Privacy policy

Publication date: June 11, 2026

This policy applies to the processing of personal data carried out by LSM Care (Sorre Paris brand) through the website https://www.sorre-paris.com (hereinafter the "Site").

As data controller, LSM Care ensures compliance with applicable regulations, in particular French Law No. 78-17 of January 6, 1978 as amended ("Informatique et Libertés") and Regulation (EU) 2016/679 of April 27, 2016 ("GDPR").

The purpose of this policy is to inform you of the processing carried out on your personal data and of the rights available to you. We invite you to consult it regularly. You will be informed of any substantial changes.

I. Identity and contact details of the data controller

Your data is processed by SAS LSM Care, whose registered office is located at 204 boulevard Pereire, 75017 Paris, France.

For any question regarding your personal data or to exercise your rights: click here, or by post to the registered office address.

II. Data collected

A. Categories of data

Depending on your interaction with the Site, we may process:

  • your identification and contact data: last name, first name, postal address, billing and delivery address, email address, telephone number;
  • your account data: login credentials, preferences and settings, when you create an account;
  • your order and transaction data: products viewed, added to cart, purchased, returned or exchanged, order history, billing data;
  • your payment data: processed by our payment provider (we do not store your card numbers);
  • your hair preferences and habits that you voluntarily provide to us, in particular via the diagnostic offered on the Site, for the sole purpose of product recommendation;
  • your browsing and technical data: IP address, device identifiers, data from cookies and trackers, pages viewed, audience measurement;
  • the content of your exchanges with our customer service.

The diagnostic offered on the Site collects your care preferences and habits in order to recommend suitable cosmetic products. These responses do not constitute health data and are not subject to any medical diagnosis.

B. Sources of collection

Your data is collected directly from you (account creation, order, contact form, diagnostic, newsletter sign-up), automatically via the Site (cookies and similar technologies), and where applicable from our service providers acting on our behalf.

C. Mandatory or optional nature

Mandatory fields are indicated at the time of collection. Without this information, we may be unable to process your order or request. Other fields are optional.

III. Purposes and legal bases

  • Necessary and functional (Shopify): operation of the Site, cart, session. Duration: from the session up to 13 months.
  • Consent management (Axeptio): storage of your cookie choices. Duration: up to 13 months.
  • Audience measurement (Google Analytics): traffic statistics. Duration: up to 13 months for the cookie, 25 months for the data.
  • Advertising (Google Ads): campaign measurement and delivery. Duration: up to 13 months.
  • Advertising and social media (Meta Pixel): campaign measurement and delivery. Duration: up to 13 months.

IV. Retention periods

Your data is retained for as long as necessary for the purposes for which it is collected, then archived for the applicable limitation period, or deleted:

  • data related to an order: during the commercial relationship, then archived in accordance with legal obligations (in particular ten years for accounting documents);
  • account data: until the account is deleted, or after a prolonged period of inactivity following prior notice;
  • commercial prospecting data: during the commercial relationship, then three years from your last contact;
  • data from cookies subject to consent: in accordance with the durations indicated in the table in section IX, the consent retention period not exceeding thirteen months;
  • requests sent to customer service: for the time needed to process the request, then archiving.

V. Recipients and processors

Access to your data is strictly limited to authorized personnel of LSM Care and its processors, bound by a confidentiality obligation and by a contract compliant with Article 28 of the GDPR. These include in particular:

  • hosting and management of the Site: Shopify;
  • payment processing: Shopify Payments, and Apple Pay where applicable;
  • logistics and shipping: Néolys;
  • emailing and campaigns: Shopify;
  • cookie consent management: Axeptio;
  • advertising networks: Meta and Google, for advertising measurement and delivery subject to your consent.

Your data may also be disclosed to third parties where required by law, or for the establishment, exercise or defense of legal claims. LSM Care does not sell your personal data.

VI. Transfers outside the European Union

Some of our providers (in particular Shopify, Meta and Google) may process data outside the European Union. In such cases, these transfers are governed by appropriate safeguards within the meaning of the GDPR, such as the European Commission's standard contractual clauses or, where applicable, an adequacy decision applicable to the provider concerned.

VII. Your rights

In accordance with the regulations, you have the following rights over your data:

  • right of access (Article 15 of the GDPR);
  • right to rectification (Article 16);
  • right to erasure (Article 17);
  • right to restriction of processing (Article 18);
  • right to data portability (Article 20);
  • right to object (Article 21), in particular, at any time and without reason, to commercial prospecting;
  • right to withdraw your consent at any time, without affecting the lawfulness of prior processing;
  • right to set guidelines on the fate of your data after your death.

Not all of these rights are absolute and they may be subject to conditions. To exercise them, contact us at hello@sorre-paris.com or by post to the registered office. We may ask you for proof of identity if there is reasonable doubt about your identity.

If you communicate with us by telephone, you can register free of charge on the Bloctel telephone marketing opt-out list (Article L.223-2 of the French Consumer Code).

You may at any time submit a complaint to the CNIL, the French supervisory authority: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, or online at https://www.cnil.fr.

VIII. Security

LSM Care implements appropriate technical and organizational measures to protect your data against loss, unauthorized access, disclosure, alteration or destruction. However, no transmission of data over the Internet can be guaranteed as perfectly secure. In the event of a data breach likely to result in a risk to your rights, LSM Care will carry out the notifications provided for in Articles 33 and 34 of the GDPR.

IX. Cookie management

A. Definition

A cookie is a file placed and read on your device during browsing. Some cookies are necessary for the operation of the Site, others are used for audience measurement, personalization or advertising.

B. Consent

With the exception of cookies strictly necessary for the operation of the Site, no cookie is placed without your prior consent, collected via our consent management tool when you arrive on the Site. You can accept or refuse cookies separately, and change or withdraw your choice at any time via the "Cookie management" module accessible at the bottom of each page.

Refusing non-essential cookies has no consequence on your browsing, apart from the loss of certain personalization features.

C. Cookies used

The list below presents the main categories of cookies that may be placed on the Site. The detailed and up-to-date list of cookies actually used, along with their retention periods, is accessible at any time via the cookie management module (Axeptio) accessible at the bottom of each page.

  • Necessary and functional (Shopify): operation of the Site, cart, session. Duration: from the session up to 13 months.
  • Consent management (Axeptio): storage of your cookie choices. Duration: up to 13 months.
  • Audience measurement (Google Analytics): traffic statistics. Duration: up to 13 months for the cookie, 25 months for the data.
  • Advertising (Google Ads): campaign measurement and delivery. Duration: up to 13 months.
  • Advertising and social media (Meta Pixel): campaign measurement and delivery. Duration: up to 13 months.

X. Changes

This policy may be updated to reflect changes in our practices or regulations. The applicable version is the one published on the Site, dated at the top.

XI. Contact

For any question regarding this policy: hello@sorre-paris.com or by post to SAS LSM Care, 204 boulevard Pereire, 75017 Paris.