Astro Zodiaque ® , (“ Astro Zodiaque ® , ” “we,” “us” or “our”) will process your personal data during your visits to our site and when you use the services provided on it or during your purchases of products in our stores.
The processing of personal data is governed: - on the one hand, by Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms (hereinafter “IEL law”); - on the other hand, by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, which entered into force on May 25, 2018.
As part of this Confidentiality Charter, we undertake to respect the following three essential principles: - we only collect the data strictly necessary for their purpose, - you remain in control of your personal data; - your data is processed transparently, confidentially and securely.
WHAT PERSONAL DATA DO WE PROCESS?
We collect personal data when (i) you purchase clothing, accessories, jewelry, (ii) you subscribe to the newsletter, invitations and offers, (iii) you request support and (iv ) when you browse our website. This personal data includes your name, email address, telephone number, delivery address, payment details, IP address, website behavior and other personal information that you voluntarily provide to us. If we issue a gift card (or other product) purchased by someone other than you, we process your contact details as provided by the buyer.
PURPOSE, LEGAL BASIS AND STORAGE PERIOD
We will use your personal data exclusively for the purposes and on the legal grounds set out below. We will not use your personal data for any purpose incompatible with those set out below. Furthermore, we will only use your personal data for the period indicated under “Retention period”, once this period has expired your personal data will be deleted.
Purpose of processing : When you purchase clothing, accessories, jewelry, we process your personal data to fulfill our contractual obligations towards you (see the Conditions of Use). Our purchase form identifies the information you must provide to enable us to complete your order.
Retention period : We will process your personal data for the duration of our contract, after this period we will erase your personal data. This retention period also applies to an unsuccessful purchase due to lack of sufficient funds in your account.
If you purchase a gift card, we process your personal data as described in the “Purchases” section above. If you receive a gift card (or other product) purchased by someone else, we process your personal data as described above.
Purpose of processing : When you receive a gift card, we process your personal data to fulfill our contractual obligations to the purchaser of the card and to be able to enable you to use it to purchase our products.
Legal basis for processing : This processing is necessary for (i) our legitimate interest in fulfilling our contractual obligations to the purchaser of the gift card and (ii) our and your legitimate interest in enabling you to make purchases with your card -gift.
Retention period : We will process your personal data during the validity period of the gift card, then we will delete your personal data. The validity period of gift cards varies, you can find information on the period applicable to your gift card on the card.
Purpose of processing : When you subscribe to the newsletter, invitations and offers (direct marketing), we process your personal data for the purpose of providing you with the requested services. Our direct marketing is based on profiling, which means that we will personalize the information you provide to us based on certain factors. We use the following type of personal data to establish a profile: your gender, your geographic location, your previous purchases, your behavior on the site and/or your previous behavior when receiving direct marketing messages from us.
Legal basis for processing : This processing is necessary to meet our legitimate interests in maintaining good relations with our customers.
Retention period : If you decide to terminate or unsubscribe from our marketing communications (including profiling), we will stop processing your personal data for this purpose. We will also erase your personal data unless there is another legal reason to keep your data (including a valid purchase contract).
COMPETITIONS AND EVENTS
Purpose of processing : If you participate in a competition or event organized by us, we will process your personal data in order to be able to communicate with you (i) before or after participation in the competition or event (ii) to for identification and age verification purposes or (iii) to elect a winner and distribute the corresponding prize or benefit.
Legal basis for processing : Personal data is necessary for the legitimate interest we have in managing your participation in competitions or events.
Retention period : We will only retain your personal data during the competition or event (including for possible evaluation thereof).
Purpose of processing : When you request support via our live chat or one of our other support services, we process your personal data to be able to respond to your request.
Retention period : We will delete your data within six months after resolving the problem in question.
REMINDER YOUR ORDER
Purpose of processing : If you have initiated a purchase procedure on our website and have provided us with your e-mail address as part of this purchase procedure without having finalized it, we will send you an e-mail containing a link to your basket to remind you that you have not finalized your purchase.
Legal basis for processing : This processing is necessary for the satisfaction of our and your legitimate interest in remembering that you have not completed your purchase.
Retention period : We will delete your personal data within one month of recalling your order, unless there is another legal reason to retain your data (including a valid purchase contract).
Purpose of processing : When you browse our website, we process your personal data to improve our website and for commercial purposes.
Legal basis for processing : This processing is necessary for our legitimate interests in improving our website and for retargeting advertising.
Purpose of processing : We process your personal data for the purposes of carrying out risk analysis, fraud prevention and risk management.
Legal basis for processing : This processing is necessary for our legitimate interests in preventing fraud and managing risks.
Retention period : We will delete your personal data used for this purpose every six months, unless there is another legitimate interest in retaining your data. If a purchase is canceled due to fraud prevention, we will erase your personal data two years after the unsuccessful purchase.
Purpose of processing : We will analyze your personal data to compile aggregate tracking data (as well as to analyze visitors' use of our sites by tracking information such as pages viewed, traffic flows, search terms and the number of clicks).
Legal basis for processing : This processing is necessary for the satisfaction of our legitimate interest in being able to compile statistics over time.
Retention period : If technically possible, all tracking data will be anonymized. Once your personal data has been anonymized, it is no longer considered personal data under applicable data protection laws.
Please note that the retention periods stated above do not apply if mandatory legal provisions (e.g. accounting laws) require Astro Zodiac ® to retain your personal data (partially or in full).
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Only persons responsible for processing your personal data for the aforementioned purposes have access to your personal data. We may also have to share your personal data with our group subsidiaries. In addition, we may need to allow our suppliers to access your personal data when they provide services on our behalf, in particular in connection with the provision of IT systems support and maintenance services. , storage and marketing services. Any transfer of data outside the EU/EEA complies with data protection laws. International transfers of personal data (including transfers to our group subsidiaries and suppliers based outside the EU/EEA) comply with the standard contractual clauses of the European Commission. You will find these standard contractual clauses here. Additionally, for transfers to certain of our US-based suppliers, the recipient is certified under the EU-US Privacy Shield maintained by the US Department of International Trade.
All data concerning you is collected only from you, in particular when you subscribe to our newsletter, during your purchases, during your connections or even during our various exchanges (online requests, invitations, letters, etc.). When you register or order, you fill out various forms and communicate various personal data about yourself to benefit from all the services offered by Astro Zodiaque ® . When this is necessary with regard to the Data Protection Act, we undertake, depending on the case, to obtain your consent and/or allow you to object to the use of your data for certain purposes.
In accordance with applicable laws, you have the following rights:
The right of access (article 15 of the GDPR) : you can request access to your personal data at any time. Upon request, we will provide you with a copy of your personal data in a commonly used electronic format.
The right to rectification (article 16 of the GDPR) : you are authorized to obtain rectification of erroneous and incomplete personal data.
The right to block or erase (“right to be forgotten”) of your personal data (article 17 of the GDPR): in certain circumstances (including processing based on your consent), you can ask us to delete your user data. when they are inaccurate, incomplete, equivocal, out of date, or the collection, use, communication or retention of which is prohibited.
Please note that this right is not unconditional. Therefore, a desire to invoke this right may not result in action on our part.
The right to withdraw your consent at any time (article 13-2 c of the GDPR) .
The right to object (article 21 of the GDPR) : certain processing activities of your personal data carried out by our services, such as the processing of your personal data based on our legitimate interest. This right to object also applies to the processing of your personal data for direct marketing purposes.
The right to limit processing (article 18 of the GDPR) : you can, in certain circumstances, ask us to limit the processing of your personal data. Please note that this right is not unconditional. Therefore, a desire to invoke this right may not result in action on our part.
The right to data portability (article 20 of the GDPR) that you have provided, when your data is subject to automated processing based on your consent or on a contract. You are entitled to receive your personal data (or request the direct transfer of your personal data to another data controller) in a structured, commonly used and machine-readable format.
The right to lodge a complaint with the CNIL (article 77 of the GDPR) .
These rights can be exercised by simple request by email to the email address: firstname.lastname@example.org or by post to (postal address to be completed) indicating their contact details (surname, first name, address of a copy of 'a signed identity document) and a legitimate reason when this is required by law (in particular in the event of opposition to processing). In the event of communication of a copy of an identity document to prove your identity, we will keep it for one (1) year or three (3) years, when this communication is made as part of the exercise of a right of opposition.
We implement appropriate technical and organizational security measures to protect your personal data against loss and against access by unauthorized persons, in accordance with the Data Protection Act and the European Data Protection Regulation ( GDPR) and Law No. 2018-133 of February 26, 2018 “carrying out various provisions for adaptation to European Union law in the field of security. » Appropriate security measures taken include establishing secure private links, traceability, disaster recovery and access limitations. We regularly review our security policies and procedures to ensure the security and protection of our systems.
Last updated: October 12, 2020