ARTICLE 1: PREAMBLE
How their personal data is collected and processed. Personal data is any data that can identify a user. This includes the first and last name, age, postal address, e-mail address, the location of the user or his IP address;
What are the rights of the users concerning this data?
Who is responsible for processing the personal data collected and processed?
To whom this data is transmitted;
Possibly, the site’s policy regarding “cookies”.
This confidentiality policy complements the legal notice and the General Conditions of Use that users can consult on this same site.
ARTICLE 2: GENERAL PRINCIPLES REGARDING DATA COLLECTION AND PROCESSING
In accordance with the provisions of Article 5 of the European Regulation 2016/679, the collection and processing of data of the users of the site respect the following principles:
Lawfulness, fairness and transparency: data may only be collected and processed with the consent of the user who owns the data. Whenever personal data is collected, the user will be informed that his or her data is being collected and for what purpose it is being collected;
Minimisation of data collection and processing: only the data necessary for the proper execution of the purposes pursued by the site are collected;
Conservation of data reduced in time: the data is kept for a limited period, of which the user is informed. When this information cannot be communicated, the user is informed of the criteria used to determine the period of retention;
Integrity and confidentiality of collected and processed data: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
In order to be lawful, and in accordance with the requirements of Article 6 of the European Regulation 2016/679, the collection and processing of personal data may only take place if they comply with at least one of the conditions listed below:
The user has expressly consented to the processing;
The processing is necessary for the proper performance of a contract;
The processing is in accordance with a legal obligation;
The processing is necessary for the protection of the vital interests of the data subject or of another natural person;
Processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
The processing and collection of personal data is necessary for the purposes of the legitimate and private interests pursued by the controller or by a third party.
ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED IN THE CONTEXT OF BROWSING THE SITE
A. DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION
The personal data collected on the https://fleurdaya.fr/ website are as follows:
First name and surname
This data is collected when the user carries out one of the following operations on the site:
When the user uses the contact form
When the user makes a reservation
In addition, when a payment is made on the site, proof of the transaction, including the order form and the invoice, will be kept in the computer systems of the site editor.
The person responsible for processing will keep all the data collected in its computer systems on the site under reasonable security conditions for a period of : 3 years.
The collection and processing of data is for the following purposes:
Management of orders and sales of products
Management of complaints, retractions and product returns
Carrying out transactions, in particular payment transactions
Creation and management of customer accounts
Delivery of ordered products
Administering the website and fighting against fraud
After-sales service: exchanges with customer service
Operating, evaluating and improving products and services and the user experience (including developing new products and services, analysing the customer base, data analysis, accounting and auditing), profiling.
To fulfil the obligations arising from any contracts or agreements between https://fleurdaya.fr/ and its customers
To analyse the visits to the website and their frequency, to measure the audience, studies, statistics, surveys (cookies) and to improve the user experience on the website
The data processing carried out is based on the following legal grounds:
Performance of the contract
Consent of the user
B. TRANSMISSION OF DATA TO THIRD PARTIES
The data may be transmitted to the following third parties
Any police or administrative authority in the context of judicial requests concerning the fight against fraud
Customs services and service providers in the case of deliveries abroad
C. DATA HOSTING
The https://fleurdaya.fr/ website is hosted by : OVH, whose headquarters are located at the following address
2 rue Kellermann – BP 80157 59053 ROUBAIX CEDEX 1
The data collected and processed by the site is exclusively hosted and processed in France.
ARTICLE 4: DATA CONTROLLER
A. THE DATA CONTROLLER
The person responsible for processing personal data is: Château Fleur d’Aya. It can be contacted in the following manner: by e-mail: firstname.lastname@example.org
The data controller is responsible for determining the purposes and means of processing personal data.
B. OBLIGATIONS OF THE DATA CONTROLLER
The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user’s knowledge and to respect the purposes for which the data were collected.
The site has an SSL certificate to ensure that the information and data transfer through the site is secure.
The purpose of an SSL certificate (“Secure Socket Layer” Certificate) is to secure the data exchanged between the user and the site.
In addition, the data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this would entail disproportionate formalities, costs and steps for the user.
In the event that the integrity, confidentiality or security of the user’s personal data is compromised, the data controller undertakes to inform the user by any means.
ARTICLE 5: USER’S RIGHTS
In accordance with the regulations concerning the processing of personal data, the user has the rights listed below.
In order for the data controller to comply with the user’s request, the user is obliged to provide the data controller with: his/her first and last name and e-mail address, and if relevant, his/her account number or personal space or subscriber number.
The data controller is obliged to respond to the user within a maximum of 30 (thirty) days.
A. PRESENTATION OF THE USER’S RIGHTS REGARDING DATA COLLECTION AND PROCESSING
a. Right of access, rectification and deletion
The user may access, update, modify or request the deletion of data concerning him/her, by following the procedure set out below:
The user must send an email to the person responsible for processing personal data, specifying the subject of the request, to the contact email address.
If he/she has one, the user has the right to request the deletion of his/her personal space by following the procedure below:
The user must send an email to the data controller specifying his personal space identifier. The request will be processed within 10 working days.
b. Right to data portability
The user has the right to request the portability of his/her personal data, held by the site, to another site, by complying with the following procedure:
The user must make a request for the portability of his/her personal data to the data controller, by sending an e-mail to the address provided above.
c. Right to limit and object to data processing
The user has the right to request the limitation of or to object to the processing of his/her data by the site, without the site being able to refuse, unless it can be shown that there are legitimate and compelling reasons, which can prevail over the interests and rights and freedoms of the user.
In order to request the limitation of the processing of his/her data or to formulate an opposition to the processing of his/her data, the user must follow the following procedure:
The user must make a request to limit the processing of his/her personal data by e-mail to the data controller.
d. Right not to be subject to a decision based exclusively on an automated process
In accordance with the provisions of Regulation 2016/679, the user has the right not to be subject to a decision based exclusively on an automated process if the decision produces legal effects concerning him or her, or significantly affects him or her in a similar way.
e. Right to determine the fate of data after death
The user is reminded that he/she can organise what should happen to his/her collected and processed data if he/she dies, in accordance with the law n°2016-1321 of 7 October 2016.
f. Right to refer to the competent supervisory authority
In the event that the data controller decides not to respond to the user’s request, and the user wishes to contest this decision, or, if he/she believes that one of the rights listed above is infringed, he/she is entitled to refer the matter to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr) or any competent judge.
B. PERSONAL DATA OF MINORS
In accordance with the provisions of Article 8 of the European Regulation 2016/679 and the French Data Protection Act, only minors aged 15 or over may consent to the processing of their personal data.
If the user is a minor under the age of 15, the consent of a legal representative will be required in order for personal data to be collected and processed.
The site editor reserves the right to verify by any means that the user is over 15 years of age, or that he/she has obtained the consent of a legal representative before browsing the site.
ARTICLE 6: USE OF “COOKIES” FILES
The site may use “cookie” techniques.
A “cookie” is a small file (less than 4 kb), stored by the site on the user’s hard disk, containing information relating to the user’s browsing habits.
These files enable the site to process statistics and information on traffic, to facilitate navigation and to improve the service for the user’s comfort.
For the use of “cookie” files involving the storage and analysis of personal data, the user’s consent is necessarily requested.
The user’s consent is considered valid for a maximum period of 6 (six) months. At the end of this period, the site will again request the user’s permission to save “cookies” files on his or her hard disk.
a. Opposition of the user to the use of “cookies” by the site
Cookies that are not essential to the operation of the site are only deposited on the user’s terminal after having obtained his consent. The user may withdraw his consent at any time, as follows:
Click on the “Refuse all” button located at the foot of the site. If this button no longer appears, click on the “Cookie settings” button still in the footer.
More generally, users are informed that they can refuse to accept cookies by configuring their browser.
For information, users can find the steps to follow to configure their browser software to oppose the recording of “cookies” at the following addresses
Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
In the event that the user decides to deactivate the “cookies” files, he/she will be able to continue browsing the site. However, any malfunctioning of the site caused by this manipulation cannot be considered to be the fault of the site editor.