1. Purpose
This personal data protection policy (hereinafter the “Policy”) aims to inform Data Subjects about how Data is collected and processed by the Publisher, and to inform them of their rights and the means of exercising them provided by the Publisher.
Data Controller
For any browsing and purchases on the Site, the Data Controller is DOMAINE DU SACRE COEUR.
2. Processing
Purpose of Processing
As part of the operation of the Site, the Publisher collects and processes Data in accordance with the purposes specified at the time of collection, namely:
- Conducting statistical studies on browsing,
- Creating and properly operating the personal account space,
- Managing orders placed through the site,
- Managing cookies,
- Managing contacts submitted via the designated form.
Data Collected
During collection, the Publisher may collect the following data:
Identity: name, first name, email address, postal address, mobile phone number. Data whose provision is mandatory to the Publisher’s services are indicated as such.
Data is collected either by filling out designated fields or via cookies that have been previously accepted.
For online payment of purchases, bank details transmitted are not collected by the Publisher and are not processed by it.
They are exclusively and directly processed securely by the secure payment service provided by the Publisher, whose conditions are available on its website:
https://www.domainedusacrecoeur.com/
The purpose of collecting Data is to ensure the proper operation of the Site and the follow-up of orders placed through it.
Only the data necessary for this purpose are collected and processed.
3. Data Security
The processed Data is stored securely and access is strictly controlled and restricted to only those who need it.
All access to Data is via a specialized and secure module, protected by technical measures and strong passwords.
4. Recipients of Data
In accordance with regulations, the Publisher has implemented, in line with the state of the art, organizational and technical measures to preserve the security, integrity, and confidentiality of Data and to prevent unauthorized access.
The Recipients are the Publisher and its employees with a legitimate interest in consulting the Data.
5. Data Transferred to Authorities and/or Public Bodies
In accordance with regulations, Data may be transferred to competent authorities upon justified request and, in particular, to public bodies, exclusively to comply with legal obligations, judicial officers, and organizations responsible for debt recovery.
6. Retention Periods
Data related to accounts or orders is not retained beyond two years from the last login to the Account or from the order date.
By exception, in accordance with applicable regulations, accounting data, particularly related to invoicing, will be retained as archives for 10 years from the invoice date.
7. Rights of Data Subjects
Data Subjects have the right of access, rectification, erasure (right to be forgotten), objection, restriction of processing, and data portability concerning their Data.
These rights may be exercised in accordance with Law No. 78-17 of January 6, 1978 as amended, and the GDPR.
- by email to the following address: gaecsacrecoeur@wanadoo.fr
- by postal mail to the Publisher’s address
- via the contact page on the Site.
When processing any request, proof of identity may be required.
Subject to non-compliance with the provisions below, the User has the right to file a complaint with the CNIL (https://www.cnil.fr).
8. Data Transfer
As a rule, Data collected on the site is reserved exclusively for the Publisher.
However, in the case of an order placed through the Site, the Data of Data Subjects may be transferred to the Publisher’s logistics partners (delivery and shipping services). The legal basis for this transfer is the sales contract.
Furthermore, before any transfer of Data to third parties, the Data Subject’s consent will be obtained.
However, the Publisher reserves the right to transfer Data to comply with legal obligations, particularly if required by a judicial order.
9. Security
The Publisher places particular importance on the protection of personal data of its users and partners, but relies on their active collaboration to ensure Data protection. The Publisher therefore recommends the systematic use of strong passwords (for more information, refer to the guide: https://www.ssi.gouv.fr/guide/mot-de-passe).
10. Cookies
A cookie is a small file stored by a server on a user’s device (computer, phone, etc.) and associated with a web domain (i.e., in most cases, with all pages of the same website). This file is automatically returned during subsequent interactions with the same domain.
Cookies have multiple uses: they can be used to remember your customer ID on an e-commerce site, the current contents of your shopping cart, the language of the web page, an identifier to track your browsing for statistical or advertising purposes, etc.
There are several types of cookies:
- “Necessary” cookies, internal, allow information to be saved between two visits to the same website on the same device. They allow saving a shopping cart, login credentials, or interface customization elements. They do not require the user’s consent.
- “Statistics” cookies allow tracking a user’s actions on a website. When the statistics are anonymous (i.e., they do not identify a person), user consent is not required.
- “Internal” or “first-party” cookies are set by the visited site. They may be set in addition to necessary cookies and may be used to collect personal data, track user behavior, and serve advertising purposes.
“Third-party” cookies are cookies set by (or for) site B (often an advertising network) on site A: this allows site B to see which pages have been visited on site A by a user and collect information about them.
The information stored on the device is theoretically limited to the current domain. In practice, this is not always the case for “first-party” cookies set by the main domain, as web pages may include content from other domains.
All non-essential cookies require user consent to be set upon connecting to the Site.
Essential cookies are deleted at the end of the browsing session and are not used to collect Data.
The retention period of cookies varies depending on the type of cookie.
For the proper operation of the Website, BOONDOOA/DOMAINE DU SACRE COEUR may set cookies in the Visitor’s browser.
For statistical purposes, BOONDOOA/DOMAINE DU SACRE COEUR and your client’s name may collect browsing information via cookies.
The Visitor is free to accept or refuse cookies by configuring their browser (disabling all or some cookies – see the browser manual or help function).
Disabling cookies may make certain Services of the Site unavailable.
The Visitor may also delete cookies at any time, including cookies already stored on their computer, by adjusting the privacy settings of their Internet browser.
The CNIL website also explains how to manage and delete cookies on your browser.
These instructions are available at: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.
Cookies set, if any, have a maximum duration of thirteen (13) months.
The maximum retention period of Data resulting from their use is 25 months.