Launch offer: –20% off the catalog

Country

Language
Account

Cart

Your cart is empty

Continue shopping

Privacy policy

Last Updated: November 14, 2025

The online store Asto (“Asto”, “we”, “us”, or “our”) operates this website and its associated store, including all information, content, features, tools, products, and services offered (the “Services”).

Our store is powered by Shopify, which provides us with the e-commerce platform that enables us to offer our products and operate the Services.

This Privacy Policy describes how we collect, use, store, and disclose your personal information when you access or use the Services, make a purchase or any other transaction, or communicate with us.

In the event of any conflict between our Terms of Service and this Privacy Policy, this Privacy Policy shall prevail with respect to the collection, use, and disclosure of your personal information.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

2. Personal Information We Collect

“Personal information” refers to any information that identifies you directly or indirectly or that can reasonably be linked to you.
Information that has been irreversibly anonymized or de-identified is not considered personal information.

Depending on your use of the Services, your country of residence, and applicable law, we may collect and process the following categories of personal information:

Contact Information: first name, last name, mailing address, billing address, shipping address, phone number (if applicable), email address.

Financial Information: type of payment method, payment account information (e.g., via a payment provider), transaction details, payment confirmation. Full credit card numbers are processed directly by our payment providers and are not stored in plain text by Asto.

Account Information: username, password, security questions, account preferences and settings.

Transaction Information: products viewed, added to cart or wishlist, purchased, returned, exchanged, or cancelled, as well as your order history.

Communications with Us: content of your messages when you contact us (customer service, information requests, claims, product reviews, etc.).

Device Information: device type, operating system, browser type, IP address, unique device identifiers, language settings, and time zone.

Usage Data: information related to your interaction with the Services (pages visited, time spent, clicks, referral sources, marketing campaigns, etc.), including through cookies and similar technologies.

3. Sources of Personal Information

We may collect your personal information from the following sources:

Directly from you: when you create an account, place an order, fill out a form, participate in a contest or marketing campaign, contact us, or voluntarily provide information.

Automatically through the Services: via cookies, pixels, web beacons, and similar technologies when you browse our site or interact with our emails.

From our service providers: such as payment processors, delivery partners, customer service tools, analytics providers, or advertising partners who may collect certain information on our behalf.

From partners or other third parties: when they share information with us (e.g., in the context of marketing campaigns, integrations, or partnerships).

4. Purposes and Legal Bases for Processing

We use your personal information for the following purposes, based on the legal grounds set out by applicable laws (including the GDPR for EEA residents and France’s data protection laws):

4.1 Providing, Personalizing, and Improving the Services

Legal basis: performance of a contract, legitimate interest, and in some cases legal obligation.

We use your information to:

  • process orders, payments, deliveries, returns, and refunds;

  • manage your customer account and preferences;

  • remember products viewed or added to your cart;

  • process customer service requests;

  • tailor site content, product recommendations, and user experience;

  • ensure technical operation and security of the Services.

4.2 Marketing and Advertising

Legal basis: legitimate interest and/or consent (depending on channel and jurisdiction).

We may use your information to:

  • send marketing communications (emails, possibly SMS or postal mail) about our products, special offers, and new releases;

  • display personalized advertising on our site or third-party sites based on your browsing activity (cookies, advertising pixels, etc.).

You may manage your marketing preferences at any time (unsubscribe links in emails, cookie settings, etc.).

4.3 Security, Fraud Prevention, and Legal Compliance

Legal basis: legal obligation, legitimate interest.

We use your information to:

  • verify and authenticate your identity when necessary;

  • detect, prevent, and investigate fraud, abuse, illegal activities, or breaches of our Terms of Service;

  • comply with legal obligations (accounting, tax requirements, record keeping, authority requests, etc.).

4.4 Communication with You

Legal basis: performance of a contract, legitimate interest.

We process your information to:

  • respond to your requests and complaints;

  • inform you about order status, returns, or refunds;

  • notify you of important updates to our terms or this Policy.

5. Cookies and Similar Technologies

We use cookies and similar technologies to:

  • ensure proper functioning of the site (cart, login, security, etc.);

  • measure audience and improve site performance;

  • personalize your experience and remember your preferences;

  • deliver personalized ads or measure campaign performance.

Upon your first visit, a cookie banner informs you about cookie usage and, where required by law, requests your consent before setting certain cookies (e.g., marketing/third-party cookies).

You can adjust your preferences at any time via our cookie settings or your browser options.

6. How We Share Your Personal Information

We may share your personal information with third parties under the following circumstances, in compliance with applicable law:

With Shopify: As our hosting and e-commerce platform, Shopify processes certain data to enable store operation, payment processing, fraud prevention, analytics, and service improvement. Shopify may also use some data in aggregated or pseudonymized form under its own privacy policies.

With service providers: such as payment processors, carriers, logistics partners, email tools, analytics or advertising tools, hosting providers, customer support or technical assistance services. They only access your data as needed and are bound by confidentiality and security obligations.

With marketing and advertising partners: to run campaigns, measure their performance, or offer personalized ads. These partners process data according to their own privacy policies.

At your request or with your consent: for example, when you ask us to ship a product to someone else or use social media sharing features.

Within our group: if applicable, with affiliated entities for internal management, reporting, or support.

In business operations: such as mergers, acquisitions, transfers, or bankruptcy proceedings. Personal data may be transferred to the involved entities, subject to legal requirements.

For legal reasons: when required by law or when we believe in good faith that sharing is necessary to protect our rights, our users, comply with legal processes, or enforce our Terms.

7. Shopify’s Role

The Services are hosted on Shopify’s infrastructure.
Shopify processes certain personal information as a data controller for its own purposes (analytics, service improvement, fraud prevention, etc.) and as a data processor on our behalf (hosting, payment processing, etc.), depending on the activity.

You may consult Shopify’s privacy policy on its official website for more information.

8. Third-Party Sites and Services

The Services may contain links to third-party websites or services (carriers, social networks, payment tools, etc.).
We do not control and are not responsible for:

  • their privacy practices,

  • the security of their systems,

  • the accuracy or relevance of their content.

We encourage you to review the privacy policies and terms of each third-party site before sharing personal information.

Information you post in public areas (e.g., comments, reviews, social media) may be visible to others and used in accordance with those platforms’ rules.

9. Children’s Data

The Services are not intended for individuals who have not reached the age of majority in their country of residence, and we do not knowingly collect data from children.

If you believe your child has provided personal information to us, please contact us (see “Contact”). We will take appropriate steps to delete the data if necessary.

10. Security and Data Retention

We implement reasonable technical and organizational measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction.

However, no system is entirely secure. We encourage you to:

  • choose a strong, unique password,

  • keep it confidential,

  • log out after using a shared device.

We retain your personal information only for the time strictly necessary for the purposes described, including:

  • management of your account and customer relationship;

  • order fulfillment, returns, and dispute resolution;

  • compliance with legal obligations (e.g., accounting, tax requirements);

  • protection of our rights in the event of legal claims.

Beyond these periods, data is deleted or anonymized when possible.

11. Your Rights Regarding Personal Information

Depending on your country of residence (especially if you reside in the EEA or the UK), you may have the following rights, subject to legal conditions and limitations:

  • Right of access: obtain confirmation of whether we process your data and receive a copy.

  • Right to rectification: correct inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”): request deletion of your data in certain cases.

  • Right to restriction: request temporary suspension of processing in specific situations.

  • Right to object: object to processing based on legitimate interest, including marketing communications.

  • Right to data portability: receive your provided data in a machine-readable format and/or request transfer to another controller when technically feasible.

  • Right to withdraw consent: when processing is based on consent (e.g., certain marketing emails or cookies). Withdrawal does not affect prior lawful processing.

You may exercise your rights:

  • through the tools available on the site (account management, marketing preferences, cookie settings, etc.);

  • or by contacting us (see “Contact”).

We may request additional information to verify your identity, as permitted by law.

You will not be discriminated against for exercising your rights.

12. Complaints to Supervisory Authorities

If you believe we are not respecting your rights or our data protection obligations, you may:

  • contact us first so we can address your concerns;

  • file a complaint with your local data protection authority (e.g., the CNIL in France).

13. International Data Transfers

Your personal information may be transferred to and stored in countries outside your country of residence, including outside the European Economic Area (EEA) and the UK.

Where transfers occur to countries without an adequacy decision, we implement appropriate safeguards (such as Standard Contractual Clauses approved by the European Commission or equivalent UK mechanisms), unless a legal exception applies.

14. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

  • changes in our practices;

  • technical or organizational developments;

  • legal or regulatory updates.

In the event of a substantial change, we will update the “Last Updated” date at the top of this Policy and, if necessary, notify you through appropriate means (e.g., on the website or via email).

The version currently published on this site is the applicable one.

15. Contact

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, you may contact us:

Email: support@asto.co

For the purposes of applicable data protection laws, Asto is the data controller of the personal information collected through the Services, unless otherwise stated.

‎‎support@asto.co

We are available by email if you have any questions