PRIVACY POLICY
ARTICLE 1: PREAMBLE
In accordance with applicable legislation and in particular the Federal Data Protection Law (LPD) and the EU General Data Protection Regulation (GDPR in France, Law No. 78-17 of January 6, 1978 amended by law n°2018-493 of June 20, 2018), this Privacy Policy describes how your personal information is collected, used and shared when you visit www.lesenfantssages-skincare.com (the “Site”) or that you make a purchase there.
The purpose of this Privacy Policy is to expose Users of the Site to:
- The way in which their personal data is collected and processed. All data capable of identifying a User must be considered personal data. This includes the first and last name, age, postal address, email address, location of the user or even their IP address;
- What are the rights of users regarding this data;
- Who is responsible for the processing of personal data collected and processed;
- To whom this data is transmitted;
- The Site’s policy regarding “cookie” files.
This Confidentiality Policy supplements the Legal Notices and the General Conditions of Sale that Users can consult on the Site.
ARTICLE 2: GENERAL PRINCIPLES REGARDING DATA COLLECTION AND PROCESSING
In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of data from Users of the Site respects the following principles:
- Lawfulness, loyalty and transparency: data can only be collected and processed with the consent of the User who owns the data. Each time personal data is collected, the User will be informed that their data is being collected, and for what reasons their data is being collected;
- Limited purposes: the collection and processing of data is carried out to meet one or more objectives determined in these general conditions of use;
- Minimization of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the Site are collected;
- Retention of data reduced over time: data is kept for a limited period, of which the User is informed. When this information cannot be communicated, the User is informed of the criteria used to determine the retention period;
- Integrity and confidentiality of data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data can only take place if they comply with at least one of the conditions below. after listed:
- The User has expressly consented to the processing;
- The processing is necessary for the proper performance of a contract;
- The processing meets a legal obligation;
- The processing is explained by a necessity linked to the protection of the vital interests of the data subject or of another natural person;
- The processing may be explained by a necessity linked to the execution of a mission of public interest or which relates to the exercise of public authority;
- The processing and collection of personal data is necessary for the purposes of the legitimate and private interests pursued by the controller or by a third party.
ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED IN THE CONTEXT OF BROWSING THE SITE
A. DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION
The personal data collected on the Site www.lesenfantssages-skincare.com are as follows:
First name ; name ; billing address ; shipping address ; payment information, including credit card numbers (VISA, Mastercard, American Express), expiration dates and security codes; e-mail address ; phone number.
This data is collected when the User performs one of the following operations:
· When the User creates a customer account.
· When the User purchases a product on the Site.
· When the User subscribes to the Newsletter.
· When the User browses the Site.
Furthermore, when making a payment on the Site, proof of the transaction including the order form and invoice will be kept in the site publisher's computer systems.
The data controller will keep all the data collected in its IT systems on the Site under reasonable security conditions for a period of:
· Creation of customer account > until the User's request for deletion or three (3) years from the last activity of the account.
· Order > duration of the contract with the Customer.
· Participation in a competition or promotional offer > duration of the competition or promotional offer.
· Subscription to the newsletter > until the request to unsubscribe or delete data or three (3) years from the last account activity.
· Request for information > time required to process the request.
· Cookies > maximum duration of thirteen (13) months based on the User's consent.
Compliance with a legal obligation and/or exercise of the rights of Brands & Family SARL.
Duration of legal obligation or limitation period for legal action.
The collection and processing of data serves the following purposes:
· Customer relationship management.
· Order processing.
· Sending commercial communications, in particular through subscription to the Newsletter.
· Organization of competitions or promotional offers.
· Processing requests made to Les Enfants Sages customer service.
· Management of reviews on Products.
· Analysis of the ergonomics of the Site using cookies or similar technologies allowing the collection of information on Users' online browsing, for example the type of browser, the country code corresponding to their location, the pages of the Site consulted, the advertisements on which the User clicked or any Products searched for on the Site.
This data is statistical and anonymized, it does not allow a User to be identified.
The data processing carried out is based on the following legal bases:
· The User has expressly consented to the processing.
· The processing is necessary for the proper execution of the contract.
· The processing meets a legal obligation.
B. TRANSMISSION OF DATA TO THIRD PARTIES
The data may be transmitted to the third party(ies) listed below:
Shopify Inc.
C. DATA HOSTING
The Site www.lesenfantssages-skincare.com is hosted by: Shopify Inc., whose head office is located at the following address:
Google LLC 1600 Amphitheater Parkway Mountain View, CA 94043 USA.
The host can be contacted at the following telephone number: (+1) 650 253 0000.
The data collected and processed by the Site are transferred to the following country(ies): United States of America (USA) and Canada.
This transfer of personal data outside the European Union is justified for the following reasons:
· The data is hosted in the United States of America because the Site is hosted by the company Shopify Inc. whose headquarters is located in the United States of America.
· The data is transmitted to Canada because Shopify Inc. relies on a subcontractor based in Canada.
ARTICLE 4: DATA PROCESSING RESPONSIBLE AND DATA PROTECTION DELEGATE
A. THE DATA PROCESSOR
The person responsible for processing personal data is:
Amélie SABOYE.
He can be contacted by email at the following address:
hello@lesenfantssages-skincare.com
The data controller is responsible for determining the purposes and means used to process personal data.
B. OBLIGATIONS OF THE DATA PROCESSOR
The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the User having been informed and to respect the purposes for which this data was collected.
The Site has an SSL certificate to guarantee that the information and the transfer of data passing through the Site are secure.
An SSL certificate (“Secure Socket Layer” Certificate) aims to secure the data exchanged between the User and the Site.
In addition, the data controller undertakes to notify the User in the event of rectification or deletion of data, unless this entails disproportionate formalities, costs and procedures for him.
In the event that the integrity, confidentiality or security of the User's personal data is compromised, the data controller undertakes to inform the User by any means.
ARTICLE 5: USER RIGHTS
In accordance with the regulations concerning the processing of personal data, the User has the rights listed below.
In order for the data controller to grant his request, the User is required to communicate to him: his first and last name as well as his email address.
The data controller is required to respond to the User within a maximum of 30 (thirty) days.
A. PRESENTATION OF THE USER'S RIGHTS REGARDING DATA COLLECTION AND PROCESSING
has. Right of access, rectification and right to erasure
The User can read, update, modify or request the deletion of data concerning him, by contacting Brands & Family SARL by email at the following address: hello@lesenfantssages-skincare.com .
If he has one, the User has the right to request the deletion of his customer account by indicating the Personal Data that he wishes Brands & Family to correct, update or delete, by identifying himself with a copy of 'an identity document (identity card or passport).
b. Right to data portability
The User has the right to request the portability of his personal data, held by the Site, to another site, by making a request for portability of his personal data to the data controller, by sending an email to the address provided above.
vs. Right to restriction and opposition to data processing
The User has the right to request the limitation or to oppose the processing of his data by the Site, without the Site being able to refuse, unless he demonstrates the existence of legitimate and compelling reasons, which can prevail over the interests and the rights and freedoms of the User.
In order to request the limitation of the processing of their data or to formulate an opposition to the processing of their data, the User must make a request for limitation of the processing of their personal data to the data controller, by sending an email to the address provided above.
d. Right not to be subject to a decision based exclusively on an automated process
In accordance with the provisions of Regulation 2016/679, the User has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects concerning him, or significantly affects him in a way similar way.
e. Right to determine the fate of data after death
The User is reminded that he can organize what should happen to his data collected and processed if he dies, in accordance with law no. 2016-1321 of October 7, 2016.
f. Right to refer the matter to the competent supervisory authority
In the event that the data controller decides not to respond to the User's request, and the User wishes to contest this decision, or, if he believes that one of the rights listed above, he is entitled to refer the matter to any competent judge.
ARTICLE 6: USE OF “COOKIES” FILES
The Site may use “cookie” techniques.
A "cookie" is a small file (less than 4 KB), stored by the Site on the User's hard drive, containing information relating to the User's browsing habits.
These files allow it to process statistics and information on traffic, facilitate navigation and improve the service for the comfort of the User.
For the use of "cookies" files involving the saving and analysis of personal data, the User's consent is necessarily requested.
This User consent is considered valid for a maximum period of 6 (six) months. At the end of this period, the Site will again request the User's authorization to save "cookies" files on their hard drive.
has. User's opposition to the use of "cookies" files by the Site
Cookies that are not essential to the operation of the Site are only placed on the User's terminal after obtaining their consent. The User can withdraw their consent at any time and refuse the placement of third-party cookies on their device by making an appropriate setting of their browser.
For information, the User can find at the following addresses the steps to follow in order to configure their browser to oppose the recording of “cookies” files:
- Chrome : https://support.google.com/accounts/answer/61416?hl=fr
- Firefox : https://support.mozilla.org/fr/kb/enable-and-disable-cookies-website-preferences
- Safari : http://www.apple.com/legal/privacy/fr-ww/
- Internet Explorer : https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
- Opera : http://www.opera.com/help/tutorials/security/cookies
If the User decides to deactivate “cookies” files, he or she will be able to continue browsing the Site. However, any malfunction of the Site caused by this manipulation cannot be considered to be due to the publisher of the Site.
b. Description of the “cookies” files used by the Site
The publisher of the Site draws the User's attention to the fact that the following cookies are used during navigation:
· _session_id, unique session identifier, allows Shopify to store information relating to the User's session (referrer, landing page, etc.).
· _shopify_visit, no data retained, persists for 30 minutes since last visit. Used by the Website provider's internal statistics tracking system to record the number of visits.
· _shopify_uniq, no data held, expires at midnight (depending on visitor location) the following day. Calculates the number of visits to a store per unique customer.
· cart, unique identifier, persists for 2 weeks, stores information relating to the shopping cart.
· _secure_session_id, unique session identifier.
· storefront_digest, unique identifier, undefined if the store has a password, it is used to know if the current visitor has access.
· - “Log files” track Site activity and collect data such as IP address, browser type, Internet service provider, referring and exit pages, and timestamp data (date and time) of the User.
· - “Invisible pixels”, “tags” and “pixels” are electronic files that record information about how the User browses the Site.
By browsing the Site, the User is informed that third-party “cookies” files may be recorded.
This concerns more specifically the following third parties: Swiss Post, UPS.
In addition, the Site includes social network buttons, allowing the User to share their activity on the Site. “Cookie” files from these social networks may therefore be stored on the User’s computer when they use these features.
The User's attention is drawn to the fact that these sites have their own Confidentiality Policies and General Conditions of Use that may be different from the Site. The publisher of the Site invites Users to consult the Confidentiality Policies and the General Conditions of Use of these sites.
ARTICLE 7: CONDITIONS FOR MODIFICATION OF THE CONFIDENTIALITY POLICY
This Confidentiality Policy can be consulted at any time on the Site.
The publisher of the Site reserves the right to modify it in order to guarantee its compliance with current law.
Consequently, the User is invited to regularly consult this Privacy Policy in order to stay informed of the latest changes that will be made to them.
The User is informed that the last update of this confidentiality policy took place on: 10/11/2023.
ARTICLE 8: USER ACCEPTANCE OF THE CONFIDENTIALITY POLICY
By browsing the Site, the User certifies having read and understood this Privacy Policy and accepts its conditions, with particular regard to the collection and processing of their personal data, as well as the use of files "Cookies".