ARTICLE 1 – PREAMBLE
The way in which their personal data are collected and processed. All data capable of identifying a user must be considered as personal data. These include the first and last name, age, postal address, email address, location of the user or their IP address.
- What are the rights of users regarding this data.
- Who is responsible for the processing of personal data collected and processed.
- To whom this data is transmitted.
- Possibly, the site’s policy regarding “cookies” files.
ARTICLE 2 – GENERAL PRINCIPLES REGARDING THE COLLECTION AND PROCESSING OF DATA
In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of site user data respects the following principles
Lawfulness, fairness and transparency data can only be collected and processed with the consent of the user who owns the data. Whenever personal data is collected, the user will be informed that their data is collected, and for what reasons their data is collected
Limited purposes the collection and processing of data are carried out to meet one or more objectives determined in these general conditions of use
Minimization of the collection and processing of data only the data necessary for the proper execution of the objectives pursued by the site are collected
Conservation of data reduced in time, the data is kept for a limited period of time, of which the user is informed. If the retention period cannot be communicated to the user
Integrity and confidentiality of data collected and processed, the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data may only take place if they comply with at least one of the conditions below. after listed
The user has expressly consented to the processing
Processing is necessary for the proper performance of a contract
The processing meets a legal obligation
The processing is explained by a need related to the protection of the vital interests of the data subject or of another natural person
The processing may be explained by a need related to the performance of a task of public interest or which falls within the exercise of public authority
The processing and collection of personal data is necessary for the purposes of the legitimate and private interests pursued by the controller or by a third party.
ARTICLE 3 – PERSONAL DATA COLLECTED AND PROCESSED IN THE CONTEXT OF NAVIGATION ON THE SITE
DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION
The personal data collected on the site www.starlight-made-for-you.com are as follows :
- While browsing :
- When ordering:
These data are collected when the user performs one of the following operations on the site
Connect to the website www.starlight-made-for-you.com, order a product sold by the site.
The data controller will keep all the browsing data collected in its site computer systems and under reasonable security conditions for a period of 30 days and the orders entered for 12 months.
The collection and processing of data meet the following purposes
Used to identify hacker targets and create a blacklist to block access to the site while browsing the site. Regarding the data when purchasing a product, these make it possible to establish an invoice and contact the customer if necessary, but also to send the product to the address indicated by the customer.
TRANSMISSION OF DATA TO THIRD PARTIES
Personal data collected by the site is not transmitted to any third party, and is only processed by the site editor.
The site www.starlight-made-for-you.com is hosted by OVH, whose head office is located at the following address :
2 rue Kellermann 59100 Roubaix
The host can be contacted on the following telephone number 08 203 203 63
The data collected and processed by the site are hosted and processed exclusively in France.
ARTICLE 4 – DATA CONTROLLER AND DATA PROTECTION OFFICER
A. THE DATA CONTROLLER
The person responsible for processing personal data is MUNCH Damien. He can be contacted as follows :
The data controller is responsible for determining the purposes and means used for the processing of personal data.
B. OBLIGATIONS OF THE DATA CONTROLLER
The controller undertakes to protect the personal data collected, not to transmit it to third parties without the user having been informed thereof and to respect the purposes for which this data was collected.
The site has an SSL certificate to ensure that the information and the transfer of data passing through the site are secure.
An SSL certificate (“Secure Socket Layer” Certificate) is intended to secure the data exchanged between the user and the site.
In addition, the data controller undertakes to notify the user in the event of rectification or deletion of data, unless this entails disproportionate formalities, costs and procedures for him.
In the event that the integrity, confidentiality or security of the user’s personal data is compromised, the controller undertakes to inform the user by any means.
C. THE DATA PROTECTION OFFICER
In addition, the user is informed that the following person has been appointed MUNCH Damien Data Protection Officer.
The role of the Data Protection Officer is to ensure the proper implementation of national and supranational provisions relating to the collection and processing of personal data. He can also be appointed DPO (for Data Protection Officer).
The data protection officer can be reached as follows :
ARTICLE 5 – USER RIGHTS
In accordance with the regulations concerning the processing of personal data, the user has the rights listed below.
In order for the data controller to grant his request, the user is required to provide him with his first and last name as well as his e-mail address, and if relevant, his account or personal space number or subscriber.
The data controller is required to respond to the user within a maximum of 30 (thirty) days.
PRESENTATION OF THE USER’S RIGHTS IN THE COLLECTION AND PROCESSING OF DATA
a. Right of access, rectification and right to erasure
The user can read, update, modify or request the deletion of data concerning him, by respecting the procedure set out below.
The user can modify, update personal data, in the store, my account, account details. In the case of deletion, simply send an e-mail to email@example.com to request the deletion of the customer account.
If he has one, the user has the right to request the deletion of his personal space by following the following procedure
In the case of deletion, simply send an e-mail to firstname.lastname@example.org to request the deletion of the customer account. The request will be made within 48 hours maximum.
b. Right to data portability
The user has the right to request the portability of his personal data, held by the site, to another site, by complying with the following procedure
Contact the support service, email@example.com, in order to generate the data which will have to be exported and transmitted directly to another site.
c. Right to limit and oppose data processing
The user has the right to request the limitation or to oppose the processing of his data by the site, without the site being able to refuse, except to demonstrate the existence of legitimate and compelling reasons, which may prevail over the interests and the rights and freedoms of the user.
In order to request the limitation of the processing of their data or to object to the processing of their data, the user must follow the following procedure
The customer can at any time request by e-mail to the address firstname.lastname@example.org to obtain an objection to the processing of his data.
d. right not to be the subject of a decision based exclusively on an automated process
In accordance with the provisions of Regulation 2016/679, the user has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects concerning him, or significantly affects him. similar way.
e. Right to determine the fate of data after death
The user is reminded that he can organize what should be the fate of his data collected and processed if he dies, in accordance with Law No. 2016-1321 of October 7, 2016.
f. Right to seize the competent supervisory authority
In the event that the data controller decides not to respond to the user’s request, and the user wishes to challenge this decision, or, if he believes that one of the rights listed above, he is entitled to appeal to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr) or any competent judge.
The site editor reserves the right to modify it in order to ensure that it complies with the law in force.