Privacy Policy

PRIVACY POLICY

Last updated: 22.11.2022

1. DATA CONTROLLER

The data controller is the company ALEPOC.

Contact information:

  • - Headquarters: 15 Chemin de la Crabe, 31300 Toulouse
  • - Correspondence address: 116 Avenue de la 1ère Armée 32000 AUCH
  • - Email, use the form available here
  • - Contact numbers (head office switchboard): Tel: 09 72 25 90 42

2. PERSONAL INFORMATION COLLECTED

When you make a purchase in our store, as part of our buying and selling process, we collect the personal information you provide us, such as your name, address, and email address.

When you browse our store, we also automatically receive the Internet Protocol (IP) address of your computer, which allows us to obtain more details about the browser and operating system you are using.

With your consent, we could send you emails about our store, new products, and other updates; unless you object, we may send you emails about products and services similar to those you have already ordered.

3. TREATMENTS IMPLEMENTED

3.1. Overview

Types of treatmentsData concerned by the processingPurposes of processingLegal bases of processingShelf lifeRecipients
Customer Account/Commercial Management Data related to identification, payment methods used, transaction, and subscribed services The purpose of the treatment is to:
  • - Management of the contractual relationship
  • - Bookkeeping
  • - Creation of statistics
  • - Conducting satisfaction surveys and customer studies
  • - Management of claims, after-sales service, warranties
  • - Claims management,
  • - Management of individuals' rights
 Execution of a contract (article 6.1.b of the GDPR)

Legitimate interest (Article 6.1.f), namely to maintain the security of our website.

Compliance with a legal obligation (article 6.1.c of the GDPR)

 Duration of the contractual relationship.

Time required to meet accounting and tax obligations.

Duration of the applicable statute of limitations.

 Internally, the departments responsible for customer management.

Externally, accounting and IT service providers, the administration.
Newsletter Identification data; subscription date; statistics. The processing is intended to allow prospecting operations. Consent (Article 6.1.a of the GDPR)

Legitimate interest (Article 6.1.f of the GDPR) for similar products and services

 Until the withdrawal of consent or 3 years from the last contact. Internally, the departments responsible for communication and marketing.

Externally, IT and routing service providers
Contact form Identification data; date and purpose of the request; follow-ups provided; statistics ; The purpose of the processing is to respond to your requests.

It allows:

  • - The receipt of submitted requests,
  • - The management of the follow-up to these requests,
  • - The production of statistics.
 Consent (Article 6.1.a of the GDPR)

Performance of a pre-contractual or contractual measure (article 6.1.b of the GDPR)

Legitimate interest (Article 6.1.f), namely to understand the expectations of the site's users

2 years from the last contact.

Duration of the contractual relationship extended by the duration of the applicable statute of limitations for clients.

 Internally, the services responsible for processing your request.

Externally, the IT service providers.
Online navigation (cookies) Browsing data, Duration of your visit, Technical information (IP address, browser used, etc.) The purpose of the processing is:
  • - to allow the site to function
  • - to improve the interactivity of the site (services offered by third-party sites such as sharing buttons).
  • - Deliver appropriate content according to the device used.
 Legitimate interest (Article 6.1.f of the GDPR), namely the operation of the site for functional cookies.

Consent (Article 6.1.a of the GDPR) for others.

 6 months Internally, the departments responsible for communication.

Externally, IT service providers, web/communication agencies
Prospecting and marketing actions Identification data; subscription date; statistics. The processing is intended to allow prospecting operations. Consent (Article 6.1.a of the GDPR)

Legitimate interest (Article 6.1.f of the GDPR) for similar products and services

 Until the withdrawal of consent or 3 years from the last contact. Internally, the departments responsible for communication and marketing.

Externally, IT and routing service providers
Website management Identification data; navigation data; data related to publication management; data related to the management of technical services; audience statistics. Content preparation and publication.

Uploading of contact forms.

Technical administration.

Site security management.

Statistics.

 Legitimate interest (Article 6.1.f), namely the functioning of the website Publications: Until the withdrawal of the publication.

Providers: 5 years after the end of the contract with the providers.

Logs: 6 months

 Internally, the services responsible for managing the website.

Externally, the providers: application maintenance outsourcing, hosting, domain name registry.
Social media account management Data visible on the relevant social media platforms

Technical account administration ;

interactions with social media users ;

Statistics.		 Legitimate interest (Article 6.1.f), namely social media management The duration of the existence of the social media account Internally, the departments responsible for managing social media.

Externally, the providers responsible for managing social media.

3.2. Cookies

When visiting the website, information about the visitor or related to the navigation of the device (computer, tablet, smartphone, etc.) may be read or recorded in "cookies" files installed on the visitor's device, subject to the choices made regarding cookies.

To learn more about cookies, how they work, and ways to opt out: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser

Some cookies can be placed or read without obtaining people's consent, namely:

  • • Cookies with the exclusive purpose of enabling or facilitating electronic communication ;
  • • Cookies that are strictly necessary for providing a service expressly requested by the user ;
  • • Some audience measurement cookies.

4. CONSENT

Some treatments implemented are based on your consent.

How can I withdraw my consent ?

In our newsletters, consent withdrawal is done by clicking on the unsubscribe link.

If after giving us your consent, you change your mind and no longer agree to allow us to contact you, collect your information, or disclose it, you can inform us by contacting us. via our form or by mail to: Alepoc Direction, 15 Chemin de la Crabe, 31300 Toulouse

5. RETENTION PERIOD

In accordance with the provisions of Article 5(e) of the GDPR, personal data must be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which they are processed.

Data may be retained later in the following cases when retention is necessary:

  • • In the exercise of the right to freedom of expression and information,
  • • In compliance with a legal obligation,
  • • In the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller,
  • • For reasons of public interest in the field of public health,
  • • For archival purposes in the public interest,
  • • For scientific or historical research purposes or for statistical purposes,
  • • Or for the establishment, exercise, or defense of legal rights.

The criteria for determining retention periods are as follows:

  • • Legal or regulatory provisions
  • • The doctrine and jurisprudence of supervisory authorities
  • • Sectoral references

Retention periods:

  • - Accounting and tax data: 10 years
  • - Customer account: The customer account data, created by the customer, is intended to be retained until the account is deleted by the user. However, the account will be considered inactive if not used for 2 years and may be subject to deletion.

6. RECIPIENTS

The data is processed internally by individuals duly authorized for this purpose and within the limits of their respective responsibilities.

Furthermore, the data may be communicated to duly authorized French and/or foreign authorities, particularly in the context of judicial or administrative procedures (including arbitrators, mediators, relevant ministries, supervisory and regulatory authorities, all public bodies authorized to receive said data, etc.).

Our store is hosted on O2SWITCH. They provide us with the hosting platform that allows us to sell our services and products to you.

Your data is stored in the data storage system and databases of O2SWITCH, and in the general Prestashop application. Your data is kept on a secure server protected by a firewall.

In general, the third-party providers we use will only collect, use, and disclose your information to the extent necessary to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we are required to provide to them for your purchase transactions.

With regard to these providers, we recommend that you carefully read their privacy policies so that you can understand how they will handle your personal information.

It is important to remember that some suppliers may be located or have facilities located in a different jurisdiction from yours or ours. Therefore, if you decide to proceed with a transaction that requires the services of a third-party supplier, your information may then be governed by the laws of the jurisdiction in which this supplier is located or the jurisdiction in which its facilities are located.

For example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, the information belonging to you that was used to complete the transaction may be disclosed under United States legislation, including the Patriot Act.

Once you leave our shop's website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or the Terms and Conditions of Sale and Use of our website.

The recipient categories are:

  • - Payment service providers, banks
  • - Hosting service providers

To learn more about data protection at our service providers:

Links

You may be directed to leave our website by clicking on certain links present on our site. We do not assume any responsibility for the privacy practices of these other sites and recommend that you carefully read their privacy policies.

7. SECURITY

We implement appropriate technical and organizational measures to ensure a level of security suitable for the risk, taking into account the state of knowledge, implementation costs, and the nature, scope, context, and purposes of the processing, as well as the risks, which vary in likelihood and severity, to the rights and freedoms of individuals. When assessing the appropriate level of security, particular consideration is given to the risks posed by processing, especially those resulting from the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored, or otherwise processed, or unauthorized access to such data, whether accidental or unlawful.

8. AGE OF CONSENT

By using this site, you declare that you are at least the age of majority in your state or province of residence, and that you have given us your consent to allow any minor under your care to use this website.

9. CHANGES MADE TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time, particularly to accommodate changes in the data controller's site, regulations, the doctrine of supervisory authorities, or the implementation of new processing. We encourage you to review it frequently. Changes and clarifications will take effect immediately upon their publication on the website.

If our store is acquired by or merges with another company, your information could be transferred to the new owners so that we can continue to sell you products.

10. YOUR RIGHTS

You are informed of your various rights:

  • • Right of access to personal data concerning you (Article 15 of the GDPR),
  • • Right to rectification (Article 16 of the GDPR),
  • • Right to erasure (Article 17 of the GDPR),
  • • Right to restriction of processing (Article 18 of the GDPR)
  • • Right to data portability (Article 20 of the GDPR),
  • • Right to object (Article 21 of the GDPR)

When data is processed for prospecting purposes, you can object to any commercial prospecting without reason; to learn more about opposition lists: https://www.cnil.fr/fr/les-listes-dopposition.

When the processing is based on your consent, you have the right to withdraw it at any time.

Apart from commercial prospecting, the data controller can refuse if they demonstrate that there are legitimate and compelling reasons for processing or for establishing, exercising, or defending legal claims, if a contract binds you, if a legal obligation requires them to process your data, if the processing is necessary to safeguard the vital interests of the person concerned or another natural person.

Telephone data. The consumer is informed of their right to register on the list opposing telephone solicitation.

  • • Right not to be subject to a decision based solely on automated processing (Article 22 of the GDPR). When this processing is necessary for the conclusion or performance of a contract with the concerned individual or based on their consent, you can request human intervention from us, express your point of view, and contest the decision.
  • • Right to define instructions regarding the fate of your personal data after your death,
  • • Right to file a complaint with a supervisory authority (the CNIL in France).

11. QUESTIONS AND CONTACT INFORMATION

If you wish to: access, correct, modify, or delete any personal information we have about you, file a complaint, or if you simply want more information, please contact our privacy standards officer. via our form or by mail to Alepoc, 15 Chemin de la Crabe, 31300 Toulouse