Applicable as of 01 July 2022 and subject to change without notice.
On (hereinafter the "Site"), the controller of the personal data is :
Thomas NARCANTE, representative of " XTEP DEVELOPPEMENT ", SASU with a capital of 1000€ located at 71 Bd Saint Denis, 92400 COURBEVOIE, with SIRET 881 126 619 00017 and VAT INTRACOM FR83881126619;
Serge FOUDJET, representative of " XTEP PROJECT MANAGEMENT ", SASU with a capital of 1000€ located at 53 rue Jules Massenet, 91420 MORANGIS, with SIRET 881 700 983 00011 and TVA INTRACOM FR67881700983
XTEP (hereinafter referred to as "we" or "us") is committed to ensuring that the collection and processing of your data is carried out in a lawful, fair and transparent manner, in accordance with the General Data Protection Regulation ("GDPR") and the French Data Protection Act of 1978 as amended.
In this paper we will try to answer the following questions:
- What personal data do we process?
- For what purpose?
- On what legal basis?
- How long is the data kept?
- What are your rights?
- How can they be exercised?
You will also find our commitments regarding subcontracting, transfers, communication to third parties and in the event of a security breach. If you have any questions or complaints, please contact us.
Article 1 - Categories of personal data collected and processed
In the course of our business on this Site, you provide us with the following information by filling in the information form(s) and communicating with us:
- Civil status and contact information (title, surname, first name, company, position, postal address, telephone number and e-mail address) will enable us to identify you and communicate with you;
- Information relating to the contractual and commercial relationship (including details of products and/or services ordered) that you may have with us as well as banking information (bank details, card numbers and cryptogram) and transactional information (date of transaction, amount, order number and invoice number).
Article 2 - Aims
- The identification of persons using this Site to order our products and/or services;
- The creation and management of the data subject's customer account and the execution of payment transactions made at his/her request;
- The processing of operations relating to the management of files concerning: orders; deliveries; invoices; accounting and monitoring of the commercial relationship;
- Managing the relationship with prospects and customers and people's opinions on products, services or content;
- Handling questions and possible complaints from individuals and managing requests for access, rectification and opposition rights;
- Respecting the modalities of online access to the accounts and management of possible authentication procedures (registration, connection and loss of password);
- Execution of payments ;
- The development of commercial and advertising statistics;
- Canvassing and/or sending information (newsletter), which includes the follow-up of prospects, the management of technical canvassing operations, the selection of persons to carry out loyalty-building, canvassing, surveys, tests and promotions, as well as the carrying out of solicitation operations;
- Participation in special events, such as competitions, games, prize draws, offers and participation in the loyalty programme, excluding online gambling subject to approval by the French Gaming Regulatory Authority;
- The prevention and fight against fraud and means of payment and in particular against bank card fraud;
- Management of unpaid bills and disputes;
- Improving the Site and our offerings;
- Site security.
Article 3 - Legal basis
The legal basis for the processing of personal data within the meaning of Article 6 of the GDPR is that :
- The processing is necessary for the performance of the contractual relationship between us and/or you wish to enter into with us, since the personal data we collect and process are necessary for the execution of the purchases requested under our General Terms and Conditions (GTC);
- Or the processing is also necessary to protect our legitimate interests, in particular by enabling us to carry out commercial prospecting, to keep proof of transactions carried out and/or, if necessary, to carry out recovery;
- If required by law, or if not required in either of the above cases, we will ask for your consent.
Article 4 - Conservation time
Personal data that is processed shall not be kept beyond the time necessary to fulfil the obligations defined at the time of the conclusion of the contract or imposed by the legislation in force. We keep personal data for the time strictly necessary to achieve the purposes described herein. After this period, it may be anonymised and kept for statistical purposes only.
Means of deletion of data shall be put in place to provide for effective deletion once the period of retention or archiving necessary for the fulfilment of the purposes determined or imposed has been reached.
Article 5 - Cookies
You are informed that we may place cookies on your terminal. The cookie records information relating to navigation on the service (the pages you have consulted, the date and time of the consultation, etc.) which we can read during your subsequent visits.
The maximum storage period for cookies is 13 months after they are first deposited in your terminal, as is the duration of the validity of your consent to the use of these cookies. The lifetime of cookies is not extended with each visit. Your consent must therefore be renewed at the end of this period.
Cookies may be used for statistical purposes, in particular to optimise the services rendered, based on the processing of information concerning the frequency of access, the personalisation of pages as well as the operations carried out and the information consulted. They may also be used for advertising purposes, in particular to offer you targeted content in banners and inserts on the Internet. Some features of the site such as video players or interactive content are likely to use services offered by third parties and to deposit cookies allowing them to identify your consultation of the content. Some cookies may also be used to store customer account information or shopping cart contents.
Article 6 - Your rights and remedies
You have the right to access your data, to correct or delete it, to ask questions, to limit the processing of your data, to portability and to erasure.
You also have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data based on our legitimate interest, as well as the right to object to commercial prospecting. You may also withdraw your consent to processing at any time, without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal of consent.
In addition, you have the right to define general and specific directives defining the way in which you would like the above-mentioned rights to be exercised after your death. Finally, you may lodge a complaint with the CNIL if you feel that our responses are unsatisfactory.
For any request, you will be asked to prove your identity by any useful means and to justify, if necessary, the reasons for your request.
Requests to exercise your rights should be sent electronically to: firstname.lastname@example.org.
Upon exercising the right to erasure, to object to processing or to withdraw consent, the proper functioning of the Site may be disrupted or interrupted. For example, if these rights are exercised at the time of ordering products or services, then the said order may be cancelled and the said service may be suspended.
The email you provide may be used to send you information via electronic mailings for example. If at any time you wish to unsubscribe and no longer receive these emails, you will find unsubscribe instructions at the end of each email.
More information on your rights: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles
Article 7 - Subcontracting
You are informed that we may use one or more subcontractors to carry out specific processing activities.
We undertake to ensure that any subcontractor provides sufficient contractual guarantees that appropriate technical and organisational measures have been implemented to ensure that the processing meets the requirements of the GDPR (General Data Protection Regulation).
Article 8 - Third parties
We do not share any personal data for commercial purposes with third parties without your consent.
If we pass on your personal data to a third party, we will ensure that the third party is bound by the same privacy terms as we are.
On the basis of legal obligations, your personal data may be disclosed to public authorities in application of a law, a regulation or by virtue of a decision of a competent regulatory or judicial authority. In the case of deliveries of products abroad, personal data will be sent to customs authorities.
The personal data that you provide when placing an order is passed on to our suppliers, subcontractors and/or subsidiaries for processing. This information is considered strictly confidential, and these recipients only have access to the data necessary for the execution of the contract between us.
In the event that we become involved in a merger, acquisition or other form of asset transfer, we are committed to ensuring the confidentiality of your personal data and to informing you before your personal data is transferred or subjected to new privacy rules.
If you connect your account to an account on another service, such as a social network, that service may share your profile information, login information, and any other information you have authorized to be shared with us.
This Site may provide links to other sites, applications and services which may be operated by third parties. In this case, we are not responsible for the processing of personal data by these third party sites, whose privacy policies the user should consult for further information.
Article 9 - Transfer abroad
We undertake to comply with the applicable regulations relating to the transfer of data to countries outside the European Union, in particular in the following ways:
- We will only transfer visitor, prospect and customer data to countries that are recognised as offering an equivalent level of protection; If transferring to the United States, to organisations that have joined the EU-US Privacy Shield only;
- We will only transfer personal data outside countries recognised by the CNIL as having a sufficient level of protection if we have obtained authorisation from the CNIL to do so.
Article 10 - Security
We undertake to implement all appropriate technical and organisational measures using physical and logistical security measures to guarantee a level of security appropriate to the risks of accidental, unauthorised or illegal access, disclosure, alteration, loss or destruction of your personal data.
In the event that we become aware of unlawful access to your personal data stored on our servers or those of our service providers, or of unauthorised access resulting in the risks identified above, we undertake to :
- Notify you of the incident as soon as possible if this is a legal requirement;
- Examine the causes of the incident;
- Take the necessary measures within reason to mitigate the negative effects and damage that may result from the incident
Under no circumstances may the undertakings set out in the above point be assimilated to any recognition of fault or responsibility for the occurrence of the incident in question.
Article 11 - Legislation
Article 12 - Consent