The sites https://fr.francfranc.net, https://eu.francfranc.net are published by the simplified joint stock company Francfranc France ( hereinafter "we" or "Francfranc" or the "Company") registered in the Paris trade and companies register under number 879 036 432, its headquarters being located at Europe Headquarters, 43 rue de Liège, 75008 PARIS. The Company is responsible for processing the data of its customers and more generally of internet users (hereinafter "you") browsing these websites from a computer, tablet or any other computer device such as terminals connected in store, allowing access these sites and their possible sub-sites (hereinafter collectively referred to as the "Site") .
We undertake that the collection and processing of personal data is carried out in a lawful, fair and transparent manner, in accordance with the general data protection regulations ("GDPR") and to the Data Protection Act of 1978 as amended.
For any clarification or complaint, do not hesitate to contact us by post at the address Francfranc France - FRANCFRANC, 43, rue de Liège 75008, Paris, France or by email at bonjour@francfranc. net.
DEFINITIONS - PREAMBULE
"Personal data" corresponds to any information relating to an identified or identifiable natural person (the "data subject"); is deemed to be an "identifiable natural person" a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to his identity.
A "processing" corresponds to any operation or any set of operations carried out or not using automated processes and applied to personal data or sets of data, such as the collection, recording, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, l 'erasure or destruction.
A “controller” is the one who, alone or jointly with others, determines the purposes and means of the processing and a “processor” is the one who processes personal data on behalf of the controller.
A "recipient" is the natural or legal person, public authority, service or any other body that receives communication of personal data, whether or not it is a third party.
Mandatory nature of collection and processing. On the Site, you are informed of the mandatory nature of responses by the presence of an asterisk next to the field concerned or a mention to that effect. In the absence of an asterisk indicating information of type "mandatory field", providing the information is optional. In the absence of information of mandatory information, the request related to this data collection (for example: online registration or order, request for information etc.), the Company reserves the right to request additional information or to rule out by any technical means the possibility of validating the form concerned.
Warnings. We invite you to be careful about what you decide to make public on the internet. Regarding personal data including your private or sensitive data made public on your initiative or deducted via your contributions, comments and positions of any kind on the Site, or even social networks.
It is recalled that the processing relating to personal data made public by the data subject is not subject to the prohibition in principle to the processing of sensitive data by law (Art. 6, II, 4 ° of the Data Protection Act and Freedoms of 1978).
MANAGEMENT OF THE CUSTOMER-PROSPECTS FILE AND ONLINE SALE
Via the Site, you send us the following categories of information by filling out the information form (s) and communicating with us:
- Identity data (civility / gender; name; first name; optional your date of birth);
- Contact data (email address; postal address (address, postal code, city); telephone number);
- If you are a professional, data relating to professional life (identity and contact data of the legal representative, company name, head office address, VAT number, professional contact details);
- In the event of a request to customer service, the nature of your request and the content of your request;
- Login information to your user account: username, password. These will only be automatically registered on the Site if you consent to them using your browser settings.
When registering on the Site, we may also collect information indirectly (see section "social networks and third-party sites"). We reserve the right to submit the registration of your user account for validation of your email address.
In the event of an order, we will also be required to process information relating to the contractual and commercial relationship (in particular the details on the product ordered) that you may establish. The order being paid, we will also process payment and transactional information (date of the transaction, amount, means of payment, order number).
Finally, we collect data for connection to the account and use of the tools made available to people on the virtual space dedicated to them (IP address, connection time, connection duration, account settings, tool management ).
|Purposes of processing||Data||Legal basis|
|. Perform the operations relating to the management of files concerning: contracts (registrations); the orders ; the deliveries ; legal and commercial guarantees; the bills ; accounting and monitoring of the commercial relationship (after-sales service)||All data is likely to be processed for these purposes||Pre-contractual measures or performance of a contract
Compliance with legal obligations
|. Management of authentication procedures
. Management of procedures for the loss of identifiers or passwords
|Identity, contact, user account and account login data||Execution of a contract|
|. Management, processing and follow-up of your requests and your exchanges with the Company, via the Site
. Managing relationships with prospects and customers and people's opinions on products, services or content
|Identity and contact data; Content, date, nature of the request or opinion||Legitimate interest
|. Prospecting and / or sending information (newsletter), which includes relaunching prospects (including in the event of an order being abandoned), managing technical prospecting operations, selecting people to carry out loyalty actions, prospecting, survey, product testing and promotion as well as carrying out solicitation operations
. Organization of contests, lotteries or any promotional operation
|Identity and contact data
Information relating to the contractual relationship
|Legitimate interest Consent in accordance with the regulations of article 34-5 of the CPCE|
|. Development of commercial statistics and advertising, including on social networks
. Improvement of the Site and offers
|All data useful for analyzes||Legitimate interest|
|. Handling of questions and possible complaints from individuals and management of requests for the right of access, rectification and opposition
. Prevention and fight against fraud and means of payment and in particular against credit card fraud
. Management of arrears and litigation
|All information authorized by law||Compliance with legal obligations|
Veracity of the information transmitted: You must not provide false personal information and do not create an account for another person without their authorization. The contact details that you send us must always be exact and up to date.
Personal identifiers - Any holder of an account allowing access to a virtual space to make online purchases, holds access rights which are strictly personal, confidential and non-transferable. Any holder of an account with Francfranc must preserve the integrity of their access rights (username, password) to prevent a third party from logging into their account and to modify their user account data in case of doubt.
The holder of the access rights will be held responsible for any fraudulent or improper use of their access codes, when this results from their own negligence. In any event, the holder of the access rights must inform us without delay of the loss or theft of their identifiers.
On the Site, we use several types of cookie including cookies necessary for the operation of our sites, for their good performance, marketing cookies or for social networks and the exchange of content.
Cookies allow us to analyze browsing paths and improve the Site, and then identify the people who may be interested in our advertisements. Cookies can also facilitate and improve your experience by allowing us to record your actions on the Site and your preferences.
You have the possibility of deactivating cookies directly on the Site and at any time, with the exception of cookies strictly necessary for the operation of the site, via the dedicated configuration tool.
SOCIAL NETWORKS AND THIRD PARTY SITES
Registration on the Site and indirect collection from third parties. When you register or connect to the Site by association with your account on Facebook or Google, we will collect your Google or Facebook ID, as well as all the information for which you will give us authorization before validating your registration via this type of tool (profile picture, genre, likes, etc.) and/or according to your privacy settings on these sites.
More information on registering for the Site from a third party account:
Exchanges on social networks. We can contact you or answer your questions via social media, if you first contacted us through this method.
Public information.The information concerning you, which you have transmitted to us, may possibly be enriched for commercial, prospecting, communication, solicitation or marketing purposes, by means of other sources of information such as social networks (information known as "public" "Or to which we may have access as a page administrator).
Links to third-party sites. The Site may provide links to other sites, applications and services than its own, which may be operated by third-party companies. Clicking on these links may authorize third parties to collect or share data concerning you. In this case, we are not responsible for the processing of personal data by these third-party sites, the user of which is invited to consult the personal data protection policies for more information.
EXERCISE OF THE RIGHTS OF THE PERSONS CONCERNED
You have the right to access data concerning you, to rectify or erase, to query, to limit the processing of your data, to portability (more info here), within the limits set by the regulations and in particular the GDPR.
You also have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data having as legal basis our legitimate interest, as well as a right to object commercial prospecting by clicking on the unsubscribe link from the newsletter.
The Site has functions for exercising your rights directly on the Site, when you have a user account:
- The tool « Manage my data » available at the bottom of the page, allows you to know the information used to place orders, to modify and download them in a current format, easily readable and exportable.
- The tool « Delete my data » available at the bottom of the page, allows you to exercise your right of objection and erasure. The erasure request sent using this tool is followed by a 10-day buffer period during which you can cancel it in the event of an accidental request. When you request a deletion, anonymized order information is kept for accounting purposes.
You can always contact us for more information and to exercise your rights. Requests should be sent electronically to firstname.lastname@example.org or by post to our headquarters (FrancFranc France, Europe Headquarters, 43, rue de Liège, 75008, PARIS). We reserve the right to ask you for any proof of identity and to specify this request. If you are not satisfied with our response, you can lodge a complaint with the authority responsible for controlling and protecting the personal data to which you report (in France, the CNIL).
For all intents and purposes, it is specified that as of the exercise of the right to erasure, to oppose the processing, or even to withdraw consent, the proper functioning of the Site may be disturbed or even interrupted. For example, if these rights are exercised at the time of the order, then this order cannot be confirmed.
DURATION OF STORAGE OF PERSONAL DATA
The data used for commercial prospecting management purposes are kept for a maximum of three years from the last contact from the prospect or client. If you have not authenticated yourself on the Site or have not engaged in active behavior (for example, by clicking on a link) for a period of three years, you may receive an e-mail inviting you to connect as soon as possible, otherwise your data will be deleted from our databases.
Means of effective deletion of data are put in place as soon as the period of conservation or archiving necessary for the accomplishment of the purposes determined or imposed is reached, in particular after deletion of your account with our company.
In accordance with our legal obligations, certain documents relating to our internal operations and containing personal information (purchase orders, contracts, invoices, etc.) will be archived. Similarly, we can archive until the expiration of the limitation / limitation periods applicable to legal actions, and this for the good defense of our interests before the courts in the event of subsequent litigation.
In any event, the personal data subject to processing is not kept beyond the time necessary for the performance of the obligations defined at the conclusion of the contract, or asked by the legislation in force. Beyond that, they may be anonymized and kept for exclusively statistical purposes.
We do not sell any personal data files. The information you provide to us is for internal use only by authorized persons, it is strictly confidential and cannot be disclosed to third parties, except in the event of express agreement or if you have decided to make it public.
Our external service providers (eg IT service provider, suppliers, carriers, etc.) may, within the framework of the processing described above, be recipients of personal data when this is necessary for the performance of their mission.
As such, we undertake to (i) ensure that any recipient of data has sufficient and appropriate contractual guarantees to respect your rights, so that the processing meets the requirements of the GDPR (in particular with regard to subcontracting ) and (ii) to comply with the provisions of the GDPR applicable to data transfers.
On the basis of our legal obligations, your personal data may be disclosed in application of a law, a regulation or by virtue of a decision of a competent regulatory or judicial authority.
Commercial partnership. In terms of commercial prospecting, we will ask your consent before transmitting information about you to business partners. In addition, we reserve the right to make offers in collaboration with third parties, which you will be notified. If you order a product or service on the Site which is not directly delivered by the Company but by a commercial partner, then we will transmit to this partner the information necessary for the execution of the order.
TRANSFER OUTSIDE THE EU
The Site is hosted on Shopify, headquartered in Ireland and whose contractual guarantees have been verified. We inform you that Shopify subcontracts the hosting of data to different companies: Amazon Web Services (AWS), Google Cloud Platform, RagingWire and ServerCentral. All providers based in the United States have signed up to the Privacy Shield, which governs the transfer.
Regarding Google Cloud Platform based in Canada, this country is recognized adequate by the European Union regarding commercial activities through the PIPEDA law.
In any event, we undertake to comply with the applicable regulations relating to data transfers to countries outside the European Union and in particular according to the following terms:
- We will transfer data from visitors, prospects and customers to countries recognized as offering an adequate level of protection. In the event of transfer to the United States, to organizations that have joined the Privacy Shield only;
- When the country of destination does not benefit from an adequate level of protection, we supervise the flows by transfer tools in accordance with the regulations (standard contractual clause of the European Commission, in particular).
Access - Passwords
Password creation is manual. By default, when we ask a client to create a password, the latter must choose a password of at least 5 characters. For more information on password security, any user can consult the CNIL website.
All transactions made on our Site are secure. Credit card payments are provided by our partners at Stripe, and Paypal Payment Express, which are trusted payment service providers. We therefore have an SSL encryption system to protect your personal data and the means of payment used. At no time are we directly in possession of your bank details through this process.
The payment page address begins with "https" and is accompanied by a closed padlock or a key appears at the bottom right of your browser. This allows you to verify that you are in a secure payment area when asked for your credit card number. Stripe and Paypal Payment Express automatically check that this connection is secure before sending your bank and transactional data. Therefore, the highest security standards are applied to data storage and comply with applicable standards.
More information about the processing carried out by payment service providers:
- STRIPE: https://stripe.com/fr/privacy
- PAYPAL PAYMENT EXPRESS: https://www.paypal.com/fr/webapps/mpp/ua/privacy-full
General - Data breach
We are committed to implementing all appropriate technical and organizational measures using physical and logistical security means in order to guarantee a level of security adapted to the risks of accidental, unauthorized or illegal access, disclosure, alteration, loss or destruction of personal data concerning you.
In the event that we become aware of an event leading to the realization of the risks identified above, we undertake to:
- Investigate the causes of the incident;
- Take the necessary measures to limit the negative effects and damages that may result from the said incident;
- Notify the incident to the CNIL or to the persons concerned as soon as possible when this meets a legal requirement.
In no case may the commitments defined in the point above be assimilated to any acknowledgment of fault or responsibility for the occurrence of this incident.
If you observe any security breach or any incident likely to affect the integrity of your personal data or that of other people, we thank you in advance for agreeing to inform us immediately by email, at the address email@example.com.
APPLICABLE LAW, LANGUAGE, MODIFICATION OF POLICY