Privacy policy
-
Preamble
1.1. This Privacy Policy is an integral part of the General Conditions, so that the definitions used in the latter are reused in this Privacy Policy.
1.2. The purpose of this Privacy Policy is to inform Customers about how their Personal Data is collected from the Website, how it is processed by the Data Controller and finally the rights enjoyed by Customers with regard to this processing. as defined below.
-
Definitions
2.1. The following terms, whether used in the singular or plural in this Privacy Policy, will have the following definition:
Intermediate Archiving: means the movement of Personal Data which still presents an administrative interest for the Data Controller, (such as by example in the event of litigation and/or in the event of a legal obligation) in a separate database, logically or physically separated and to which, in any event, access is restricted. This archive is an intermediate step before the deletion of the Personal Data concerned or its anonymization;
CG:designates the General Conditions ;
Privacy Policy: means this policy of confidentiality and protection of Personal Data of Customers implemented by the Data Controller;
Client: means the natural person, at least 15 years old, browsing the Website and whose Data processing personal by the Data Controller is governed by the Privacy Policy. As such, the Customer guarantees, in the event that he is under the age of 15, that he has obtained the consent of the holder of parental authority over him to the processing of his Personal Data defined in the Privacy Charter
Account: means the personal account of the Customer, accessible on the Website through personal identifiers, confidential to the Customer that he cannot communicate to a third party, and from which he can place an order;
Data(s) or Personal Data(s): refers to the Customer's personal data, within the meaning of the Regulations on Personal Data, collected and processed by the Data Controller in the context of the use of the Website;
Specific Rights: means the rights granted by the Personal Data Regulations to Customers in relation to the processing of their Personal Data and developed at the Article 9 of the Privacy Policy;
Regulation on Personal Data: refers to Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms, pursuant to the Community Regulation of April 27, 2016 published in the Official Journal of the European Union on May 4, 2016 relating to the protection of individuals with regard to the processing of personal data and the free movement of such data data (known as "GDPR" for General Data Protection Regulation);
Data controller: designates the company referred to in the legal notices accessible here: Legal notice;
Website:means the website on which this Privacy Policy is hosted;
Terminal(aux): means the hardware equipment (computer, tablet, smartphone, telephone, etc.) used by the Customer to consult or view the Website.
3. The legal bases of the processing
3.1. In accordance with the Personal Data Regulations, the processing referred to in this Privacy Policy is supported by a specific legal basis.
3.2. The Client has consented to the processing of his Personal Data for one or more specific purposes.
3.2.1. The Website has required the express consent of the Customer in order to carry out specific processing explained when obtaining consent.
3.3. The processing is necessary for the performance of a contract to which the Customer is a party or for the performance of pre-contractual measures taken at the Customer's request .
3.3.1. In order to use the Website and benefit from its services, the Customer has accepted minimum the CGs. These documents formalize a contractual relationship between the Client and the Data Controller, serving in particular as a legal basis for the collection and processing of the Client's Personal Data by the Data Controller.
3.3.2. These Data are necessary for the performance of a certain number of processing operations related to the performance of the contractual relationship between the Customer and the Data Controller, the purposes of which are detailed in paragraph 4 – The purposes of the processing operations.
3.4. The processing is necessary for compliance with a legal obligation to which it is subject.
3.4.1. The processing of Personal Data may also be necessary for compliance with a legal obligation to which the Data Controller would be subject, for example, the retention of access logs to the Website, in accordance with Decree No. 2011-219 of February 25 2011 relating to the retention and communication of data allowing the identification of any person having contributed to the creation of content put online.
3.5. Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, unless the interests or fundamental rights and freedoms prevail of the Customer who require protection of personal data, in particular when the Customer is a child.
3.5.1. The Data Controller may have a legitimate interest justifying the processing of the Customer's Personal Data, such as the processing of Data strictly necessary for the purposes of fraud prevention.
3.5.2. In this case, the Data Controller ensures that the processing in question is indeed necessary for the fulfillment of its legitimate interest and assesses the consequences of this processing on the Client, in particular taking into account the nature of the Data processed, and how they are processed.
3.5.3. The Data Controller ensures that it does not disregard the interest or the fundamental rights and freedoms by allowing the Customer, at any time, to oppose all or part of the processing described in this Privacy Policy, such as implement its Specific Rights, under the conditions of paragraph 10 – Exercise of the Specific Rights of Customers.
The purposes of the processing
The Customer's Personal Data is necessary to allow him access to the Website, its use and its improvement, and to allow the Data Controller to:
- Perform operations relating to its commercial relationship with the Customer, i.e. concerning invoices, accounting, the monitoring of the "customer relationship" with a Customer, such as the performance of satisfaction surveys, the management of complaints, the use of the Website and more generally of services, etc. ;
- Personalize its communication for Customers, in particular by information e-mails, according to its observed preferences, its use of the services and/or the Website;
- Enable trackingales, analytics and marketing tools (including ranking, scoring, etc.);
- Allow access to the Account by the Customer and provide him with all the information contained therein such as his orders, his book of addresses, the products it has registered;
- Optimizing Customer browsing on the Website by memorizing their preferences and simplifying any purchases later on the Website;
- The management of requests to exercise Specific Rights under the conditions of paragraph 10 – Exercise of Customers' Specific Rights;
- After-sales service management;
- Management of unpaid bills and disputes;
- Prevention of litigation with the Client;
- The fight against fraud and money laundering; and
- Compliance with its legal obligations, in particular accounting and tax.
-
Storage of Personal Data
5.1. The Website is hosted by the company whose contact details are available by clicking here:
5.2. Every precaution has been taken to store Customer Personal Data in a secure environment and to prevent it from being distorted, damaged or accessed by unauthorized third parties. The information transmitted by the care of the Customer will never be transmitted to third parties for commercial purposes, nor sold or exchanged.
6. Collection of Personal Data on the Website
6.1. The Data Controller collects, when creating an Account and then when it is gradually completed, the following Personal Data that the Customer provides or that he communicates spontaneously during his navigation and which is kept for a duration of three (3) years, on an active basis, from the Customer's last connection to the Website:
- Name,
- First name,
- Email address,
- Shipping address,
- Billing address,
- Phone number
- Company name, if any
- The content saved in the Customer's Account,
- Where applicable, the reason(s) for the exclusion (all the elements making it possible to demonstrate actions which date back less than a month and which justify exclusion),
- Connection data (date, time, IP address, pages viewed) of the Customer when browsing the Site Internet
The Personal Data above is also kept in Intermediate Archiving for an additional period of two (2) years in accordance with the common limitation period.
- Invoices;
- Order information;
- Amount of transactions carried out as well as the date and time of these transactions
The Personal Data above is also kept in Intermediate Archiving for an additional period of seven (7) years, in accordance with tax and accounting obligations.bles of the Data Controller.
6.2. All Personal Data indicated as such in the Account creation form is essential to benefit from the services of the Data Controller.
6.3. Where applicable, the Data Controller collects, when the Customer exercises its Specific Rights, a copy of the Customer's identity document indicated in Article 10.2 and keeps it for one (1 ) year in active base from the date of receipt.
7. Recipients or categories of recipients if they exist
Data recipient categories |
Purpose of the proposed transfer |
Hosting Service Provider |
Hosting the Website
|
Website development and management provider
|
Administration of the "back-office" of the Website and management of the database containing Customers' Personal Data
|
Computer integrator and maintenance |
Ensure the remote maintenance of the Data Controller's information system, including the Website
|
Customer management software editor |
Allow to manage relationships with Customers
|
Email Routing Provider
|
Enable sending newsletters |
Phone Flow Manager |
Allow the monitoring of different calls and telephone streams
|
Consulting on the Website and user experience
|
Receive advice on digital communication |
Electronic document management provider
|
Electronic invoice management |
Editor of IT tools for economic analysis
|
Allow sales forecast |
Payment Service Provider
|
Allow payments on the Website |
Editor of warehouse logistics management software
|
Allow computer system connection with warehouses |
Package delivery service provider |
Allow the shipment of products ordered by Customers
|
7.1. In the event that a transfer of Personal Data to a recipient located in a country which is not located on the territory of the EEA and which has not been the subject of an adequacy decision by the Commission European Union, the Data Controller undertakes to take all appropriate guarantees to ensure its perfect lawfulness, by ensuring that Customers haveenforceable rights and legal remedies against the recipient and to obtain the Customer's prior and specific consent to such transfer of Personal Data.
7.2. The Data Controller will not obtain the Client's prior and specific consent to the transfer of his Personal Data if:
- the Data Controller ensures:
- to enter into standard contractual clauses proposed by the European Commission with the recipient of the Personal Data; or
- that the recipient of the Personal Data is subject to the principles of privacy shield (for transfers to the United States); or
- to take any appropriate measure to make the transfer of Personal Data lawful outside the territory of the European Union, in accordance to the Personal Data Regulations.
- or if said transfer is needed:
- compliance with obligations to ensure the establishment, exercise or defense of legal claims ;
- the performance of a contract between the Data Controller and the recipient taken at the Customer's request;< /span>
- to enter into or perform a contract entered into or to be entered into, in the interest of the person concerned, between the Data Controller and the recipient
8. Internet transaction security
8.1. In accordance with the T&Cs, the Website uses the technology of the company STRIPE PAYMENTS EUROPE LTD, to secure the banking transactions of Customers.
8.2. Thus, when paying on the Website, the Customer's bank details are transmitted encrypted to the company STRIPE PAYMENTS EUROPE LTD.
8.3. To exercise his rights such as those identified in paragraph 9 – Specific Rights, relating to his credit card details, the Customer is invited to contact STRIPE PAYMENTS EUROPE LTD directly.
9. Specific Rights
9.1. In accordance with the Personal Data Regulations, the Customer may, at any time, benefit from the following Specific Rights from/to/to:
-access,
- rectification,
- erasing,
- processing limitation,
- portability,
- opposition,
- post-mortem guidelines,
9.2. Access rights
9.2.1. The Customer has the possibility of obtaining from the Data Controller confirmation that the Personal Data concerning him are or are not being processed and, when they are, access to said Personal Data as well as the following information:
- a) the purposes of the processing;
- b) categories of Personal Data;
- c) the recipients or categories of recipients to whom the Personal Data has been or will be communicated;
- d) where possible, the envisaged retention period of the Personal Data or, where this is not possible, the criteria used to determine this period;< /span>
- e) the existence of the right to request from the Controller the rectification or erasure of Personal Data, or a limitation of the processing of his Personal Data, or the right to object to this trait
- f) the right to lodge a complaint with the personal data supervisory authority (in France, the CNIL)
- g) where the Personal Data is not collected from the Customer, any available information as to its source;
- h) the existence of automated decision-making, including profiling, and, at least in such cases, useful information regarding the underlying logic underlying data, as well as the significance and intended consequences of this processing for the Client;
9.2.2. When the Personal Data is transferred to a third country or to an international organization, the Customer has the right to be informed of the appropriate guarantees, with regard to this transfer.
9.2.3. The Data Controller provides a copy of the Personal Data being processed.
9.2.4. The Data Controller may require the payment of reasonable fees based on administrative costs for any additional copy requested by the Customer or in the event of a request for the transmission of Personal Data on paper and/or physical media.
9.2.5. When the Customer submits his request electronically, the information is provided in a commonly used electronic form, unless he requests otherwise.
9.2.6. The Customer's right to obtain a copy of his Personal Data must not infringe the rights and freedoms of others.
9.3. Rights of rectification
9.3.1. The Customer has the possibility of obtaining from the Data Controller, as soon as possible, the rectification of the Personal Data concerning him which is inaccurate. He also has the possibility of having incomplete Personal Data completed, including by providing an additional declaration.
9.4. Rights to erasure
9.4.1. The Customer has the option of obtaining from the Data Controller the erasure, as soon as possible, of Personal Data concerning him when one of the following reasons applies:
- a) The Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed by the Data Controller;
- b) The Customer has withdrawn their consent for the processing of their Personal Data and there is no other legal basis for the processing;< /li>
- c) The Customer exercises his right of opposition under the conditions set out below and there is no overriding legitimate reason for the processing;
- d) The Personal Data has been unlawfully processed;
- e) Personal Data must be erased to comply with a legal obligation;
- f) The Personal Data was collected from a child.
9.5. Rights to limitation
9.5.1. The Customer has the possibility to obtain from the Data Controller the limitation of the processing of his Personal Data when one of the following reasons applies:
- a) The Data Controller verifies the accuracy of the Personal Data following the Customer's contestation of the accuracy of the Personal Data,
- b) The processing is unlawful and the Customer opposes the erasure of the Personal Data and instead requests the limitation of its use;
- c) The Data Controller no longer needs the Personal Data for the purposes of the processing but these are still necessary for the Client for the observation, the exercise or defense of legal claims;
- d) The Client has objected to the processing under the conditions set out below and the Data Controller checks whether the legitimate reasons pursued prevail over the reasons alleged.
9.6. Right to Data Portability
9.6.1. The Customer has the option of receiving
11 Password security
11.1. The Data Controller takes all useful precautions to ensure the secure storage of the Customer's password to access his Account.
11.2. However, the security of this password also depends on its design.
11.3. Also, the Customer is reminded that his password, to be valid, must be composed, a < span style="font-weight: 400;">minimum 8 characters, at least 3 of the following 4 types: uppercase, lowercase, numbers, special characters
11.4. Mnemonics are used to create complex passwords, such as:
- Keep only the first letters of the words in a sentence; for example, the sentence "A Password is withheld!" corresponds to the password 1mdp@sr!
- Capitalize if the word is a noun (ex: word)
- Keeping punctuation marks (ex: !)
- By expressing numbers using digits from 0 to 9 (ex: Un ->1)< /span>
12 Cookies placed on the Customer's Terminal following its navigation on the Website
12.1. Cookies are used on the Website.
12.2. A cookie is information stored on the Terminal which is used by the Customer to access the Website.
12.3. Cookies are related to the Customer's browsing on the Website and make it possible to determine the pages he has consulted, their date and time of consultation.
12.4. At no time do these cookies allow the Data Controller to personally identify the Client.
12.5. The shelf life of these cookies in the Customer's Terminal does not exceed thirteen (13) months.
12.6. More specifically, the Personal Data collected from the cookies issued by the Data Controller or third parties allow:
- to establish statistics and volumes of visits and use of the Website to improve the interest and ergonomics of services;
- to adapt the presentation of the Website to the display preferences of the Customer's Terminal (language used, resolution of display, operating system used, etc.);
- to store information relating to a form completed by the Customer on the Website (registration or access to your Account );
- to implement security measures, for example when the Customer is asked to log in again to the Website after a certain period of time;
- to monitor the commercial relationship with the Customer.
12.7. Thanks to cookies, the Data Controller collects and processes for the purposes determined above, all or part of the following Data:
- Information related to the Client's Terminal:
- Its Internet service provider (Orange, SFR, Bouygues, Free, etc.);
- His Terminal operating system advertising ID;
- Its Terminal's IP address;
- Its Terminal's geolocation data;
- Information on its browsing and behavior on the Website:
13 Cookies
Cookies necessary for the operation of the store:
Name |
Function |
_ab |
Use related to Shopify admin access. |
_secure_session_id |
Use related to browsing in a virtual storefront. |
Cart |
Basket-related use. |
cart_currency |
Use related to checkout. |
cart_sig |
Use related to checkout. |
cart_ts |
Use related to checkout. |
cart_ver |
Basket-related use. |
checkout |
Use related to payment. |
checkout_token |
Use related to checkout. |
cookie test |
Use related to browsing in a virtual storefront. |
master_device_id |
Used in connection with Merchant IDs. |
previous_checkout_token |
Use related to payment. |
checkout_locale |
Use related to checkout. |
previous_step |
Use related to payment. |
remember_me |
Use related to payment. |
Secure_customer_sig |
Use related to customer identifiers. |
storefront_digest |
Use related to customer identifiers. |
_shopify_country |
Use related to payment. |
_shopify_m |
Used to manage customer privacy settings. |
_shopify_tm |
Used to manage customer privacy settings. |
_shopify_tw |
Used to manage customer privacy settings. |
_storefront_u |
Used to facilitate updating customer account information. |
_tracking_consent |
Tracking preferences. |
tracked_start_checkout |
Use related to payment. |
Secret |
Use related to customer identifiers. |
Reports and data analysis
Name |
Function |
_landing_page |
Landing page tracking. |
_orig_referrer |
Landing page tracking. |
_s |
Shopify data analytics. |
_shopify_d |
Shopify data analytics. |
_shopify_fs |
Shopify data analytics. |
_shopify_s |
Shopify data analytics. |
_shopify_sa_p |
Shopify data analytics related to marketing and referrals. |
_shopify_sa_t |
Shopify data analytics related to marketing and referrals. |
_shopify_y |
Shopify data analytics. |
_y |
Shopify data analytics. |
14. Opposition to cookies
14.1. The Customer is informed, during his first visit, that he has the option of opposing the registration of cookies which are ancillary to the operation of the Website, in particular by configuring his Internet browser to do so or by exercising his choice on this page (see below).
14.2. The Customer navigates on the Website, information may be recorded, or read, in his Terminal, subject to his choices.
14.3. The Customer will find more help on the dedicated pages of his browser (below the most common browsers):
- Firefox:http://support.mozilla.org/fr/kb/Activate%20and%20deactivate%20les %20cookies
- Opera:http://help.opera.com/Windows/10.20/en/cookies.html
14.4. The Customer can also configure his browser so that it sends a code indicating to websites that he does not wish to be tracked (“Do No Track” option):
- Internet Explorer™:http://windows.microsoft.com/fr-fr/internet-explorer /use-tracking-protection#ie=ie-11
- Safari™:http://support.apple.com/kb/PH11952
- Chrome™:https://support.google.com/chrome/answer/114836
- Firefox™:https://support.mozilla.org/en/kb/how-to-enable-option-not- not-tracking
- Opera™:http://help.opera.com/Windows/12.10/en/notrack.html< /li>