Privacy Policy

STRIDEKICKS - American Sneaker Marketplace
Last updated: 02/06/2025

⚠️ EXCLUSIVE JURISDICTION : This policy is governed by the laws of New Mexico, USA . Any disputes regarding the processing of your data fall under the exclusive jurisdiction of the courts of New Mexico . By using our services, you agree to these terms.

1. DATA CONTROLLER AND CONTACT

Identity of the person responsible:

  • Company : STRIDEKICKS LLC
  • Legal Form : Limited Liability Company (New Mexico)
  • Head office : 8206 Louisiana Blvd Ne, Ste A, New Mexico, USA
  • Email : support@stridekicks.com

Data Protection Officer:

  • Availability : Mon-Fri 9am-4pm (Mountain Time)
  • Response time : 7 working days maximum
  • Languages : English, French

2. DATA COLLECTED

Identification data:

  • First and last name (required for orders)
  • Email address (account and communications)
  • Phone number (delivery and support)
  • Date of birth (legal age verification)
  • Identity document (anti-fraud check if necessary)

Billing and delivery information:

  • Complete addresses (billing and shipping)
  • Payment information (tokenized, not stored in clear text)
  • Order and transaction history
  • Delivery Preferences and Special Instructions

Navigation data:

  • IP address and approximate geolocation
  • Cookies and session identifiers
  • Pages visited and browsing time
  • Device used (browser, OS, resolution)
  • Referrer (site of origin of the visit)

Behavioral data:

  • Products viewed and searches performed
  • Shopping Cart and Wish Lists
  • Interactions with emails and notifications
  • Customer support : conversations and tickets

Safety data:

  • Connection logs and access attempts
  • Anti-fraud analyses and risk scoring
  • Authentication proofs (2FA, verifications)
  • Security Incident Reports

3. PURPOSES AND LEGAL BASES

Execution of the contract:

  • Order and payment processing
  • Delivery of ordered products
  • Customer Service and Technical Support
  • Returns and refunds management

Legitimate interests:

  • Fraud prevention and transaction security
  • Service improvement and personalization
  • Statistical analysis and market research
  • Commercial prospecting of existing customers

Consent :

  • Direct marketing and newsletters
  • Non-essential cookies and tracking
  • Advertising partnerships and retargeting
  • Precise geolocation (if enabled)

Legal obligations:

  • Conservation of accounting records (7 years USA)
  • Anti-money laundering and KYC checks
  • Cooperation with judicial authorities
  • Tax and customs compliance

4. DATA RETENTION

Active customer data:

  • Active account : for the entire duration of use
  • Last order : 5 years after transaction
  • Marketing preferences : until unsubscribed
  • Customer support : 3 years after resolution

Inactive customer data:

  • Account inactive : deletion after 3 years
  • Browsing data : 25 months maximum
  • Security logs : 12 months (except incident)
  • Anonymized analyses : unlimited retention

Mandatory legal data:

  • Billing : 7 years (USA accounting obligation)
  • Anti-fraud : 5 years after detection
  • Disputes : until resolution + 5 years
  • Authorities : according to official requisitions

Automatic deletion:

  • Quarterly verification of deadlines
  • Automated purging of expired data
  • Anonymization before permanent deletion
  • Certificate of destruction on request

5. SHARING AND TRANSFERS

Key partners:

  • Payment processors : Stripe, PayPal (USA)
  • Carriers : FedEx, UPS, DHL (tracking and delivery)
  • Hosting : AWS, Google Cloud (USA servers)
  • Customer support : Zendesk (ticket management)

Authentication services:

  • Authentication experts : sneaker verification
  • Laboratories : analysis of suspect products
  • Insurers : transport and fraud coverage
  • Lawyers : legal advice and litigation

Marketing and analytics:

  • Google Analytics : anonymized audience analysis
  • Facebook/Meta : targeted advertising (if consented)
  • Marketing agencies : promotional campaigns
  • Market research : aggregated data only

Authorities and legal:

  • Law enforcement : upon judicial requisition
  • Tax administrations : controls and verifications
  • Anti-fraud organizations : suspicious reports
  • Courts : legal proceedings in progress

International transfers:

  • Principle : Main storage in the United States
  • Adequacy decisions : countries recognized by the USA
  • Contractual clauses : equivalent guarantees
  • Certification : certified partners (Privacy Shield successors)

6. DATA SECURITY

Technical measures:

  • Encryption : AES-256 for storage, TLS 1.3 for transmission
  • Restricted access : multi-factor authentication required
  • Monitoring : 24/7 monitoring of systems
  • Backup : Multiple geographically distributed copies

Organizational measures:

  • Training : staff made aware of data protection
  • Limited access : principle of least privilege
  • Audit : quarterly security checks
  • Procedures : documented incident management

Certifications:

  • SOC 2 Type II : Validated security controls
  • PCI-DSS : secure payment compliance
  • ISO 27001 : information security management
  • Audits : annual independent verifications

Continuity plan:

  • Detection : automated real-time alerts
  • Response : 24/7 response team available
  • Communication : notification within 72 hours if necessary
  • Recovery : data restoration in less than 4 hours

7. YOUR RIGHTS (DEPENDING ON LOCATION)

Fundamental rights:

  • Access : consultation of data concerning you
  • Correction : correction of inaccurate information
  • Deletion : deletion under legal conditions
  • Limitation : restriction of certain treatments

Specific EU rights (GDPR):

  • Portability : data recovery in structured format
  • Opposition : refusal of processing legitimate interest
  • Automated decision : human intervention if requested
  • Withdrawal of consent : at any time for optional uses

Specific USA rights:

  • CCPA (California): Do Not Sell, Delete, Transparency
  • CPRA (California Reinforced): correction, limitation of use
  • Virginia CDPA : Access, Deletion, Portability
  • State by State : Regulatory Evolution Continues

Legal limitations:

  • Accounting requirements : retention period of 7 years minimum
  • Fraud prevention : secure data retention
  • Litigation : suspension of rights during proceedings
  • Authorities : priority judicial requisitions

Exercise of rights:

  • Email : privacy@stridekicks.com
  • Form : "My data" section of the account
  • Identity verification : mandatory for security
  • Delivery time : 30 days maximum (USA), 30 days (EU)

8. COOKIES AND SIMILAR TECHNOLOGIES

Essential cookies:

  • Session : maintain connection and basket
  • Security : CSRF protection and authentication
  • Preferences : language, currency, display settings
  • Features : comparison, wish list

Analytical cookies:

  • Google Analytics : audience and performance measurement
  • Hotjar : Heatmaps and Session Recordings
  • Aggregated data : no individual identification
  • Opt-out : deactivation possible without functional impact

Marketing cookies:

  • Facebook Pixel : Targeted Advertising and Retargeting
  • Google Ads : personalized advertising campaigns
  • Email tracking : tracking newsletter openings and clicks
  • Consent : mandatory, revocable at any time

Cookie management:

  • Consent banner : first access to the site
  • Preference center : accessible from the footer
  • Granularity : choice by cookie category
  • Duration : 13 months maximum, renewal required

9. MINORS AND YOUTH PROTECTION

Minimum age:

  • 18 years : minimum age to create an account
  • Verification : age check upon registration
  • Parents : parental authorization required if <18 years old
  • Deletion : immediate deletion if minor detected

Protective measures:

  • No advertising targeting minors
  • Moderation : inappropriate content removed
  • Reporting : Abuse Reporting System
  • Training : teams made aware of child protection

10. MARKETING AND COMMUNICATIONS

Transactional communications:

  • Order and delivery confirmations (mandatory)
  • Security alerts and account changes
  • Customer support : answers to your requests
  • Satisfaction surveys : service improvement

Marketing communications:

  • Newsletters : product news and promotions
  • Push notifications : restock alerts and flash sales
  • SMS marketing : exclusive offers (if consent is given)
  • Targeted advertising : on social networks and partner sites

Personalization:

  • Recommendations : based on purchase history
  • Dynamic prices : subject to availability and demand
  • Adapted content : according to preferences and behavior
  • A/B testing : user experience optimization

Unsubscribe:

  • Link : in every marketing email
  • Account : Notifications settings
  • Effect : immediate for new shipments
  • Conservation : address on suppression list

11. PROFILING AND AUTOMATED DECISIONS

Commercial profiling:

  • Segmentation : customer categorization according to behavior
  • Scoring : evaluation of purchasing potential and customer value
  • Predictions : anticipation of needs and preferences
  • Personalization : adaptation of offers and communications

Security profiling:

  • Fraud detection : analysis of suspicious patterns
  • Risk scoring : assessment of transaction reliability
  • Geoblocking : restriction based on location
  • Behavioral analysis : robot account detection

Automated decisions:

  • Approval of orders and payments
  • Dynamic prices according to demand and stock
  • Personalized product recommendations
  • Automatic ad targeting

Human intervention:

  • Possible request : review by human operator
  • Challenge : appeal procedure available
  • Explanations : decision logic provided if requested

12. DATA BREACHES

Detection and evaluation:

  • Monitoring : continuous monitoring of systems
  • Alerts : automatic incident notifications
  • Dedicated team : intervention within 1 hour
  • Assessment : severity and impact within 24 hours

Immediate measures:

  • Patching : Stopping the security breach
  • Investigation : analysis of causes and extent
  • Security : strengthening protections
  • Documentation : complete incident traceability

Notifications:

  • Authorities : CNIL, ICO, etc. within 72 hours if applicable
  • Customers : information if high risk for rights
  • Communication : transparent on measures taken
  • Follow-up : incident report and improvement plan

13. REGULATORY COMPLIANCE

Regulations applied:

  • GDPR : European Union customers
  • CCPA/CPRA : California residents
  • PIPEDA : Canadian residents
  • LGPD : Brazilian residents

Adaptation principle:

  • Maximum protection : application of the highest standard
  • Evolution : updated according to new regulations
  • Training : teams informed of obligations
  • Audits : regular compliance checks

Supervisory authorities:

  • Cooperation : response to official requests
  • Transparency : reporting according to obligations
  • Improvement : implementation of recommendations
  • Dialogue : constructive exchanges with regulators

14. APPLICABLE LAW AND JURISDICTION

Applicable law:

  • New Mexico Law as Primary Reference
  • US Federal Law for Specific Aspects
  • Local regulations : application according to customer location
  • Hierarchy : local law takes precedence if more protective

Jurisdiction:

  • New Mexico Courts : Primary Jurisdiction
  • Local courts : according to specific regulations
  • Arbitration : depending on severity and amounts at stake
  • Mediation : priority amicable resolution

Appeal :

  • Local authorities : filing a complaint with regulators
  • Class action : according to applicable law
  • Damages : compensation according to proven harm
  • Procedure : according to competent jurisdiction

15. CHANGES TO THE POLICY

Right of modification:

  • Update : possible at any time depending on developments
  • Reasons : legal, technical or commercial changes
  • Version : revision numbering and dating
  • Archive : retention of previous versions for 5 years

Notification:

  • Email : registered customer information (recommended)
  • Website : new version published
  • Popup : alert on next connection
  • Deadline : 30 days before entry into force if possible

Acceptance:

  • Continued use : implied acceptance of modifications
  • Refusal : possibility of account deletion before entry into force
  • Acquired rights : respect for existing contractual obligations
  • Transition : adaptation period if necessary

16. CONTACT AND COMPLAINTS

General questions:

📧 Email : support@stridekicks.com
Hours : Mon-Fri 9am-4pm (Mountain Time)
🕐 Delivery time : 7 working days maximum

Supervisory authorities:

🇪🇺 CNIL : www.cnil.fr (French residents)
🇺🇸 FTC : www.ftc.gov (US residents)
🇨🇦 PIPEDA : www.priv.gc.ca (residents of Canada)
🌍 Local : depending on your country of residence

COMMITMENT TO TRANSPARENCY

STRIDEKICKS is committed to treating your personal data with the utmost respect and maximum transparency. This policy evolves with regulations to offer you the best possible protection.

If you have any questions about the processing of your data, please do not hesitate to contact us. Your trust is our priority.

🇺🇸 STRIDEKICKS LLC - Enhanced Data Protection 🇺🇸

This Privacy Policy is written in French for information purposes only. In the event of any discrepancy in interpretation, only the English version shall be legally binding under New Mexico law.