Between the undersigned:
1. The simplified joint-stock company VALEGE DISTRIBUTION with capital of €1,037,000, with its registered office at 71 avenue de Wagram, 75017 Paris, registered with the Paris Trade and Companies Register under number B 424 814 184, and with VAT number FR13424814184. Hereinafter referred to as the "Data Controller", On the one hand,
And 2. Any natural person Browsing the Data Controller’s website; Hereinafter referred to as the “Data Subject”, On the other hand, It was outlined and agreed that:
Supervisory Authority means the French National Commission for Data Protection (CNIL), an independent French authority responsible for regulating data protection;
Consent means any free, specific, enlightened and unambiguous expression of will by which the Data Subject accepts, by a clear declaration or positive act, that Data concerning him or her are the subject of Processing by the Data Controller.
Cookies are computer files used to trace the journey of the Data Subject on the Site.
Recipient means any natural or legal person, public authority, service or other body that receives communication of the Data, whether or not it is a Third Party. However, public authorities which are likely to receive the Data, in particular in the context of a fact-finding mission, shall not be considered as Recipients within the meaning of this definition.
Data refers to any information relating to the Data Subject.
DPO designates the data protection officer of the Data Controller, namely Mr Régis ZERBIB – [email protected], in charge of assisting the Data Subject in the exercise of his rights over his Data.
File means any structured set of Data accessible according to specific criteria, whether this set is centralized, decentralized or distributed functionally or geographically.
Legislation means any law and regulation relating to the protection of Data, and in particular European Regulation no. 2016/679 and Law no. 78-17.
Navigation means the consultation, knowledge, ordering and/or purchase of Products on the Site by the Data Subject.
Data subject means any natural person browsing the Site, as long as it can be identified, directly or indirectly, including by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more specific elements specific to its physical, physiological, genetic, psychic, economic, cultural or social identity.
Products means the products offered for sale and/or reservation on the Site by the Data Controller to the Data Subject.
Pseudonymisation means the processing of Data in such a way that it can no longer be attributed to the Data Subject without recourse to additional information.
Data controller means the simplified joint-stock company VALEGE DISTRIBUTION with capital of €1,037,000, whose registered office is located at 71 avenue de Wagram, 75017 Paris, registered with the Paris RCS under number B 424 814 184, which alone determines the purposes and means of the Processing
Website means the infrastructure developed by the Controller according to the computer formats usable on the Internet including data of different types, including texts, sounds, still or animated images, videos, databases, to be consulted by the Data Subject to know, book, order and/or purchase Products (www.valege.com).
Subcontractor means any natural or legal person, public authority, service or other body that processes the Data on behalf of the Controller.
Third Party means any natural or legal person, public authority, service or other body other than the Controller, the Subcontractor and persons placed under the direct authority of the Controller or the Controllerprocessing, are authorized to process the Data.
Processing means any operation or set of operations carried out or not using automated processes and applied to the Data or Data sets, such as collection, recording, organization, structuring, retention, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, approximation or interconnection, limitation, erasure or destruction.
In accordance with the Legislation, the Data Controller undertakes to respect the following principles for each Processing:
- Limitation of purposes;
- Minimisation of Data;
- Limitation of conservation;
As part of the Navigation, the Data Controller is required to collect and process a number of Data, including:
Personal information (surname, first name, sizes, sex, postal address, email address, telephone number, date of birth, age, date of registration and unsubscribion to the customer account and to the Data Controller’s newsletter, messages exchanged with the Data Controller);
Banking information (means of payment, credit card number);
Order information (ordered products, delivery address, delivery tracking number, order prices, purchase and delivery history);
Technical information (browsing behavior on the Site, IP address, products added to the cart, collection of consent).
The Data may be collected and processed by the Data Controller on various occasions, including:
- Placing an order for Products on the Site;
- Contact with the Data Controller;
- Subscribe to the newsletter;
- Creation of a customer account;
- Navigation on the Site.
|Purpose of Processing||Data involved||Legal basis for processing||Data storage Period|
|Management of Product purchases, deliveries, invoicing and accounting standards||First name, last name, email address, postal address, telephone number, delivery address, order made, delivery tracking number sizes, Products purchased, date of registration and unsubscribe, means of payment, order and delivery history, credit card number, IP address.||Contract and legal obligation.|
Management of contacts 10 years from the purchase of the Product EXCEPT 15 months from the purchase of the product for the banking data (immediately for the visual cryptogram)
|Creation and management of client accounts|
First Name, Last Name, Email Address, Mailing Address, Phone Number, Sizes, Customer Account Creation Date, Customer Account Deletion Date, Customer Account Deletion Date, Consent Collection..
|Consent of the data subject.||3 years from the last connection of the Person. Consent of the data subject.|
|Management of contacts|
First name, last name, email address, postal address, telephone number, consent collection, exchanges, order reference.
|Consent of the data subject.||3 years from the last connection of the Person.|
First name, last name, email address, collection of consent.
|Consent of the data subject.||Consent of the data subject.|
|Securing and improving the Site|
IP address, Navigation data.
|The Data Controller’s legitimate interest in improving the Site and managing the Site, securing and administering the Site, preventing fraud and malicious acts.||13 months|
|Complaints and Customer Service Management|
First name, last name, email address, postal address, phone number, purchase history, exchanges, IP address.
|Legitimate interest of the Data Controller to improve its Products and Services.||3 years from the last connection of the Person.|
The Data Controller reserves the right to anonymise the Data subject to Processing before deleting it. Anonymised data may then be processed for statistical purposes.
As a rule, the Data Controller is the only Data Recipient. However, the Data Controller may be required to transfer the Data to Recipients, in particular in the context of the management of deliveries and the newsletter, and/or to any public authority that so requests, in particular in the context of a fact-finding mission. The Data Controller undertakes to require its Sub-sufficient guarantees regarding the implementation of appropriate technical and organisational measures so that the Processing meets legal and regulatory requirements and guarantees the protection of the rights of the Data Subject, particularly in the case of transfer of Data outside the European Union. In case of transfer of Data outside the European Union, to a third country not recognised by the European Commission as having an adequate level of protection of the Data Controller undertakes to implement appropriate guarantees provided as necessary by:
- Standard data protection clauses; Binding corporate rules;
- A code of conduct with a binding and enforceable commitment by the Data Controller in the third country to apply the appropriate safeguards;
- A certification mechanism with a binding and enforceable commitment by the Data Controller in the third country to apply the appropriate safeguards.
- As a rule, the Data Controller is the only Data Recipient. In addition, the Data Controller may communicate to any Recipient or Third Party the Data that are the subject of a Processing when there is a legal obligation to do so or when the Data Controller considers in good faith that this is necessary to:
- Respond to any complaint against him;
- Comply with the requirements of the judicial and/or administrative order and/or the Supervisory Authority;
- Enforce any contract of which the Person concerned is a party;
- Safeguard the vital interests of any natural person; Carrying out a public interest mission.
The Data Subject has a certain number of rights over the Data that he can assert, except for applicable legislative or regulatory exceptions, by making a request to the DPO at the following address: Regis ZERBIB DPO, 71 avenue de Wagram – 75017 Paris Contact: [email protected] The DPO will accompany the Data Subject in exercising his or her rights to the Data Controller. If there is a reasonable doubt as to the identity of the Data Subject making a request to exercise his or her rights to the Data, the DPO may ask to attach a copy of an official identity document in support of the request. Applications will be processed as soon as possible and at the latest in accordance with the deadlines set by the Legislation.
The Data Subject has the right to obtain from the Data Controller confirmation that Data are or are not processed and, where they are, access to said Data as well as the following information: The purposes of the processing; The categories of Data; The Recipients or categories of Recipients to whom the Data have been or will be communicated, in particular the Recipients who are established in third countries or international organizations; Where possible, the retention period of the Data or, where this is not possible, the criteria used to determine this duration; The existence of the right to request the Data Controller to rectify or erase the Data, or a limitation of the processing of the Data, or the right to object to this processing; The right to lodge a complaint with a supervisory authority; When the Data is not collected from the Data Subject, any information available as to their source; The existence of automated decision-making, including profiling, and, at least in such cases, useful information concerning the underlying logic, as well as the expected importance and consequences of this treatment for the Data Subject. The Data Controller provides a copy of the Data subject to Processing and reserves the right, in return for providing such copy, the payment of reasonable fees based on administrative costs for any additional copies requested by the Data Subject.
The Data Subject has the right to obtain from the Data Controller the rectification and/or erasure of inaccurate or obsolete Data as soon as possible unless the contrary situation prevents the exercise of this right, and in particular:
- The exercise of the right to freedom of expression and information;
- Compliance with a legal obligation;
- Public interest in the field of public health, archives, scientific or historical or statistical research;
The recognition, exercise or defence of legal rights.
The data subject has the right to object at any time, for reasons related to his particular situation, to a Data Processing based on the performance of a public interest mission or the necessity of the legitimate interest of the Data Controller.
The Data Controller then undertakes to no longer process the Data, unless it demonstrates that there are legitimate and compelling reasons for the Processing that prevail over the interests and rights and freedoms of the Data Subject, or for the finding, the exercise or defence of legal rights.
In addition, the Data Subject has the right to object at any time to the Data Processing carried out for prospecting purposes by the Data Controller, insofar as the Data Subject is linked to such prospecting.
Finally, when Data are processed for scientific or historical research purposes or for statistical purposes, the Data Subject has the right to object, for reasons relating to its particular situation, to the processing of the Data, unless the Processing is necessary for the performance of a public interest mission.
The Data Subject has the right to obtain from the Controller the limitation of the Data Processing when:
The accuracy of the Personal Data is disputed by the Data Subject, for a period allowing the Controller to verify the accuracy of the Data;
The processing is illegal and the Data Subject opposes their erasure and instead demands the limitation of their use;
The Data Controller no longer needs the Data for the purposes of the Processing, but these are still necessary for the Data Subject to establish, exercise or defend legal rights;
The Data Subject objected to the Processing in accordance with c, during the verification of whether the legitimate grounds pursued by the Data Controller prevail over those of the Data Subject.
The Data Subject who has obtained the limitation of the Data Processing is informed by the Data Controller before the limitation of the processing is lifted.
- The Processing is based on the Data Subject’s Consent or on the performance of a contract to which the Data Subject is a party;
- Processing is carried out using automated processes.
- The Data Subject, when exercising its right to the portability of the Data, has the right to have the Data transmitted directly from the Data Controller to another Data Controller, where this is technically possible.
The Data Subject has the right to lodge a complaint with the Supervisory Authority if it considers that it is the subject of an Illegal Data Processing by the Controller.
The Data Subject has the right to define directives on the fate of the Data after his or her death to the Data Controller who will use all his or her technical means to enforce this wish.
The Data Controller shall take appropriate technical and organisational measures to protect the Data against destruction, loss, alteration, misuse and unauthorized access, modification or disclosure, whether these actions are voluntary or accidental. These technical and organizational measures are intended to ensure the confidentiality, integrity, availability and resilience of the Site and the information systems where the Files are stored.
- For Mozilla Firefox: Choose the menu "tool" then "Options". Click on the icon "privacy". Locate the "cookie" menu and select the options that suit you
- For Chrome: In "Settings" Click on "Privacy and Security" then "Site Settings". Click on "Cookies" Select on the desired choice "Blocked" or "Enabled"
- For Microsoft Internet Explorer 6.0: Choose the menu "Tools" (or "Tools"), then "Internet Options" (or "Internet Options"). Click on the "Confidentiality" tab. Select the desired level with the cursor.
- For Microsoft Internet Explorer 5: Choose the menu "Tools" (or "Tools"), then "Internet Options" (or "Internet Options"). Click on the "Privacy" tab. Customize the level" using the slider
- For Netscape 6.X and 7. X: Choose the menu "Edit">"Preferences"; Privacy and Security; Cookies
- For Opera 6.0 and beyond: Choose the menu "File">"Preferences"; Privacy.