Personal Data Protection Policy
The privacy of its customers is important to Huttopia.
This is why, in compliance with the regulations in force on the protection of personal data, in particular the General Data Protection Regulation (RGPD), we have appointed a Data Protection Officer and do everything possible to apply the recommendations of the CNIL.
We process the data of our users, customers or prospects with the following characteristics:
1. Data collected
The personal data collected on this site are the following:
- Payment: in the context of the payment of products and services offered on the site, the site records financial data relating to the user's bank account or credit card.
- Delivery: as part of the delivery of products ordered by the user, geographical data including the user's address is collected.
- Cookies: cookies are used in the context of the use of the site. The user has the possibility to deactivate the cookies at the first connection and then from the settings of his browser. Cookies are essential to the proper functioning of the site and allow the user to improve their browsing experience, to use certain sharing features on social networks and to have access to content and advertising based on their centres of interest.
Some cookies are essential to the operation of the site and are installed automatically. On first connection to the site, the user can accept or refuse the installation of non-essential cookies for which their consent is required.
At any time, the user can modify his/her preferences with regard to cookies by clicking on the "manage consent" link, which is present at the bottom of the page on most of our sites.
2. Purpose of the processing
The personal data collected from users is used to provide and improve the site's services and to maintain a secure environment.
More specifically, the uses are as follows:
- Access and use of the site by the user;
- Management of the operation and optimisation of the site;
- Verification, identification and authentication of data transmitted by the user;
- Implementation of user assistance;
- Personalisation of services by displaying advertisements according to the user's browsing history and preferences;
- Preventing and detecting fraud, malicious software and managing security incidents;
- Management of possible disputes with users;
- Sending commercial and advertising information, according to the user's preferences.
3. Duration of storage
Personal data is kept for a limited period of time, which does not exceed the time required for the purposes of collection.
4. Legal basis
The legal basis used for the processing operations listed below:
- The management of prospects: legitimate interest
- Analysis of purchasing behaviour: legitimate interest
- Management of an order (order, invoicing, delivery): necessary for the execution of a contract
5. Sharing of personal data with third parties
Personal data may be shared with third party companies in the following cases:
- When the user uses the payment services, for the implementation of these services, the website is in relation with third party banking and financial companies with which it has contracts;
- When the user authorises the website of a third party to access his/her data;
- When the site uses service providers to provide user support, advertising and payment services. These service providers have limited access to the user's data for the purpose of providing these services and are contractually obliged to use it in accordance with the provisions of the applicable data protection regulations;
- If required by law, the site may transmit data to follow up on claims made against the site and to comply with administrative and judicial procedures;
- If the site is involved in a merger, acquisition, sale of assets or receivership, it may be required to sell or share all or part of its assets, including personal data. In this case, users would be informed before personal data is transferred to a third party.
6. Security and confidentiality
The site implements organisational, technical, software and physical digital security measures to protect personal data against alteration, destruction and unauthorised access. However, it should be noted that the internet is not a completely secure environment and the site cannot guarantee the security of the transmission or storage of information on the internet.
7. Enforcement of data subjects' rights
Under the law, You have a number of rights with respect to Your personal data. You can obtain further information and advice on your rights from the competent data protection authority in your country (in France, the Commission Nationale Informatique et Libertés (CNIL: https://www.cnil.fr/).
- Right of access: You have the right to access your information (if we process it), and certain other information (such as that provided here). This is so that you are aware of and can check that we are using your information in accordance with data protection laws.
- The right of rectification: You have the right to have your information corrected if it is inaccurate or incomplete.
- The right to erasure: This right is also known as the "right to be forgotten" and, simply put, it allows you to request the erasure or deletion of your data where there is no compelling reason for us to continue to use it. However, this is not a general right to erasure of data and there are exceptions.
- The right to restrict processing: You have the right to 'block' or remove any further use of your information. Where processing is restricted, we may store it, but may not continue to use it. We keep a list of those who have requested that further use of their data be blocked, to ensure compliance with the restriction.
- The right to data portability: You have the right to obtain and re-use your personal data for your own purposes and in other services. This allows you to easily relocate, copy or transfer them between our computer systems and third parties in a secure manner, without affecting their ability to be used.
- The right to object: You have the right to object to certain types of processing, including processing for direct marketing purposes (which is only possible with your consent).
- The right to complain: You have the right to complain about the way we process or manage your personal data to the relevant national authority (in France, the Commission Nationale Informatique et Libertés (CNIL: https://www.cnil.fr/).
- The right to withdraw your consent: If you have given your consent to the processing or use of your personal data, you may withdraw it at any time (although if you do so, this does not mean that everything we have done with your consent up to that point has been unlawful). This includes your right to withdraw consent to the use of your personal data for marketing purposes.
We will respond to requests and provide information free of charge; however, we may charge a reasonable fee to cover our administrative costs for repeated requests.
We may also have the right to refuse to comply with a request. Please judge your request responsibly before making it. We will respond as soon as possible, usually within one month of receipt, but if the request takes longer to process we will let you know.
8. Contacting us about data protection
- By email to the following address: firstname.lastname@example.org
- By post: HUTTOPIA, For the attention of the Personal Data Protection Officer rue du Chapoly 69290 Saint Genis les Ollières.
9. Evolution of this policy
HUTTOPIA STORES reserves the right to make any changes to this policy on the protection of personal data at any time. If a modification is made to this policy on the protection of personal data, Huttopia SA undertakes to publish the new version on its website.