computer and stored by your browser.


In accordance with the recommendations of the CNIL, certain cookies that are «technically necessary» for the operation of the Maison Héliora site or that are intended to allow or facilitate the transmission of communications by electronic means are exempt from the need to obtain your prior consent.

They are used to facilitate your customer experience on the site (information entered in forms, management and security of access to reserved and personal areas such as the customer account and the management of the shopping cart, automatic connection to your customer account) and to measure the traffic on our site.

If you delete these cookies, you may no longer be able to use the functions for which they are required.


Other cookies, which require your prior consent, are used to display ads tailored to your browsing and profile, to allow you to share content on social networks and to optimize our advertising campaigns on social networks.


These cookies are issued to :

- Establish visit statistics (number of visits, pages viewed, abandonment during the order process, etc.).

- Adapt the presentation of the site to the display preferences of the terminals.

Capture d’écran 2022-11-09 à 18.45.00.png
Capture d’écran 2022-11-09 à 18.45.23.png

10. Data security

Your connections to our website and applications are protected by state-of-the-art encryption techniques. The level of protection also depends on the type of encryption supported by your Internet browser or mobile device. We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. 



11. Your rights

In accordance with the GDPR, you have the following rights, which you can assert with us:  

    - Right of access to the processed data and a right to a copy, 

    - Right of rectification if we process incorrect data about you, 

    - Right to erasure, unless exceptions apply to the reasons for which we still retain the data, e.g. retention obligations or limitation periods

    - Right to limit the processing, 

    - Right to revoke consents to data processing at any time, 

    - Right to data portability. 


In addition, you can object to the further processing of your data if we process your data on the basis of a legitimate interest (Article 6 (1) sentence 1 (f), Article 21 GDPR). If we process your data for the purpose of direct advertising, you have a general right of objection. If we do not process your data for advertising purposes, the objection requires the indication of reasons arising from your particular situation.


You also have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data, for example with the data protection supervisory authority responsible for us: 


Commission nationale de l’informatique et des libertés (CNIL)

3 Place de Fontenoy

TSA 80715

75334 PARIS CEDEX 07



12. Changes to the Privacy Policy

We reserve the right to change this privacy statement. The current version of the privacy statement can be viewed at any time on our website.


Last updated: November 2022

bottom of page