Article 1 – PREAMBLE
- The way in which their personal data is collected and processed. Personal data is considered to be all data that can be used to identify a user:
- The rights users have in relation to this data;
- The person responsible for processing the personal data that is collected and processed;
- The recipient(s) of this data;
Article 2 – GENERAL PRINCIPLES REGARDING THE COLLECTION AND PROCESSING OF DATA
In accordance with the provisions of article 5 of Regulation (EU) 2016/679, the collection and processing of website users’ data must comply with the following principles:
- Lawfulness, fairness and transparency: data can only be collected and processed with the consent of the user, who owns the data. Each time that personal data is collected, the user will be informed of this and informed of the reasons for which their data is being collected;
- Purpose limitation: the collection and processing of data is performed in order to fulfil one or more specific goals set out in these terms and conditions of use;
- Data minimisation. Minimisation of the collection and processing of data: only data deemed necessary for the successful fulfilment of the website’s goals will be collected;
- Storage limitation. The data shall be kept for no longer than is necessary: data will be kept for a limited period of time. The user will be informed of the length of this time period;
- Integrity and confidentiality of the data collected and processed: the data controller undertakes to ensure the integrity and confidentiality of the data collected.
To pass the ‘lawfulness’ test, in accordance with the requirements of article 6 of Regulation (EU) 2016/679, the collection and processing of personal data is only allowed if at least one of the following conditions is met:
- The user has expressly given their permission for the processing to take place;
- The processing is needed to successfully perform a contract
Article 3 – PERSONAL DATA COLLECTED AND PROCESSED DURING THE COURSE OF VISITS TO THE WEBSITE
The data controller will store all data collected during the course of visits to the website for a maximum period of one year. This data will be stored on the website’s server in a way that ensures appropriate security.
3.1 – PERSONAL DATA THAT IS COLLECTED AND PROCESSED
The personal data collected on www.cozip.fr is as follows:
- Login data (e.g. IP addresses, server logs, login details, timestamps, etc.)
- Information relating to actions performed on the website: number of orders, time spent on the site, items viewed.
3.2 – METHOD OF COLLECTING PERSONAL DATA
This data is collected when users carry out one of the following actions on the website:
- Setting up an account;
- Visiting the website;
- Purchasing a product/service on the website;
- Viewing an article;
- Signing up to a newsletter.
Article 4 – THE PURPOSE BEHIND THE PROCESSING OF PERSONAL DATA
The collection and processing of data is carried out for the following purposes: tailoring content to website users, newsletters and applications. More generally, all activities relating to the sale of services and products presented on the website.
Article 5 – DATA HOSTING
www.cozip.fr is hosted by Wix, Wix.com Inc., Address: 500 Terry A François Blvd San Francisco, CA 94158
The web host may be contacted at the following number: +1 415-639-9034.
Article 6 – DATA CONTROLLER AND DATA PROTECTION OFFICER
6.1 – DATA CONTROLLER
The data controller is COZIP, in the person of its legal representative, Ingrid PERELLE.
6.2 – OBLIGATIONS OF THE DATA CONTROLLER
The data controller undertakes to protect the personal data that has been collected, to not communicate it to third parties without having first informed the user and to respect the purposes for which this data was collected in the first place.
Moreover, the data controller undertakes to notify the user in the event that their data is to be rectified or erased, unless this will involve disproportionate administrative formalities, costs or other steps.
In the event that the integrity, confidentiality or security of a user’s personal data is compromised, the data controller undertakes to inform the user by whatever means possible.
Article 7 – USERS’ RIGHTS
In accordance with regulations concerning personal data processing, the user possesses the rights listed below.
For the data controller to grant their application, the user is bound to communicate their first name and surname as well as their email address and if relevant, their telephone number.
The data controller is bound to reply to the user within a period of 30 (thirty) days maximum.
7.1 – INTRODUCTION TO THE RIGHTS OF THE USER IN RELATION TO THE COLLECTION AND PROCESSING OF DATA
1. Right of access, rectification and erasure
The user is entitled to review, update, modify or request the erasure of their personal data, following the procedure laid down below:
The user must send an email to the data controller, stating the subject of their request, using the contact email address provided above
If they are in possession of one, the user has the right to request the erasure of their personal account by following the procedure below:
The user must send an email to the data controller, stating their account number. The request to erase the data in question will be carried out within 30 working days.
2. The right to data portability
The user has the right to request the transmission of their personal data from the COZIP website to another controller or website. They should follow the procedure below:
The user must lodge a data portability request with the data controller by sending an email to the address mentioned above.
3. Right to restriction of processing and the right to object to the processing of data
The user has the right to obtain the restriction of processing or to object to the processing of data concerning them by the website. This request cannot be denied by the website’s data controller unless they are able to demonstrate compelling, legitimate grounds for the processing which override the interests, rights and freedoms of the user.
To obtain the restriction of processing or to object to the processing of data concerning them, the user must follow the procedure below:
The user must lodge a restriction of processing of personal data request with the data controller by sending an email to the address mentioned above.
4. The right not to be subject to a decision based solely on automated processing
In accordance with Regulation (EU) 2016/679, the user has the right not to be subject to a decision based solely on automated processing if the decision produces legal effects concerning them or similarly significantly affects them.
5. The right to define guidelines as to the fate of their data after death
The user is reminded that they can provide instructions relating to what should be done after their death with data concerning them that has already been collected and processed, in accordance with law n°2016-1321 of 7th October 2016.
6. The right to lodge a claim with the competent supervisory authority
In the event that the data controller refuses the user’s request and the user wishes to contest this decision or the user believes that one of the rights mentioned above has been violated, they are within their rights to appeal to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr – the French data protection watchdog) or any competent court.
Article 8 – THE PERSONAL DATA OF MINORS
In accordance with the provisions of article 8 of Regulation (EU) 2016/679 and the French data protection law ‘loi Informatique et Libertés’, minors aged 15 years old or more are able to give consent for the processing of their own data.
If the user is aged under 15 years old, consent must be given by a legal guardian in order for the user’s personal data to be collected and processed.
The site publisher reserves the right to check that the user is over 15 years old or that they have obtained consent from their legal guardian before visiting the website.
The site publisher reserves the right to modify this policy in order to ensure it complies with current legislation.