Preamble
- This Privacy Policy is an integral part of the
General terms and conditionsTherefore, the definitions used in the latter are reused in this Privacy Policy.
- The purpose of this Privacy Policy is to inform Customers about how their Personal Data is collected from the Website, how it is processed by the Data Controller and the rights of Customers with regard to such processing as defined below.
Definitions
- The following terms, whether used in the singular or plural in this Privacy Policy, shall have the following definition:
|
Intermediate Archiving :
|
means the movement of Personal Data that still have an administrative interest for the Controller (such as in case of litigation and/or legal obligation) into a separate database, logically or physically separated, and to which, in any case, access is restricted. This archive is an intermediate step before the Personal Data concerned is deleted or made anonymous;
|
|
CG :
|
means the General Terms and Conditions ;
|
|
Privacy Policy :
|
refers to the present policy of confidentiality and protection of Customers' Personal Data implemented by the Data Controller;
|
|
Client:
|
means the natural person, aged at least 15 years old, browsing the Website and whose Personal Data processing by the Data Controller is governed by the Privacy Policy. In this respect, the Customer guarantees, in the event that he is under 15 years of age, to have obtained the consent of the holder of parental authority with regard to the processing of his Personal Data as defined in the Privacy Charter;
|
|
Account:
|
means the Customer's personal account, accessible on the Website through personal identifiers, confidential to the Customer that he cannot communicate to a third party, and from which he can place an order;
|
|
Data(s) or Personal Data(s) :
|
means the personal data of the Customer, as defined in the Personal Data Regulations, collected and processed by the Data Controller in the context of the use of the Website;
|
|
Specific Rights :
|
refers to the rights granted by the Personal Data Regulations to Customers concerning the processing of their Personal Data and developed in article 9 of the Privacy Policy;
|
|
Personal Data Regulations :
|
refers to the Law n°78-17 of January 6, 1978 relating to data processing, data files and liberties, in application of the Community Regulation of April 27, 2016 published in the Official Journal of the European Union on May 4, 2016 relating to the protection of individuals with regard to the processing of personal data and the free movement of such data (known as the "RGPD" for "Règlement Général pour la Protection des Données");
|
|
Responsible for processing :
|
means the company referred to in the legal notices available here : Legal Notice ;
|
|
Website :
|
means the website on which this Privacy Policy is hosted;
|
|
Terminal(s) :
|
means the hardware equipment (computer, tablet, smartphone, telephone, etc.) used by the Customer to consult or view the Website.
|
|
The legal basis of the processing
- In accordance with the Personal Data Regulations, the processing operations described in this Privacy Policy are supported by a specific legal basis.
-•
The Customer has consented to the processing of his/her Personal Data for one or more specific purposes.- The Website has required the express consent of the Customer in order to carry out a specific treatment as explained when the consent was obtained.
-•
The processing is necessary for the execution of a contract to which the Customer is a party or for the execution of pre-contractual measures taken at the Customer's request.- In order to use the Website and to benefit from its services, the Customer has agreed to
minimally the GCs. These documents formalise a contractual relationship between the Client and the Data Controller, serving in particular as a legal basis for the collection and processing of the Client's Personal Data by the Data Controller.
- These Data are necessary for a certain number of processing operations related to the execution of the contractual relationship between the Client and the Data Controller, the purposes of which are detailed in paragraph 4 - The purposes of the processing operations.
-•
The processing is necessary for compliance with a legal obligation to which it is subject.- The processing of Personal Data may also be necessary to comply with a legal obligation to which the Data Controller would be subject, for example, the conservation of access logs to the Website, in accordance with Decree No. 2011-219 of 25 February 2011 on the conservation and communication of data allowing the identification of any person who has contributed to the creation of content placed online.
-•
The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, unless the interests or fundamental rights and freedoms of the Customer which require protection of personal data prevail, in particular when the Customer is a child.- The Data Controller may have a legitimate interest justifying the processing of the Customer's Personal Data, such as, for example, the processing of Data strictly necessary for fraud prevention purposes.
- In this case, the Data Controller shall ensure that the processing in question is indeed necessary for the fulfilment of its legitimate interest and shall assess the consequences of such processing on the Customer, in particular by taking into account the nature of the Data processed and the manner in which it is processed.
- The Data Controller ensures that the interest or fundamental rights and freedoms are not disregarded by allowing the Customer, at any time, to oppose all or part of the processing described in this Privacy Charter, as well as to implement his Specific Rights, under the conditions of paragraph 10 - Exercise of Customers' Specific Rights.
Purposes of the treatments
The Client's Personal Data is necessary to allow access to the Website, its use and improvement, and to allow the Data Controller to process the data:
• Effectuer les opérations relatives à sa relation commerciale avec le Client, c’est-à-dire concernant les factures, la comptabilité, le suivi de la « relation client » avec un Client, telles que la réalisation d'enquêtes de satisfaction, la gestion des réclamations, l’utilisation du Site Internet et plus généralement des services, etc. ;
• Personnaliser sa communication pour les Clients, notamment par les courriers électroniques d'information, en fonction de ses préférences constatées, de son utilisation des services et/ou du Site Internet ;
• Permettre le suivi de la livraison des produits et la passation d’une commande;
• La réalisation d'opérations de sollicitations commerciales ;
• L’élaboration de statistiques commerciales, d’analyses et d’outils marketing (notamment classification, score, etc.) ;
• Permettre l’accès au Compte par le Client et lui fournir toutes les informations y figurant telles que ses commandes, son carnet d’adresses, les produits qu’il a enregistrés ;
• L’optimisation de la navigation du Client sur le Site Internet par la mémorisation de ses préférences et la simplification des éventuels achats ultérieurs sur le Site Internet ;
• La gestion des demandes d’exercice des Droits Spécifiques dans les conditions du paragraphe 10 – Exercice des Droits Spécifiques des Clients ;
• La gestion du service après-vente ;
• La gestion des impayés et du contentieux ;
• La gestion des commentaires des Clients sur le Site Internet ;
• La prévention d’un contentieux avec le Client ;
• La lutte contre la fraude et le blanchiment d’argent ; et
• Le respect de ses obligations légales, notamment d’ordre comptable et fiscal.
Le stockage des Données Personnelles
• Le Site Internet est hébergé auprès de la société dont les coordonnées sont disponibles en cliquant ici : Mentions légales.
• Toutes les précautions ont été prises pour stocker les Données Personnelles des Clients dans un environnement sécurisé et empêcher qu’elles soient déformées, endommagées ou que des tiers non autorisés y aient accès. Les informations transmises par le soin du Client ne seront jamais transmises à des tiers dans un but commercial ni vendues ni échangées.
La collecte des Données Personnelles sur le Site Internet
- The Data Controller collects the following Personal Data when an Account is created and then when it is completed as it is being created, which the Customer provides or communicates spontaneously when browsing and which is kept for a period of
three (3) years, in active base, from the last connection of the Customer to the Website:
- Name,
- First name,
- E-mail address,
- Postal delivery address,
- Billing address,
- Company name, if applicable,
- The contents saved in the Customer's Account,
- Where applicable, the reason(s) for the exclusion (all the elements that make it possible to demonstrate the actions that are less than one month old and that justify the exclusion),
- Connection data (date, time, IP address, pages viewed) of the Customer when browsing the Website.
The above Personal Data is also kept in Intermediate Storage for an additional period of two (2) years in accordance with the common limitation period.
- Invoices ;
- Information relating to an order;
- Amount, date and time of transactions carried out
The above Personal Data are also kept in Intermediate Archiving for an additional period of seven (7) years, in accordance with the tax and accounting obligations of the Data Controller.
- All the Personal Data indicated as such in the Account creation form are essential to benefit from the services of the Data Controller.
- Where applicable, the Data Controller collects, during the exercise of his Specific Rights by the Customer, the copy of the Customer's identity document indicated in article 2 and keeps it for
one (1) year on an active basis from the date of its receipt.
Recipients or categories of recipients if they exist
|
Data Recipient Categories
|
Purpose of the proposed transfer
|
|
Hosting Service Provider
|
Website Hosting
|
|
Website development and management service provider
|
Administration of the back-office of the Website and management of the database containing the Personal Data of the Customers
|
|
Computer integrator and maintenance
|
Ensuring the remote maintenance of the Data Controller's information system, including the Website
|
|
Editor of the customer management software
|
Enable Customer Relationship Management
|
|
Email Routing Provider
|
Allow sending of newsletters
|
|
Telephone Flow Manager
|
To allow the monitoring of different calls and telephone flows
|
|
Provider of support in the management of customer vigilance and complaints
|
Improve customer complaint management and ensure material safety
|
|
Audit and regulatory compliance service provider
|
Ensure compliance of the information system with the regulations on medical and cosmetic products
|
|
Electronic document management provider
|
Electronic invoice management
|
|
Publisher of economic analysis software tools
|
Allow sales forecasts
|
|
Social networks and advertising services including social network management
|
Management of communication on the Facebook website and the Instagram mobile application
|
|
Referencing and statistical tools service
|
Ensuring the referencing of the Website and analysis of the Website's data
|
|
Communication Agency
|
Receive communication advice
|
|
Cookie management provider
|
Collecting the consent of the Clients to the deposit of cookies and subsequent recognition of the Client and his consent
|
|
Payment Service Provider
|
Allow payments on the Website
|
|
Editor of a warehouse logistics management software package
|
Enable the connection of the computer system with the warehouses
|
|
Provider of parcel services
|
To allow the shipment of products ordered by Customers
|
- In the event of a transfer of Personal Data to a recipient located in a country which is not on the territory of the European Economic Area and which has not been the subject of an adequacy decision by the European Commission, the Data Controller undertakes to take all appropriate guarantees to ensure that the transfer is perfectly legal, by ensuring that Customers have enforceable rights and legal remedies against the recipient and to obtain the prior and specific consent of the Customer to the said transfer of Personal Data.
- The Data Controller will not collect the prior and specific consent of the Customer to the transfer of his Personal Data if :
- the Processing Manager makes sure :
- enter into standard contractual clauses proposed by the European Commission with the recipient of the Personal Data; or
- that the recipient of the Personal Data is subject to the principles of the
privacy shield (for transfers to the United States); or
- to take any measure to make the transfer of Personal Data outside the territory of the European Union lawful, in accordance with the Personal Data Regulation.
- or if such a transfer is necessary:
- compliance with obligations enabling a right to be established, exercised or defended in court ;
- the execution of a contract between the Data Controller and the recipient taken at the request of the Customer;
- the conclusion or performance of a contract concluded or to be concluded, in the interest of the data subject, between the Controller and the recipient.
Internet transaction security
- In accordance with the GTC, the Website uses the technology of the company STRIPE PAYMENTS EUROPE LTD, to secure the banking transactions of the Customers.
- Thus, during payment on the Website, the Customer's bank details are transmitted encrypted to the company STRIPE PAYMENTS EUROPE LTD.
- To exercise his rights such as those identified in paragraph 9 - Specific Rights, relating to his credit card details, the Customer is invited to contact STRIPE PAYMENTS EUROPE LTD directly.
Specific Rights
- In accordance with the Personal Data Regulations, the Customer may, at any time, benefit from the following Specific Rights from/to :
- access,
- correction,
- erasure,
- limitation of a treatment,
- portability,
- opposition,
- post-mortem instructions,
- Access rights
- The Customer has the possibility to obtain confirmation from the Data Controller that the Personal Data concerning him/her are or are not processed and, when they are processed, access to said Personal Data as well as the following information:
- the purposes of the treatment ;
- categories of Personal Data ;
- the recipients or categories of recipients to whom the Personal Data have been or will be disclosed;
- where possible, the intended retention period of the Personal Data or, where this is not possible, the criteria used to determine this period;
- the existence of the right to ask the Data Controller for the correction or deletion of Personal Data, or a limitation on the processing of Personal Data, or the right to object to such processing ;
- the right to lodge a complaint with the supervisory authority for personal data (in France, the CNIL) ;
- when the Personal Data is not collected from the Client, any available information as to its source;
- the existence of automated decision making, including profiling, and, at least in such cases, useful information about the underlying logic and the importance and expected consequences of such processing for the Customer ;
- When Personal Data is transferred to a third country or to an international organization, the Customer has the right to be informed of the appropriate safeguards with respect to such transfer.
- The Controller provides a copy of the Personal Data being processed.
- The Data Controller may charge a reasonable fee based on administrative costs for any additional copies requested by the Customer or in case of a request for transmission of Personal Data in paper and/or physical form.
- Where the Customer submits his application electronically, the information is provided in a commonly used electronic form, unless the Customer requests otherwise.
- The Customer's right to obtain a copy of his Personal Data shall not infringe upon the rights and freedoms of others.
- Rights of rectification
- The Customer has the possibility to obtain from the Data Controller, as soon as possible, the rectification of the Personal Data concerning him/her which are inaccurate. He also has the possibility to obtain the completion of incomplete Personal Data, including by providing a supplementary declaration.
- Deletion rights
- The Customer has the possibility to obtain from the Data Controller the deletion, as soon as possible, of Personal Data concerning him/her when one of the following reasons applies :
- The Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed by the Data Controller;
- The Customer has withdrawn his consent for the processing of his Personal Data and there is no other legal basis for the processing;
- The Customer exercises his right of opposition under the conditions recalled hereafter and there is no legitimate compelling reason for the treatment ;
- The Personal Data have been processed unlawfully;
- Personal Data must be deleted to comply with a legal obligation;
- The Personal Data was collected from a child.
- Limitation Rights
- The Customer has the possibility to obtain from the Data Controller the limitation of the processing of his Personal Data when one of the following reasons applies :
- The Data Controller verifies the accuracy of the Personal Data following a challenge by the Customer to the accuracy of the Personal Data,
- The processing is unlawful and the Customer opposes the deletion of the Personal Data and demands instead the limitation of their use;
- The Data Controller no longer needs the Personal Data for the purposes of processing, but they are still necessary for the Customer to establish, exercise or defend his rights in court;
- The Customer has objected to the processing under the conditions set out below and the Data Controller verifies whether the legitimate reasons pursued prevail over the alleged reasons.
- Right to Data Portability
- The Customer has the possibility to receive from the Data Controller the Personal Data concerning him/her, in a structured, commonly used and machine-readable format when :
- The processing of Personal Data is based on consent, or a contract; and
- Processing is done using automated processes.
- When the Customer exercises his right to portability, he has the right to obtain that the Personal Data be transmitted directly by the Data Controller to another data controller that he will designate when technically possible.
- The right to portability of the Customer's Personal Data shall not infringe upon the rights and freedoms of others.
- Right of opposition
- The Customer may object at any time, for reasons relating to his particular situation, to the processing of Personal Data concerning him based on the legitimate interest of the Data Controller. The latter will then no longer process the Personal Data, unless it demonstrates that there are compelling and legitimate reasons for the processing that prevail over the interests and rights and freedoms of the Customer, or may retain them for the ascertainment, exercise or defence of legal rights.
- Guidelines
post-mortem- The Customer has the possibility to communicate to the Data Controller instructions relating to the storage, deletion and sharing of his/her Personal Data after his/her death, which instructions may also be registered with "...".
from a certified digital trusted third party». These guidelines, or some kind of "
digital will The "Customer's heirs" may designate a person responsible for their execution; failing this, the Customer's heirs will be designated.
- In the absence of any directive, the Customer's heirs may contact the Data Controller in order to :
- access to the processing of Personal Data allowing "...
the organization and settlement of the deceased's estate"» ;
- receive communication from the "
digital assets". or the "
data akin to family heirlooms, which can be passed on to heirs." ;
- have the Customer's Account on the Website closed and oppose the further processing of his/her Personal Data.
- In any case, the Customer has the possibility to indicate to the Data Controller, at any time, that he does not wish, in case of death, that his Personal Data be communicated to a third party.
Exercise of Specific Rights of Clients
- These Specific Rights may be exercised at any time by contacting the Data Controller:
- By e-mail to the following address
dpo@ydes-avocats.com- By post to the following address
Laboratoires SVR
Service e-Boutique
79 rue de Miromesnil
75008 Paris
- In order to assert his Specific Rights under the conditions set out above, the Data Controller may ask him to prove his identity by mentioning his surname, first name, e-mail address and to enclose a copy of a valid identity document with his request, as well as any information or document that may help to verify his identity.
- A response will be sent to the Client within a maximum of one (1) month following the date of receipt of the request.
- If necessary, this period may be extended by two (2) months by the Processing Manager, who will alert the Customer, taking into account the complexity and/or number of requests.
- If the Customer requests the deletion of his Personal Data and/or if he exercises his right to request the deletion of his Personal Data, the Data Controller may, however, retain them in the form of Intermediate Archiving, for the time necessary to meet his legal obligations, or for evidential purposes during the applicable limitation period.
-•
The Customer may also lodge a complaint with the competent control authority (In France, the
CNIL).
Password security- The Processing Manager takes all useful precautions to ensure the secure storage of the Customer's password to access his Account.
- However, the security of this password also depends on its design.
- Also, the Customer is reminded that his password, to be valid, must be composed,
a minimum of 5 characters, at least 3 of the following 4 types: upper case, lower case, numbers, special characters.
- Mnemonics can be used to create complex passwords, such as :
- Keep only the first few letters of words in a sentence; for example, the sentence "...".
A Password gets stuck! " corresponds to the password 1mdp@sr!
- By capitalizing if the word is a noun (e.g. word)
- By keeping punctuation marks (e.g. !)
- By expressing numbers using digits from 0 to 9 (e.g. One ->1)
Cookies placed on the Client's Terminal following navigation on the Website- Cookies are used on the Website.
- A cookie is a piece of information deposited on the Terminal that is used by the Client to access the Website.
- Cookies are related to the Customer's browsing on the Website and make it possible to determine the pages that the Customer has consulted, their date and time of consultation.
- At no time do these cookies allow the Data Controller to personally identify the Customer.
- The storage period of these cookies in the Customer's Terminal shall not exceed thirteen (13) months.
- More specifically, the Personal Data collected from cookies issued by the Data Controller or third parties allow :
- to establish statistics and volumes of frequentation and use of the Website to improve the interest and ergonomics of the services;
- adapt the presentation of the Website to the display preferences of the Client's Terminal (language used, display resolution, operating system used, etc.) ;
- to store information relating to a form completed by the Customer on the Website (registration or access to your Account);
- to implement security measures, for example when the Customer is asked to reconnect to the Website after a certain period of time ;
- to ensure the follow-up of the commercial relationship with the Client.
- Thanks to cookies, the Data Controller collects and processes all or part of the following Data for the purposes determined above:
- Information related to the Client's Terminal:
- Its Internet service provider (Orange, SFR, Bouygues, Free, etc.);
- Its advertising identifier linked to the operating system of its Terminal ;
- The IP address of his Terminal ;
- The geolocation data of its Terminal ;
- His language preferences
- Information on its navigation and behaviour on the Website:
- The statistics on the consultation of the different pages of the Website, the duration of the session ;
- The complete URL path to, through and from the Website;
- Information concerning the Customer (surname and first name, age or age group, gender, declared and/or presumed socio-professional category, e-mail address, etc.) related to his activity on the Internet and communicated by third parties (advertisers, advertising agencies, etc.).
Cookies
Be informed about how Google will use your personal data when you consent to our site
|
Cookie name
|
Publisher
|
Function
|
Shelf-life on the Terminal
|
|
__fbp
|
Facebook
|
Study of Customer behaviour on the Website and the performance of products and sales
|
2 hours.
|
|
_ga
|
Google
|
Study of Customer behaviour on the Website and the performance of products and sales
|
13 months
|
|
gid
|
Google
|
Study of Customer behaviour on the Website and the performance of products and sales
|
24 hours
|
|
cookielaw
|
Wordpress
|
Collection of consent to deposit cookies
|
10 months
|
|
frontend
|
Magento
|
Identify the Client
|
24 hours
|
|
Frontend-cid
|
Magento
|
Validation of the customer account with Magento
|
24 hours
|
|
pagePopup
|
Cookiebiot
|
Allow the cookies banner to appear
|
1 year
|
|
_dc_gtm_UA-22608096-1
|
Google
|
Customer identification and study of Customer behaviour on the Website
|
1 min
|
|
_dc_gtm_UA-22608096-25
|
Google
|
Customer identification and study of Customer behaviour on the Website
|
1 min
|
|
enamel
|
SVR Laboratory
|
Registration of the e-mail address used by the Customer to identify himself
|
2 months
|
Opposition to cookies
- The Customer is informed, during his first visit, that he has the option of opposing the recording of cookies that are accessory to the functioning of the Website, in particular by configuring his Internet browser to do so or by exercising his choices on this page (see below).
- When the Client browses the Website, information may be recorded, or read, in his Terminal, subject to his choices.
- The Customer will find more help on the dedicated pages of his browser (hereafter the most common browsers):
- Internet Explorer :
http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies- Google Chrome:
http://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647- Safari:
https://support.apple.com/kb/PH19214?locale=fr_FR&viewlocale=fr_FR- Firefox:
http://support.mozilla.org/fr/kb/Activer%20et%20désactiver%20les%20cookies- Opera:
http://help.opera.com/Windows/10.20/fr/cookies.html- The Customer can also set up his browser to send a code indicating to websites that he does not wish to be tracked ("Do No Track" option):
- Internet Explorer™ :
http://windows.microsoft.com/fr-fr/internet-explorer/use-tracking-protection#ie=ie-11- Safari™:
http://support.apple.com/kb/PH11952- Chrome™:
https://support.google.com/chrome/answer/114836- Firefox™:
https://support.mozilla.org/fr/kb/comment-activer-option-ne-pas-pister- Opéra™ :
http://help.opera.com/Windows/12.10/fr/notrack.html- Exercise your rights:
