1. Introduction and object of this policy
When you use our website, we process your personal data.
The purpose of this confidentiality policy is to set out for you the conditions under which this processing takes place and the measures taken to guarantee the security and confidentiality of your data.
This confidentiality policy may be amended at any time without notice.
In this case, this amended policy will be posted on our website and mobile application and will be effective as soon as it is published.
If we add new services and features to our website and/or our mobile applications, these will be subject to this confidentiality policy unless specified otherwise.
2. Identity and contact details of the data controller
The data controller responsible for the processing described in this confidentiality policy is the company LA BOULE OBUT, SAS , registered with the Trade and Companies Register (RCS) of Saint Étienne under the no. B 415 203 355, with registered office at 5 Route du Cros 42380 Saint-Bonnet le Château.
You can contact us:
• by e-mail at firstname.lastname@example.org
• using the contact form on our website: www.labouleobut.com
When you pay for your purchase, we inform you that you are directly connected to the website of a service provider specialised in online payments. This provider is currently BRAINTREE, a subsidiary of the PayPal group, whose details are given below:
PAYPAL Europe SARL & Cie, partnership limited by shares, RCS Luxembourg B118349, domiciled at 22-24 Boulevard Royal – L-2449 Luxembourg
Your personal data transmitted to BRAINTREE for the payment (for example your credit card number) are processed only by BRAINTREE.
The processing of your data transmitted to BRAINTREE and not to LA BOULE OBUT is not covered by this confidentiality policy, but by the confidentiality policy of BRAINTREE, which you can consult by clicking on this link: https://www.braintreepayments.com/fr/legal/braintree-privacy-policy
3. The personal data concerning you that we process, for what purposes and on what basis
You provide us with or we collect personal data concerning you:
• either because you have given us your consent (C),
• or because these data are necessary to the conclusion and performance of the sales contract between us (EX),
• or because these data are necessary for us to meet our legal obligations (e.g. accounting and financial) (O) ,
• or because these data are necessary to our legitimate interests, such as the development of our business, the improvement of our products and services, the administration, maintenance and improvement of our website and anti-fraud applications (I), ,
The marking of data with an asterisk (*) in the data collection forms means that they are necessary. Without these data marked with an asterisk (*) we are unable to provide you with access to our services. The data that you provide to us must be accurate: if it is not, we cannot ensure that your order will be fulfilled.
PERSONAL DATA PROCESSED
PROCESSING AND PURPOSES
You provide us with data when you set up your account or when you make a purchase so that we can process your order, to enable you pay for it and so that we can communicate with you about it.
We collect data when you set up your account or when you make a purchase so that we can process your order, to enable you pay for it and so that we can communicate with you about it.
you give us your agreement to receive commercial offers when you set up your account or place an order, which we use to send you such commercial offers and communicate with you on this subject
• Surname - First name
• postal address
• e-mail address,
• content of exchanges of e-mails,
• Surname - First name of beneficiaries of gift cards,
• e-mail address of beneficiaries of gift cards,
• cancellation or if you change your mind (cooling-off period)
You provide us with these data when you set up your account or make a purchase in order to prove the existence and content of the contract between us.
• customer code
• order no. and date
• items ordered
• amount of the order
• payment confirmed
We collect these data when you set up your account or make a purchase in order to prove the existence and content of the contract between us.
You provide us with these data when you use our services, and we use them to analyse, improve or personalise our offers and services.
We collect these data when you use our services, and we use them to analyse, understand our clientele and therefore to improve and personalise our offers and services.
4. How long are personal data kept?
Personal data provided or collected when the user sets up their account is kept for a period of 3 years from the closure of the account with LA BOULE OBUT.
Date provided or collected when an order is placed are kept for the time necessary for LA BOULE OBUT to meet its legal obligations and enforce its rights through legal action.
Data provided or collected when one of LA BOULE OBUT's services is used without placing an order are kept until the user account is closed, and where there is no user account, for a period of 3 years after this use.
After the aforementioned periods, all personal data are deleted or irreversibly anonymised.
5. The recipients of the data that we process
On no account do we sell or rent your data to any third parties.
The following may have access to some of your data:
• members of our company, but only if they have been given special authorisation, limited to the data necessary to the tasks they have to carry out and their level of responsibility.
• companies that provide services on our behalf or help us to provide our services (for example: our website host, the company that develops and maintains our website and our mobile applications, the provider of marketing, advertising, prospecting and communication services, data analysis provider).
Suppliers are only authorised to use said data for the purposes of performing the services we have entrusted to them and to meet any imperative statutory public policy obligations.
We ensure that our suppliers guarantee the protection, confidentiality and security of the personal data shared in accordance with the applicable regulations.
• legal professionals and judicial officers in the course of their duties relating to the handling of disputes and debt recovery, in the event of any dispute requiring that we take measures to defend our rights.
• third party organisations (tax authorities, customs, etc.) in order to meet our legal obligations, which organisations have a duty under the currently applicable regulations to guarantee the protection, confidentiality and security of the data shared.
• public networks and social media which need data to be able to select and provide relevant advertising to you and others
The persons mentioned above are granted a right of access solely to the data necessary to the performance of their services.
The personal data kept by our company are stored on servers situated in France and in England.
As exception to the foregoing, we share your data:
• necessary to the payment of the orders you place with us (Surname, first name, postal address, e-mail, telephone, date and amount of the order) with our online payment provider, BRAINTREE (subsidiary of PayPal) whose servers are situated in Luxembourg (cf. paragraph 2.2 above), which applies level 1 PCI, i.e. the highest level of protection of online transactions.
• necessary to the analysis of your interactions with our services and to our understanding of our clientele with a view to improving and personalising our services and our offers, with GOOGLE based in the USA, which applies the high standard of security required by the American regulations, Privacy Shield, but only if you have first accepted certain cookies and tags present on our website and our applications.
6. Security of your personal data
The security of your data is a major and daily concern at LA BOULE OBUT.
We therefore take appropriate organisational and technical measures:
• to guarantee the security of your personal data, such as the encryption of data and transmission channels, data anonymisation, the introduction of an access policy (accreditation, login and password) and storage methods designed to avert and prevent any breach of your personal data as well as any pointless storage and processing of data concerning you in our systems,
• to carefully select our subcontractors based on the guarantees of security and reliability they undertake to provide. Our online payment provider asserts that it complies with level I of the PCI standard, that is to say the highest level of protection for online transactions. Card payments online are validated by entering a single-use security code (3D SECURE), which is sent to the purchaser by their bank by text message on their mobile phone (when this option has been validated by the bank). Our website host also asserts that it meets level II of the PCI standard and reserves protected, dedicated servers for our use on secure premises.
Special note on passwords:
In order to make your account and your personal data more secure, the password you choose is encrypted. This means that we do not know your password and only keep an encrypted version of it without having the means to decrypt it.
To help us to guarantee the security of your data, we suggest that you choose a complex, unique password, that you change it regularly and you do not share it with anyone.
7. What rights do you have and how can you exercise them?
Under the currently applicable regulations and in particular EU Regulation no. 2016/679 of 27 April 2016, known as the "GDPR", and French law on personal data protection, you have certain rights relating to the personal data concerning you that we collect or you provide to us.
7.1. Your right to object
You have a right to object to the processing of your personal data, but only when the processing that we carry out is based on the legitimate interests of our company as stated in Article 3 above.
To object to any such processing, you must justify to us the reasons connected to your particular situation that explain the exercising of your right to object.
We will not be able to respond favourably to your request if the processing is necessary to our exercising of our legal rights, or if our company can justify legitimate reasons for carrying out this processing which override your rights and interests.
As an exception, you can enforce your right to object at any time and without giving your reasons concerning direct marketing (cf. paragraph 7.1).
7.2. Your other rights
• a right of access to the personal data concerning you that we process.
When you make your request electronically, we will provide you with a copy of this information in an electronic form.
a right to rectification, which means that you can ask us to modify or update your personal data when they are inaccurate or incomplete.
We will make the modifications requested at the at the earliest opportunity.
• a right to erasure, which means that you can ask us to delete the personal data concerning you which are no longer necessary to our company for the purposes for which they were provided or collected.
We will delete these data at the earliest opportunity if your request is justified.
• a right to restrict the processing to the simple storage of your personal data, but only in the following cases:
O if the accuracy of the data concerning you is disputed, and until the accuracy of these data is confirmed;
O if the processing is illegal and if you prefer to see your data simply stored rather than deleted;
O if we no longer need your personal data, but they are necessary for us to exercise our legal rights;
O if you have asserted your right to object (see above) until the legitimacy of the processing to which you are objecting is checked.
• a right to data portability, which means that you can ask us to transfer the personal data concerning you to a given third party.
Only data provided by you and whose processing is based on your consent of the performance of a contract (see the table in Article 3 above) may be transferred.
• a right not to be the subject of automated individual decision-making.
However, we do not implement such automated decision-making.
• a right to decide the fate of your data in the event of your death.
You can give us specific instructions on the way you wish the rights set out above to be exercised after your death. These instructions can also be recorded with a digital trusted third party certified by the French data protection agency (CNIL). These instructions may name a person to be in charge of their implementation, which person then has the authority, when you die, to find out what your instructions are and to ask us to implement them.
If you do not name anyone or, unless you leave instructions to the contrary, in the event of your death, your heirs will be able to find out your instructions when you die and ask us to implement them.
In the absence of any instructions, you heirs can contact us to:
O access the data necessary to organise and settle your estate,
O receive any digital assets or data amounting constituting family keepsakes,
O close your account with us and object to the continued processing of your personal data or have them updated.
7.3. How to exercise your rights
You can also exercise your rights by contacting us:
• by e-mail at email@example.com
• using the contact form on our website: www.labouleobut.com
You must send a copy of your identity document with your request.
The exercising of your rights will not give rise to any refusal on our part or any billing, except in the event of a manifestly unreasonable or excessive request.
We will respond within one month of your request. This deadline may be extended by two months for reasons connected to the complexity of your request, the number of requests and any other situation that prevents us responding within one month.
8. Direct marketing
You can object to our company sending you commercial offers at any time, doing so by any means and in particular writing to us at the addresses given in Article 7 of this confidentiality policy or by using the unsubscribe link in our offer e-mails.
In any case, the personal data concerning you used in connection with such commercial offers will be kept for a maximum of 3 years after the last contact made by you.
9. Cookies and other technologies
The first time you visit our website a banner informs you of the existence of these cookies and offers you the possibility of finding out their nature, their purposes and also the means of objecting to their being deposited on your device.
This banner reminds you that continuing to browse our site amounts to your accepting the depositing of all the cookies we on your device.
Cookies are small data files that are stored on your device when you connect to our website.
Other cookies are stored for longer (maximum 13 months) and can serve to remember your preferences, logins and passwords, etc. These are known as permanent cookies.
D’autres cookies sont stockés de manière plus durable (maximum de 13 mois) et peuvent servir à mémoriser vos préférences, vos identifiants, vos mots de passe etc., on parle alors de cookies permanents.
Some of these cookies can collect personal data such as your geo-location, your language, your device's IP, etc.
Others can collect anonymous information (number of pages visited, time connected to a page, articles most consulted, etc.).
Finally, some of the cookies already mentioned are strictly necessary to the functioning of our website.
We do not give you the possibility of objecting to these cookies, which do not collect any personal data.
If you block them with your browser, our site will be unusable or very difficult to use.
Cookies that are not strictly necessary to the functioning of our website include performance and functionality cookies
These cookies enable us to personalise your browsing and improve it. They also enable us to collect data on the way you interact with our services, which enables us to improve our services and offers.
Preventing the depositing of this type of cookies can limit the functionalities of our service.
For more information, but also to accept or refuse the depositing of cookies not strictly necessary to the use of our site, click on this link: set my cookie preferences.
IMPORTANT: you can change your cookie preference settings at any time by clicking on the COOKIES link you will find on all the pages of our website.
9.2. Other technologies
As well as cookies we use TAG technology.
Tags are lines of pre-established code which are added to particular elements on the pages of our site that we wish to track.
These tags allow information to be collected on the way elements making up the pages of our site, which have a tag, are used..
Like cookies, the information collected enables us to improve our services and offers.
9.3 Google reCaptcha
10. URL links (hypertexts)
10.1. Hypertext links present on our site and mobile applications.
The links we publish on our website and our applications that redirect you to other sites are supplied simply for your information.
As the user is free to click on them or not to continue browsing on these other sites, we accept no responsibility in this respect.
Once on the third party site, our confidentiality policy no longer applies; it is up to you to consult the confidentiality policy of the website in question.
10.2. Hypertext links leading to our site.
It is prohibited for anyone to create a simple or deep link to our site without our prior written authorisation.
11. Particular situation of children aged under 15 years and their parents
In accordance with current regulations, our services are accessible only to person aged at least fifteen years at the time of signing up.
Minors aged under fifteen may only sign up to our services without the agreement of at least one legal guardian.
If you are a parent of a minor aged under fifteen and you discover that the minor has created an account on LA BOULE OBUT without your permission, you should contact us without delay using the contact details given in paragraph 2, and where appropriate, exercise your rights listed in paragraph 7.
In such a case, we will take the necessary measures as requested by yo.
12. Complaints and referrals to the CNIL
You have a right of complaint to the CNIL (French data protection agency), which will keep you informed of the progress of your case and its outcome as well as your right to take legal action.
If you reside outside France, but within the European Union, you may choose to make your complaint to the relevant authority in your country of residence.
Last updated: 4 April 2019 (publication date)