ARTICLE 1: PREAMBLE
- How their personal data is collected and processed. Must be considered as personal data all data that can identify a user. These include the first and last name, age, postal address, email address, location of the user or his IP address;
- What are the rights of users regarding this data;
- Who is responsible for the processing of the personal data collected and processed;
- To whom this data is transmitted; < li>Possibly, the site’s policy regarding “cookies”.
ARTICLE 2: GENERAL PRINCIPLES FOR DATA COLLECTION AND PROCESSING
In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of site user data complies with the following principles:
- Lawfulness, loyalty and transparency: data can only be collected and processed with the consent of the user who owns the data. Each time personal data is collected, the user will be informed that his data is collected, and for what reasons his data is collected;
- Limited purposes: the collection and data processing are carried out to meet one or more objectives determined in these general conditions of use;
- Minimization of the collection and processing of data: only the data necessary for the proper execution of the objectives pursued by the site are collected;
- Storage of data reduced over time: the data is kept for a limited period, of which the user is informed. When this information cannot be communicated, the user is informed of the criteria used to determine the retention period;
- Integrity and confidentiality of the data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data can only take place if they comply with at least the ‘one of the conditions listed below:
- The user has expressly consented to the processing;
- The processing is necessary for the proper performance of a contract;
- The processing meets an obligation legal ;
- The processing is explained by a necessity linked to the safeguarding of the vital interests of the data subject or of another natural person;
- The processing may be explain by a necessity linked to the performance of a task in the public interest or which falls within the exercise of official authority;
- The processing and collection of personal data are necessary for the purposes of the legitimate and private interests pursued by the controller or by a third party.
ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED IN THE CONTEXT OF BROWSING ON THE SITE
A. DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION
The personal data collected on the Poderm site are as follows:
- data from the subscription form such as your surname, first name, date of birth, contact details, email, postal address, telephone;
- data allowing you to be identified and authenticated (logs of connection, IP address), data relating to purchases, places and times of ordering and purchasing, your navigation route on the site, dates and times of consultation of the site, location data.
This data is collected when the user performs any of the following operations on the site:
- When the User buys a product on the site
- When the User registers on the site as a professional or individual
- When the User use the contact form to send a request.
In addition, when paying on the site, proof of the transaction including the order form and the invoice will be kept in the site editor’s computer systems.
The data controller will keep in his computer systems of the site and under reasonable security conditions all the data collected for a period of: The data collected about you will be kept for the time necessary to fulfill the purposes described above, namely 3 years from the date of the end of the commercial relationship, i.e. the date of the last contact from the Customer.
- 6 years for tax documents;
- 10 years for accounting documents;
- For the duration of the litigation and until all remedies have been exhausted.
The collection and processing of data serves the following purposes:
- order processing, shipping packages;
- response to requests sent through the contact form
The data processing carried out is based on the following legal bases:
- In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data can only take place if they comply with at least the one of the following conditions:
- The user has expressly consented to the processing;
- The processing is necessary for the proper performance of a contract;
- The processing meets a legal obligation;
- The processing is based on a need to safeguard the vital interests of the data subject or of another natural person;
- The processing can be explained by a necessity linked to the performance of a task in the public interest or which relates to the exercise of official authority;
- The processing and collection of personal data is necessary for the purposes of the legitimate and private interests pursued by the controller or by a third party (in this case it will be necessary to explain which legitimate interest it is).
B. TRANSMISSION OF DATA TO THIRD PARTIES
The personal data collected by the site is not transmitted to any third party, and is only processed by the site editor.
C. DATA HOSTING
The Poderm site is hosted by: SCALEWAY, whose head office is located at the following address:
8 rue de la Ville l’Evêque, 75008 Paris
The host can be contacted at the following telephone number: +33 (0)1 84 13 00 00.
The data collected and processed by the site are exclusively hosted and processed in France.
ARTICLE 4: RESPONSIBLE FOR DATA PROCESSING
A. THE DATA PROCESSOR
The person responsible for processing personal data is: Maud Falconnet. He can be contacted in the following way:
Rue Baylon 2b, 1227 Carouge
The data controller is responsible for determining the purposes and means used to process personal data.
B. OBLIGATIONS OF THE DATA PROCESSOR
The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user having been informed and to respect the purposes for which these data were collected. .
The site has an SSL certificate to ensure that information and data transfer passing through the site are secure.
An SSL certificate (“Secure Socket Layer” Certificate) is intended to secure the data exchanged between the user and the site.
In addition, the data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this entails disproportionate formalities, costs and procedures for him.>
In the event that the integrity, confidentiality or security of the user’s personal data is compromised, the controller undertakes to inform the user by any means.
ARTICLE 5: USER RIGHTS
In accordance with the regulations concerning the processing of personal data, the user has the rights listed below.
In order for the data controller to comply with his request, the user is required to communicate to him: his first and last name as well as his e-mail address, and if relevant, his account number or personal or subscriber space.
The data controller is required to respond to the user within a maximum of 30 (thirty) days.
A. PRESENTATION OF USER RIGHTS REGARDING DATA COLLECTION AND PROCESSING
a. Right of access, rectification and right to erasure
The user can read, update, modify or request the deletion of the data concerning him, by respecting the procedure set out below:
The user must send an e-mail to the personal data controller, specifying the subject of his request, to the contact e-mail address.
If he has one, the user has the right to request the deletion of his personal space by following the following procedure:
The user must send an e-mail to the data controller specifying his personal space number. The request will be processed within 10 working days.
b. Right to data portability
The user has the right to request the portability of his personal data, held by the site, to another site, by complying with the following procedure:
The user must request the portability of their personal data from the data controller, by sending an e-mail to the address provided above.
c. Right to restriction and opposition of data processing
The user has the right to request the limitation or to oppose the processing of his data by the site, without the site being able to refuse, except to demonstrate the existence of legitimate and compelling reasons, which may prevail over the interests and rights and freedoms of the user.
In order to request the limitation of the processing of their data or to oppose the processing of their data, the user must follow the following procedure:
The user must make a request to limit the processing of their personal data by e-mail to the data controller.
d. Right not to be the subject of a decision based exclusively on an automated process
In accordance with the provisions of Regulation 2016/679, the user has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects concerning him, or affects him significantly in a similar way.
e. Right to determine fate of data after death
The user is reminded that he can organize what should become of his data collected and processed if he dies, in accordance with law n°2016-1321 of October 7, 2016.
f. Right to refer to the competent supervisory authority
In the event that the data controller decides not to respond to the user’s request, and the user wishes to contest this decision, or, if he believes that the one of the rights listed above, he is entitled to appeal to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr) or any competent judge.
B. PERSONAL DATA OF MINORS
In accordance with the provisions of Article 8 of European Regulation 2016/679 and the Data Protection Act, only minors aged 15 or over may consent to the processing of their personal data.
If the user is a minor under the age of 15, the consent of a legal representative will be required so that personal data can be collected and processed.
The site editor reserves the right to verify by any means that the user is over 15 years old, or that he has obtained the agreement of a legal representative before browsing the site.
ARTICLE 6: USE OF “COOKIES” FILES
The site may use “cookie” techniques.
A “cookie” is a small file (less than 4 KB), stored by the site on the user’s hard drive, containing information relating to the user’s browsing habits.
These files allow it to process statistics and traffic information, facilitate navigation and improve the service for the convenience of the user.
For the use of “cookie” files involving the saving and analysis of personal data, the user’s consent is necessarily requested.
This user consent is considered valid for a maximum period of 6 (six) months. At the end of this period, the site will again request the user’s authorization to save “cookie” files on their hard drive.
a. Opposition of the user to the use of “cookies” files by the site
Cookies that are not essential to the operation of the site are only placed on the user’s terminal after obtaining their consent. The user can withdraw their consent at any time, as follows:
Please click on the “Cookie settings” button in the menu at the bottom of the page to configure your cookies.
More generally, the user is informed that he can oppose the recording of these “cookie” files by configuring his browser software.
For information, the user can find at the following addresses the steps to follow in order to configure his navigation software to oppose the recording of “cookie” files:
- Chrome: https://support.google.com/accounts/answer/61416?hl=fr
- Firefox : https://support.mozilla.org/en/kb/enable-and-disable-cookies-website-preferences
- Safari : http:/ /www.apple.com/legal/privacy/en-ww/
- Internet Explorer : https://support.microsoft.com/en-us/help/ 17442/windows-internet-explorer-delete-manage-cookies
- Opera : http://www.opera.com/help/tutorials/security/cookies/
If the user decides to deactivate the “cookie” files, he can continue browsing the site. However, any malfunction of the site caused by this manipulation could not be considered as being due to the publisher of the site.
b. Description of the “cookie” files used by the site
The user’s attention is drawn to the fact that these sites have their own privacy policies and general conditions of use that may differ from the site. The site editor invites users to consult the privacy policies and general conditions of use of these sites.
The site editor reserves the right to modify it in order to guarantee its compliance with the law in force.