Privacy policy

Version updated on 28 September 2018

We attach great importance to the protection of your personal data. As such, when collecting and processing it we are guided by these four principles:


  • Transparency: we explain what we collect and why we collect it, so that you can make the most well-informed decision possible;
  • Security: all the data that you have entrusted to us benefits from strong security;
  • Legal guarantees: we respect data protection laws;
  • User benefit: when we collect data, it is in order to improve the service and experience we offer, on our websites and with our apps.


These principles are the foundations on which we wish to grow: in an increasingly connected world, we choose to give our users the widest possible control of their data and to protect the data that is entrusted to us. Our aim is to offer you the best services.


This Privacy Policy is therefore intended to provide you with a more detailed overview of our approach to your personal data, to explain those cases in which we still need to collect information about you, the reasons we therefore collect this data, and how we use it. It also outlines the security measures we use to protect its confidentiality, and remind you of your rights and how to exercise them.







This Privacy Policy (hereinafter "the "Policy") intends to inform you of our practices regarding the collection, use and sharing of information that you provide or that we collect through our website the "Website") or our mobile applications (the "Apps"); and tell you how to exercise your rights.


The Regulations on Personal Data (hereinafter the "Regulations") encompass the regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (regulation known as "GDPR") and any text that might apply these.


Personal data (hereinafter "Personal data") refers to any information relating to an identified or identifiable natural person who may be identified personally, directly or indirectly, in particular by means of an identifier, such as a surname, first name, an identification number, location data or an online username. The data we collect may therefore include your strictly personal data, insofar as it allows you to be identified as a particular person. Conversely, some data does not allow us to identify you directly, such as your profession or your browsing data (the type of browser, terminal and operating system, the path followed on the website, etc.) but is nevertheless considered as Personal Data because it is attached and/or attributable to the former.


This Policy is an integral part of the terms and conditions of sale on the Website and the conditions of use of the Apps. By accepting the general conditions of sale of the Website and the conditions of use of the Apps you expressly accept the provisions of this Policy.


Please read this document carefully in order to be aware of and understand the practices regarding the processing of your Personal Data that we implement and the rights that you are entitled to.





When you use our Website and/or our Apps, your consent will be required prior to any collection of your Personal Data. Kytatoo and its affiliates may exchange such Personal Data and use it in accordance with this Policy. You do not have to give us all of the Personal Data that we ask for. However, if you choose not to share it, access to certain services implemented by our Website and/or our Apps may be limited.


Any information that you may have provided to Kytatoo during your visits to our Website or when using our Apps is strictly confidential. Among other things, this information is necessary for processing orders on the Website or implementing the services offered by the Apps.


For more information, please consult the table that appears in Appendix 1, summarising how Kytatoo processes Personal Data through its Website and Apps.


2.1.        Legal basis for the processing of Personal Data


In accordance with the Regulations, most of the processing referred to in this Policy has received your prior consent.


The primary purpose of this processing is to carry out our contractual obligations in relation to the services offered on the Website and/or our Apps. Some of the processing that we carry out can also be dictated by a legal obligation incumbent upon us or based on a legitimate interest such as combating fraud.



2.2.        Types of Personal Data collected by Kytatoo


  1. Personal Data that you share with us


When you use the Website and/or the Apps, you may be required to voluntarily share your Personal Data with us. Most particularly, this Personal Data is transmitted to Kytatoo when:


  • You create a Kytatoo user account via the Website and/or the Apps;
  • You use the Website and/or the Applications;
  • You take part in competitions, surveys;
  • You contact our Customer Services Department. 


These Personal Data includes the following elements: your surname, first name(s), password, email address, date of birth, telephone number. The optional nature of the data is communicated to you when it is collected.


  1. Personal data that Kytatoo automatically collects 


By browsing our Website and/or using our Apps, we may automatically collect certain data, cookie data, your login details, your browsing data, the type of Terminal you use to access or connect to the Website and/or Apps. You will find more details about the technical data that we process in Article 11 "Cookie Information".


  1. Personal data that Kytatoo obtains from third parties


If you download an app through an app download platform and make in-app purchases, if you connect to our Website and/or our Apps via social media, we will have access to certain Personal Data in accordance with the general conditions of use of the platforms and the social network concerned (for more details on social media, please refer to article 7 "Using social media").



2.3.        Authorisation to access the features of the Terminal


Our Apps use a tablet, smartphone, phone, etc. (hereinafter the "Terminal"). A request to access the geolocation services or storage of the Terminal may be required for the proper functioning of our Apps. We invite you to read the instructions on your Terminal to learn how to modify the authorisation settings granted to an app and to control the sharing of personal details or access to the storage of the Terminal. Under no circumstances will Kytatoo collect Personal Data relating to these authorisations. Any collection and processing of your Personal Data will result in the prior collection of your consent, as mentioned in this Article 2.




We keep your Personal Data as long as necessary, particularly to fulfil our contractual obligations, comply with our legal obligations or resolve disputes. We retain some of your Personal Data for as long as you have a kytatoo account.


Upon your request, we will delete or anonymize your Personal Data so that you can no longer be identified, unless the law authorises or compels us to retain certain Personal Data, particularly in the following situations:


  • If there is an unresolved issue with your account, such as an outstanding debt or an unresolved claim or litigation, we will retain the necessary personal data until the issue is resolved;
  • If we are required to retain personal data as a result of legal, tax, auditing and accounting obligations, we will retain the necessary personal data for the period required by the applicable law; and/or
  • If this data is required for our legitimate interests, such as fraud prevention or the security of our users.


In all other circumstances, we will retain your Personal Data for a period that we deem reasonable.


For more information, please consult the table that appears in Appendix 1, summarising how long Kytatoo retains your Personal Data for processing it via its Website and Apps.





We will not transmit your Personal Data to third parties who may use it for commercial purposes without your express consent. 


We may share Personal Data with other entities of the Kytatoo Group within the scope of this Policy. Entities of our group refers to any company owned or controlled directly or indirectly by Kytatoo.


In accordance with applicable law and with your consent when required, we may aggregate the Personal Data that we receive or send to our business partners, including any or all of your Data collected via cookies.


We rely on trusted third parties to carry out various operations on our behalf. We can provide them with the information they need to carry out a given service and request that they do not use your Personal Data for any other purposes. We may be required to transfer certain Personal Data to them if it is required for (i) the operation, management, maintenance of our Website and/or our Apps; (ii) ensuring that the tasks necessary for the fulfilment of your order on the Website (technical services, payment services, verification of identity) are completed or ensuring the fulfilment of the services offered by the Apps; (iii) implementing certain elements of the after-sales service; (iv) combating fraud; (v) responding to requests from the authorities.


Your Personal Data may therefore be transferred to a third party when we have a legal obligation to do so or if we believe in good faith that this is necessary to (a) comply with any legal request; (b) comply with any requests from the authorities; (c) in an emergency involving public health or the physical integrity of a person; (d) in the course of enquiries and investigations; or (e) to secure the rights, property and safety of Kytatoo and more generally any third party.





We store your Personal Data in servers located in the European Union. However, it is possible that the Personal Data we collect when you use our Website and/or our Apps are transferred to other countries, some of which may have less protective personal data protection legislation than the one in force in the country where you reside. We undertake to take all the measures required to ensure that contractual commitments with these third parties are in accordance with the Regulations. These measures may include checking the standards applied by these third parties for the protection of personal data and security and/or the signing of appropriate contracts (based on the model adopted by the European Commission).


We can use the services of subcontractors located outside the European Union, particularly for managing your order on the Website, responding to your requests for after-sales services, providing online payment tools and providing us with commercial and advertising services. This is also the case for Kytatoo affiliates located outside the European Union to whom we may transfer some of your Personal Data for the purposes of providing our services in those countries.


For more details on the transfer of your Personal Data outside the European Union, please contact us at the following address:





6.1          Rights relating to your Personal Data


In accordance with the Regulations in force, you have a set of rights relating to the Personal Data relevant to you, including:


  • A right of access: you can obtain a copy of all your data processed by Kytatoo, as well as information about the nature of the processing of your data.


  • A right to rectification: you can obtain the rectification and/or completeness of your inaccurate and/or incomplete data.


  • A right to erasure: you can obtain the erasure of your data when (i) this data is no longer necessary for the purposes for which it was collected, (ii) you exercise your right to oppose the processing concerned, or (iii) the processing concerned is illicit. However, this right does not apply when it is necessary for Kytatoo to store your data to comply with a legal obligation or to exercise rights in court;


  • A right to restriction of processing: you can obtain a restriction of processing of your data when you dispute the accuracy of the data for a period of time that allows Kytatoo to carry out the appropriate verifications. It is the same when Kytatoo no longer needs the data but it is still required by you to defend a right in court, or when you exercise your right of opposition, for the time required by Kytatoo to examine your request. When such a limit is put in place, the data can only be processed, except for its retention, with your consent or for the defence of a right in court.


  • A right to portability: you can obtain the data that you have provided to Kytatoo and which is used by Kytatoo as part of the processing necessary to fulfil your contract, in a structured, commonly used and machine-readable format, and its transmission by Kytatoo to another provider where this is technically possible.


  • A right to object: you can request that Kytatoo, for reasons relating to your particular situation, stops processing your data in order to pursue its legitimate interests. Kytatoo will then cease such processing unless it justifies its legitimate and compelling interests over your rights and freedoms.


  • A right to define general and specific guidelines defining the manner in which you intend to exercise the above rights after your death.


You also have the right to lodge a complaint with the French supervisory authority or that of the country in which your habitual residence is located if you consider that the processing carried out by Kytatoo violates the provisions of the European Regulation on the protection of personal data. As an example, in France, the supervisory authority in charge of compliance with personal data obligations is the Commission Nationale de l'Informatique et des Libert├ęs (CNIL).



6.2          Procedure for exercising your rights


To exercise your rights over your Personal Data, you can email your request to the address giving your surname, first name, email address and if possible your customer reference. In accordance with the regulations in force, your application must be signed and accompanied by a photocopy of an identity card bearing your signature and provide the address to which we must send you our response.


Please note that we may retain certain information about you when required by law or if there is a legitimate interest such as fraud. For example, this is the case if we consider that you have committed a fraud or violated the Terms of Use of the Website and/or Apps and we want to prevent you bypassing the rules applicable to our community.




7.1.        Login to your Kytatoo account via a social media site


You have the option of connecting to your Kytatoo account through a social media site, which makes it easier to register or connect to our Website and/or our Apps. A first connection via a social media site means that you will always be able to connect to your Kytatoo account this way. You can unlink these accounts at any time if you wish.


We draw your attention to the fact that if you decide to let us access some of your information, including your Personal Data, through connection services provided by our business partners, their privacy policies can also legally bind you. We have no control over the collection or processing of your Personal Data carried out by our business partners on their own platform.


When you choose to connect to your Kytatoo account via a social media site, the social media site may ask you to share information with Kytatoo. If you choose to share information, the social media site will usually ask you to specify what information you want to share. This information may include but is not limited to your email address, first and last name, age, and any profile photos saved to your social media account.



7.2.        Social media plug-ins


Social media plug-ins may be present on the Website and Apps. By clicking on one of these buttons (for example Facebook's "Share" button), information is exchanged with the social media site concerned. If you are connected to the social media site at the same time, information may be relayed to your account by the social media site. This social media site can also display it on your profile and share it with other members of your network.





In order to ensure the protection and confidentiality of the Personal Data communicated to us, we use the technical, physical and procedural control measures that are implemented during the collection, processing and transfer of your Personal Data. As such, we have put in place various measures, including pseudonymisation, encryption, access and retention policies.


We also apply security procedures limiting the use and access to your Personal Data on our servers. Only authorised personnel are permitted, in the course of their work, to access your Personal Data.





In accordance with the European Regulation on Personal Data, the collection of Personal Data of a child under 16 is permitted only with the valid consent of the person who has parental authority. If you are under the age of 16 and do not have the consent of your parent or legal guardian, please do not provide any Personal Data. If we learn that we have collected the Personal Data of a child under the age of 16 without the valid consent of the parent or legal guardian, we will remove them unless otherwise agreed by the parent or legal guardian.





For the purposes of paying for orders, bank details are collected and kept by our service providers in terms of payment. These comply with the PCI-DSS requirements, an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and thus secure the protection of card and transaction data.





When you visit our Website, files are placed on your Terminal. These files, called Cookies, are intended to collect information about your browsing and allow us to be attentive to your needs and expectations. We use cookies, for example, to identify you and access your Kytatoo account and manage your order basket.


This section allows you to better understand how cookies work and how to use current tools to configure them.



11.1.      What is a cookie?


A cookie is a small text file placed on your Terminal when visiting a website or looking at an advertisement. Their purpose is to collect information about your browsing or to ensure the consistency of browsing from one page to another on the websites and also to send you personalised services.


On your Terminal, cookies are managed by your internet browser.



 11.2.     The different issuers of cookies


  1. Kytatoo cookies


These are cookies deposited by Kytatoo on your Terminal to meet requirements for browsing, optimisation and customisation of the services on our Website.


  1. Cookies from third parties


These are cookies deposited by Kytatoo partner companies, but may also be deposited when you click on banner ads on our Website.


These are cookies deposited by third-party companies (for example advertising agencies or partners) to identify your interests through the apps you look at on our Website and customise the advertising offer provided to you on our Website or outside our Website. They can be deposited while you are browsing our Website or when you click in the advertising spaces of our Website. The data transmitted by these cookies is anonymous and no personalised data is transferred. We do not control the cookies placed outside the Kytatoo website by the advertising agencies that act on their own behalf.


In the context of advertising partnerships, we may send partners who act on our behalf data concerning the apps consulted on our Website. We make sure that the partner companies (i) agree to treat the information collected on our Website exclusively for the purposes of Kytatoo and in accordance with our instructions, in accordance with the Regulations in force; and (ii) undertake to implement appropriate measures to secure and protect the confidentiality of Personal Data.



11.3.      The cookies used


  1. Strictly necessary cookies


Our Website uses cookies necessary for its proper functioning. They allow you to use the main features of our Website (for example the use of the shopping cart or access to your account). Without these cookies, you will not be able to use our Website normally.


These are mainly cookies deposited by Kytatoo.



  1.  Analytical cookies


These cookies provide us with information about the use and performance of our Website and improve its operation (for example, finding out the most frequently viewed pages of our Website).


These are mainly cookies deposited by Kytatoo.


  1. Functional cookies


These cookies allow us to personalise your experience on our Website. They also allow you to benefit from our personalised advice and promotional offers according to the origin of your browsing (for example if you come from our partner websites). They can also be used to provide you with features that you have requested (for example, my favourite store or my personalised advice).


  1. Advertising cookies


These are cookies used to present advertisements to you or to send you information adapted to your interests on our Website or outside our Website when browsing the Internet. They are used to limit the number of times you see an advertisement and help measure the effectiveness of an advertising campaign.


The refusal of these advertising cookies has no impact on the use of our Website. However, refusing advertising cookies will not stop advertising on our Website or on the Internet.


It will only result in an ad that does not reflect your interests or preferences being displayed.


These cookies are mainly third-party cookies.


  1. Social media cookies and plug-ins (social media buttons)


These social media cookies are intended to allow users to share pages and content via third-party social media sites. They also make it possible to target the advertising offer on social media sites.


Our Website also uses social media plug-ins or buttons.


Social media plug-ins make it easier to share the pages and contents of our Website on various social media platforms. They allow you for example to like and share information from our Website with your friends on social media sites.


To this end plug-ins use cookies to trace the browsing of users whether you are users of these platforms or not and whether or not you are connected to the social media site while you are browsing. These cookies also make it possible to target advertising offers on these platforms.


Please ensure you read the privacy policies of the various social media sites to understand the purpose of using the browsing information they can collect through the social media buttons on our Website. These protection policies must enable you to exercise your choices with these social media sites, in particular by setting up your usage accounts for each of these sites.


  1. Cookies and machine identifiers for securing transactions


We inform you that during your order, Kytatoo or the service providers acting on its behalf, may deposit cookies or collect information about your terminal including information (technical attributes) required for recognising the type of Terminal to identify your equipment and make transactions secure (prevention of fraud risks). Cookies or "imprint" type machine identifiers are used for this purpose. You are informed of this collection of information relating to your terminal to constitute a machine identifier by a banner as soon as you arrive on the Website. By continuing your visit on our Website without setting up the collection of your machine identifiers, you agree to the collection of this information and the creation of the identifier.



11.4.      Accepting or refusing cookies


You have different ways available to you to manage cookies.


  1. Configuring your internet browser


You can choose to disable these cookies at any time. Your browser can also be set to notify you of the cookies that are placed on your Terminal and ask you to accept them or not. You can accept or refuse cookies on a case-by-case basis or refuse them systematically once and for all.


We remind you that configuration could change your terms of access for our services requiring the use of cookies.


If your browser is configured to refuse all cookies, you will not be able to make purchases or take advantage of essential features of our Website, such as storing items in your cart or receiving personalised recommendations. In order to manage cookies as close as possible to your expectations, we invite you to configure your browser, taking into account the purpose of the kytatoo's cookies.


  1. Settings on a platform for managing cookies


You can manage your cookies by visiting cookie management platforms offered by advertising professionals.


For more information about cookies, please consult the website of the supervisory authority in your country (for France, it is the CNIL).





It may be the case that we have to make changes to this Policy. When this is required, we will notify you in an appropriate manner, for example, by posting a message on the Website and/or the Apps. We advise you to regularly consult the page dedicated to the collection and processing of Personal Data on the Website to be aware of any changes or updates to our Policy.





If you have any questions relating to this Policy or any requests relating to your Personal Data and/or you wish to exercise your rights, you can contact us via the following address: In accordance with the regulations in force, your application must be signed and accompanied by a photocopy of an identity card bearing your signature and provide the address to which we must send you our response.





Data type

Period of retention



  • Managing the after-sales service relationship of our apps with our customers
  • Management of the existing/prospective customer database. Marketing Activities

Surname, first name, date of birth, email, billing address

5 years from the last action of the Existing/Prospective Customer (either most recent order, confirmation of renewed interest, or most recent access to an article in the newsletter)

Communication with Customer Services

7 years from the closing of the file