- 1. Introduction
- 3. How is your personal data collected?
- 4. Type of personal data, purposes and legal basis
- 5. If you neglect to provide personal data
- 6. To whom is this personal data sent?
- 7. Processing of data outside the European Union
- 8. Storage time of your personal data
- 9. Rights of the affected persons
- 10. Exercising these rights
- 11. How is the data kept secure?
- 12. Third party websites
- 13. Cookies
- 14. Contact details
We would like to thank you for using our Website and our online sales services (the "Services") for the products available on our Website (the "Products"). Safeguarding your privacy is our priority, and as such we take protecting your data very seriously.
On this page, you can find information about:
- your personal data that we process;
- why and how we process this data;
- where the data comes from;
- who manages it, and;
- the legal basis on which this processing is carried out.
PALAIS DES THES, a French public limited company with a share capital of €585,296.00, with registered offices at 64, rue vieille du temple, Paris (75003), registered in the Paris Registre du Commerce et des Sociétés [Paris Commercial Register] with the number 339 752 636 ("PALAIS DES THES", "we", "us" or "our"), including our subsidiaries, undertake to protect and respect the privacy of everyone whose personal data we process when providing products and services as part of the PALAIS DES THES brand.
3. How is your personal data collected?
Your personal data is directly collected from you, from your personal account when you use Services or when you contact us, for example.
You can also leave reviews about our Products on the Website. Leaving a review does not require any personal data to be collected, just a pseudonym and your opinion are required. However, you can decide to give us your personal data if you want to.
Technical information (such as your IP address, browser information, etc.) are also sent to PALAIS DES THES, by your device when you use the Website.
4. Type of personal data, purposes and legal basis
By "Personal data", we mean any information concerning a person from which said person may be identified directly or indirectly. This does not include data in which your identity has been removed (anonymised data).
- type of Personal data concerning you, which we use and store;
- the purposes for which this Personal data is collected;
- legal basis on which processing is carried out.
The persons affected by processing are visitors to the website and Website Users.
PALAIS DES THES collects your Personal data, for example when you make an order, create a User Account, you sign up for our newsletter or to our Théophile programme or you contact our customer service department.
PALAIS DES THES may also collect your Personal data when you use or view the Website via your browser's cookies.
If you are a User, the personal data collected by PALAIS DES THES are as follows:
- personal records;
- surname, forename;
- date of birth;
- email address;
- company name (optional);
- telephone number;
- postal address;
- delivery address if this is different from the address provided, surname and forename of the recipient;
- any other information provided by the User while they use the Website (for example, your preferences).
PALAIS DES THES also collects information about your browsing activities on the Website, for example:
- the type of device you are using (smartphone, computer, tablet, etc.);
- your device's operating system;
- your internet service provider;
- the browser you use;
- your device's IP address;
- your device's geolocation;
- your language preferences.
The following are the processing purposes for which we collect your Personal data, with the associated legal basis for processing:
|Purpose||Legal basis for processing|
6. To whom is this personal data sent?
Access to your Personal data is strictly limited to:
- authorised PALAIS DES THES employees, owing to their role, who are required to maintain the confidentiality of your data;
- PALAIS DES THES subcontractors who are obligated by contract to perform tasks to ensure the Website and its Services function properly, such as the cloud storage of the Website and of your Personal data, online payments, Product deliveries, etc.
While performing their services, PALAIS DES THES subcontractors shall act in accordance with the provisions of the GDPR.
PALAIS DES THES may share your Personal data with legal authorities, independent administration authorities or any other organisation required by law.
Unless explicitly outlined herein, we will never share, sell or loan your personal data to a third party without informing you and/or obtaining your consent. If you gave us your consent for us to use your information in a particular way, but you change your mind afterwards, you should contact us and we will stop doing so.
7. Processing of data outside the European Union
PALAIS DES THES will not transfer any Personal data outside the EEA, to countries for which the European Commission has not made a decision regarding adequacy as stipulated in article 45 of the GDPR, or for which no standard contractual clauses have been adopted by the European Commission.
8. Storage time of your personal data
We will only store your Personal data for the time needed for the purposes for which we have collected it, including to fulfil any legal or fiscal requirements.
To determine a suitable storage period for Personal data, we consider the quantity, nature and sensitivity of personal Data, the risk of potential damages arising from unauthorised use or disclosure of your Personal data, the purposes for which we process your Personal data, and the potential for achieving these aims by other means, as well as any applicable legal requirements.
For Website User's Personal data, we store Personal data for the following periods:
- claims, questions, complaints: 3 years after a claim, question or complaint has been resolved;
- contact form: 3 years after your request;
- signing up to a newsletter: until the Person unsubscribes;
- creating an account: until your account is deleted.
After the deadline has passed, the data is either deleted or stored after being anonymised, such as for statistical purposes. This data may be stored in the event of pre-litigation or litigation procedures. As a reminder, deletion and anonymisation are both irreversible, and as such PALAIS DES THES is unable to restore this data.
9. Rights of the affected persons
As an Affected person, you have various rights. These rights are not absolute, and each of these rights is subject to certain conditions in accordance with the GDPR, and to Regulations more broadly.
- right to rectification - you may ask us to take action to correct your Personal data if it is inaccurate or incomplete (for example, if we have the wrong name or the wrong address).
- right to erasure - also known as the "right to be forgotten", put simply, this right allows you to request that your Personal data be erased or deleted when, for example, there is no overriding reason to continue using it or it is illegal to use it. This is however not a general right to erasure and there are some exceptions, for example when we need to use the information in our defence in a court case or in order to comply with a legal requirement.
- right to restrict processing - you have the right to "block" or prevent the subsequent use of your Personal data when we assess a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your Personal data, but we can no longer use it.
- right to data portability - you have the right to obtain and to reuse certain Personal data for your own needs from various companies (that are different data processors). This only applies to the Personal data that you have sent to us, that we process with your consent for the purposes of fulfilling this contract and that are processed automatically. In this case, we will provide you with a copy of your data in an organised,commonly used and machine-readable format, or (when technologically possible) we may directly send your data to another Processor.
- the right to object - you have the right to oppose certain types of processing, for reasons connected to your specific situation, at any time, provided that this processing is performed for the legitimate interests of PALAIS DES THES. We will be authorised to continue processing Personal data if we can demonstrate that the processing is justified for overriding and legitimate reasons which prevail over your interests, your rights and freedoms, or if we need this data to start or continue legal action, or defend ourselves in court. If you oppose the processing of your Personal data for direct marketing purposes, we will no longer process your Personal data for these purposes.
- right to withdraw your consent - when we process your Personal data based on your consent. You have the right to withdraw your consent at any time. However, this withdrawal does not affect the legality of the processing that took place before this withdrawal.
- the right to send us orders regarding the use of your Personal data after your death - in France, you have the right to provide us with instructions about the management (for example, storage, erasure and disclosure) of your data after your death. You may modify or revoke your instructions at any time
10. Exercising these rights
All requests will be processed within the time period stipulated by applicable legislation. However, please note that certain Personal data may be exempt from these requests in certain situations, such as if PALAIS DES THES has to continue to process your Personal data for its legitimate interests or in order to comply with a legal requirement.
Exercising your right of access (or any other right) will not lead to any costs. Sometimes, we cannot grant your request if it is manifestly unfounded or excessive.
If you are not satisfied with our response to your claim or if you think that the processing of your Personal data does not comply with applicable data protection legislation, you can lodge a complaint with the competent data protection oversight authority. The Commission Informatique et Libertés [French Data Protection Agency] ("CNIL") is the data protection authority governing PALAIS DES THES' data protection activities.
We may need to ask you for specific information to help us to confirm your identity and ensure your right of access to this information (or to exercise your other rights). This is an appropriate security measure to ensure that your Personal data is not disclosed to someone who is not entitled to receive it.
11. How is the data kept secure?
PALAIS DES THES ensures that Personal data is processed securely and with full confidentiality, including when some operations are carried out by subcontractors. As such, technical and organisational measures have been adopted to prevent the loss, misuse, alteration and deletion of your Personal data. These measures have been designed to match the sensitivity of the processed data and the risk presented by processing. We have implemented procedures to deal with any attempted data security breaches and we will inform you of any attempted breach, along with any competent oversight authority, when we are legally required to do so.
Unfortunately, the security of internet data transfers, as well as of data storage systems, cannot be 100% guaranteed. If you have any reason to believe that your interactions with us are no longer secure (for example, if you think that the security of your account with us is compromised), please inform us immediately using the contact details above.
12. Third party websites
In addition, PALAIS DES THES is not responsible for hyperlinks that link to the Website that may be included in third party websites, even if PALAIS DES THES has authorised the publisher of these third party sites to include these links.
"Cookies" are small text files which often include unique user IDs, and which are sent by web servers to web browsers to then be sent back to the server every time the browser requests to view a page from the server.
Cookies are very useful as they help websites to recognise you, to allow you to connect to a website when you visit a specific page, to provide a secure connection to a website and to improve your user experience through increased ease of browsing and/or by adapting a page's consent to your interests.
When prior consent is required for their use, the consent validity period for cookies is 6 months. At the end of this period, we will ask you for your consent again.
The cookies we send to your device as Website operators are called "internal cookies". The cookies sent to our Website and/or our application by third parties are called "third party cookies". Third party cookies send third party characteristics or features to or via a website (for example, advertising, interactive or analytical content). Those who create these third party cookies may collect some of your personal information and recognise your device both when you visit this website and other websites.
An audience measurement cookies that does not require consent lasts for 13 months. In addition, we store information collected via these cookies for a maximum period of 25 months, in accordance with applicable regulations.
The following types of cookies are used by our Website:
- Technical cookies:
These cookies help you to navigate our Website and to use its features more effectively. These cookies also help our Website to remember your previous activities during the same browser session.
- Functional cookies :
These cookies help our Website to remember the choices you make when you visit your Website, so that we can offer you improved, more personalised features.
- Social media cookies:
These cookies are used to display or share our content with other people on social networks such as Facebook, Twitter, LinkedIn, Pinterest, Instagram, etc. Even if you do not use these buttons or sharing applications, social media websites may still track your browsing activity on the Website if your account or your session is active on your device at that time.
- Analytical cookies:
These cookies are used by us or by third party service providers to analyse the use and performance of our Website. We also use Google Analytics cookies to obtain web analytics data. Google Analytics collects information about how you interact with our Website, including information about the pages you visit and how long you spend on our Website.
- Google Analytics :
Google Analytics is a web analytics service offered by Google which monitors and reports website traffic. Google uses the data it collects to monitor and verify how our service is used. This data is shared with other Google services. Google may use the collected data to contextualise and personalise advertising in its own advertising network.
- Statistics cookies:
These cookies provide us with statistics, as well as traffic and use volumes for the various areas that make up our website and app (sections and contents visited, browsing patterns, time spent on the website), which helps us make our services more interesting and user-friendly.
- Advertising cookies:
These cookies are used to show you adverts or to send you information to match your interests in connection with how you use the website and the application while you are browsing other websites and applications online. These are also used to limit the number of times you see an advert and to help measure how effective an advertising campaign is. These cookies are mainly used by advertising agencies and we are not always in control of how they are used.
When you first visit our Website, you will be asked for your consent for us to use your data using cookies by an information banner that will appear at the bottom of the page.
Using the buttons "Accept all" and "Reject all", you will be able to accept or reject all of the cookies we would send to your computer or your device (including targeted advertising cookies, some audience measurement cookies and social media cookies created by "share" buttons when these collect personal data). Nevertheless, a third "Personalise" button will also appear on this banner, and you can use it to see a list of the categories of cookies used and to choose whether or not to consent to each of these.
Each browser offers different cookie management settings. These are generally found in the help menu of each browser.
- Firefox :
Click the menu button and select "Settings".
Select the "Privacy and Security" panel.
In the "History" drop-down box, select the option "Use custom settings for history".
Untick the boxes "remember browsing and download history" and "remember search and form history".
The changes you made will be automatically saved.
- Internet Explorer :
Click on the "tools" button, then on "Internet Options".
Click on the "Privacy" tab, then on "Advanced" under the "Settings" section. Here you can accept or block first and third party cookies. Click OK when you have made your choice.
- Google Chrome :
Select the Chrome menu icon.
Near the bottom of the list, select "Settings".
In the "Security and Privacy" section, select "Cookies and other site data".
Select "Block all cookies".
This change will automatically be applied.
- Safari :
Go to "Settings" > "Safari" > "Privacy & Security" > "Block All Cookies".
Then click "Block All Cookies".
In addition, if you wish to block the use of analytical cookies and/or advertising and retargeting cookies, both of which are provided by our third party service providers, please visit the following URL to stop the use of these cookies.
Google Analytics: cookies opt-out
Description of cookies and their purposes:
- Google Analytics _ga ;
- Google Analytics _gid. These cookies are used to distinguish users. [https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage] ;
- Google Analytics _gat. These cookies are used to reduce the number of requests. However, if Google Analytics is implemented using Google Tag Manager, this cookies will be called: _dc_gtm_. [https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage].
Google Analytics is a web analytics service provided by Google LLC ("Google"). In general, the information about the way you use the Website that is created by cookies is sent to a Google sever in the United States, where it is stored.
Google will use this information for our own purposes to analyse how you use the Website, to compile Website activity reports and to provide us with additional services covering the use of the Website and of the internet in general. The IP address sent to Google Analytics by your browser will not be added to other Google data.
You may reject the use of Website usage data created by these cookies (such as your IP address) as well as the processing of this data by Google, by downloading and installing the plug-in available on your browser using the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB
14. Contact details