ARTICLE 1 – PREAMBLE
- The manner in which their personal data is collected and processed. Personal data is considered to be that which allows the identification of the user. This may include first name, last name, age, postal address, email address, location of the user, or his/her IP address;
- Users’ rights concerning this data;
- The person responsible for the treatment of personal data that has been collected and processed;
- Those with whom this data is shared;
- If applicable, the Website’s policy regarding “cookies”.
ARTICLE 2 – GENERAL PRINCIPLES REGARDING THE COLLECTION AND PROCESSING OF DATA
According to article 5 of European Regulation 2016/679, the collection and processing of users’ data must be in accordance with the following principles:
- Legality, loyalty and transparency: data may only be collected and treated with the consent of the user who is the owner of the data. Each time personal data is collected, the user will be notified that his/her data has been collected, as well as the reasons the data was collected;
- Limited Purposes: the collection and processing of the data are carried out for one or several of the objectives determined in the General Conditions of Use;
- Minimization of data processing: only data necessary for the realization of the site’s objectives will be collected;
- Retention of data for a stipulated period of time: the data will be retained for a limited time only, of which the user will be informed;
- Integrity and confidentiality of the data collected and processed: the person responsible for data processing guarantees the integrity and confidentiality of the data collected.
To be in conformity with the law, according to article 6 of the European Regulations 2016/679, collection and processing of personal data may only take place if one or more of the following conditions are respected:
- The user has expressly consented to the processing;
- Processing is necessary for the execution of a contract;
- Processing is in compliance with a legal obligation;
- Processing is required to preserve the vital interests of the person concerned or of another physical person;
- Processing is necessary to carry out a mission in the public interest, or in the exercise of official authority;
- Processing and collection of personal data are necessary for reasons of legitimate private interest pursued by the controller or a third party.
ARTICLE 3 – PERSONAL DATA COLLECTED AND PROCESSED DURING THE COURSE OF NAVIGATION ON THE SITE
The controller shall maintain, in the site’s data processing systems, and under reasonable security conditions, the entirety of the data collected for a maximum period of 3 years in the case of visits to the site, and 5 years if the user has placed an order.
3.1 – PERSONAL DATA COLLECTED AND PROCESSED
The personal data collected on the website www.lapendulerie.com are the following:
- Civil status, identity, identification data, images (for ex. name, first name, address, photograph, date and place of birth, etc.)
- Connection data (for ex. IP addresses, logs, terminal identifiers, connection identifiers, timestamps, etc.)
- Information relative to the use of the site: number of orders, time spent, articles consulted;
- Localization data (for ex. movement, GPS and GSM data, …)
3.2 – MEANS OF PERSONAL DATA COLLECTION
This data is collected when the user executes one of the following actions on the site:
- Registration on the site;
- Navigation on the site;
- Utilization of an online chat service;
- Request for data backup;
- Purchase of goods/services on the site;
- Consulting an informative article;
- Registration for a newsletter;
- Request for telephone or online assistance;
- Request for an estimate;
ARTICLE 4 – PURPOSE OF PERSONAL DATA PROCESSING
Collection and processing of data are for the following purposes:
- Creation and control of access to client accounts;
- Creation of documents;
- Compliance with formalities;
- Monitoring of payments and invoicing;
- Connection to third-party partners;
- Sending marketing and commercial information;
- Satisfaction surveys;
- Client management;
And generally all activities involving the sale of services or products related to the information presented on the site.
ARTICLE 5 – DATA SHARING WITH THIRD PARTIES
While they are using the site, users’ personal data may be transmitted to external service providers.
These third parties provide features and offer services that help manage credit card payments and other services; they may also offer their services or products to users.
Personal data may be transferred to countries outside the European Union (such as the United States) with the aim of processing requests and securing personal data.
In accordance with the RGPD, all transfers of personal data toward a country outside the European Union and/or which does not offer a level of protection considered to be sufficient by the European Commission, are subject to cross-border flow agreements in accordance with the standard contract clauses laid down by the European Commission and declared to the CNIL.
Other transfers of personal data to the United States, particularly those concerning customer relationship management (CRM), are administered by the E.U. – U.S. PRIVACY SHIELD: click here for further information.
We will never share your personal data with third-party companies for marketing and/or commercial purposes without first having obtained your consent.
We may be required to divulge your personal data to administrative or judicial authorities if they are necessary for the identification, arrest, or prosecution of any individual who may restrict our rights, or of any other user or third party. We may, in addition, be legally obligated to divulge your personal data; in such cases we cannot refuse to do so.
ARTICLE 6 –WEBSITE HOST
The website www.lapendulerie.com is hosted by OVH, whose headquarters are located at the following address:
2 rue Kellermann
59100 Roubaix – France
The website host may be contacted at the following telephone extension: 1007
The data collected and processed by the site are exclusively hosted and processed in the countries of the European Union.
ARTICLE 7 – DATA CONTROLLER AND DATA PROTECTION OFFICER
7.1 – DATA CONTROLLER
The data controller responsible for processing personal data is Edouard Guérin. He may be reached as follows: By telephone at +33 (0)1 42 61 51 60 Monday through Saturday, from 11:00 AM to 7:00 PM, or by email at the following address: firstname.lastname@example.org
The data controller determines the purposes for which and the means by which personal data is processed.
7.2 – OBLIGATIONS OF THE DATA CONTROLLER
The data controller agrees to protect the personal data collected, not to share it with a third party without informing the user, and to respect the purposes for which the data was collected.
The website has obtained an SSL certificate in order to guarantee the security of information and the secure transfer of data. An SSL certificate (Secure Socket Layer Certificate) ensures the security of the data exchanged between the user and the website.
In addition, the data controller agrees to notify the user in the case of rectification or elimination of data, except when this would entail formalities, extra cost, or burdensome formalities for him. In cases where the integrity, confidentiality or security of the user’s personal data has been compromised, the data controller agrees to inform the user by every possible means.
ARTICLE 8 – USER’S RIGHTS
In accordance with the regulations concerning the processing of personal data, the rights of the user are as follows.
In order that the data controller may comply with his/her request, the user must supply: his/her personal space or subscriber’s number. The data controller must reply to the user within a period of 30 (thirty) days maximum.
8.1 – USER’S RIGHTS CONCERNING DATA COLLECTION AND PROCESSING
1.RIGHT TO ACCESS, RECTIFY AND ERASE
The user may access, update, modify or request the erasure of his/her data by means of the following procedure: the user must send an email to the personal data controller, stating the object of his/her request and using the email contact address mentioned above. If he/she has a personal space, the user has the right to request that it be erased, by using the following procedure: the user must send an email to the personal data controller, stating his/her personal space number. The data suppression request will be treated within a period of 30 working days.
2.RIGHT TO DATA PORTABILITY
The user has the right to request the portability of his/her personal data held by the site toward another website, by means of the following procedure: the user must contact the data controller requesting the portability of his/her personal data by sending an email to the above-mentioned address.
3.RIGHT TO THE LIMITATION OF AND OPPOSITION TO DATA PROCESSING
The user has the right to request the limitation of or opposition to the processing of his/her data by the site, which cannot refuse unless it can prove the existence of legitimate and imperious reasons that override the interests, rights, and liberties of the user. To request the limitation of the processing of his/her data, or to formulate an objection to the processing of his/her data, the user must use the following procedure: he/she must file a request for the limitation of the processing of his/her data with the data controller, by sending an email to the above-mentioned address.
4. RIGHT NOT TO BE SUBJECT SOLELY TO A DECISION BASED SOLELY ON AUTOMATED MEANS
According to the 2016/679 regulations, the user has the right not to be subject to a decision based exclusively on an automatic procedure if that decision results in judicial procedures concerning him/her, or similarly affects him/her in a significant manner.
5. THE RIGHT TO DETERMINE THE FATE OF DATA AFTER DEATH
The user may determine the fate of his/her collected and processed data after his/her death, according to law n°2016-1321 of October 7, 2016.
6. THE RIGHT TO REFER MATTERS TO THE COMPETENT AUTHORITIES
In the case that the data controller chooses not to comply with the user’s request and the user wishes to contest that decision, or if he/she feels the above-mentioned rights have been infringed upon, he/she may refer the matter to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr) or any competent judge.
ARTICLE 9 –PERSONAL DATA OF MINORS
According to article 8 of the European Regulations 2016/679 and the Law on Data Processing and Liberties, only minors 15 years old or older may consent to the processing of their personal data.
If the user is a minor under 15, the consent of a legal representative is required in order for personal data to be collected and processed.
The owner of the website reserves the right to ascertain by any means necessary whether the user is 15 or older, or whether he/she has obtained the consent of a legal representative before using the website.
The site owner reserves the right to modify it in order to ensure its conformity with the legislation in force.