1. When do we collect your personal data ?
We collect Personal Data You provide to Us directly when you:
- Create an online account on Our Site;
- Make purchases on Our Site;
- Agree to receive Our newsletter;
- Request customer support in the context of, for example, tracking an order;
- Communicate with Us through third-party social media such as Facebook or Instagram;
- Contact Us by email or telephone as part of our customer service.
Finally, We automatically collect certain information about You through “cookies” when You access Our Site, use or carry out a business transaction with Us. We refer you to our Cookie Management Policy for more details.
2. What Personal Data do We collect?
We collect the following Personal Data from You:
- Surname and first name;
- E-mail address;
- Password of your customer account;
- Mailing address;
- Thelephone number;
- Date of birth;
- Order history and details;
- Transaction data (transaction number, payment number, purchase amount);
- Any other information You provide to Us.
Our online payment service providers collect your bank details under the Applicable Regulations and in accordance with their respective Personal Data management policies which We encourage You to read carefully:
Your Personal Data that We may collect automatically includes:
- IP address;
- Browser type and version;
- Type and version of the operating system.
3. For what purposes is Your Personal Data collected?
The purpose of Processing Your Personal Data is to provide You with Our products and to fulfil the orders you place on Our Site.
In particular, on the legal basis of the need for the personal data related to the performance of the contract You enter into with Us , We collect Your Personal Data for specific, explicit and legitimate purposes which are as follows: creation and management of Your customer account; registration of orders, management of their tracking and invoicing; support from our customer service department; any operations related to the management of Our customers.
We may collect Your Data after obtaining Your consent for the following purposes: storing cookies to make Your browsing easier, personalising the content on Our Site – we refer you to our Cookie Management Policy; sharing Your data with business partners.
Finally, You will not receive a commercial message from Us unless we have previously obtained Your consent. Thus, if you ticked the box “Receive our newsletter” at the time Your account was created, you have agreed to receive commercial messages from us. In this case, Your email address will be used for commercial marketing purposes.
4. The retention period of Your Personal Data
Your Personal Data is kept for the entire duration of Your relationship with Us and for a period that does not exceed the duration necessary for the purposes for which it is collected and processed in connection with Our relationship with You.
If You are one of our customers and have created a customer account, Your Personal Data will be kept for a period of three years from the expiry of that account.
If You are one of our prospective customers, Your Personal Data will be kept for a period of three years from the date of collection or your last response to our requests.
However, some Personal Data may be stored for longer periods than those indicated below when such retention is required by law, or where such retention is necessary in the event of a dispute.
5. Who has access to Your Personal Data?
We collect and process Your Personal Data only for Our own purposes and do not sell it to third parties under any circumstances.
In order to manage Our Site, your Personal Data may, however, be communicated:
to other recipients, who process it on their behalf. These are police or judicial authorities in the context of requests in accordance with the legislation in force.
to our data processors, who process it on Our behalf and according to Our instructions. These are Our service providers involved in the tasks we entrust to them in relation to:
- recording orders, managing their tracking, invoicing and inventory management;
- secure payment on Our site;
- support by Our customer service department;
- the collection and management of customer opinions;
- managment of customer loyalty and marketing campaigns;
- the development, maintenance anf hosting of Our site;
- setting up cookies and audience measurements;
- communication via social networks.
6. How is your personal data secured?
As a data controller, We applies strict data privacy measures.
In particular, We use authentication and encryption techniques, particularly when sending Your bank details to make payment for a purchase via the proposed payment providers.
We ask that you not disclose Your confidential information such as Your password that protects Your user account.
In addition, we advise you to use a reliable and unique password and to change it regularly.
Finally, if you think someone is using Your customer account illegally, please notify Us immediately.
Your data is secure and is only accessible to the persons indicated above in Article 5 of this Policy.
7. What rights do You have?
You have a number of rights in relation to Your Personal Data and its Processing.
- Right to Information about the Processing of Your Personal Data
In particular, you may be informed of the use made of Your Personal Data through this Policy.
- Right of access, rectification and erasure (“right to be forgotten”) and right to restriction of processing
The exercise of these rights requires that the Data Controller have the possibility of identifying the Data Subject in order to communicate to him or her the Personal Data related to him or her, to communicate it to You, to erase it, to limit its use or to rectify it.
If You have a customer account, You can directly access the data in your online customer account, your transaction history, and your subscription choices.
This access also allows You to correct, modify or delete Your identification data and your contact details.
Where the Processing of Your Personal Data is based on Your consent, You may withdraw it at any time.
In particular, this right is exercised by changing Your subscription option to the newsletter.
You may also request the deletion of Your Personal Data but also that We temporarily or permanently stop Processing Your Personal Data within the limits set out in the Applicable Regulations.
- Right of objection
You may object to the Processing of Your Personal Data for reasons related to Your personal situation.
- Right to lodge a complaint with a supervisory authority
If, despite efforts to maintain the confidentiality of Your data and protect Your privacy, You consider that Your rights are not respected, You have the right to lodge a complaint with a Supervisory Authority. A list of the Supervisory Authorities is available on the European Commission website.
The French Supervisory Authority is the Commission Nationale de l’Informatique et des Libertés (CNIL).
- How can You contact Us to exercise Your rights?
If you have any questions and/or to exercise Your rights, You may contact Us, electronically or by post, by sending a letter accompanied by a copy of any valid identity document to the following address: firstname.lastname@example.org
We undertake to respond to You as soon as possible, and in any event, within one month of receipt of Your request.
8. Transfer outside the European Union
The use of Our Site and its features may involve data transfers to countries outside the European Union.
In this case, where these countries do not benefit from an adequacy decision as provided for by the GDPR, various measures are put in place to ensure that the Personal Data transferred to these countries is adequately protected in accordance with the provisions of the GDPR.
Indeed, if we transfer Your Personal Data to third parties outside the European Union, it is always in compliance with the provisions of the GDPR and, consequently, we take all appropriate measures to protect Your Personal Data and in particular by means of standard contractual clauses approved by the European Commission.
We may change its Processing, within the limit of compliance with the Applicable Regulations, and undertakes to update the Policy accordingly.
10. Governing law and dispute resolution
This Policy is subject to EU law. In the event of a dispute and in the event that an amicable agreement cannot be reached, the competent court shall be that determined in accordance with the applicable rules of procedure.