Applicable as of December 01, 2021 and subject to change without notice.
On www.lapetitemain.fr (hereinafter the "Site"), the person in charge of processing personal data is Fanny GHALEM, representing the brand "LA PETITE MAIN", EI under the micro-enterprise regime, with the SIRET 824 728 455 00034.
LA PETITE MAIN (hereinafter "we" or "us") is committed to ensuring that the collection and processing of your data is carried out in a lawful, fair and transparent manner, in accordance with the "GDPR" (General Data Protection Regulation) of May 25, 2018 and the new "Loi Informatique et libertés" (Law n°78-17 of January 6, 1978 relating to data processing, files and freedoms) on May 29, 2019 following the Decree No. 2019-536.
Our collection is limited to what is necessary, in accordance with the principle of data minimization. The definitions provided in Article 4 of the GDPR are applicable to this Policy. In the event of any changes to this Policy, we will not lower the level of privacy substantially without informing you in advance.
Hereby, we will try to answer the following questions: What personal data do we process? For what purposes? On what legal grounds? What are your rights? How can you exercise them? How long is the data kept?
You will also find our commitments regarding subcontracting, transfers, communication to third parties and in the event of a security breach. For any clarification or complaint, please contact us.
Article 1 - Categories of personal data collected and processed
In the course of our business on this Site, you provide us with the following information by filling out the information form(s) and communicating with us:
- When you browse this Site, data collected through cookies and similar technologies used (including date, time of connection and/or browsing, browser type, browser language, IP address, location data);
- Personal and contact information (title, last name, first name, company, position, postal address, telephone number and e-mail address) will allow us to identify you and communicate with you;
- Information relating to the contractual and commercial relationship (including details of products and/or services ordered) that you may have with us as well as banking information (bank details, card numbers and cryptogram) and transactional information (date of the transaction, amount, order number and invoice number)
Article 2 - Aims
- The identification of persons using this Site to order our products and/or services;
- The creation and management of the client account of the person concerned as well as the execution of payment operations made at his request;
- The processing of operations relating to the management of files concerning: orders; deliveries; invoices; accounting and follow-up of the commercial relationship;
- Management of the relationship with prospects and customers and of people's opinions on products, services or content;
- The treatment of questions and possible complaints of the persons as well as the management of the requests of right of access, rectification and opposition;
- The respect of the modalities of online access to the accounts and management of the possible procedures of authentication (registration, connection and loss of password);
- Payment Execution;
- The elaboration of commercial and advertising statistics;
- Prospecting and/or sending information (newsletter), which includes the follow-up of prospects, the management of technical prospecting operations, the selection of persons to carry out loyalty actions, prospecting, surveys, tests, promotions as well as the realization of solicitation operations;
- Participation in special events, such as contests, games, sweepstakes, offers and participation in the loyalty program, excluding online gambling subject to approval by the Autorité de Régulation des Jeux en Ligne;
- The prevention and fight against fraud and means of payment and particularly against credit card fraud;
- Management of unpaid bills and disputes;
- Improving the Site and our offerings;
- Site security.
Article 3 - Legal basis
The processing of personal data respectively finds its legal basis, within the meaning of Article 6 of the GDPR, in the fact that:
- The processing is necessary for the execution of the contractual relationship that unites us and/or that you wish to establish with us, since the personal data that we collect and process are necessary for the execution of the purchases requested under our General Terms and Conditions of Sale (GTCS) ;
- Or the processing is also necessary to protect our legitimate interests, in particular by enabling us to carry out commercial prospecting, to keep proof of transactions carried out and/or, if necessary, to carry out a recovery;
- If required by law, or if not required in either of the two preceding cases, we will ask you for your consent.
Article 4 - Retention time
Personal data that are processed are not kept beyond the time necessary to fulfil the obligations defined at the time of the conclusion of the contract or imposed by the legislation in force. We keep personal data for the time strictly necessary to achieve the purposes described herein. Beyond this period, it may be anonymized and kept exclusively for statistical purposes.
Means of deletion of data are put in place to provide for the effective deletion when the period of retention or archiving necessary for the achievement of the purposes determined or imposed is reached.
Article 5 - Cookies
You are informed that we are likely to deposit cookies on your terminal. The cookie records information relating to navigation on the service (the pages you have consulted, the date and time of the consultation...) that we can read during your subsequent visits.
The maximum duration of conservation of cookies is 13 months after their first deposit in your terminal, as well as the duration of the validity of your consent to the use of these cookies. The lifetime of cookies is not extended with each visit. Your consent must therefore be renewed at the end of this period.
Cookies may be used for statistical purposes, in particular to optimize the services rendered, based on the processing of information concerning the frequency of access, the personalization of pages as well as the operations carried out and the information consulted. They may also be used for advertising purposes, in particular to offer you targeted content in banners and inserts on the Internet. Some features of the site, such as video players or interactive content, may use services offered by third parties and may deposit cookies that allow them to identify your consultation of the content. Some cookies may also be used to store customer account information or shopping cart contents.
Article 6 - Your Rights and Recourse
You have the right to access your data, to correct or delete it, to ask questions, to limit the processing of your data, to portability, and to erasure.
You also have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data which has our legitimate interest as its legal basis, as well as a right to object to commercial prospecting. At any time, you may also withdraw your consent to processing, without affecting the lawfulness of the processing based on the consent made prior to the withdrawal of consent.
In addition, you have the right to define general and particular directives defining the way in which you would like the above-mentioned rights to be exercised after your death. Finally, you may lodge a complaint with the CNIL, if our responses seem unsatisfactory.
For any request, you will be asked to prove your identity by any useful means and to justify, if necessary, the reasons for your request.
Requests to exercise your rights should be made by e-mail or by using the contact form.
Upon exercising the right to erasure, to object to processing or to withdraw consent, the proper functioning of the Site may be disrupted or interrupted. For example, if these rights are exercised at the time of ordering products or services, then said order may be cancelled and said service may be suspended.
The email you provide may be used to send you information via electronic mailings for example. If at any time you wish to unsubscribe and no longer receive these emails, you will find unsubscribe instructions at the end of each email.
More information on your rights: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles
Article 7 - Subcontracting
You are informed that we may use one or more subcontractors to carry out specific processing activities.
We undertake to ensure that any subcontractor provides sufficient contractual guarantees regarding the implementation of appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR (General Data Protection Regulation).
Article 8 - Third Parties
We do not share any personal data for commercial purposes with third parties without your consent.
If we share your personal data with a third party, we will ensure that the third party is bound by the same privacy terms as we are.
On the basis of legal obligations, your personal data may be disclosed to public authorities in application of a law, a regulation or by virtue of a decision of a competent regulatory or judicial authority. In the case of deliveries of products abroad, personal data will be sent to customs authorities.
The personal data that you communicate to us during your order are transmitted to our suppliers, subcontractors and/or subsidiaries for the processing of your order. This information is considered strictly confidential, and these recipients only have access to the data necessary for the execution of the contract between us.
In the event that we become involved in a merger, acquisition or other form of asset transfer, we are committed to maintaining the confidentiality of your personal data and to informing you before your personal data is transferred or subjected to new privacy rules.
If you connect your account to an account on another service, such as a social network, that service may share your profile information, login information, and any other information you have authorized to be shared with us.
This Site may provide links to sites, applications and services other than its own, which may be operated by third-party companies. In this case, we are not responsible for the processing of personal data by these third party sites, whose privacy policies the user is invited to consult for more information.
Article 9 - Transfer abroad
We undertake to comply with the applicable regulations relating to the transfer of data to countries outside the European Union, in particular in the following ways
- We will only transfer visitor, prospect and customer data to countries that are recognized as offering an equivalent level of protection; In the case of transfers to the United States, to organizations that have joined the EU-US Data Protection Shield (EU-US Privacy Shield) only;
- We will only transfer personal data outside of countries recognized by the CNIL as having an adequate level of protection if we have obtained authorization from the CNIL to do so.
Article 10 - Security
We undertake to implement all appropriate technical and organizational measures through physical and logistical security measures to ensure a level of security appropriate to the risks of accidental, unauthorized or illegal access, disclosure, alteration, loss or destruction of your personal data.
In the event that we become aware of unlawful access to your personal data stored on our servers or those of our service providers, or unauthorized access resulting in the risks identified above, we will:
- Notify you of the incident as soon as possible if it meets a legal requirement;
- Examine the causes of the incident;
- Take reasonable steps to mitigate any adverse effects and damages that may result from such incident
In no case shall the commitments defined in the above point be considered as an admission of fault or responsibility for the occurrence of the incident in question.
Article 11 - Legislation
Article 12 - Consent