ARTICLE 1 : INTRODUCTION
-The manner in which their personal data are collected and processed. All personal data must be considered as personal data all data being likely to identify a user. This includes first and last name, age, postal address, email address, the user’s location or IP address ;
-What are the rights of users regarding this data ;
-Who is responsible for the processing of personal data collected and processed ;
-To whom this data is transmitted ;
-Possibly, the site’s policy regarding «cookies» files.
ARTICLE 2 : GENERAL PRINCIPS FOR DATA COLLECTION AND PROCESSING
In accordance with Article 5 of European Regulation 2016/679, the collection and processing of the data of the users of the site respect the principles :
-Legality, loyalty and transparency : the data can only be collected and processed with the consent of the user who owns the data. Whenever personal data is collected,it will be indicated to the user that his data is collected, and why their data is collected ;
-Minimisation of data collection and processing : only the data necessary for the proper execution of the objectives pursued by the site are collected ;
-Retention of data reduced over time : the data is kept for a limited time, which the user is informed. When this information cannot be shared, the user is informed of the criteria used to determine the shelf life ;
-Integrity and confidentiality of data collected and processed : the data controller is committed to ensuring integrity and confidentiality.
In order to be legal, in accordance with the requirements of Article 6 of the European Regulation 2016/679, the collection and processing of personal data may not take place if they meet at least one of the following conditions :
-The user has expressly consented to the processing ;
-Processing is necessary for the proper performance of a contract ;
-Processing meets a legal obligation ;
-Processing is due to a need to safeguard vital interests the data subject or another natural person ;
-The processing can be explained by a necessity related to the execution of a mission of public interest or within the exercise of public authority ;
-Processing and collection of personal data is necessary for the purposes of legitimate and private interests pursued by the controller or by a third party.
ARTICLE 3 : PERSONAL DATA COLLECTED AND PROCESSED AS PART OF THE WEBSITE
A. DATA COLLECTED AND PROCESSED AND MODE OF COLLECTION
The personal data collected on the website www.maellemadison.com are : First name, last name, email address.
This data is collected when the user performs one of the following operations on the site :
-When the User buys a product on the site ;
-When the User uses the contact form to send a request.
Data collection and processing responds to requests sent through the contact form.
The data processing carried out is based on the following legal bases :
-Execution of the contract ;
-User Consent ;
B. TRANSMISSION OF DATA TO THIRD PARTIES
Personal data collected by the site are not transmitted to any third parties, and are only processed by the site editor.
C. DATA HOSTING
The website www.maellemadison.com is hosted by: Gandi.net, whose head office is located at the address below : 63 boulevard massena 75013 PARIS. The host can be contacted at the following phone number : +33 01 70 37 76 61.The data collected and processed by the site are exclusively hosted and processed in France.
ARTICLE 4 : DATA CONTROLLER
The controller undertakes to protect the personal data collected, not to transmit them to third parties without the user being informed and to respect the purposes for which this data was collected.
The site has an SSL certificate to ensure that the information and the transfer of data passing through the site is secure. An SSL certificate («Secure Socket Layer» Certificate) aims to secure the data exchanged between the user and the site. In addition, the data controller undertakes to notify the user in the event of rectification or deletion of data, unless it leads to formalities, disproportionate costs and approaches.
Where the integrity, confidentiality or security of personal data of the user is compromised, the controller undertakes to inform the user by any means.
ARTICLE 5 : USER RIGHTS
In accordance with the regulations concerning the processing of personal data, the user has the rights listed below. In order for the data controller to grant his request, the user is required to communicate : first and last name and e-mail address. The data controller is obliged to reply to the user within a maximum of 30 days.
a. Right of access, rectification and right to erasure
User can review, update, modify or request the deletion of data concerning him, following the procedure set out below :
The user must send an e-mail to the data controller, specifying the subject of his request, to the contact email address : email@example.com.
b. Right to data portability
The user has the right to request the portability of his personal data, held by the site, to another site, following the procedure below : The user must make a request for portability of his personal data with the data controller, by sending an e-mail to the address provided above.
c. Right to limitation and opposition of data processing
The user has the right to request the limitation or to object to the processing of his data by the site, without the site being able to refuse, except to demonstrate the existence of legitimate and compelling reasons, which may prevail over the interests and rights and freedoms of the user. In order to request the limitation of the processing of his data or to formulate an opposition when processing their data, the user must follow the following procedure : The user must make a request to limit the processing of his personal data by e-mail to the data controller.
d. Right not to be the subject of a decision based solely on an automated process
In accordance with regulation 2016/679, the user has the right not to be subject to a decision based exclusively on an automated process whether the decision has legal effects concerning him or her, or significantly affects it similarly.
e. Right to determine the fate of data after death
It is reminded to the user that he can arrange what should bethe future of his data collected and processed if he dies, in accordance with Law No. 2016-1321 of 7 October 2016.
f. Right to refer to the competent supervisory authority
If the data controller decides not to respond to the user’s request and that the user wishes to challenge this decision, or, if he believes that one of the rights listed above is infringed, it is entitled to seize the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr) or any competent judge.
ARTICLE 6 : USE OF COOKIE FILES
The site may use «cookies» techniques.A «cookie» is a small file (less than 4 ko), stored by the site on the user’s hard drive, containing information about the user’s browsing habits. These files allow it to process statistics and traffic information, facilitate navigation and improve service for user comfort. For the use of «cookies» files involving the backup and analysis of personal data, the consent of the user is necessarily required. This consent of the user is considered valid for a maximum of 6 months. At the end of this period, the site will again request the user’s authorization to save «cookies» files on its hard drive.
Cookies that are not essential to the operation of the site are not stored on the user’s terminal only after obtaining their consent. The user can object to the saving of these files «cookies» by configuring its navigation software.
In case the user decides to disable the «cookies» files, he can continue his navigation on the site. However, any site malfunction caused by this manipulation could not be considered as being due to the publisher of the site.
By browsing the site, the user certifies having read and understood this policy of confidentiality and accepts the conditions, with particular regard to collection and the processing of personal data, as well as the use of «cookies» files.