ARTICLE 1: CONTROLLER AND DATA PROTECTION OFFICER FOR DATA PROCESSING/CONTACT
Controller for data processing within the meaning of the data protection legislation is:
Address : 19 rue Nollet, Paris 75017
Email : firstname.lastname@example.org
Please do not hesitate to contact us if you have questions or ideas relating to data protection.
You can contact our data protection officers at the following address:
ARTICLE 2: SCOPE OF DATA PROTECTION
The scope of data protection is personal data. This is all the information that relates to an identified or identifiable natural person (known in the legislation as the data subject). This cover, for example, information such as name, postal address, e-mail address, or telephone number as well as information that necessarily originates during the use of our website, such as details about the start, end, and scope of use, and the communication of your IP address.
ARTICLE 3: PROCESSED DATA
In general, it is possible to use our website without registering. Even if you use our website without registering, personal data can still be.
An overview of the type, scope, purposes of, and legal basis for data processing within the scope of our website is provided below.
When you access our website using your device, we automatically process the following data:
- type of device
- operating system used
- type of browser,
- domain name of internet service provider
- IP address
- referrer URL
- date and time of access
- duration of your visit
- access country of origin
- the functions that you use
- the pages that you access
- type of event
We process this data on the basis of Article 6 (1) (f) GDPR to provide the service, to ensure the technical operation, and to identify and rectify faults. In this way, we pursue the interest of facilitating and ensuring the long-term use of our website and its technical functional capability. When our website is accessed, this data is automatically processed. You cannot use our services unless this data is provided. We do not use this data for the purpose of drawing conclusions about you or your identity.
ARTICLE 4: INDIVIDUAL SERVICES AND FUNCTIONALITIES
You can voluntarily enter personal data or register for services and functions at several locations on our website, e.g., through the use of the web shop by guest order, newsletter registrations, requests for information, contact requests, etc. When you register for and use the services and functions described below, we record, process, and use personal data as outlined here.
ARTICLE 5: RECIPIENTS OF PERSONAL DATA
Within LOLA JAMES HARPER the only people who have access are those who need it for the purposes named in Sections 3 and 4.
- Communication manager
- Commercial Team
- Financial Team
We only forward your personal data to external recipients outside LOLA JAMES HARPER if this is necessary for the administering or processing of your issue, if another legal authorization exists, or if we have your consent to forward the data.
External recipients can be:
- a) Processors
External service providers that we use to provide services, for example in the areas of payment or the provision of content. We carefully select and regularly inspect these processors to make sure that your privacy is protected. The service providers may use the data only for the purposes we have specified and in accordance with our instructions.
Our shop is hosted on Shopify Inc. and they provide us with the online e-commerce platform that allows us to sell you our services and products.
Your data is stored in Shopify's data storage system and databases, and in Shopify's general application. Your data is stored on a secure server protected by a firewall.
If you make your purchase through a direct payment gateway, Shopify will store your credit card information. This information is encrypted in accordance with the data security standard established by the payment card industry (PCI-DSS standard). Information relating to your purchase transaction is kept as long as necessary to complete your order. Once your order is finalized, the information related to the purchase transaction is deleted.
All direct payment gateways comply with the PCI-DSS standard, managed by the PCI Security Standards Council, which is the result of a joint effort by companies such as Visa, MasterCard, American Express and Discover.
The requirements of the PCI-DSS standard ensure the secure processing of credit card data by our shop and its service providers.
- b) Public bodies
Authorities and public institutions, such as public prosecutors, courts, or financial authorities to which we must transfer personal data for legal reasons. The data is transferred on the basis of Article 6 (1) (c) GDPR.
ARTICLE 6: SERVICES PROVIDED BY THIRD PARTIES
In general, the third-party providers we use will only collect, use and disclose your information to the extent necessary to perform the services they provide to us.
However, some third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we are required to provide to them for your purchase transactions.
For these providers, we recommend that you carefully read their privacy policies so that you can understand how they will treat your personal information.
It should be remembered that some suppliers may be located or have facilities located in a jurisdiction different from yours or ours. Therefore, if you decide to pursue a transaction that requires the services of a third party provider, your information may be governed by the laws of the jurisdiction in which that provider is located or the laws of the jurisdiction in which its facilities are located.
For example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, your personal information that was used to complete the transaction may be disclosed under United States law, including the Patriot Act.
ARTICLE 7: COOKIES
When you visit our website "cookies", which are small files, may be stored on your device in order to provide you with a comprehensive scope of functions, make it easier to use our service, and optimize our offerings.
Please note that the functional capability and functional scope of our offering could be restricted as a result.
Here is a list of cookies that we use. We have listed them here so that you can choose whether or not you want to allow them:
- Session_id, a unique session identifier, allows Shopify to store information about your session (referrer, landing page, etc.).
- Shopify_visit, no data retained, persists for 30 minutes since the last visit. Used by our website supplier's internal statistics tracking system to record the number of visits.
- Shopify_uniq, no data retained, expires at midnight (depending on the visitor's location) the following day. Calculates the number of visits to a shop per single customer.
- Cart, unique identifier, persists for 2 weeks, stores information related to your shopping cart.
- Secure_session_id, unique session identifier
- Storefront_digest, unique identifier, indefinite if the shop has a password, it is used to know if the current visitor has access.
ARTICLE 8: SECURITY
To protect your personal data, we take reasonable precautions and follow industry best practices to ensure that they are not lost, misused, accessed, disclosed, modified or improperly destroyed.
If you provide us with your credit card information, it will be encrypted using SSL security protocol and stored with AES-256 encryption.
Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all the requirements of the PCI-DSS standard and implement additional standards generally recognized by the industry.
ARTICLE 9: DURATION OF STORAGE, DELETION
We store your personal data only for the length of time necessary to fulfill the purposes stated in this document or in the general contract documents drawn up between you and ourselves, or – in the case of consent – until you withdraw your consent. In addition, we store your data as required under commercial law and tax law retention requirements.
We delete your personal data immediately
- after the legal grounds cease to apply and provided that no other legal grounds apply. If the latter is the case, we delete the data once the other legal grounds cease to apply.
- if we no longer need the data for the purposes of preparing and implementing a contract and no other legal grounds apply. If the latter is the case, we delete the data once the other legal grounds cease to apply.
- if you object, unless further processing is permitted according to the relevant legal provisions.
- if we are obliged to do so for other legal reasons.
ARTICLE 10: RIGHTS OF DATA SUBJECTS
As the data subject affected by the data processing, you have several rights.
- Right of access (Article 15 GDPR): You have the right to obtain information from us about the data that we have stored about you.
- Right of rectification (Article 16 GDPR) and erasure (Article 17 GDPR): You have the right to demand that we rectify incorrect data and – provided the legal requirements are met – that we delete your data.
- Restriction of processing (Article 18 GDPR): You have the right – provided the legal requirements are met – to demand that we restrict the processing of your data.
- Data portability (Article 20 GDPR): If you have provided us with data on the basis of a contract or consent, you have the right, in accordance with the legal requirements, to obtain the data you have provided in a structured, standard, and machine-readable format or you can demand that we transfer this data to another controller.
- Objection to the processing of data on the legal basis of "legitimate interests"(Article 21 and 22 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to our processing of your data, provided this objection is based on the legal basis of "legitimate interests". If you exercise your right to object, we will cease the processing of your data unless we can – pursuant to the legal requirements – prove compelling legitimate reasons for the further processing, which override your rights.
Withdrawal of consent: If you have given us consent to process your data, you can withdraw this consent at any time with effect for the future. The lawfulness of the processing of your data remains unaffected up until the time of the withdrawal of consent.
Right to lodge a complaint with a supervisory authority: You can also submit a complaint to the competent supervisory authority if you believe that the processing of your data is in breach of the legislation. To do so, you can apply to the data protection authority that is responsible for your town/city or country or the data protection authority that is responsible for us.
ARTICLE 11: HOW TO EXERCISE YOUR RIGHTS
Please do not hesitate to contact us if you have any questions regarding the processing of your personal data, your rights as a data subject, and any consent that you may have given.
To exercise all of these above-mentioned rights, please contact (email@example.com) or by post at the address specified above in Article 1. In doing so, please ensure that it is possible for us to uniquely define you.