Legal Notice - Privacy Policy
Legal Notice
This website is the property of the company LA BOUTIQUE DU CHAMPIGNON – MYCELIA SARL, SARL with a capital of 7500€ whose head office is located at 2b Rempart Nord at F-68420 EGUISHEIM, registered with the RCS of COLMAR under the number 488 930 645 , SIRET 488 930 645 00012, Intra-community VAT number: FR 45 488 930 645.
Our company does not in any way guarantee the accuracy, precision or completeness of the information made available on this site, including all the links or any other computer connection used, directly or indirectly, from this site. The photos presented on the site are non-contractual. Our company strives to ensure the reliability of all the information published on this site, the content of which it reserves the right to modify or correct, at any time and without notice.
The links present on the site www.laboutiqueduchampignon.com can direct the user to external sites whose content cannot in any way engage the responsibility of our company. The mere mention of brand or company name does not commit our company on the real or supposed quality of the products or services rendered.
This entire site is subject to French and international legislation on copyright and intellectual property. All reproduction rights are reserved, including for iconographic and photographic documents.
This site has been declared to the Commission Nationale de l'Informatique et des Libertés in application of the provisions of the French law of January 6, 1978.
Any person quoted on a page of this site may exercise their rights to access, modify, rectify or delete information concerning them by sending a letter to our company at the following e-mail address: info@laboutiqueduchampignon.com or at the following address:
THE MUSHROOM SHOP – MYCELIA SARL 2b Rempart Nord F-68420 EGUISHEIM
Publication Director:
Christophe CROLET, Manager of MYCELIA SARL
Our site is hosted by a French company and on a server located in France:
OVH - 2 rue Kellermann - 59100 Roubaix - France - www.ovh.com
Site creation:
Privacy policy:
PRIVACY POLICY - STATEMENT ON THE PROTECTION OF PERSONAL DATA UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)
1 Name and address of the controller
The data controller within the meaning of the General Data Protection Regulation as well as within the meaning of other national data protection laws enacted by the Member States and other applicable data protection regulations is the company:
MYCELIA SARL – 2b rue du Rempart Nord – F-68420 EGUISHEIM – Tel. : 03 89 23 26 07 – e-mail: info@laboutiqueduchampignon.com
2 Name and address of the data protection officer
The Data Protection Officer is:
Mr CROLET Christophe – MYCELIA SARL – 2b rue du Rempart Nord – F-68420 EGUISHEIM – Tel. : 03 89 23 26 07 – e-mail: info@laboutiqueduchampignon.com
3 General information on data processing
3.1 Scope of personal data processing
The collection and use of the personal data of our users only concern in principle the data necessary to ensure the proper functioning of our website and the content and services offered. The collection and use of our users' personal data is always carried out with the user's consent. Exceptions are cases in which it is materially impossible to obtain consent and in which the processing of data is permitted under the legal provisions.
3.2 Legal basis for processing personal data
Insofar as we obtain the consent of the persons concerned in the context of the processing of personal data, this processing takes place on the basis of Article 6, paragraph 1, point a) of the General Data Protection Regulation (GDPR).
When the processing of personal data is motivated by the performance of a contract to which the data subject is a party, this processing takes place on the basis of Article 6, paragraph 1, point b) of the GDPR. The same applies to any processing of personal data motivated by measures taken in the pre-contractual framework.
When the processing of personal data is motivated by compliance with a legal obligation imposed on our company, this processing takes place on the basis of Article 6, paragraph 1, point c) of the GDPR.
In the event that the processing of personal data is motivated by the vital interests of the data subject or of another natural person, it takes place on the basis of Article 6 (1) (d) of the GDPR.
When the processing of personal data is motivated by the safeguard of a legitimate interest of our company or of a third party and provided that the interests, freedoms and fundamental rights of the data subject do not prevail, the data processing of a personal nature arises on the basis of Article 6 (1) (f) of the GDPR.
3.3 Erasure of data and retention period
The personal data of the person concerned will be erased or blocked as soon as the purpose for their storage no longer exists. In addition, personal data may be retained when the European or national legislator has so provided by European regulatory provisions, national legal provisions or by any other provision applicable to the controller. Personal data is also blocked or erased when a retention period prescribed by one of the aforementioned standards expires, unless this data is necessary for the conclusion or performance of a contract, this necessity motivating their retention beyond the prescribed retention period.
4 Implementation of the website and creation of log files
4.1 Description and scope of data processing
With each consultation of our website, our system automatically records data and information from the system of the computer at the origin of the consultation.
On this occasion, the following data is collected:
(1) The IP address
(2) The date and time of the request
(3) Difference from Greenwich Mean Time (GMT)
(4) The content of the consultation (the specific page of the site)
(5) Access status / HTTP status
(6) The volume of data transmitted
(7) The website from which the request originates
(8) Internet browser
(9) The operating system and its interface
(10) The language and software version of the internet browser
This data is also recorded in the "log files" of our system. These data are not kept with the other personal data of the user.
4.2 Legal basis for data processing
The temporary storage of data and "log files" takes place on the basis of Article 6, paragraph 1, point f) of the GDPR.
4.3 Purpose of data processing
The recording of data in the "log files" is carried out in order to allow the proper functioning of the website. In addition, this data is used to optimize our website and to guarantee the technical security of our information systems. In this context, no use of the data for marketing purposes takes place. This purpose also corresponds to our legitimate interest in processing the data according to Article 6(1)(f) GDPR.
4.4 Duration of storage
When the data is recorded in the "log files", it is kept for a maximum of 7 days. A longer shelf life is possible. In this case, the users' IP addresses are erased or pseudonymised so as to make it impossible to identify the customer who made the request.
4.5 Opposition and possibility of erasure
The collection of data within the framework of the website and their storage in the "log files" is an absolute necessity to allow the operation of our website. Therefore, the user does not have the possibility to oppose it.
5 Use of cookies
5.1 Description and scope of data processing
Our website uses cookies. Cookies are text files saved in the internet browser or by the internet browser on the user's computer. When a user visits a website, a cookie may be saved in the user's operating system. This cookie contains a characteristic sequence of signs which make it possible to unambiguously identify the browser when the website is consulted again. We use cookies to make our website more user-friendly. Certain elements of our website require that the browser making the request can be identified even after a change of web page.
Cookies make it possible to record and transmit the following data:
(1) Language settings settings
(2) Information relating to identification (“Log-In”)
When consulting our website, users are informed of the use of cookies by our site for analysis purposes by an information banner which refers to this data protection declaration. In this context, the user is also informed of how the storage of cookies in the settings of the internet browser can be avoided.
When consulting our website, the user is informed of the use of cookies for analysis purposes and his consent to the processing of personal data collected on this occasion is obtained. Likewise, information about this data protection declaration is also provided.
5.2 Legal basis for data processing
The processing of personal data in the context of the use of cookies takes place on the basis of Article 6, paragraph 1, point f) of the GDPR.
5.3 Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Without cookies, some features of our website cannot be offered. Indeed, the implementation of these functionalities requires that the Internet browser can be identified even after a change of Internet page.
The following features require the use of cookies:
(1) Resumption of language settings
(2) Memorization of query keywords
User data collected through technically necessary cookies will not be used for the establishment of user profiles. These purposes also correspond to our legitimate interest in data processing according to Article 6(1)(f) GDPR.
5.4 Duration of storage, opposition and possibility of deletion
Cookies are stored on the user's computer which transmits them to our website. Therefore, you as a user retain full control over the use of cookies. By modifying the settings of your internet browser, you can deactivate or limit the transmission of cookies. Already stored cookies can be deleted at any time. This deletion can be done automatically. When cookies necessary for the operation of our website are deactivated, it is possible that certain functionalities of our site are no longer fully available.
6 Google Analytics
6.1 Description and scope of data processing
Our website uses Google Analytics, a web analysis tool from Google Inc. ("Google"). Google Analytics uses files called “cookies”. These are text files saved on the user's computer. The information generated by the cookies concerning your use of our website is generally transmitted to a Google server located in the United States and stored there. However, if the IP anonymisation function is activated on this website, your IP address will be shortened by Google beforehand within Member States of the European Union or in other contracting states to the Treaty on the European economic area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. At the request of the operator of this website, Google uses this information to analyze your use of the website, to compile reports on website activity and to perform other services relating to the use of the sites and the internet on behalf of the site operator. The IP address transmitted by the Google Analytics tool from your Internet browser will not be associated with other Google data.
6.2 Legal basis for data processing
The temporary storage of the data and their transmission to Google takes place on the basis of Article 6, paragraph 1, point f) of the GDPR.
6.3 Purpose of data processing
The Google Analytics tool makes it possible to analyze the use of the website by the user.
6.4 Duration of data retention
Google deletes the last octet of the IP address of visitors to our website. This makes it possible to make the personal data of the visitor impossible to identify. This operation of making the IP address impossible to identify takes place before any subsequent use of the IP address within the framework of the services offered by Google Analytics. No rectification, blocking or deletion can take place before this operation has taken place. After deletion of the last octet of the IP address, there is no longer any personal data of the visitor to our website that can be corrected or blocked.
6.5 Withdrawal of consent and possibility of erasure
A specific setting of your internet browser allows you to avoid the recording of cookies. However, we inform you that in this case, it will be impossible to fully use all the functions of our website. In addition, you have the option of avoiding the collection of data generated by cookies relating to your use of the website (including IP address) by downloading and installing the internet browser plugin available at the following address: tools.google.com/dlpage/gaoptout.
7 Newsletter
7.1 Description and scope of data processing
On our website, we offer you the possibility to subscribe to our newsletter free of charge. During registration, the following data is transmitted to us via the input screen:
(1) The user's e-mail address
(2) The desired newsletter
(3) User details (optional).
In addition, the following data is collected during registration:
(1) The IP address originating the request
(2) The date and time of recording.
During the registration process, your consent to the processing of personal data is collected and information relating to this data protection declaration is issued to you.
In the context of data processing for the purpose of sending newsletters, no transmission of data to third parties takes place. The use of the data is strictly limited to the dispatch of the newsletter.
7.2 Legal basis for data processing
After subscribing to the newsletter, data processing takes place on the basis of Article 6, paragraph 1, point a) of the GDPR when the user's consent has been obtained.
7.3 Purpose of data processing
The collection of the user's e-mail address serves to send the newsletter.
The purpose of collecting other personal data in the context of subscribing to the newsletter is to prevent any abuse of the services or the e-mail address used.
7.4 Duration of data retention
The data are erased when they are no longer necessary for the achievement of the purposes for which they are intended. Therefore, the user's e-mail address remains stored as long as the newsletter subscription is active. All other personal data collected as part of the subscription is generally deleted after a period of seven days.
7.5 Withdrawal of consent and possibility of erasure
The user can terminate the subscription to the newsletter at any time. To this end, each newsletter includes a link allowing termination. Thus, the user also has the possibility of withdrawing his consent to the storage of his personal data collected when subscribing to the newsletter.
8 Contact form and email address - Creation of a customer account
8.1 Description and scope of data processing
On our website, a contact form is available to allow the user to make contact electronically. When a user uses this form, the data indicated in the sections of the input screen are transmitted to us and stored. These are the following data:
(1) Email address
(2) Text of the communication.
When the message is sent, the following data is also stored:
(1) The user's IP address
(2) The date and time of recording.
When the message is sent, your consent to the processing of personal data is collected and information relating to this data protection declaration is issued to you.
Alternatively, it is possible to contact us using the e-mail address provided for this purpose. When this address is used, the personal data of the user transmitted with the corresponding email are recorded. In this context, no transmission of data to third parties takes place. The use of the data is strictly limited to processing the electronic conversation.
On our website, a form for creating a customer account is also available to allow the user to register his details for placing an order on our online store. When a user uses this form, the data indicated in the sections of the input screen are transmitted to us and stored. These are the following data:
(1) Civility
(2) Surname and first name / Company
(3) Date of birth
(4) Street, number, locality
(5) Email address
(6) Telephone number
(7) Password.
When creating the customer account, your consent to the processing of personal data is collected and information relating to this data protection declaration is issued to you.
In the context of data processing for the purposes of processing the user's request, no transmission of data to third parties takes place. The use of data is strictly limited to processing the user's request.
8.2 Legal basis for data processing
When the user's consent has been obtained, the data processing takes place on the basis of Article 6, paragraph 1, point a) of the GDPR.
The processing of the data transmitted in the context of an e-mail transmission takes place on the basis of Article 6, paragraph 1, point f) of the GDPR.
8.3 Purpose of data processing
The processing of personal data obtained from the input screen is intended exclusively to enable the processing of the contact. If contact is made by e-mail, this also constitutes our legitimate and necessary interest in data processing.
The other personal data processed at the time of dispatch serve to prevent abuse of our contact form and to guarantee the technical security of our information systems.
8.4 Duration of data retention
The data are erased when they are no longer necessary for the achievement of the purposes for which they are intended. With regard to personal data obtained from the contact form entry screen and data transmitted by email, they are erased when the conversation with the user concerned is over. The conversation is over when, given the circumstances, it is possible to consider that the situation has been definitively clarified.
Personal data collected in addition at the time of sending the response will be deleted within seven days at the latest.
The personal data collected during an order are kept for a period of six years for billing purposes. Personal data collected during the creation of a customer account not followed by an order is kept for a period of three years for marketing purposes.
8.5 Withdrawal of consent and possibility of erasure
At any time, the possibility is open to the user to withdraw his consent to the processing of personal data. When the user contacts us by e-mail, he can at any time object to his personal data being stored. In this case, the conversation cannot continue.
All personal data stored during the contact will be deleted in this case.
9 rights of the data subject
When we process your personal data, you have the status of a data subject within the meaning of the GDPR, which gives you the following rights vis-à-vis the controller:
9.1 Right to information
You can request confirmation from the controller as to whether the personal data concerning you are being processed by us. If this is the case, you can require the controller to provide you with the following information:
(1) The purposes of the processing of personal data;
(2) The categories of personal data being processed;
(3) The recipients or categories of recipients to whom the personal data have been or will be communicated;
(4) The estimated duration of the retention of personal data concerning you or, if it is impossible to communicate precise information on this point, the criteria for defining the retention period of the data;
(5) The existence of a right to rectification or erasure of personal data concerning you, a right to limit processing by the controller or a right to object to such processing;
(6) The existence of a right of complaint to a supervisory authority;
(7) All available information as to the origin of the data when the personal data is not collected from the data subject;
(8) The existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR – in which case you may require at least relevant information as to the underlying logic and the scope and intended effects of such processing for the data subject.
You have the right to demand information as to whether the personal data concerning you are being transferred to a third country or to an international organization. In this regard, you can request to be informed of the adequate guarantees provided for in Article 46 of the GDPR in terms of data transfer.
9.2 Right of rectification
You have the right to have the personal data concerning you corrected and completed, insofar as this data is inaccurate or incomplete. You can exercise this right with regard to the data controller. The controller must make the rectification as soon as possible.
9.3 Right to restriction of processing
You can obtain restriction of processing where one of the following applies:
(1) When you dispute the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) When the processing of personal data is unlawful and you oppose their erasure and instead demand the limitation of their use;
(3) If the controller no longer needs the personal data for the purposes of the processing, but the data subject still needs them for the establishment, exercise or defense of legal claims or
(4) When you have objected to the processing pursuant to Article 21(1), pending the verification whether the legitimate grounds pursued by the controller override yours.
When the processing of personal data concerning you has been limited, this personal data may, with the exception of storage, be processed only with your consent, or for the establishment, exercise or defense of legal rights, or for the protection of the rights of another natural or legal person, or for important reasons of public interest of the Union or of a Member State.
Where processing has been restricted under the above conditions, the controller will inform you before the limitation is lifted.
9.4 Right to erasure
9.4.1 Obligation to erasure
You have the right to obtain from the controller, as soon as possible, the erasure of the personal data concerning you and the controller has the obligation to erase this personal data as soon as possible when the one of the following reasons applies:
(1) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(2) You withdraw the consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for data processing;
(3) You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 2(2) of GDPR;
(4) the personal data concerning you have been unlawfully processed;
(5) The personal data must be erased to comply with a legal obligation which is provided for by Union law or by the law of the Member State to which the controller is subject;
(6) The personal data was collected in the context of the offer of information society services referred to in Article 8(1) GDPR.
9.4.2 Information of third parties
Where the controller has made the personal data public and is required to erase them pursuant to paragraph 1, the controller, taking into account the available technologies and the costs of implementation, shall take reasonable measures , including of a technical nature, to inform the controllers who process this personal data that the data subject has requested the erasure by these controllers of any link to this personal data, or any copy or reproduction of these.
9.4.3 Exceptions
The right to erasure is ineffective when data processing is necessary:
(1) The exercise of the right to freedom of expression and information;
(2) To comply with a legal obligation which requires the processing provided for by Union law or by the law of the Member State to which the controller is subject, or to perform a task in the public interest or falling within the scope of the the exercise of official authority vested in the controller;
(3) For reasons of public interest in the field of public health in accordance with Article 9(2) lit. h) and (i) as well as Article 9(3) GDPR;
(4) For archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in para. to render impossible or seriously impair the achievement of the objectives of said processing; Where
(5) For the establishment, exercise or defense of legal claims.
9.5 Right to information
When you have exercised your right to rectify, erase personal data or the right to limit the processing of personal data vis-à-vis the controller, the latter has the obligation to notify each recipient to whom the personal data have been communicated any rectification or erasure of personal data or any restriction of processing, unless such communication proves impossible or requires disproportionate effort.
You have the right to be informed by the controller about these recipients.
9.6 Right to data portability
You have the right to receive the personal data you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without the controller to whom the personal data has been communicated obstructing it, when:
(1) The processing is based on a consent given pursuant to Article 6 (1) (a) of the GDPR or where it is necessary pursuant to Article 9 (2) (a) of the GDPR or where it is necessary for the performance of a contract in accordance with Article 6(1)(b) GDPR and
(2) The processing is carried out using automated methods.
When exercising your right to data portability, you have the right to have personal data transmitted directly from one controller to another, where technically possible. The rights and freedoms of others cannot be affected. The right to data portability does not apply to processing necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.
9.7 Right to object
You have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data concerning you based on Article 6, paragraph 1, point e) or f) of the GDPR, including including profiling based on these provisions.
The controller no longer processes the personal data concerning you, except to be able to demonstrate that there are legitimate and compelling reasons for the processing which prevail over your interests, rights and freedoms or when the processing of the data to personal character is necessary for the establishment, exercise or defense of legal claims.
When the personal data concerning you are processed for prospecting purposes, you have the right to object at any time to the processing of this personal data for such prospecting purposes, including profiling, to the extent where it is linked to such prospecting.
When you oppose the processing for prospecting purposes, the personal data concerning you are no longer processed for these purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you can exercise your right of opposition using automated procedures using technical specifications.
9.8 Right to withdraw consent given in the data protection declaration
At any time, you have the right to withdraw the consent given in the data protection declaration. Withdrawal of consent does not affect the lawfulness of processing based on consent made prior to such withdrawal.
Automated individual decision including profiling
You have the right not to be subject to a decision based exclusively on automated processing, including profiling which produces legal effects concerning you or which significantly affects you in a similar way. The above paragraph does not apply where the decision is:
(1) Necessary for entering into or performance of a contract between you and the controller;
(2) Authorized by Union or Member State law to which the controller is subject and which also provides for appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject; or when she is
(3) Based on your express consent.
However, these decisions cannot be based on the special categories of personal data referred to in Article 9 (1) of the GDPR, unless Article 9 (2) (a) or (g) of the GDPR is not applicable. 'applies and that appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject have been taken.
With regard to the cases referred to under points (1) and (3), the controller implements adequate measures to safeguard your rights and freedoms as well as your legitimate interests, which include at least your right to '' obtain human intervention from the controller, express your point of view and challenge the decision.
9.9 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which your habitual residence is located, your place of work or the place where the violation would have been committed, if you consider that the processing of personal data concerning you is carried out in violation of this Regulation.
The supervisory authority with which the complaint has been lodged informs the author of the complaint of the progress and the outcome of the complaint, including the possibility of a legal remedy open under GDPR Article 78.
10 Security measures implemented
We have implemented the following security measures to ensure the protection of personal data collected:
– Access to personal data is restricted to authorized persons, namely the manager CROLET Christophe.
– Access to personal data is secured by a password.
– Personal data is backed up regularly and securely.
– The OVH hosting site – 2 rue Kellermann – 59100 Roubaix (France) is itself secure and in compliance with the requirements of the General Regulation for the Protection of Personal Data (EU) 2016/679 of April 27, 2016.
– Appropriate measures and techniques are put in place to guarantee a high level of data security for our users (data encryption, pseudonymization, encryption).
11 Security breach notification
In the event of a security breach concerning access to the personal data collected, we notify it within 72 hours at the latest to the supervisory authority: Commission Nationale de l'Informatique et des Libertés (CNIL) – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 – Tel. : 01 53 73 22 22.
If the flaw is likely to cause a high risk to the rights and freedoms of the user, we will also inform him.