a
Jonara | The Global Seal of Excellence in Luxury Wellness
Contact Us
M
Jonara | The Global Seal of Excellence in Luxury Wellness

PRIVACY POLICY

Legal Framework: Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and French Law No. 78-17 of January 6, 1978, relating to data protection, files, and liberties (Loi Informatique et Libertés).

 

1. Scope, Legal Basis, and Explicit Purpose of Processing

The present Privacy Policy comprehensively defines the operational protocols, security paradigms, and legal limits governing how Jonara processes, archives, and protects the personal data of data subjects navigating jonara.fr.

Under the strict mandates of Article 6 of the GDPR, Jonara processes data exclusively on the following recognized legal bases:

Performance of a Contract (Article 6.1.b GDPR): To manage the complete e-commerce lifecycle through WooCommerce. This includes shopping cart maintenance, secure order execution, transactional communications, issuing commercial B2B/B2C invoices, validating proprietary tier-based digital licenses, and delivering commercial research publications (watermarked PDF reports).

Express Consent (Article 6.1.a GDPR): To manage requested marketing communications and free digital lead magnets. When a user explicitly submits their email address to download a complimentary copy of a report’s Executive Summary or opts in via an explicit subscription field, they grant clear consent to be added to the Jonara Insights electronic mailing list.

Legitimate Interest (Article 6.1.f GDPR): To safeguard the digital infrastructure of jonara.fr against brute-force intrusion vectors, mitigate unauthorized duplication or hotlinking of proprietary PDF assets, monitor payment fraud risks, and analyze server performance statistics in a fully aggregated, non-intrusive format.

2. Data Controller & Point of Contact

The data processing activities executed on this platform are managed directly by the legally designated Data Controller:

Company Name: Jonara (Société par Actions Simplifiée à Associé Unique – SASU)

Share Capital: EUR 1,500

Registered Office: 24 rue de Clichy, 75009 Paris, France

Corporate Registry Identification: RCS Paris number 999 264 419

EU Identification Number (EUID): FR7501.999264419

Data Protection Representative: Mr. Jon Lagaronne (President)

Dedicated Security and Compliance Email: contact@jonara.fr

 

3. Categories of Personal Data Processed

Jonara strictly enforces the principle of data minimization (Article 5.1.c GDPR). The processing system isolates and logs only standard, non-sensitive operational data vectors:

Identity & Billing Data: First name, last name, business or corporate entity name, job title (optional), physical billing address, postal code, city, and country of residence. This data is mandatory for cross-border tax compliance, verifying corporate tax liabilities, and issuing legally compliant e-commerce invoices

Electronic Contact Coordinates: Primary personal or institutional email address and associated optional phone numbers collected natively via form inputs during resource requests or checkout procedures.

Meta & Technical Signature Logs: Date and timestamp of transaction executions, automated license key mapping, and specific product downloads logged by the content delivery framework.

Exclusion of High-Risk Data: Jonara never stores, views, or records financial credit card numbers, banking credentials, or sensitive government identifiers. All encrypted tokenization happens off-site via our primary external secure banking partner.

 

4. Infrastructure, Functional Cookies, and Cookie-Less Analytics

The technical stack powering jonara.fr is architected to optimize privacy metrics by eliminating intrusive third-party cross-site behavioral tracking scripts:

Absence of Tracker Cookies & Ad Pixels: This website does not deploy advertising remarketing pixels, behavior-tracking cookies, or third-party behavioral profiling scripts. Because no multi-site cross-tracking occurs, no privacy-disruptive banner is required to intercept user navigation.

Strictly Necessary E-Commerce Cookies: To ensure basic site functionality under Article 5(3) of the ePrivacy Directive, WooCommerce drops ephemeral, first-party functional session keys. These are technical data blocks used solely to retain selected digital report variants inside the checkout cart and prevent session disconnection during page changes. They expire automatically when navigation ceases and are never used for external profiling.

Server-Level Independent Analytics: Website traffic metrics, referral pathways, and page view counters are compiled entirely locally using Independent Analytics. This privacy-first analytics module runs exclusively on Jonara’s dedicated host server. It does not write cookies to user browsers, does not transmit anonymized data to external servers, and strips identifiable data points, ensuring full statistical aggregation in line with CNIL recommendations.

 

5. Data Recipients and Secure Third-Party Cloud Integrations

Jonara maintains a zero-monetization policy on personal data: your information will never be sold, leased, or distributed for third-party commercial exploitation. Data packets are securely shared only with authorized, GDPR-compliant cloud infrastructure processors strictly required to execute core services:

WooCommerce: Operates natively inside our encrypted WordPress core engine to parse checkout data fields, track order status changes, and manage database queries for report distribution licenses.

Stripe: Acts as the isolated, PCI-DSS Level 1 certified gateway infrastructure handler. During order submission, billing strings are mapped over encrypted HTTPS channels to Stripe’s secure servers to authorize transactions, completely bypassing Jonara’s server memory banks.

MailerLite: Serves as the automated electronic newsletter distribution system and lead-magnet cloud engine. MailerLite safely maintains subscriber databases, manages global opt-out logs, handles segmentation lists for industry sectors, and executes instant delivery sequences for the requested Executive Summary PDF files under strict European privacy sub-processors mandates.

6. Strict Data Retention and Archiving Policies

Personal data is locked and retained only for periods explicitly aligned with administrative preservation laws and clear operational utility:

Newsletter & Resource Recipient Records: Email addresses and contact records captured for newsletter distributions or download deliveries are held securely within MailerLite until the individual records an explicit “Unsubscribe” action or issues a formal erasure request.

E-Commerce and Licensing Archives: All financial documentation, checkout details, and billing identities logged inside the WooCommerce database are moved into locked retention archives for a period of five (5) years following the year of the transaction. This duration fulfills statutory commercial record preservation mandates under Article L110-4 of the French Commercial Code.

7. Security Measures and Technical Protections

Jonara implements robust technical, organizational, and software security measures to protect your data against unauthorized access, alteration, disclosure, or destruction. All data transmissions through the website and checkout process utilize secure cryptographic protocols (SSL/TLS). However, because no transmission method over the internet is completely flawless, Jonara cannot guarantee absolute security.

 

8. Data Subject Rights and Regulatory Escalation

Under the robust text of Chapter III of the GDPR, you retain comprehensive, non-negotiable rights over the data elements stored inside our infrastructure:

Right of Access (Article 15 GDPR): The right to request comprehensive confirmation regarding whether your personal information is being processed, alongside a clean, structured transcript of the exact data profiles held.

Right to Rectification (Article 16 GDPR): The right to demand immediate updates to inaccurate, outdated, or incomplete details inside our databases.

Right to Erasure / Right to be Forgotten (Article 17 GDPR): The right to command the total deletion of your personal contact files from our operational mail tracks and marketing pipelines, provided it does not conflict with legal transaction auditing periods.

Right to Data Portability (Article 20 GDPR): The right to receive your personal data in a highly structured, machine-readable, commonly used format to transfer it seamlessly to external technical platforms.

Right to Instant Withdrawal of Consent: You retain an absolute right to dissolve marketing and delivery permissions at any time. Every single communication string dispatched via MailerLite features a distinct, automated “Unsubscribe” baseline link that updates our global distribution databases instantly.

To invoke these rights or request structural administrative changes to your data footprint, contact the Data Controller immediately at: contact@jonara.fr

Jonara is legally bound to review, act upon, and respond to your validated request within a maximum timeframe of one (1) calendar month from the date of submission. If your inquiries are ignored, unfulfilled, or if you believe our architecture violates valid European data protection standards, you maintain the full statutory right to initiate an official complaint or administrative litigation process with the primary national regulatory authority:

Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy – TSA 80715, 75334 Paris CEDEX 07, France

Website: https://www.cnil.fr