1. Who are we?
1.1 The controller
1. The following information is communicated to you so that you know the commitments regarding the protection of personal data made by ISKN, who acts as controller for the processing of personal data referred to in this document.
1.2 Our Data Protection Officer
2. ISKN has designated a Data protection Officer whose contact details are as follows: Vivian Chauvin-Rivet, 22 avenue Benoît Frachon, 38400 Saint-Martin d’Hères, France, firstname.lastname@example.org.
2. What personal data do we process?
3. In the context of processing of personal data, ISKN collects and processes the following data:
– Via order form: surname, first name, full delivery address, phone number, email address and means of payment for order management and tracking.
– List to be completed, where applicable.
3. What are the purposes and legal bases of our data processing?
3.1 The purposes of our data processing
4. We are processing data for the following purposes:
– Order management and tracking;
– List to be completed, where applicable
3.2 The legal bases of our data processing
5. We implement data processing only if at least one of the following conditions is met:
– your consent to the processing operations has been obtained;
– the existence of our legitimate interest, or that of a third party, which justifies that we implement this processing of personal data;
– the execution of a contract binding us to you requires that we implement this processing of personal data;
– we are subject to statutory and regulatory obligations which require this processing of personal data.
4. Who are the recipients of your data?
6. The personal data we collect, and those we obtained subsequently, are intended for us in our capacity as controller.
7. We ensure that only authorised persons have access to this data. Our service providers, such as Shopify for the e-commerce website, the company Colorz/Davison Consulting that creates the WordPress website and Pontica for after-sale services, can be recipients of this data to perform the services we entrust to them. Some personal data may be sent to third parties or to legally authorised authorities in order to meet our legal, regulatory or contractual obligations.
5. Do we transfer your data?
10. We may transfer your personal data outside the European Union. We ensure that these transfers are governed by legal instruments that comply with the applicable legal framework, i.e an adequacy decision or standard contractual clauses. These safeguards offer your personal data a level of protection equivalent to the one which is applied on the European Union territory.
11. Personal data may be transferred to the United States. Each of these transfers is carried out on the basis of legal instruments that comply with the applicable legal framework.
12. The recipients of these data have adhere to the Privacy Shield recognized as offering a level of protection equivalent to the one applied on the European Union territory pursuant to the decision on the adequacy of the protection provided by the EU-U.S. Privacy Shield adopted by the European Commission on 12 July 2016.
13. Transfers made to the United States to processors who have not adhered to the Privacy Shield are governed by standard contractual clauses approved by Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council.
6. How long are we keeping your data?
14. The periods for which we keep your personal data are proportionate to the purposes for which your data were collected. Our data storage policy is organized as follows:
– Personal data for order management and tracking: duration of the business relationship from the conclusion of the contract when the delivery of goods or the provision of service is immediate and from the conclusion of the contract until the date of delivery of goods or the provision of service otherwise.
7. What are your rights?
7.1 Your right of information
16. In addition to this information and with the aim of ensuring fair and transparent processing of your data, you further acknowledge that you have received additional information concerning:
– the period for which your personal data will be kept;
– the existence of the rights which are granted to you and the terms and conditions to exercise them.
17. If we decide to process data for purposes other than those indicated, all information relating to those new purposes will be communicated to you.
7.2 Your right of access to and rectification of your data
18. You have the right to access and rectify your personal data, which you can exercise with Vivian Chauvin-Rivet, 22 avenue Benoît Frachon, 38400 Saint-Martin d’Hères, France, email@example.com.
19. In this respect, you have the confirmation as to whether or not your personal data are being processed and where this is the case, access to your data and the following information:
– the purposes of the processing;
– the categories of personal data concerned;
– the recipients or categories of recipient as well as the international organisations to whom the personal data have been or will be disclosed, in particular recipients in third countries;
– where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
– the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
– the right to lodge a complaint with a supervisory authority;
– where the personal data are not collected from the data subjects, any available information as to their source;
– the existence of automated decision-making, including profiling, and in this case, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
20. You can ask us to, as the case may be, rectify or complete your personal data that are inaccurate, incomplete, equivocal or expired.
7.3 Your right to erasure of your data
21. You can ask us to erase your personal data where one of the following grounds applies:
– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
– you withdraw the consent you have previously given;
– you object to the processing of your personal data and there is no legal reason for such processing;
– the processing of personal data does not comply with the provisions of the applicable legislation and regulations;
– your personal data have been collected in relation to the offer of information society services to children under 16 years of age.
22. Nevertheless, the exercise of this right will not be possible when the retention of your personal data is necessary for compliance with statutory or regulatory provisions and in particular for example for the establishment, exercise or defence of legal claims.
7.4 Your right to restriction of processing
23. You may request restriction of processing of your personal data in the cases provided for by law and regulation.
7.5 Your right to object to data processing
24. You have the right to object to the processing of personal data concerning you when the processing is based on the legitimate interest of the controller.
7.6 Your right to data portability
25. You have the right to portability of your personal data.
26. The data on which this right can be exercised are:
– only your personal data, which excludes anonymized personal data or data that does not concern you;
– declarative personal data and personal data relating to our functioning, as mentioned above;
– personal data which do not adversely affect the rights and freedoms of others such as those protected by trade secrets.
27. This right is limited to processing based on consent or contract as well as to personal data that you have personally generated.
28. This right does not include derived or inferred data, which are personal data created by ISKN.
7.7 Your right to withdraw your consent
29. When the data processing we carry out is based on your consent, you may withdraw it at any time. We will then stop processing your personal data but this will have no impact on the previous transactions to which you have consented.
7.8 Your right to lodge a complaint with a supervisory authority
30. You have the right to lodge a complaint with the French data protection authority (the CNIL) on the French territory without prejudice to any administrative or judicial remedy.
7.9 How to exercise your rights?
31. All the rights enumerated above can be exercised by sending a request to Vivian Chauvin-Rivet, 22 avenue Benoît Frachon, 38400 Saint-Martin d’Hères, France, firstname.lastname@example.org.
32. Regarding the exercise of your right of information, we are not required to provide you with information where:
– you already possess the information;
– the recording or disclosure of your personal data is expressly laid down by law;
– the provision of information to you proves to be impossible;
– the provision of information to you would involve a disproportionate effort.
8. Why are your data communicated to us ?
33. Your personal data are communicated to us:
– Where applicable, to be able to manage and track your order. You are obliged to provide us with the following personal data in the order form: surname, first name, full delivery address, phone number and means of payment.
34. In this context, if you refuse to provide us with your personal data, we will inform you that this refusal will result in the impossibility to manage your order.