Personal Data Protection Policy

Effective version: July 2025

This data protection policy outlines the commitments of DIGIREACH SOLUTIONS Ltd, registered under number 16576359 and headquartered at Suite 6331, Unit 3A, 34-35 Hatton Garden, Holborn, London, EC1N 8DX (hereinafter referred to as 'the Company'), regarding the confidentiality and security of users' personal data on the website https://lettre-ar.com (hereinafter referred to as 'the Site').

The Company acts as the data controller and strictly complies with the General Data Protection Regulation (GDPR), the UK Data Protection Act, and any applicable personal data legislation.

1. Scope of Application

This policy applies to all data processing carried out via the Site within the framework of:

  • browsing and using the Site's features,
  • managing customer accounts,
  • subscribing to mail delivery services,
  • managing customer relationships,
  • sending promotional offers and newsletters.

2. Categories of Data Collected

The Company may collect the following categories of data:

Information entered by the user:

  • Identification data: name, surname, postal address, email, phone number
  • Account creation details: email address, password
  • Data necessary for services: recipient addresses, letter content, supporting documents, address book
  • Billing information

Automatically generated data:

  • IP address, browser type, operating system, pages visited, session duration
  • Approximate location data (country, city)
  • Cookies and trackers (see dedicated section)

3. Processing Purposes

The data processing carried out by the Company serves the following purposes:

  • Order fulfillment and subscription management
  • Customer relationship follow-up, including after-sales service
  • Creation, management, and securing of user accounts
  • Sending personalized commercial offers, subject to consent
  • Site traffic statistics and technical optimization
  • Compliance with legal obligations, especially tax and accounting
  • Fraud prevention and abusive behavior control

4. Legal Bases for Processing

The legal bases for processing are as follows:

  • Contractual necessity: service provision, account and subscription management
  • Legal obligation: invoice retention and dispute resolution
  • Consent: commercial communications, cookies, sharing with partners
  • Legitimate interest: site security, service quality improvement, marketing to existing clients

5. Data Sharing and Access

Your data may be shared with the following recipients:

  • Internal departments of DIGIREACH SOLUTIONS Ltd
  • Technical subcontractors: AWS hosting, payment provider, mail routing provider
  • Administrative or judicial authorities in case of legal requisition

All subcontractors operate under strict contractual confidentiality and security clauses.

6. Data Retention Period

Personal data is retained only for the time strictly necessary to fulfill the purposes for which it was collected and processed. This duration depends on the nature of the data and the legal obligations the Company must comply with.

As an indication, customer account data is retained as long as the account is active or up to 2 years after the last activity. Order information is archived for 10 years for tax purposes. Marketing data is deleted after 3 years without interaction. Cookies are stored depending on their type, for a maximum of 6 months. In the event of a payment dispute, related data may be kept for up to 15 months from the transaction.

7. Data Security

DIGIREACH SOLUTIONS Ltd implements all necessary precautions to ensure the security and confidentiality of data:

  • HTTPS connection with SSL/TLS encryption
  • Strict access control and logging
  • Secure hosting on AWS
  • Backups, audits, and regular testing

8. Cookies and Trackers

When browsing, cookies may be placed on your device. These trackers aim to:

  • Ensure the proper functioning of the site
  • Measure traffic and offer tailored content

Consent management is handled via the Cookiefirst platform, allowing users to freely configure their preferences.

9. International Data Transfers

As part of its services, some processing may involve data transfers outside the European Union. These transfers are governed by:

  • Standard contractual clauses
  • Or recognized certification mechanisms (Data Privacy Framework)

10. Your rights

In accordance with regulations, you have the following rights:

  • Right to access, rectify and delete your data
  • Right to restrict processing
  • Right to object and withdraw consent
  • Right to data portability

You may exercise your rights at any time via:

  • Email: support@lettre-ar.com
  • Address: DIGIREACH SOLUTIONS Ltd, Suite 6331, Unit 3A, 34-35 Hatton Garden, Holborn, London, EC1N 8DX

Proof of identity may be required. You will receive a response within a maximum of 30 days.

11. Policy Updates

This policy may be amended to reflect legal or technical changes. Any significant update will be notified on the Site.

For any questions or complaints, you can contact us at the address mentioned above.