Protection of personal data

Personal data protection charter and privacy policy

Site: https://marcopolo-acupuncture.com/en/
Last update : 07/04/2026

1. Preamble

The purpose of this Personal Data Protection Charter and Privacy Policy (hereinafter referred to as the "Charter") is to inform any natural person navigating the site https://marcopolo-acupuncture.com/fr/creating an account, placing an order, contacting the company or subscribing to the newsletter, conditions under which its personal data is collected, used, stored, secured and, where appropriate, transmitted to third parties.

The European Marco Polo Company (EMPC) attaches particular importance to the privacy and privacy of its customers, prospects, partners, correspondents and users. This Charter is part of Regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data ("GDPR"), Law No 78-17 of 6 January 1978, as amended "Informatique et Libertés", as well as the recommendations and benchmarks published by CNIL. The models you have provided also remind us of the minimum requirements to be included in a policy that complies: identity of the person responsible, purposes, recipients, place and duration of storage, rights, transfers outside the EU, mandatory or optional nature of responses, right of complaint, and cookie policy.

2. Identity of controller

The controller of the personal data collected on the site is:
European Marco Polo Company (EMPC)
Simplified share company (SAS) share capital of 40 000 €
Head Office: 51 avenue Aspirant Buffet, 81600 Gaillac, France
SCR Albi: 388 614 448
Intra-Community VAT: FR65388614448
Telephone: +33 (0)5 63 47 74 77
Main Email: info@acupuncture-direct.com
Contact email posted on the site : info@marcopolo-acupuncture.com
Personal data contact: arnaud.blondeau@marcopolo-acupuncture.com

3. Scope of the Charter

This Charter applies to all processing of personal data carried out within the framework of:

  • navigation on the site;
  • creating and managing a customer account;
  • placing and tracking orders;
  • handling requests via the contact form, email or telephone;
  • the management of the commercial relationship;
  • sending commercial information, newsletters and marketing communications, subject to applicable rules;
  • hearing, site security, fraud prevention and service improvement;
  • management of customer reviews, when activated.

The site is presented as a professional site intended exclusively for professional purchases ; The treatments described below are therefore designed in this context B2B, although some data still concern identifiable natural persons (name of practitioner, contact with a firm, buyer, administrative contact, etc.).

4. Definitions

For the purposes of this Charter:

  • Personal data: any information relating to an identified or identifiable natural person;
  • Processing: any operation applied to personal data (collection, recording, storage, consultation, transmission, deletion, etc.);
  • Responsible for processing: the entity that determines the purposes and means of processing;
  • Subcontractor: the entity processing data on behalf of the controller;
  • User: anyone browsing the site;
  • Customer: any professional placing an order on the site;
  • Prospect: any person entering into a commercial relationship without having ordered yet.

5. General principles

EMPC undertakes to process personal data in such a way as to:

  • lawful, fair and transparent;
  • collected for specific, explicit and legitimate purposes;
  • adequate, relevant and limited to what is necessary;
  • accurate and up to date;
  • retained for a period not exceeding that necessary for the purposes pursued;
  • secure by appropriate technical and organisational measures.

These principles are consistent with the structures observed in your models, which organize policy around collection, usage, recipients, durations, rights, security and cookies.

6. Data categories collected

EMPC may collect, as appropriate, the following data categories:

6.1. Identification and contact data

  • civility;
  • name;
  • First name;
  • company / firm / structure ;
  • function;
  • e-mail address;
  • telephone number;
  • postal address;
  • billing address;
  • Delivery address.

6.2 Client account data

  • identification;
  • encrypted or minced password;
  • connection history;
  • account preferences;
  • possible wish lists, saved baskets or favorites if these features are enabled

6.3 Ordering and Business Relationship Data

  • contents of the basket;
  • ordered products;
  • quantities;
  • prices;
  • where applicable;
  • order history;
  • invoices;
  • assets;
  • VAS exchanges;
  • payment status;
  • delivery status;
  • commercial connections.

The site displays "Personal Information", "Orders", "Addresses" and "Assets", which at least confirms the management of these categories via the customer account.

6.4 Payment data

  • information necessary for processing the payment;
  • transaction identifier;
  • payment status;
  • possible elements necessary to prevent fraud.

The site mentions a secure payment via SystemPay – Banque Populaire. EMPC also states that it uses payment providers and should not keep complete banking data on its own servers, in accordance with the best practices in your templates.

6.5 Navigational and technical data

  • IP address;
  • type of browser;
  • operating system;
  • language;
  • date and time of connection;
  • pages consulted;
  • actions on the site;
  • technical logs;
  • consent data cookies;
  • Technical identifiers deposited via cookies or tracers.

The banner visible on the site indicates the use of third party cookies to improve browsing experience, analyze site traffic and customize content and ads.

6.6 Prospecting and Marketing Data

  • subscription to the newsletter;
  • history opening and clicks, if a emailing tool is used;
  • marketing preferences;
  • consent or opposition to prospecting.

The site includes a "Newsletter – Get our latest news" block.

6.7 Data from customer service requests

  • content of messages;
  • attachments where applicable;
  • subject of the application;
  • trade history;
  • metadata for processing the application.

6.8 Customer feedback data

The site mentions "Conditions of customer reviews" and displays testimonials; EMPC can therefore deal with:

  • name or surname;
  • profession or quality;
  • content of the opinion;
  • date of publication;
  • associated note;
  • proof of purchase or connection to an order, if required.

7. Sources of data

Data can be collected:

  • directly to you, when browsing, creating the account, ordering, subscription to the newsletter, contacting or sending a notice;
  • indirectly via technical, payment, delivery, audience or personalization providers, when these tools are activated and authorised;
  • automatically via cookies, tracers, technical logs and similar technologies.

8. Mandatory or optional data

Some data are strictly necessary to perform the services requested. These include:

  • the creation of the account;
  • at the control socket;
  • on delivery;
  • Invoicing;
  • the management of payment;
  • processing of a request addressed to the support.

Failure to provide such data may prevent the creation of the account, the processing of the order, delivery, invoicing or response to your request.

Other data are optional, including:

  • certain preferences;
  • marketing subscriptions;
  • cookies not necessary;
  • certain commercial segmentation information.

9. Purposes of treatment and legal basis

EMPC processes personal data for the following purposes.

9.1 Creation and management of the client account

Purpose: allow the creation, authentication, administration and security of the client account. Legal basis: performance of pre-contractual measures or performance of the contract (article 6.1.b GDPR).

9.2 Order management, payment, delivery and billing

Purpose: record orders, confirm transactions, ship products, manage billing, track deliveries, administer the contractual relationship.
Legal basis: performance of contract (Article 6.1.b GDPR).
The site sells acupuncture products, moxibustion, lasers and other materials, and clearly organizes the shopping/order routes.

9.3 Customer Service and Contact Requests Management

Purpose: answer questions, process complaints, provide support, manage pre-contractual or contractual exchanges.
Legal basis: performance of the contract, precontractual measures, or legitimate interest according to the nature of the request (Article 6.1.b or 6.1.f GDPR).

9.4 Accounting, tax and administrative management

Purpose: to comply with legal retention and proof obligations, to prepare accounting and administrative records.
Legal basis: legal obligation (art. 6.1.c GDPR).

9.5 Commercial prospecting and newsletter

Purpose: to send news, offers, commercial information, invitations to events or marketing revivals.
Legal basis: consent where required, or legitimate interest in the strict framework permitted by the law applicable to prospecting B2B. The site highlights a newsletter module, which justifies addressing this point explicitly.

9.6 Audience measurement, site improvement and customization

Purpose: analyse traffic, improve ergonomics, secure routes, customize display or communications.
Legal basis: consent for cookies or tracers not strictly necessary; legitimate interest in certain purely technical, aggregated or operational treatments.

9.7 Management of Customer Advice and Reputation

Purpose: collect, moderate, publish and process customer reviews; verify their authenticity; improving services.
Legal basis: legitimate interest, performance of contract, or consent according to the configuration chosen.

9.8 Security, prevention of abuse and combating fraud

Purpose: protect the site, prevent fraudulent uses, secure payments, detect anomalies.
Legal basis: legitimate interest (art. 6.1.f GDPR) and, if applicable, legal obligation.

10. Fight against fraud and security of payments

In order to secure transactions, EMPC may temporarily retain certain information relating to orders and payments, detect abnormal behaviors, check the consistency of orders, or, if necessary, request additional proof before final validation of an order.

EMPC is not intended to retain complete banking data (card number, cryptogram, full validity date) on its own servers when the payment is entrusted to a specialist provider. The site mentions a secure payment via SystemPay – Banque Populaire, which involves the intervention of a separate payment provider.

11. Data recipients

Personal data are accessible, within the limits of what is necessary for their missions, to the following persons and categories:

11.1 EMPC Internal Services

  • commercial service;
  • customer service;
  • logistics service;
  • administrative and accounting services;
  • direction;
  • marketing service;
  • IT or web service, depending on the internal organisation.

11.2 Subcontractors and contractual partners

Data may be transmitted to providers involved in:

  • the hosting of the site;
  • maintenance;
  • web development;
  • security;
  • payment;
  • delivery;
  • emailing;
  • hearing action;
  • traffic analysis;
  • managing customer reviews;
  • technical support.

Legal information indicates accommodation by Haisoft and design/development by Linov. The site also mentions SystemPay – Banque Populaire for payment.

11.3 Authorities and legally authorized third parties

The data may also be communicated to any administrative, judicial, fiscal, customs or any third party authorized by law, where such communication is required by an applicable law or by a legally valid application.

11.4 No resale

Personal data are not sold, leased or transferred to third parties for autonomous commercial purposes.
This logic is consistent with the models transmitted, which emphasize the contractual framework of recipients, the absence of a commercial sale and the identification of key providers.

12. Data transfers outside the European Union

In the context of the use of certain technical, marketing, analytical or advertising services, data transfers outside the European Union or the European Economic Area may take place.

In such a case, EMPC undertakes to use only transfer mechanisms with an appropriate level of protection, including:

  • European Commission's adequacy decision;
  • standard contractual terms;
  • appropriate additional guarantees;
  • other mechanisms under Chapter V of the GDPR.

Where third-party cookies are used for traffic analysis, customisation or advertising purposes, such tools may involve transfers outside the EU depending on the providers selected. The web page of the site specifically mentions third-party cookies for analysis and customisation.

13. Shelf life

EMPC shall retain personal data for a period not exceeding that necessary for the purposes for which it is processed, subject to legal obligations of storage, prescription or proof.

Indicative:

13.1 Client account data

Retention during the life of the account, then intermediate archiving or deletion after a reasonable period of inactivity, typically 3 years after the last significant activity, unless required by law or litigation.

13.2 Prospective data and contact requests

Retention for 3 years from the last contact from the data subject, unless opposed or requested to be deleted when admissible.

13.3 Newsletter data and prospecting

Retention until withdrawal of consent or, failing this, for a period consistent with CNIL recommendations, usually 3 years from the last useful contact.

13.4 Ordering data, billing and accounting records

Retention for the period necessary for the performance of the contractual relationship, then archiving according to legal time limits, in particular up to 10 years for certain accounting and supporting documents.

13.5 Logs and security elements

Retention for a limited period of time and proportionate to the purpose of security, usually of a few months, unless there is a special obligation or a contentious necessity.

13.6 Cookies and Consents

Retention according to the nature of the cookie and in accordance with the applicable recommendations, with a maximum period of validity of consent of 13 months, a principle recalled by your models.

14. Data storage location

Data are hosted and processed on infrastructures made available by EMPC or its authorised subcontractors. Public legal notices identify Haisoft as the site's host.

Where data are stored or processed outside France, EMPC shall ensure that an adequate level of protection is guaranteed in accordance with the GDPR.

15. Security and confidentiality

EMPC shall implement appropriate technical and organisational measures to safeguard the security, integrity, availability and confidentiality of personal data, in particular to prevent their destruction, loss, alteration, unauthorized disclosure or improper access.

These measures may include:

  • secure the site in HTTPS / SSL;
  • access control;
  • limitation of authorisations;
  • robust passwords;
  • backups;
  • logging;
  • partitioning of access;
  • regular maintenance;
  • protection of posts and servers;
  • contract supervision of subcontractors.

16. Violation of personal data

In the event of a violation of personal data likely to create a risk to the rights and freedoms of the data subjects, EMPC will notify the CNIL of this violation under the conditions laid down in Article 33 of the GDPR and, where required, will inform the data subjects in accordance with Article 34 of the GDPR.

Such notification may specify:

  • the nature of the violation;
  • the categories of data concerned;
  • the approximate volume of data and people affected;
  • likely consequences;
  • measures taken or envisaged to remedy the incident.

17. Rights of data subjects

In accordance with Articles 12 to 23 of the GDPR and the applicable provisions of the Data Protection Act, you have the following rights:

  • right of access: to obtain confirmation that data concerning you is processed and to obtain communication thereof;
  • right to rectification: correct inaccurate or incomplete data;
  • Right to erasure: to obtain the deletion of your data in the cases provided for by the regulations;
  • right to limitation: request temporary suspension of treatment in certain cases;
  • right of opposition: to oppose certain treatments, in particular for prospecting purposes;
  • right to portability: to receive certain data in a structured, commonly used and machine-readable format;
  • the right to withdraw your consent at any time when the treatment is based on it;
  • right to set guidelines for the fate of your data after your death.

18. Method of exercising rights

To exercise your rights, you can contact EMPC:

By email: privacy@acupuncture-direct.com
By post:
European Marco Polo Company (EMPC)
51 Avenue Aspirant Buffet
81600 Gaillac – France

Your application must be sufficiently precise and, where necessary, accompanied by proof of identity. It will only be used to verify your identity and will not be retained beyond the time required to process the application.

EMPC shall endeavour to respond within a maximum of one month of receipt of the complete application, which may be extended under the conditions laid down in the GDPR in the event of a complex or multiple application.

19. Right of claim

If you feel, after contacting EMPC, that your rights are not respected or that the processing of your data is not in accordance with applicable regulations, you can file a complaint with the CNIL.

20. Cookie and other tracer policy

20.1 What is a cookie?

A cookie is a small text file or tracer deposited on your terminal when viewing a website. It allows you to ensure the operation of the site, to remember your choices, to measure the audience, to analyze the browsing or to customize certain content. Your templates recall that a cookie allows you to analyze user behaviour and that publishers must inform, collect consent when required, and allow refusal.

20.2 Cookies and tracers used

Based on the public website, EMPC uses at least:

  • cookies strictly necessary for the operation of the site, basket, customer account, language, security or session maintenance;
  • cookies or audience measurement tracers;
  • third-party personalization cookies;
  • cookies related to advertising or personalized content, since the banner specifically mentions it.

20.3 Legal basis

  • The strictly necessary cookies are based on the legitimate interest of EMPC in ensuring the operation and security of the site.
  • Non-exempt audience measurement cookies, personalization, advertising and, more generally, non-strictly necessary cookies are stored on the basis of your consent.

20.4 Consent Management

You can accept, refuse or set unnecessary cookies via the consent management module or banner made available on the site.
Your choice must be subject to change at any time.

20.5 Shelf life

The storage and reading of cookies is limited in time. Unless the technical exception is justified, the storage period for cookies and associated consent shall not exceed 13 months.

21. Juvenile data

Since the site is intended for professional purchases, it is not intended to be used by minors for purchases. If EMPC learns that data have been collected from a minor who is unaware of the applicable rules, it will take appropriate measures to remove or limit the processing of data.

22. Links to third-party sites

The site may contain links to third-party sites, partners or providers. EMPC is not responsible for the privacy policies or practices of these third party sites, which it is the user's responsibility to consult directly.

23. Amendment of the Charter

This Charter may be amended at any time to:

  • take account of legislative or regulatory developments;
  • adapt treatments to technical or commercial developments on the site;
  • improve the information provided to users.

The online version is the one in effect on the consultation date. Successive versions can be archived.

25. Contact

For any questions concerning this Charter or the processing of your personal data:

info@marcopolo-acupuncture.com
European Marco Polo Company (EMPC)
51 Avenue Aspirant Buffet
81600 Gaillac – France

We use third-party cookies to enhance your browsing experience, analyze site traffic, and personalize content and advertisements.

Accept cookies Refuse cookies