The Company's ambition is to be exemplary and to contribute to the creation of an elegant world. She values honesty and clarity and is committed to building strong and lasting relationships with her Customers based on trust and mutual interest.
SOCIETE NOUVELLE DES ETABLISSEMENTS THIERS-ISSARD, a simplified joint stock company with a share capital of 300,000 euros, registered in the Trade and Companies Register under number 334 281 649, whose registered office is located at Zone Industrielle du Felet, 63300 in THIERS (France) acts as Data Controller.
GENERAL PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
The Company undertakes to comply with the requirements set out in European Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data (RGPD), by respecting the following fundamental principles (Article 5 of the GDPR):
- The principle of lawfulness, fairness and transparency: data collected shall be collected in a lawful, fair and transparent manner.
- The purpose limitation principle: data are collected for specific, explicit and legitimate purposes.
- The principle of data minimisation: data must be relevant and processed in accordance with their purpose.
- The principle of accuracy: the data processed must be accurate and kept up to date.
- The principle of limiting storage: the storage period of personal data must not exceed that necessary for the purpose of processing.
- The principle of integrity and confidentiality: appropriate technical or organisational measures must be implemented to ensure the security of the personal data processed.
In addition, as Data Controller, the Company has the obligation to protect personal data by informing the user of any rectification or deletion of his data or if their integrity or confidentiality is understood.
COLLECTION OF PERSONAL DATA
Personal data refers to "any information relating to an identified or identifiable natural person" within the meaning of Article 4(1) of the GDPR.
The collection and processing of personal data is consented to by any person when using this Site.
Any user is required to provide the Company with personal data, as part of forms or validation steps, such as:
- The creation of a customer account on the Site;
- Visiting the Site and using cookies;
- Online purchasing, order confirmation (order forms);
- Subscription to a newsletter, loyalty program or alerts in case of availability on a sold-out Product;
- The return of a Product;
- Contact with Customer Service by any means of communication made available;
- Writing a review or comment on a Product;
- Filling in an information entry form....
The personal data of a user that may be collected by the Company are as follows:
- Identification data: surname, first name, company name, SIREN number, intra-Community VAT number, language, country, email address, postal address....;
- Connection, geolocation and navigation data: IP address, connection identifiers, browser type, server and time requests, referrer URLs, cookies, tracers, navigation data, audience measurements, connection terminals, etc;
- Economic and payment data: payment or payment card data, payment method used....;
- Data relating to online purchasing: information on purchases, orders and returns, order amount, invoices, customer journey, commercial information, date of purchase...
Telephone conversations between a user and a Company Customer Service Advisor may be recorded, of which the user will be informed in advance.
In accordance with the GDPR, the Company does not collect or process so-called "sensitive" data, such as data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership of individuals, genetic and biometric data, data concerning the health, sex life or sexual orientation of individuals, data relating to criminal convictions or offences, as well as the unique national identification number or social security number.
PURPOSES OF THE PROCESSING OF PERSONAL DATA
The Company processes the data collected in a transparent and secure manner for the purposes detailed below. These processing operations are based on one of the legal bases provided for by Article 6 of the GDPR.
Order management, delivery and returns
As a result of the execution of the contract concluded between the Company and the Customer, the Company collects and uses the Customer's personal data, thus making it possible to manage his registration, purchases and orders, delivery and possible returns of the Products.
Data relating to payment transactions are also collected.
After-sales service management
In order to improve the quality of service, the Company may legitimately collect and retain personal data to communicate with the Customer on orders, invoices and complaints.
Commercial Relationship Management
With the Customer's prior consent, the Company collects and uses his or her personal data for the purpose of providing information and messages for commercial prospecting, loyalty programs, sending commercial offers or carrying out commercial solicitation operations.
Administrative and financial management
Due to a legitimate interest of the Company, it may be required to disclose certain personal data of the Customer in the event of legitimate requests from public authorities, in order to meet national security, fraud prevention or law enforcement requirements.
In the context of the fight against fraud, the Company reserves the right to verify the personal data provided by the Customer when placing the order in order to avoid any fraudulent payment.
The Customer's personal data may also be transmitted to the Company's debt collection service provider in the event of non-payment.
The Company is required to process and retain certain of the Customers' personal data in order to comply with tax and accounting obligations, pursuant to its legal obligation.
In the event of processing other than those previously detailed, the Customer will be notified in advance by the Company.
DATA RETENTION PERIOD
The data processed are kept by the Company only for the period necessary for the fulfilment of the purposes described above and for the proper management of the commercial relationship.
|Category of personal data||Storage period|
|Customer account data||
5 years from the end of the commercial relationship with the Customer (from the last order, the last connection to the account, the last call to customer service, the sending of an email to customer service, the placing of Products in the shopping cart without a purchase or a positive response to an email asking if the Customer wishes to continue receiving commercial prospecting).
|Customer / Prospect data||
5 years from the end of the commercial relationship with the Customer / Prospect
Credit card data
10 years from the end of the commercial relationship with the Customer
5 years from the end of the commercial relationship with the Customer
|Data relating to commercial actions||
3 years from the last contact or end of the business relationship with the Customer
ID document in connection with the exercise of the rights of inquiry, access, rectification and opposition
|1 year from the date of receipt by the Company|
13 months from their deposit on the user's terminal
Product after-sales service
|5 years from the closing date of the Customer's request for assistance|
Data sent to the delivery service provider
1 year after delivery of the order
At the end of these legal periods, personal data must in principle be deleted. However, they may also be archived or subject to an anonymization process, in order to make it impossible to identify individuals.
Consequently, they will no longer be considered as personal data and may be stored freely.
The Company ensures that only persons who need to process the data in order to fulfil their legal and contractual obligations have access to it.
The personal data thus collected are therefore intended for use by certain departments of the Company concerned by the requests. These include IT, customer service, internal logistics and administrative and financial management.
However, some of the Company's service providers and subcontractors may receive personal data if it is strictly necessary for the performance of their services, which is particularly the case for the hosting of the Site, the execution of orders, deliveries and returns, and secure online payment.
In this respect, the Company undertakes to use only subcontractors who provide sufficient guarantees and comply with personal data protection commitments.
In addition, operations with a service provider receiving personal data are subject to a contract in order to ensure data protection and respect for the rights of Customers.
The Company may also provide personal data to supervisory authorities such as tax and customs authorities, the police and other statutory bodies.
Finally, these data are not transferred outside the European Union.
SECURITY AND CONFIDENTIALITY MEASURES
The Company undertakes not to sell, rent or share the personally identifiable information of users of this Site with third parties, except for compelling legal reasons (transmission to external services such as supervisory or criminal prosecution authorities).
The Company has also endeavoured to take all reasonable and necessary precautions to preserve the confidentiality and security of the personal data processed, in order to prevent any damage, distortion or destruction of the data.
In accordance with Article 32 of the DGPS, technical and organisational security measures have been put in place to protect the data against any malicious intrusion, loss, destruction, alteration or access by unauthorised persons, such as:
Pseudonymization, anonymization and encryption of personal data: in particular by systematic encryption during the exchange of data between the Customer and the Site, via the use of the HTTPS transmission protocol;
Ensuring the confidentiality, integrity, availability and resilience of treatment services;
The availability and access of personal data within appropriate time limits;
A procedure to analyse and evaluate the effectiveness of such measures taken to ensure the security of the processing.
The Company also urges Customers to exercise caution to prevent unauthorized access to their personal data by protecting their terminals with a strong password and changing it regularly.
In accordance with the legislation in force, any person whose personal data is collected and processed by the Company has several rights:
- The right of access: this right allows any user to obtain confirmation that personal data concerning him/her is in the Company's possession and to know which ones. The nature of the processing can also be explained. A copy of all the information concerning him may be issued at his request.
- The right to portability: The Company is obliged to transmit this personal data in a format that can be technically used by its user.
- The right of rectification: any user may request and obtain the rectification, the correction of any error contained in his personal data that may prove to be inaccurate. This update applies regardless of the basis of the processing operation concerned.
- The right to erasure: every user has the right to request and obtain the erasure of some of his personal data, before their deletion at the end of the storage period initially provided for, when such data are processed on the basis of the user's consent or on the legitimate interest of the Company.
- The right to limit processing: any user may request the Company to limit or interrupt the processing of his or her personal data, in certain circumstances.
- The right of opposition: the user concerned by the collection of his data has the right to object at any time to their processing, for reasons relating to his particular situation and if such processing is no longer necessary in the legitimate interest of the Company.
- The right to determine the fate of data after death: under Article 40-1 of the Data Protection Act, any person may give instructions relating to the storage, erasure and communication of personal data after death.
In addition, the Company does not use any fully automated processing process to make a decision and no profiling will be performed on the basis of the data collected.
Finally, the consent given by a user to the processing of his or her personal data is not definitive. He can remove it at any time.
EXERCISE OF RIGHTS - CONTACT
Any Customer may obtain information or exercise these rights from the Company's Personal Data Processing Manager:
- By e-mail: firstname.lastname@example.org
- By post: SOCIETE NOUVELLE DES ETABLISSEMENTS THIERS-ISSARD, Zone Industrielle du Felet, 63300 THIERS
The Company undertakes to respond to any request from a Customer within a reasonable period of time, which may not exceed one (1) month from the receipt of such request.
If the Customer considers that the Company is not complying with its obligations with regard to its personal data, it may file a complaint or lodge a complaint with the competent authority:
- By post: CNIL, 3 Place de Fontenoy, TSA 80715, 75334 PARIS Cedex 07
- Via the website: (see terms and conditions at https://www.cnil.fr/fr/agir)
When visiting this Site, the Customer is informed of the possible automatic installation of cookies on his browser software, whether on a computer, tablet or mobile.
Cookies are files containing information about the browsing and viewing habits of any user. They do not identify users as individuals but only the terminal used.
Cookies strictly necessary for the provision of a service expressly requested by the Customer are exempt from its consent. This is the case for operating cookies, which allow the use of the main functionalities of the Site such as managing the shopping cart and maintaining identification.
However, the prior consent of the Customer will be required in the event of the installation of cookies not strictly necessary, such as those related to advertising operations, allowing the Company to receive offers from the Company, or those of personalization, allowing offers to be found more quickly, old purchases....
The period of validity of the consent thus obtained shall be a maximum of thirteen (13) months from the date of deposit on the user's terminal.
The recording of cookies may be refused by any Customer, which he/she may deactivate by configuring the settings on his/her computer for this purpose.
The Customer may therefore configure his navigation software so that he is offered, from time to time, acceptance or refusal before a cookie is likely to be recorded or to systematically refuse this recording of cookies on his computer.
In the latter case, the Company declines all responsibility in the event of negative consequences on the slow operation of its services.