PERSONAL DATA PROCESSING AND COOKIE MANAGEMENT POLICY
APPLICABLE AS OF 11 MAY 2023
Mary Cohr SAS thanks you for visiting our website at www.marycohr.com (the “Site”). Mary Cohr SAS undertakes to process your personal data in accordance with the General Data Protection Regulation (“GDPR”) and the Data Protection Act. This processing of personal data is, in particular, not limited to the following standards: - The European Data Protection Regulation (EU Regulation 2016/679 of the European Parliament and of the Council or “GDPR”) applicable since 25 May 2018; - and Law no. 78-17 of 6 January 1978 relating to data processing, files and freedoms (known as the “Data Protection Act”) amended by the Health Act of January 2016, the Law for a Digital Republic of October 2016 and LAW no. 2018-493 of 20 June 2018 on the protection of personal data set as a principle the protection of human identity, human rights, privacy and individual or public freedoms. This Policy (“Policy”) informs any concerned natural person (customer, prospect, visitor to the Site) of the manner in which Mary Cohr SAS processes personal data as well as of the rights that such person has and how to exercise them.
1- What is personal data?
A personal data (hereinafter “Data(s)” or “Personal Data(s)”) means any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or to one or more elements of its own. Example: last name, first name, phone number, email address.
2 - Who collects your Data?
The Data Controller is Mary Cohr SAS, represented by her legal representative. This personal data processing policy details the policy of Mary Cohr SAS, a simplified joint-stock company (SAS) with a capital of €3,000,000 (€), whose registered office is located at 120, avenue Charles de Gaulle, 92200 Neuilly sur Seine, registered with the NANTERRE Trade and Companies Register under number 312 246 762, in terms of personal data. This Policy applies to all Personal Data and Information you provide to Mary Cohr SAS, including browsing the Site, signing up for newsletters, or placing an order accessible through Mary Cohr SAS e-commerce. Your rights can be exercised by writing to: Mary Cohr SAS – DPO – 120 Avenue Charles De Gaulle - 92200 Neuilly sur Seine or by email to: firstname.lastname@example.org.
3 – What Data is collected?
4 – Is the communication of Personal Data mandatory?
5 - Why do we collect your Data?
We collect your Data to best manage our services and your requests. • Processing is based on the execution of pre-contractual and contractual measures when the purpose of the collection is to: . Create and manage accounts receivable, prospects to enable your requests to be taken into account; . Manage your requests for rights; . Customize and meet your individual needs; . Ensure the follow-up of the prospect customer relationship in particular in the management of your complaints and requests;
• The processing is based on your consent when the purpose of the collection is to: . Provide personalized advertising content; . Send you newsletters, newsletters and promotional offers; • The processing is based on our legitimate interest, namely the improvement of our services and the security of our Site and IT network where the purpose of the collection is to: . Improve our website; . Improve customer/prospect service and your requests; . Administer promotions, surveys, competitions; . Analyze your comments and reviews left on our website and social media pages. On this last point, by leaving reviews, comments on our sites or by exchanging on our social media pages about our offers, our products, our events, you are likely to communicate to us content and Personal Data. This information allows us to better meet your expectations in order to improve the quality of our products and services. They can be reproduced and represented on our sites for information purposes, and used for the development of anonymized statistical studies informing us about your habits and behavior towards our products. They may not be collected or used for other purposes.
• The processing is based on e-commerce: - Creating your account on our Site - Order management (fulfillment and tracking of orders, deliveries, invoices, payments, accounting) - Customer contact management and the sending of notifications concerning the creation of an account on the Site and/or the status of the order - Delivery of orders placed - Managing the relationship with the reference institute - Management of remote complaints and after-sales service - Management of the loyalty programme - Management of Internet opinions on products and services - The commercial prospection, namely to allow the sending of the commercial information of Mary Cohr SAS, such as newsletters, new offers, or news - Managing the location of your IP address for access to the Site’s services - The management of cookies as presented below, namely: o Managing the customization of the web display and Customer preferences; o Management of the abandoned basket reminder o Management of the payment module o Statistical analysis on ordered products
6 - Confidentiality
Your Personal Data will not be sold, exchanged, transferred, or data to another company for any reason, without your consent, outside of what is necessary to respond to a request and/or transaction within the framework of the Purposes set forth hereintop.
7 – Who is the recipient of the Data?
8- What guarantees in case of transfer outside the European Union
We guarantee, in the event of transfer of your Data abroad and especially outside the European Union, to implement all appropriate measures to guarantee a sufficient level of protection of your data, such as: - Focus on countries recognized as adequate by the European Commission, that is, offering protection equivalent to that guaranteed by the European Union; - Obtain security and confidentiality guarantees from subcontractors by imposing strict contractual clauses by reserving the possibility of checking them regularly, for example by conducting audits.
9 – What are the retention periods for your Data?
Your Personal Data are stored at the site’s host (OVH SAS) and are kept for a period not exceeding twenty-four (24) months following the last update made by the registrant (recommendation of Cnil No. 02-017 of 21 March 2002), unless anonymisation or legal obligation to keep certain data for a longer period. Your Data are kept for a limited period corresponding to the purposes for which they were collected, in accordance with the regulations in force and in compliance with legal, contractual, tax, and for the defense of the legitimate interests of Mary Cohr SAS, namely five (5) years from the end of the contractual relationship, this duration corresponding to the duration of the applicable legal limitation period, in case of litigation. Your data are also kept within the framework of e_commerce for a period that does not exceed the duration necessary for the following purposes, namely:
- Regarding customer relationship management, remote complaints and after-sales service: for the period strictly necessary to process the order, complaint and after-sales service, increased by three (3) years from the end of the business relationship. In addition, the data may be retained under a legal obligation for a period necessary to fulfil this obligation. - Regarding the delivery of products: the time of the order until delivery and its payment, and as long as there are outstanding items (unpaid invoices, disputes, litigation, etc.) - Regarding Customer opinions on products and services: during the marketing period of the product; - Regarding loyalty program management: for the duration of your membership in the program - Commercial prospecting: three (3) years after your last response to a solicitation. - Regarding cookie management: thirteen (13) months from your initial express consent. You acknowledge that the data you provide to us and stored in our information systems is accurate and is proof of your identity.
10 – What are your rights on your Data?
Pursuant to Articles 14 to 22 of the GDPR, any natural person using our Site has the right to exercise the following rights: • right of access: you can request a copy of the data that concerns you personally; • right of rectification: you can request the modification of data that is inaccurate concerning you; • right of opposition: you can object to us processing your data; if your opposition request does not concern prospecting, we may, depending on the case, justify a refusal on the ground that there are legitimate and compelling reasons for processing the Data or that they are necessary for the establishment, exercise or defence of legal rights, or that you have consented – you must then withdraw that consent and not object, either a contract binds us, or a legal obligation to process your data in particular; • right to erasure: you can request that we erase data about you; • right to limitation of processing: you have the right to request that the processing of your Data be blocked for a certain period of time, for example the time to examine a dispute on your part about the use of your Data or a request to exercise rights. • right to portability: you have the right to request that the Data collected in a form with your agreement or as part of a contract be communicated to you in a readily reusable format and transmitted to the third party of your choice subject to technical feasibility.
Moreover, when a person gives his consent to the processing of his Personal Data, he has the option to withdraw it at any time. Finally, when a violation of Personal Data that may pose a high risk to your rights and freedoms is detected, you will be informed of this violation as soon as possible. You may formulate guidelines for the retention, erasure and disclosure of your Personal Data after death, in accordance with Article 40-1 of Law 78-17 of 6 January 1978. These rights and directives can be exercised and sent to us by writing to: Mary Cohr SAS – DPO - 120 Avenue Charles De Gaulle - 92200 Neuilly Sur Seine or by email to: email@example.com In order to enable us to identify you quickly and to respond to your request, you will attach to your request any element enabling us to prove your identity (in particular request made via your customer account or email). A response will then be sent to you within 1 month of receipt of the request. In some cases, depending on the complexity of the application or the number of applications, this period may be extended by 2 months. You can also contact the Commission Nationale de l'Informatique et des Libertés (CNIL), the regulatory authority responsible for enforcing the regulations on the protection of personal data in France, by internet https://www.cnil.fr/en/agir or by post to the following address: Commission Nationale de l'Informatique et des Libertés, 3 Place de Fontenoy - TSA 80715, 75334 PARIS CEDEX.
11 – What security measures are implemented?
Mary Cohr SAS has taken the necessary steps to put in place all technical and organizational measures to ensure the security and confidentiality of the personal data processed and to prevent them from being distorted damaged, destroyed or accessed by an unauthorized third party. All the security measures put in place comply with the state of the art, particularly as regards information systems. These measures include the following: - identification of cyber risks - access and authorisation control - Data encryption - a secure IT environment To the extent that Mary Cohr SAS does not control all the risks related to the functioning of the Internet, it draws your attention to the existence of any risks inherent in its use and functioning. Mary Cohr SAS will notify, within the legal time limits, all breaches of personal data to the competent supervisory authority for the protection of personal data and will notify you if such breaches areare likely to pose a high risk to the rights and freedoms of individuals.
12 – Account Creation at www.marycohr.com
By creating an account at www.maryscohr.com, you consent to our collection, use and disclosure of your Personal Data for purposes related to your request. The information collected is the subject of a computer processing intended to facilitate the connection between you and Mary Cohr SAS. By depositing on your account your details, your message, you commit to write objectively and never excessively. Do not enter information related to sensitive data (health, racial or ethnic origin, sexual orientation, political opinions, etc.). Particular attention must be paid to sensitive data covered by Article 8 of the French Data Protection Act. Mary Cohr SAS reserves the right to withdraw a contact form for reasons of non-compliance with the French Data Protection Act and reserves the right to lodge a complaint against anyone who does not respect these commitments.
13- How do I unsubscribe?
We use the email address you provide to send you information and updates related to your inquiries, contact, information about our products, etc... If at any time you wish to unsubscribe and no longer receive emails, please email us at firstname.lastname@example.org with the subject line “unsubscribe”.
14- Which Cookies are?
15- Policy Update
This Policy may be modified at any time by Mary Cohr SAS, in order to comply with all French and European legislative and regulatory developments. Updates are posted online without notice to the user and are deemed accepted without reservation when you access the Site or log into your user account.