We attach great importance to the protection and privacy of your personal data, which represents a guarantee of seriousness and trust.
If you are under 15 years old, you are not allowed to use our services without the prior and explicit consent of one of your parents, which must be sent to the address firstname.lastname@example.org. If you believe that we may host information about a child of yours under the age of 15 without your prior consent, you may ask us to erase it at email@example.com.
Why do we process your personal data and on what legal basis?
In the context of the services offered, we are necessarily required to process your personal data for the following purposes and legal basis:
- To use our services (e.g. creating an online account, paying for our online services, delivering orders, access to our stores, etc.) and to answer to your requests (e.g. requests for information, complaints, etc.) based on our terms and conditions of sale, our terms and conditions of use, and our legitimate interest in providing you with the best possible service.
- To keep you informed of our latest promotional offers and events by email on the basis of our legitimate interest to retain your loyalty and on the basis of your consent, in case you are not yet one of our customers.
- To subscribe and to receive our newsletters which will inform you about all the news concerning our services based on your consent.
- To ensure and reinforce the security and quality of our services on a daily basis (e.g. statistics, data security, etc.) on the basis of our legal obligations, our general terms and conditions of sale and our legitimate interest in ensuring the proper functioning of our services.
- To ensure your safety within our stores by using CCTV cameras on the basis of our legitimate interest.
We undertake to process your personal data only for the reasons described above.
What personal data do we process and for how long?
We have summarised thereafter the categories of personal data we collect either directly from you or indirectly through databases of potential customers, as well as their respective retention periods.
If you want more details about the retention periods, you can contact us at firstname.lastname@example.org.
- Personal identification and contact data (e.g. surname, first name, email address, etc.) stored for the duration of the provision of the service plus the legal limitation periods, which are generally 5 years.
Please note that we do not collect any of your identity documents (e.g. identity card or passport, social security number or driver license).
- Economic and financial data (e.g. bank account number, verification code, etc.) retained for the necessary period for the transaction and for the management of invoicing and payments, plus the legal limitation periods, which are generally 5 to 10 years.
- Marketing, direct marketing and newsletter subscription data (e.g. email address, etc.) retained for a maximum period of 3 years from the last contact we had with you.
- Video protection images retained for a maximum period of 1 month.
- Login data (e.g. logs, IP address, etc.) retained for a period of 1 year.
At the end of the retention periods summarised above, we erase all your personal data to ensure your privacy for future years.
The erasure of your personal data is irreversible and we will no longer be able to communicate it to you after this period. After such erasure, we may only keep anonymous data for statistical purposes.
Please also note that in the event of a dispute, we have the obligation to retain all data we have from you during the case even if the retention periods described previously have expired.
What rights do you have to control the use of your personal data?
The applicable data protection regulations grant you specific rights that you can exercise, at any time and free of charge, to control the use we make of your personal data.
- The right of access to your personal data and to obtain a copy, provided that this request does not conflict with business secrecy, confidentiality or the secrecy of correspondence.
- The right to rectification of inaccurate, obsolete or incomplete personal data.
- The right to object to processing of your personal data for direct marketing purposes.
- The right to obtain the erasure ("right to be forgotten") of your personal data that is not essential to the proper functioning of our services.
- The right to restriction of processing your personal data, which allows you to freeze the use of your data in the event of a dispute over the lawfulness of a processing operation.
- The right to give instructions on the fate of your personal data in the event of your death. You can give instructions directly by you or through a trusted third party or a beneficiary.
- The right to your personal data portability which allows you to transfer some of your personal data from one information system to another.
To be taken into account, the request has to be made directly by you to the following address email@example.com. Any request not made by this means cannot be processed.
No request can be made by anyone else than you. Please note that we may ask you to prove your identity in case of doubt.
We will respond to your request as quickly as possible, up to a maximum of two months from receipt, if the request is technically complex or if we receive many requests at the same time.
Please note that we can always refuse to respond to any excessive or unfounded request, especially if it is repetitive.
Who can access your personal data?
We only share your data with duly authorized persons to perform our services. This may include our staff in charge of the performance of our services, accounting, marketing or even the security of our offices.
We may also disclose your personal data to public authorities, external consultants and legal advisers, as well as to service providers and possibly business partners.
How do we protect your personal data?
We implement all the technical and organisational measures required to guarantee the security of your data on a daily basis and, in particular, to struggle against risks of destruction, loss, alteration or unauthorised disclosure of your data.
In particular, our computer passwords require a high level of security, our softwares are using a traceability system and all our devices are obviously protected by the latest antivirus and firewall software.
Can your personal data be transferred outside the European Union?
Unless strictly necessary and on an exceptional basis, we never transfer your personal data outside the European Union and your personal data are always hosted on European territory. In addition, we do all that we can to use only service providers who host your personal data within the European Union.
In case our service providers transfer your personal data outside the European Union, we scrupulously ensure that they implement the appropriate guarantees to ensure the confidentiality and protection of your personal data.
Who can you contact for more information?
Our Data Protection Officer (“DPO”) is always at your disposal to give you a detailed explanation of how we process your personal data and to answer your questions on this subject at the following address firstname.lastname@example.org.
How can you contact the French Supervisory Authority (the “CNIL”)?
You may at any time contact the French Supervisory Authority for personal data protection (the "Commission Nationale de l'Informatique et des Libertés" or "CNIL") at the following address: Service des plaintes de la CNIL, 3 place de Fontenoy - TSA 80751, 75334 Paris Cedex 07 (France) or by phone at +3126.96.36.199.22.
Can the policy be modified?
Certified compliant by Dipeeo®