Privacy Policy - Data Privacy Notice pursuant to the GDPR

1 Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and other legal data protection provisions is:

MYCELIA SARL - 2 bis rue du Rempart Nord - F-68420 EGUISHEIM
Telephone: +33 3 89 23 26 07
Email: info@laboutiqueduchampignon.com
Website: www.laboutiqueduchampignon.com

2 Name and address of the Data Protection Officer

The Data Protection Officer of the controller is:

Mr. Jean-Marc AUFFRAY
MYCELIA SARL - 2 bis rue du Rempart Nord - F-68420 EGUISHEIM
Telephone: +33 3 89 23 26 07
Email: info@laboutiqueduchampignon.com
Website: www.laboutiqueduchampignon.com

3 General provisions about data processing

3.1 Scope of the processing of personal data

We collect and use the personal data of our users strictly only insofar as this is necessary to make a functioning website available and for our content and services. The collection and use of personal data from our users will generally only occur with the consent of the user. An exception will apply in cases where it has not been possible to obtain prior consent for practical reasons and the data processing is permitted by legal provisions.

3.2 Legal basis for the processing of personal data

Where we obtain consent from a data subject for the purposes of processing personal data, Art. 6, para. 1 a) of the EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data.
Where processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6, para. 1 b) GDPR is the legal basis. This also applies to processing methods which are necessary for the implementation of pre-contractual measures.

Where processing of personal data is necessary to comply with a legal requirement to which our business is subject, Art 6, para. 1 c) GDPR is the legal basis.
Where processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art 6, para. 1 d) GDPR is the legal basis.

Where processing is necessary to protect a legitimate interest of our business or of a third party and the interests or fundamental rights and freedoms of the data subject do not override this interest, Art 6, para. 1 f) GDPR is the legal basis.

3.3 Data erasure and duration of storage

The personal data of a data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage beyond this may occur when this is provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Blocking or erasure of the data may also occur where a prescribed retention period under the above-named rules expires, unless an additional requirement to retain the data arises from the conclusion of a contract or performance of a contract.

4 Availability of the website and creation of log files

4.1 Description and scope of the data processing

With each visit to our website, our system collects automated data and information from the computer system of the computer making contact.

The following data is collected:

(1) IP address
(2) Date and time of the query
(3) Time zone difference to Greenwich Mean Time (GMT)
(4) Content of the query (specific page)
(5) Access status/HTTP status code
(6) applicable amount of transferred data
(7) website from where the query originates
(8) Browser
(9) Operating systems and their interfaces
(10) Language and version of the browser software

The data will also be stored in the log files of our system. The data is not stored together with other personal data of the user.

4.2  Legal basis for the data processing

The legal basis for the temporary storage of data and log files is Art. 6, para. 1 f) GDPR.

4.3 Purpose of the data processing

Log files are used for storage in order to ensure the functioning of the website. In addition, the data is used for optimising the website and to ensure the security of our information technology systems. Data is not evaluated for marketing purposes in connection with this.Our legitimate interest in the data processing under Art. 6, para 1 f) GDPR is also part of the purpose.

4.4 Duration of storage

Data is stored in log files for seven days at most. A longer storage period is possible. In this case, the IP address of the user will be erased or distorted in order to ensure that it can no longer be attributed to the contacting client.

4.5 Option to object and to remove

The collection of data for the availability of the website and storage of the data in log files is essential for the operation of the website. As a consequence the user has no right to object to this.

5 Use of cookies

5.1 Description and scope of the data processing

Our web pages use cookies. Cookies are text files which are stored in the internet browser or by the internet browser on the computer systems of the user. If a user accesses a website, a cookie may be stored on the operating system of the user. The cookie contains a character string which enables unique identification of the browser when the website is accessed again.
We use cookies in order to make our website more user-friendly. Some elements of our website mean that the accessing browser can be identified following a change of page.

The following data is stored and transferred by the cookies:

(1) Language settings
(2) Login information

When accessing our website, users are informed about the use of cookies for analysis purposes via an info-banner and referred to this Data Privacy Notice. This also generates a notice informing that the storage of cookies may be linked to the browser settings.

When accessing our website, the user is informed about the use of cookies for analysis purposes and consent is obtained for the processing of personal data used in this context. There is also a reference to this Data Privacy Notice.

5.2  Legal basis for the data processing

The legal basis for the processing of personal data during the use of cookies is Art. 6, para. 1 f) GDPR.

5.3 Purpose of the data processing

The purpose of the use of technically essential cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. It is necessary for this that the browser can still be recognised after a change of site.

We require cookies for the following applications:

(1) Acquisition of language settings
(2) Recording search terms

The user data collected by technically essential cookies is not used for the creation of user profiles. Our legitimate interest in the processing of personal data under Art. 6, para. 1 f) GDPR is also part of these purposes.

5.4 Duration of storage, opportunity to object and to remove

Cookies are stored on the user’s computer which transfers them to us. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser you can deactivate or restrict the transfer of cookies. Cookies that have been stored can be erased at any time. This can also be done automatically. If cookies for our website are deactivated, it is possible that not all of the functions of the website will be fully operational.

6 Google Analytics

6.1 Description and scope of the data processing

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files which are stored on the user’s computer. The information extracted about your use of this website by the cookies will generally be transferred to a Google server in the USA and stored there. Where IP anonymisation is activated on this website, your IP address will be shortened in advance by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and shortened there in exceptional circumstances. Google will use this information on behalf of the operator of this website in order to evaluate your use of this website, to create reports about website activities and to provide further services to the website operator connected to website and internet use. The IP address of your browser that is transferred to Google Analytics will not be linked to other data from Google.

6.2  Legal basis for the data processing

The legal basis for the temporary storage of data and transfer to Google is Art. 6, para. 1 f) GDPR.

6.3 Purpose of the data processing

The use of Google Analytics enables an analysis of use of the website by the user.

6.4 Duration of storage

Google removes the last octet of the IP addresses of users of our website. This means that personal data of the user is unidentifiable. The process of making data unidentifiable occurs through a further evaluation of the IP address in the course of the services provided by Google Analytics. Prior to this process of making data unidentifiable, it is not possible to rectify, block or erase the data. Following removal of the last octet of the IP address, no personal data of users of our website is available for rectification, blocking or erasure.

6.5 Opportunity to object and to remove

You can avoid the storage of cookies through the relevant setting on your browser software, however, we would advise you that in this case it may not be possible to use fully all the functions of this website. Furthermore, you can avoid the capture by Google of data related to the use of our website by the cookie (including your IP address) as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link tools.google.com/dlpage/gaoptout.

7 Newsletter

7.1 Description and scope of the data processing

It is possible to subscribe to a free newsletter via our website. Data from the input screens is transferred to us upon application for the newsletter.

(1) User email address
(2) Newsletter requested
(3) User contact details (optional)

In addition, the following data is collected upon application

(1) IP address of the computer accessing the site
(2) Date and time of registration

During the course of application your consent to the processing of data is obtained and you are referred to this Data Privacy Notice.

In relation to data processing for the purpose of sending newsletters, your data is not transferred onwards to third parties. The data is used exclusively for sending the newsletter.

7.2  Legal basis for the data processing

The legal basis for the processing of data following an application for a newsletter by the user is subject to the consent of the user under Art. 6, para. 1 a) GDPR.

7.3 Purpose of the data processing

Obtaining the email address of the user enables the newsletter to be provided.
Obtaining other personal data in the course of the application process helps to ensure that misuse of the service, or the email address used is prevented.

7.4 Duration of retention

Data is erased as soon as it is no longer required for the purposes for which it was obtained. The email address will accordingly only be stored for as long as the subscription to the newsletter is active.
Other data collected in the course of the application process will generally be erased after a period of seven days.

7.5 Opportunity to object and to remove

Subscription to the newsletter can be terminated by the relevant user at any time. There is a link for this purpose in each newsletter. This also enables consent to retention of the personal data obtained during the application process to be withdrawn.

8 Contact form - email contact - account contact form

8.1 Description and scope of the data processing

There is a contact form on our website which may be used for making contact electronically. If a user does so, the data entered into the input screens is transferred to us and stored. This data is:

(1) Email address
(2) Message

When the report is sent, the following data is additionally stored:

(1) IP address of the user
(2) Date and time of transfer

During the course of submission, your consent to the processing of data is obtained and you are referred to this Data Privacy Notice

Alternatively, contact can be made via the email address provided. In this case, the personal data of the user that is sent with the email will be stored.

There is a account creation form on our website which may be used for allowing the user to save their contact details for placing an order on our online store. If a user does so, the data entered into the input screens is transferred to us and stored. This data is:

(1) Title
(2) First name and surname / company
(3) Date of birth
(4) Street, House number, town
(5) Email address
(6) Telephone number
(7) Password

During the course of submission, your consent to the processing of data is obtained and you are referred to this Data Privacy Notice

The data is not transferred onwards to third parties in this case. The data is used exclusively for processing the conversation.

8.2  Legal basis for the data processing

The legal basis for the processing of data is the consent of the user under Art. 6, para. 1 a) GDPR.
The legal basis of the processing of data which is transferred by the sending of an email, is Art. 6, para. 1 f) GDPR.

8.3 Purpose of the data processing

Processing of personal data from the input screens is used solely to process the enquiry. In the case of an email enquiry, the necessary legitimate interest in processing the data also applies.
Other data processed during the sending process helps to prevent misuse of the contact form and to ensure the security of our information technology systems.

8.4 Duration of storage

Data is erased as soon as it is no longer required for the purposes for which it was obtained. In relation to personal data obtained through the input screens of the contact form and which is sent by email, this will be the case when the relevant conversation with the user has ended. The conversation will be at an end when it can be assumed from the circumstances that the relevant content has been conclusively clarified.

Other additional data collected in the submission process will be erased after a period of seven days.

Personal data collected during an order is kept within six years for billing purposes. Personal data collected during a customer account creation not followed by an order is kept within three years for marketing purposes.

8.5 Opportunity to object and to remove

The user has the right to withdraw his or her consent to the processing of personal data at any time. If the user contacts us by email, he or she can object to the storage of his personal data at any time. In this situation, the conversation cannot be continued further.

All personal data which has been stored in the course of the enquiry will be erased in this case.

9 Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights in relation to the controller:

9.1 Right to information

You may request confirmation from the controller as to whether personal data relating to you is processed by us.
If such processing occurs, you may request the following information from the controller:

(1)  the purposes for which the personal data is processed;
(2)  the categories of personal data which are processed;
(3)  the recipient or categories of recipients to whom your personal data has been or will be disclosed;
(4)  the planned duration of the storage of your personal data or, where specific details are not possible, the criteria for establishing the storage duration;
(5)  the existence of the right to rectification or erasure of your personal data, a right to restriction of the processing by the controller or the right to object to this processing;
(6)  the existence of a right to complain to a regulatory authority;
(7)  all available information about the origin of the data, where the personal data was not collected from the data subject;
(8)  the existence of a decision based on automated processing including profiling pursuant to Art. 22, para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the breadth and consequences of such processing for the data subject.

You have the right to request information about whether your personal data will be transferred to a third country or an international organisation. In this context, you may request information about the appropriate safeguards pursuant to Art. 46 GDPR in relation to the transfer.

9.2 Right to rectification
You have the right to rectification or completion of processed personal data about you by the controller that is inaccurate or incomplete. The controller must rectify the data promptly.

9.3 Right to restriction of processing

You may request the restriction of processing of your personal data under the following conditions:

(1)  if you dispute the accuracy of the personal data about you, for a period which enables the controller to check the accuracy of the personal data;
(2)  the processing is unlawful and you refuse erasure of the personal data and instead request restriction of the use of the personal data;
(3) the controller no longer requires the personal data for the purposes of the processing, however, you require this for the establishment, exercise or defence of legal claims or
(4)  if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data has been restricted, this data - with the exception of its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the right of another natural or legal person, or on the grounds of an important public interest of the European Union or a Member State.

If the restriction of processing has been restricted pursuant to the conditions set out above, you will be informed by the controller prior to the restriction being lifted.

9.4 Right to erasure

9.4.1 Duty to erase
You may request that the controller erases your personal data without delay and the controller is required to erase this data without delay where one of the following grounds applies:

(1) The personal data about you is no longer necessary for the purposes for which it was collected or processed in other ways.
(2) You withdraw your consent upon which the processing was based pursuant to Art. 6, para. 1 a) or Art. 9, para. 2 a) GDPR and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21, para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21, para. 2 GDPR.
(4) Your personal data was unlawfully processed.
(5) The erasure of your personal data is necessary for compliance with a legal obligation under European Union law or the law of its Member States, to which the controller is subject.
(6) Your personal data was collected in connection with the offer of  information society services pursuant to Art. 8, para.1 GDPR.

9.4.2 Information to third parties

If the controller has disclosed your personal data and is required to erase it pursuant to Art. 17, para. 1 GDPR, it must take appropriate measures, including technical measures and taking into account the available technology and implementation costs, to inform the controllers which are processing the personal data that you as a data subject have requested the erasure of all links to this personal data, or have requested copies or replications of this personal data.

9.4.3 Exceptions

The right to erasure does not apply where the processing is necessary

(1)  to exercise the right to freedom of speech and information;
(2)  for compliance with a legal obligation which requires the processing under European Union law or the law of its Member States, to which the controller is subject, or for the carrying out of an activity which is in the public interest or is required of the controller in the exercise of public office.
(3)  for reasons of public interest in the area of public health pursuant to Art. 9, para. 2 h) and i) and Art. 9, para. 3 GDPR;
(4)  for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89, para. 1 GDPR, to the extent that the right set out under section a) does not make the realisation of the aims or this processing impossible or seriously affect them or,
(5)  for the establishment, exercise or defence of legal claims.

9.5 Right to notification

Where you have exercised your right to rectification, erasure or restriction of processing in relation to the controller, the controller must inform all recipients to whom your personal data has been disclosed about the rectification, erasure of the data or restriction on processing, unless this is not possible or only with disproportionate effort.

You have the right to require the controller to notify you about these recipients.

9.6 Right to data portability

You have the right to receive the personal information which you have made available to the controller in a structured, accessible and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controllers to which the personal data have been provided, to the extent that

(1) the processing is based on consent pursuant to Art. 6, para. 1 a) GDPR or Art. 9, para. (2) a) or on a contract pursuant to Art. 6, para. 1 b); and
(2) the processing is carried out by automated means.
In exercising this right, you additionally have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data which is necessary for performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

9.7  Right to object

You have the right on grounds relating to your particular situation to object to processing of your personal data which is based on Art. 6, para 1 e) or f) GDPR; this also applies to profiling based on these provisions.

The controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If your personal data is processed for the purposes of direct marketing, you have the right to object to the processing of your personal data for the purposes of such marketing; this also applies to profiling, in so far as it is connected to direct marketing.

If you object to processing for the purposes of direct marketing, your personal data will no longer be processed for these purposes.
You have the right in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

9.8 Right to withdraw written consent given under data protection law

You have the right to withdraw your written consent given under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

Automated individual decision including profiling
You have the right not to be subject to a decision made on an exclusively automated basis, including profiling, which has legal effect upon you or which significantly impacts you in a similar way. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2)  is permitted on the basis of legal provisions of the European Union or the Member States which the controller is subject to and these legal provisions contain appropriate measures to safeguard your rights and freedoms and your legitimate interests or
(3)  is made with your express consent.

However, such decisions must not relate to special categories of personal data pursuant to Art. 9, para. 1 GDPR, where Art 9., para. 2 a) or g) do not apply and appropriate measures to safeguard your rights and freedoms and your legitimate interests have been taken.
In respect of the situations described in (1) and (3) above, the controller will take appropriate measures to safeguard your rights and freedoms and your legitimate interests, as a minimum the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

9.9 Right to complain to a regulatory authority

Notwithstanding any other administrative law or judicial legal remedies, you have the right to complain to a regulatory authority, in particular in the Member State where you are resident, your place of work or the place of the alleged breach, if you consider that the processing of your personal data breaches the GDPR.

The regulatory authority which has received the complaint will notify the complainant about the position and outcomes of the complaint including the possibility of a judicial legal remedy pursuant to Art. 78 GDPR.

10 Security measures implemented

We have implemented the following security measures to ensure the protection of personal data collected:

- Access to personal data is restricted to authorized persons, namely co-managers AUFFRAY Jean-Marc and CROLET Christophe.

- Access to personal data is secured by a password.

- Personal data is backed up regularly and securely.

- The OVH hosting site - 2 rue Kellermann - 59100 Roubaix (France) is itself secure and in compliance with the requirements of the General Regulation on the Protection of Personal Data (EU) 2016/679 of 27 April 2016.

- Adequate measures and techniques are implemented to guarantee a high level of security for our users' data (data encryption, pseudonymisation, encryption).

11 Security breach notification

In the event of a security breach concerning the access to personal data collected, we notify the supervisory authority at the latest within 72 hours: Commission Nationale de l'Informatique et des Libertés (National Commission for Computing and Liberties - CNIL) - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 - Tel. : 01 53 73 22 22.

If the breach is likely to create a high risk for the rights and freedoms of the user, we will also notify them.

 


QR code

Recently Viewed

No products

Menu

Compare 0