Privacy Policy

Kiprun Privacy Policy

Welcome to www.kiprun.com. We are committed to protecting your privacy and processing your personal data with the utmost transparency and security. This personal data management policy describes how we collect, use, share, and protect your information when you use our site.

1. Who is Responsible for Processing Your Data?

The data controller for your personal data collected via www.kiprun.com is Decathlon SE, whose registered office is in France. Kiprun, as a Decathlon brand, applies the same rigorous principles regarding data protection.

2. What Personal Data Do We Collect?

We collect different types of personal data, depending on your interactions with our site:

• Identification data: Name, surname, email address, postal address, phone number.

• Transaction data: Information related to your purchases (products purchased, date of purchase, amount).

• Connection and navigation data: IP address, browser type, pages viewed, visit duration, data collected via cookies and other trackers (see section 6).

• Data related to your preferences: Your sports interests, your favorite brands.

• Communication data: Content of your exchanges with our customer service.

3. How Do We Use Your Personal Data?

We use your personal data for the following purposes, based on specific legal bases:

Management of your account and orders (contract execution):

• Creation and management of your customer account.

• Processing, shipping, and tracking of your orders.

• Management of returns and refunds.

• Invoicing.

Improving your experience and personalization (legitimate interest or consent):

• Personalization of the site display and the offers we propose to you.

• Analysis of your Browse to understand your preferences and improve our products and services.

• Creation of statistics and marketing studies.

Communication and marketing (consent or legitimate interest):

• Sending newsletters, promotional offers, and information about Kiprun and Decathlon news (if you have consented).

• Responding to your questions and requests via our customer service.

Site security and fraud prevention (legitimate interest or legal obligation):

• Detection and prevention of fraudulent activities.

• Securing our IT systems.

Compliance with our legal and regulatory obligations (legal obligation):

• Managing requests for the exercise of data subject rights.

• Responding to requests from competent authorities.

4. With Whom Do We Share Your Personal Data?

Your personal data may be shared with:

• Decathlon group entities: For the purposes of centralized customer management, technical support, and marketing.

• Our service providers: Who act on our behalf and under our instructions, such as payment, logistics, hosting, data analysis, marketing, and customer service providers. These providers are bound by contractual confidentiality and security commitments.

• Legal and regulatory authorities: If required by law or if necessary to protect our rights, property, or safety.

• Commercial partners: With your explicit consent, we may share data with partners for joint offers or complementary services.

Your data will under no circumstances be sold to third parties.

5. Data Transfer Outside the European Economic Area (EEA)

Decathlon, and by extension Kiprun, prioritizes storing your data within the EEA. However, some of our service providers may be located outside the EEA.

In such cases, we ensure that the transfer is governed by appropriate safeguards in accordance with the General Data Protection Regulation (GDPR), such as standard contractual clauses approved by the European Commission or recognized certification mechanisms.

6. Cookies and Other Trackers

Our site uses cookies and similar technologies to improve your Browse, analyze site usage, and personalize content and advertisements.

7. Security of Your Data

We implement robust technical and organizational security measures to protect your personal data against destruction, loss, alteration, unauthorized disclosure, or unauthorized access. This includes, among other things, data encryption, access security, staff training, and regular audits.

8. How Long Do We Retain Your Data?

The retention period for your data depends on the purpose for which it was collected:

• Customer account data: Generally retained as long as your account is active and for an additional period necessary for legal or commercial reasons (e.g., 3 to 5 years after the last activity).

• Order data: Retained for the legal period necessary for managing the commercial relationship and for tax and accounting obligations (e.g., 10 years).

• Prospection data: Retained as long as you do not unsubscribe and within the limits of legal durations (e.g., 3 years from the last contact).

• Cookies: The lifespan of cookies varies but generally does not exceed 13 months.

9. What Are Your Rights?

In accordance with the GDPR, you have the following rights regarding your personal data:

• Right of access: Obtain confirmation that your data is being processed and, if so, access it.

• Right to rectification: Request the correction of inaccurate or incomplete data.

• Right to erasure ("right to be forgotten"): Request the deletion of your data under certain conditions.

• Right to restriction of processing: Request to "freeze" the use of some of your data.

• Right to data portability: Receive your data in a structured, commonly used, and machine-readable format, and transmit it to another data controller.

• Right to object: Object to the processing of your data for reasons relating to your particular situation, especially for direct marketing.

• Right to withdraw your consent: Withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

• Right to define post-mortem directives: Organize the fate of your data after your death.

10. How to Exercise Your Rights?

To exercise any of these rights, you can contact us:

• By message: via this online form: https://www.decathlon.fr/help/app/ask/cat_id/920

• By mail: Decathlon – personal data protection – 4 boulevard de Mons, 59650 Villeneuve d'Ascq

To ensure your request is handled as efficiently as possible, please remember to:

• Indicate the processing(s) concerned by your request.

• Indicate the right(s) you wish to exercise.

• Provide any information allowing us to ensure that the requestor is indeed the person concerned by the processing.

11. Right to Lodge a Complaint with the CNIL

If, after contacting us, you believe your rights have not been respected, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) in France:

CNIL 3 Place de Fontenoy

TSA 80715

75334 PARIS CEDEX 07

Website : www.cnil.fr

12. Modifications to This Policy

We reserve the right to modify this personal data management policy at any time, particularly to comply with legislative and regulatory changes. Any modification will be published on this page with an updated date. We encourage you to regularly consult this page to stay informed about our data protection practices.

Last updated: September 11, 2025