Data privacy legislation protects your fundamental rights and freedoms with regard to the processing of your personal data and provides rules under which the use of your personal data is legally conceivable.
Under these rules, the processing of your personal data must comply with several important principles and with the respect of your various personal data rights.
1/ Our role
1.2 In some agreed and limited cases, we may act as a data processor when a client asks us to process personal data on its behalf (the client acting in this case as a controller). If it is the case, we commit to comply with GDPR rules relating to processing by a processor.
1.3 If, in the course of providing our Services, we include links to third-party websites or applications, these third-parties are solely responsible for the content- we advise you to review their privacy policies.
2/ Collection of your personal data
2.1 In this section, we explain how we collect personal data and what types of personal data are collected.
2.2 We collect your personal data directly from you when you interact with us (by phone, email or otherwise), in particular when it is necessary for taking steps prior to entering into a contract, for the performance of a contract, for responding to an information request, for registering you for an event, for trafficking samples and for giving us feedback. Where permissible, we may also collect, through cookies and similar technologies, usage information to help us analyze usage of our website, improve our Services and follow users’ experience.
We may also collect your personal data indirectly from certain third party sources: for example, publicly available sources, service providers who work with us in relation to the supply of the Services or an organization which provides you access to our Services. Such data may include identity data (first name, last name, username or similar identifier, marital status, title, date of birth and gender) and contact data (delivery address, email address and telephone numbers).
2.3 Personal data means not only any information relating to an identified natural person but also any information relating to an identifiable natural person. In the course of the supply of our Services, we may collect, store and use the following categories of data:Identity data: first name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact data: delivery address, email address and telephone numbers.
Device data: information about your device, such as IP address, location or provider;
Usage information: information about how you navigate within our website and your browsing history;
Marketing data: your preferences in receiving marketing from us and, if applicable, our partners;
CCTV data: video from CCTV if you visit us in our premises.
2.4 Our Marketing Services are not generally aimed at children and, unless in specific cases, we do not collect data relating to children for our activities.
2.5 We do not collect any special categories of personal data about you (revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation).
2.6 If you fail to provide personal data we need to collect for the enforcement of a contract or by law, we may not be able to perform the contract.
3/ Use of your personal data
3.1 In this section, we explain on which lawful grounds we process your personal data and for which purposes.
3.2 We will use your personal data on the following lawful grounds and for the following purposes:
The performance of a contract
We will process your personal data in order to provide you with Services, which includes registering you as a contact (identity, contact details), performing client contracts (identity, contact details), to manage invitations to you on behalf of clients (identity, contact details), to send samples to you and to receive samples from you (identity, contact details), to manage our relationship with you (identity, contact, marketing data).
The exercise of our legitimate interests, when your fundamental rights do not override those interests
We will process your personal data to protect our website, systems and property (in order to protect our assets, including via CCTV data), to provide technical and customer support, to send Service information, where permissible to personalize our Services (in order to better meet our client’ needs), to participate in any sale, merger, acquisition or restructure operation (in order to continue grow our business and allow a third party to analyze our assets), to analyze the data collected for research purposes (in order to assess our customer satisfaction), to stop or detect wrongdoings or other breach of law (in order to prevent customers or third parties to harm our rights), to comply with orders from courts, public authorities or enforcement agencies (in order to obey any injunction from these judicial or administrative bodies).
We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests. You can obtain information on such balancing tests by contacting us using the details set out below
The compliance with a legal or regulatory obligation
We will process your personal data in order to comply with any applicable legal or regulatory obligation such as in particular accounting and tax requirements, including internal and external audit requirements.
The compliance with your consent
Sometimes, we will process your personal data on the basis of your consent. In such cases, your consent is given in relation to specific uses. You may withdraw this consent at any time by contacting us at email@example.com.
For usage information through cookies, your consent is mandatory and we will apply the recommendations of the relevant data privacy enforcement agency (banner, purposes, configuration), as explained in article 10.
If we interact with you, in your capacity as an individual / consumer (B2C), by using automatic calling machines, fax or electronic mail for the purposes of direct marketing (e.g. email or SMS), we will ask you to give us your consent.
If we interact with you, in your capacity as an employee / representative of a company (B2B), by using automatic calling machines, fax or electronic mail for the purposes of direct marketing (e.g. email or SMS), we will give you the opportunity to object, free of charge by contacting us at firstname.lastname@example.org.
Please be aware that you have the right to object to receiving direct marketing and targeted online advertising at any time, free of charge by contacting us at email@example.com. However, even if you object to receiving marketing communications by email, we may still send you routine service emails. If you have any questions with regard to the right to object, contact us at firstname.lastname@example.org.
4/ Recipients of your personal data
4.1 Your personal data will be shared with our trusted service providers, on a ‘need to know’ basis only, in order that they can assist us in achieving the purposes described above. Our accounting service providers will for example be the recipient of the financial and transactional data. Our marketing service providers will be the recipient of your identity and contact data. Our operational or press relation service providers will be the recipient of the transactional data in order to provide the Services you asked for. Where processing is to be carried out by our processors, we ask them to provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the relevant data privacy laws.
4.2 With regard to third parties, we will not share your personal data unless it is necessary for the performance of a contract, for the exercise of our legitimate interests, for the compliance with a legal or regulatory obligation or for the compliance with your consent.
We will not share/sell/make available your personal data for marketing purposes by third parties, unless you gave us your consent to do so.
We require all third parties to respect the confidentiality and security of your personal data and to process it in accordance with the relevant laws.
5/ Retention of your personal data
5.1 We will retain your personal data in a form which permits identification for no longer than is necessary for the purposes for which the personal data are processed. We retain your data as long as we have an ongoing relationship with you (personal data may be stored for a longer period corresponding to the contractual limitation period or any legal, accounting or reporting requirements, insofar as the personal data will be processed solely for archiving purposes compliant with the original purpose).
5.2 We compute retention periods with regard to the purposes for which we process your personal data, the applicable legal requirements, the retention periods recommended by regulators, the amount, nature and sensitivity of your personal data and the potential risk for your fundamental rights and freedoms.
6/ Your privacy rights
6.1 You have different rights as regards your personal data, under data protection legislation.
6.2 You have the right to:
access the personal data we process about you: this right entitles you to know whether we are processing personal data about you and, if we do, to obtain information about, and a copy of, that personal data;
rectify your personal data: this right entitles you to have your personal data corrected if it is inaccurate or incomplete (please keep us informed of any change to your personal data so we keep accurate records);
erase your personal data: this right entitles you to request the deletion of your personal data under specific conditions, in particular if the personal data is no longer necessary to achieve the processing purpose(s) or if the personal data is unlawfully processed;
restrict the processing of your personal data: this right entitles you to request restriction of the processing when you challenge the accuracy of your personal data, or lawfulness of the processing, when we no longer need the personal data for the processing purposes or when we are investigating an objection you have raised as regards the processing;
receive the personal data you have provided to us, in a structured, commonly used and machine-readable format (i.e. to have your personal data ‘ported’), when we have processed that personal data with your consent or for the performance of a contract (if this right to data portability is not applicable, please be aware that you still have a general right of access);
not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you; and
lodge a complaint with a supervisory authority, even though we encourage you to firstly contact us to deal with your questions or worries in the best possible way.
Right to object: where we are relying on a legitimate interest, you also have a right to object to the processing of your personal data. This right to object also applies at any time when your personal data are processed for direct marketing purposes (as described above).
6.3 Please note that whenever you provide your consent for a processing (or if you provided consent for a natural person aged under 15), you are free to withdraw your consent at any time.
6.4 You will not have to pay a fee to exercise any of your rights, in particular your right of access (but, in this case, we may charge a reasonable fee for additional copies).
6.5 If you wish to exercise any of the rights set out above, please contact email@example.com. Please note that, for security reasons, we may request from you specific information in order to verify your identity.
7/ International transfers of your personal data
Your personal data may be stored and processed in any country where we have facilities, including USA, or in which we engage service providers. By using the Services, you understand that your information will be transferred to countries outside of your country of residence, including countries which may have data protection rules that are different from those of the European Union.
8/ Security of your personal data
8.1 We use appropriate technologies and procedures to protect your personal data from being accidentally lost, used, altered or disclosed (including technical and physical safeguards), according to the risk level and the Service provided. Our security policies are revised recurrently and updated as necessary with regard to our business needs, to the sensitivity of your personal data and to the changes in tools we use to provide the Services.
8.2 We limit access to your personal data to those employees, agents, processors and other third parties who have a need to know in relation with our Services provided to our clients.
We use the following categories of cookies on the website:
A/ Strictly Necessary Cookies
Some cookies are essential for the operation of the website. If a registered user opts to disable these cookies, the user may not be able to access all of the content of the website.
B/ Performance Cookies
Other cookies may be used to analyse how users use the website and to monitor its performance. This allows us to provide a high quality experience by customising the offering and quickly identifying and fixing any issues that arise. For example, performance cookies may be used to keep track of which pages are most popular and to determine why some pages are receiving error messages.
For retention periods, see section 5 above.
11/ Contact Us
Collecting Personal Information
- Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
- Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
- Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
- Disclosure for a business purpose: shared with our processor Shopify and any of their app affiliates.
- Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number.
- Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- Source of collection: collected from you.
- Disclosure for a business purpose: shared with our processor Shopify and their affiliates.
Customer support information
- Examples of Personal Information collected:
- Purpose of collection: to provide customer support.
- Source of collection: collected from you.
- Disclosure for a business purpose:
Sharing Personal InformationWe share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:
- We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
- We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising below:
- FACEBOOK - https://www.facebook.com/settings/?tab=ads
- GOOGLE - https://www.google.com/settings/ads/anonymous
- BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Using Personal Information
We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- To protect your vital interests;
- To perform a task carried out in the public interest;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
- Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.
If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
|_ab||Used in connection with access to admin.|
|_secure_session_id||Used in connection with navigation through a storefront.|
|cart||Used in connection with shopping cart.|
|cart_sig||Used in connection with checkout.|
|cart_ts||Used in connection with checkout.|
|checkout_token||Used in connection with checkout.|
|secret||Used in connection with checkout.|
|secure_customer_sig||Used in connection with customer login.|
|storefront_digest||Used in connection with customer login.|
|_shopify_u||Used to facilitate updating customer account information.|
Reporting and Analytics
|_landing_page||Track landing pages|
|_orig_referrer||Track landing pages|
|_shopify_sa_p||Shopify analytics relating to marketing & referrals.|
|_shopify_sa_t||Shopify analytics relating to marketing & referrals.|
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at firstname.lastname@example.org
Last updated: 10/17/2020
If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority.