Privacy policy

(Last updated: 09/20/2025)

This Privacy Policy describes how your personal information is collected, used, and shared when you use:

  • our e-commerce website https://henny.xyz (the “Site”),
  • and our mobile application Henny Members (the “Application”).

We are committed to protecting your personal data and complying with applicable legislation, including the GDPR.

1. Personal Information Collected

1.1 On the Site (henny.xyz)

When you use our online store, we may collect the following information:

  • Identification information: first name, last name, email address, phone number, account login details.
  • Delivery and billing information: postal address, billing address, delivery preferences.
  • Payment information: transaction data (your banking details are processed directly by our secure payment providers and are not stored by us).
  • Order history and product preferences: record of your purchases, returns, and interactions with the store.
  • Technical data: IP address, connection logs, cookies and trackers used to ensure the proper functioning of the site and to enhance the user experience.

1.2 On the Application (Henny Members)

When you interact with our application, we may collect:

  • Account data: username, avatar, phone number.
  • Usage data: completed missions, progress, rewards earned.
  • Communication data: push notification preferences, SMS interactions.
  • Technical data: unique device identifier, operating system, usage logs.

2. Use of Data

We use your personal data solely to provide you with a smooth, secure, and personalized experience within our ecosystem (site and application). Specifically, your information may be used to:

  • Provide our services: manage your orders, deliveries, user accounts, access to the application and its features.
  • Personalize your experience: tailor content, missions, offers, and recommendations based on your preferences and activity.
  • Communicate with you: send you confirmations, notifications, newsletters (if you have consented), or inform you about new features and exclusive benefits.
  • Ensure security: detect and prevent fraud, abuse, or unauthorized use, maintain the integrity of our systems, and protect your account.
  • Analyze and improve: track usage, measure performance, and generate statistics to optimize our products, services, and features.
  • Comply with legal obligations: retain certain data for accounting, tax, or regulatory compliance purposes.

We never sell your personal data. Your information is used strictly to achieve the purposes outlined above and always in compliance with applicable regulations.

3. Information Sharing

To ensure the proper functioning of our services (e-commerce site and application), certain information may be shared with trusted service providers.

We use processors in particular for:

  • Hosting of the Site and Application
  • Management of payment services
  • Use of software supporting our business activities (customer service, accounting, CRM tools, etc.)
  • Storage, preparation, delivery of our products, and management of product returns
  • Display of personalized advertising
  • Management of cookie placement
  • Management of job applications via recruitment platforms

We may also share data with third parties who do not act as processors but process data in their own name and on their own behalf, namely:

  • Administrative, financial, or judicial authorities whose missions justify access to data
  • Entities whose access to data is justified (examples: auditors, lawyers, accountants, etc.)
  • Banking institutions to process payment of your orders
  • Carriers for the delivery of your orders
  • Advertising agencies and advertisers involved in the distribution of personalized advertising.

4. Transfer of Your Data Outside the European Union

Some of your personal data may be transferred to countries outside the European Union (Canada, United States), where the level of protection may differ from that guaranteed within the EU.

In the absence of an adequacy decision by the European Commission for these countries, we contractually require our service providers to implement all necessary measures to ensure a level of protection equivalent to that provided under European data protection regulations. These safeguards notably include:

  • The signing of Standard Contractual Clauses approved by the European Commission (Article 46.2(c) and (d) of the GDPR).
  • The use, where applicable, of Binding Corporate Rules validated by a supervisory authority (Article 46.2(b) of the GDPR).
  • Any other mechanism recognized under Article 46 of the GDPR.

We remind you that, in certain specific cases, such safeguards are not required when the transfer meets one of the derogations provided for in Article 49 of the GDPR (for example: performance of a contract at the user’s request, explicit consent).

5. Cookies and Similar Technologies

When you browse our site or use our application, we use cookies and similar technologies (such as tags, pixels, or SDKs) to ensure the proper functioning of our services, enhance your experience, and provide tailored content.

Why do we use cookies?

  • Strictly necessary cookies: essential for the operation of the store (for example, to remember your cart or to secure your login).
  • Performance and analytics cookies: allow us to measure traffic, understand how our services are used, and improve our features.
  • Personalization cookies: used to provide you with a tailored experience (for example, gamified missions, product recommendations).
  • Marketing and advertising cookies: may be used to present you with relevant offers, aligned with your preferences and interactions.

Specific Use by Shopify

Our e-commerce site is powered by Shopify, which also uses its own cookies to:

  • Manage navigation and the checkout process.
  • Prevent fraud and ensure transaction security.
  • Track store performance and generate anonymized statistics.

You can consult Shopify’s cookie documentation for more details.

6. Data Retention

We retain your personal data only for the time strictly necessary for the purposes for which it was collected, in accordance with legal and regulatory requirements.

  • Account and usage data: retained as long as your account is active. In case of prolonged inactivity, we may deactivate or delete your account after a reasonable period, unless otherwise required by law.
  • Order and transaction data: retained for the period required by tax and accounting legislation (generally 10 years from the end of the fiscal year).
  • Communication data (emails, notifications, customer support): retained for the time necessary to process your request, then deleted or archived in line with legal deadlines.
  • Personalization and gamification data: retained as long as you use the application. They may be anonymized or deleted if your account is removed.
  • Marketing data: retained as long as you remain subscribed to our communications. You may withdraw your consent at any time.

When data is no longer necessary, it is deleted or anonymized so that it can no longer identify you.

7. Your Rights

In accordance with applicable data protection regulations (including the GDPR for European users), you have the following rights regarding your information:

  • Right of access: obtain confirmation that we are processing your data and receive a copy.
  • Right of rectification: correct or update your information when it is inaccurate or incomplete.
  • Right to erasure (“right to be forgotten”): request the deletion of your data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
  • Right to restrict processing: request the temporary suspension of the use of your data in certain cases (for example, while verifying its accuracy).
  • Right to object: object to certain processing activities, particularly those related to direct marketing or promotional communications.
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format, and transmit it to another controller.
  • Right to withdraw consent: when processing is based on your consent (for example, receiving newsletters or push notifications), you may withdraw it at any time.
  • Right to lodge a complaint: with the relevant supervisory authority (for example, the CNIL in France) if you believe your rights are not being respected.

Exercising Your Rights

To exercise your rights, simply contact us at: [email protected]

For security reasons, we may ask you to provide proof of identity before processing your request.

We are committed to responding to all requests within a maximum period of one month, in accordance with legal requirements.

8. Age of Consent

By using our site or application, you represent that you are at least the age of majority in your state or province of residence, and that you have given us your consent to allow any minor dependents under your responsibility to use our platforms.

9. Updates to the Policy

We may update this Privacy Policy at any time to reflect:

  • legislative or regulatory changes,
  • developments in our internal practices,
  • changes related to our services, technologies, or partners.

The most recent version will always be available at https://henny.xyz. The last updated date is always indicated at the top of this Policy.

10. Contact

For any questions or complaints:

Henny – Privacy Service

Email: [email protected]

Address: HNY SAS, 1 Place du Verseau, 38130 Échirolles, France