Privacy Policy

Last update : 31/05/2021

Introduction

Welcome to our "Privacy policy" page for the e-commerce website published by the company PALAIS DES THES, which can be accessed at www.palaisdesthes.com (the "Website").

We would like to thank you for using our Website and our online sales services (the "Services") for the products available on our Website (the "Products"). Safeguarding your privacy is our priority, and as such we take protecting your data very seriously.

On this page, you can find information about:

  • your personal data that we process;
  • why and how we process this data;
  • where the data comes from;
  • who manages it, and;
  • the legal basis on which this processing is carried out.

PALAIS DES THES, a French public limited company with a share capital of €585,296.00, with registered offices at 64, rue vieille du temple, Paris (75003), registered in the Paris Registre du Commerce et des Sociétés [Paris Commercial Register] with the number 339 752 636 ("PALAIS DES THES", "we", "us" or "our"), including our subsidiaries, undertake to protect and respect the privacy of everyone whose personal data we process when providing products and services as part of the PALAIS DES THES brand.

PALAIS DES THES is the personal data processor (the "Processor"). This means that we decide how we store and use your personal data. Pursuant to the GDPR, we are required to give you all the information within the Privacy Policy.

On this page, we would like to explain to you how we process your personal data and how we respect your integrity in accordance with Regulation (EU) 2016/679, otherwise known as the General Data Protection Regulation ("GDPR"), with French law no. 78-17, Known as the "loi informatique et libertés" [French Data Protection Act] ("LIL") as well as with all the guidelines and recommendations from the competent bodies and authorities, (together referred to as the "Regulations"). We recommend that you read this Privacy Policy. It should provide you with all the information you need before you take any decisions.

If you have any questions about this Privacy Policy or about your personal data in general, please contact us at rgpd@palaisdesthes.com.

2. Which people are affected by this privacy policy?

The processing carried out by PALAIS DES THES through the website affects visitors to the site and Website Users who wish to buy Products or use Services (the "persons affected").

3. How is your personal data collected?

Your personal data is directly collected from you, from your personal account when you use Services or when you contact us, for example.

You can also leave reviews about our Products on the Website. Leaving a review does not require any personal data to be collected, just a pseudonym and your opinion are required. However, you can decide to give us your personal data if you want to.

Technical information (such as your IP address, browser information, etc.) are also sent to PALAIS DES THES, by your device when you use the Website.

4. Type of personal data, purposes and legal basis

By "Personal data", we mean any information concerning a person from which said person may be identified directly or indirectly. This does not include data in which your identity has been removed (anonymised data).

Below you will find an overview of the different types of persons affected by Privacy Policy, as well as the:

  • type of Personal data concerning you, which we use and store;
  • the purposes for which this Personal data is collected;
  • legal basis on which processing is carried out.
4.1 Types of persons affected

The persons affected by processing are visitors to the website and Website Users.

4.2 Types of personal data

PALAIS DES THES collects your Personal data, for example when you make an order, create a User Account, you sign up for our newsletter or to our Théophile programme or you contact our customer service department.

PALAIS DES THES may also collect your Personal data when you use or view the Website via your browser's cookies.

If you are a User, the personal data collected by PALAIS DES THES are as follows:

  • personal records;
  • surname, forename;
  • date of birth;
  • email address;
  • company name (optional);
  • telephone number;
  • postal address;
  • delivery address if this is different from the address provided, surname and forename of the recipient;
  • any other information provided by the User while they use the Website (for example, your preferences).

PALAIS DES THES also collects information about your browsing activities on the Website, for example:

  • the type of device you are using (smartphone, computer, tablet, etc.);
  • your device's operating system;
  • your internet service provider;
  • the browser you use;
  • your device's IP address;
  • your device's geolocation;
  • your language preferences.
4.3 Purposes and legal basis of processing

The following are the processing purposes for which we collect your Personal data, with the associated legal basis for processing:

PurposeLegal basis for processing
  • To ensure the Website functions properly (including processing questions and requests sent via our contact form)
  • Our legitimate interest: management of services
  • Fulfilling orders and delivering requested Product(s)
  • Fulfilment of the sales contract (general business conditions)
  • Carrying out the services of the Théophile loyalty programme
  • Fulfilment of the sales contract (general business conditions - Théophile programme)
  • Processing the publication of online reviews
  • Your consent (spontaneous opinion)
  • Carrying out the creation, personalisation and management of your User Account, and ensuring it is secure
  • Our legitimate interest: management of the User Account
  • To allow you to access the Website and to use it (cookies)
  • Our legitimate interest: strictly necessary cookies to provide services you have explicitly requested
  • To store information about your preferences and allow us to personalise the Website based on your interests (cookies)
  • Your consent (cookies)
  • To prepare reports and compile statistics in order to improve our Products and Services (cookies)
  • Your consent (cookies)
  • To store the Personal data required to be able to meet legal obligations and manage requests for data from competent authorities
  • To meet our legal or regulatory obligations
  • To send marketing material about our Products or Services (such as newsletters containing the latest information from the PALAIS DES THES brand)
  • Your consent if you are a customer and our legitimate interest if you are a company: to grow our business
  • Management of complaints and claims
  • Fulfilment of the sales contract (general business conditions)

5. If you neglect to provide personal data

If you choose not to provide the Personal data that we request, we may not be able to provide you with the Products and/or Services that you have requested or fulfil the purposes for which we have requested the Personal data.

6. To whom is this personal data sent?

Access to your Personal data is strictly limited to:

  • authorised PALAIS DES THES employees, owing to their role, who are required to maintain the confidentiality of your data;
  • PALAIS DES THES subcontractors who are obligated by contract to perform tasks to ensure the Website and its Services function properly, such as the cloud storage of the Website and of your Personal data, online payments, Product deliveries, etc.

While performing their services, PALAIS DES THES subcontractors shall act in accordance with the provisions of the GDPR.

PALAIS DES THES may share your Personal data with legal authorities, independent administration authorities or any other organisation required by law.

Both contractually and by statute, the third parties with whom we share your personal data may only use your personal data for the specific purposes we have outlined. We will do all we can to ensure that the third parties with whom we share your personal data are subject to privacy and security requirements in accordance with this privacy policy and with applicable legislation. We only allow these third parties to process your personal data for specific purposes in accordance with our instructions.

Unless explicitly outlined herein, we will never share, sell or loan your personal data to a third party without informing you and/or obtaining your consent. If you gave us your consent for us to use your information in a particular way, but you change your mind afterwards, you should contact us and we will stop doing so.

7. Processing of data outside the European Union

PALAIS DES THES will not transfer any Personal data outside the EEA, to countries for which the European Commission has not made a decision regarding adequacy as stipulated in article 45 of the GDPR, or for which no standard contractual clauses have been adopted by the European Commission.

8. Storage time of your personal data

We will only store your Personal data for the time needed for the purposes for which we have collected it, including to fulfil any legal or fiscal requirements.

To determine a suitable storage period for Personal data, we consider the quantity, nature and sensitivity of personal Data, the risk of potential damages arising from unauthorised use or disclosure of your Personal data, the purposes for which we process your Personal data, and the potential for achieving these aims by other means, as well as any applicable legal requirements.

For Website User's Personal data, we store Personal data for the following periods:

  • claims, questions, complaints: 3 years after a claim, question or complaint has been resolved;
  • contact form: 3 years after your request;
  • signing up to a newsletter: until the Person unsubscribes;
  • creating an account: until your account is deleted.

After the deadline has passed, the data is either deleted or stored after being anonymised, such as for statistical purposes. This data may be stored in the event of pre-litigation or litigation procedures. As a reminder, deletion and anonymisation are both irreversible, and as such PALAIS DES THES is unable to restore this data.

9. Rights of the affected persons

As an Affected person, you have various rights. These rights are not absolute, and each of these rights is subject to certain conditions in accordance with the GDPR, and to Regulations more broadly.

  • right of access - you have the right to obtain confirmation from us about whether or not your Personal data is being processed by us, as well as some other information (similar to the information in this Privacy Policy) regarding the way this data is used. You also have the right to access your Personal data, by asking for a copy of your Personal data. This makes it possible for you to verify that we are using your information in accordance with data protection laws. We may refuse to provide information when this could reveal another person's Personal data or negatively affect another person's rights.
  • right to rectification - you may ask us to take action to correct your Personal data if it is inaccurate or incomplete (for example, if we have the wrong name or the wrong address).
  • right to erasure - also known as the "right to be forgotten", put simply, this right allows you to request that your Personal data be erased or deleted when, for example, there is no overriding reason to continue using it or it is illegal to use it. This is however not a general right to erasure and there are some exceptions, for example when we need to use the information in our defence in a court case or in order to comply with a legal requirement.
  • right to restrict processing - you have the right to "block" or prevent the subsequent use of your Personal data when we assess a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your Personal data, but we can no longer use it.
  • right to data portability - you have the right to obtain and to reuse certain Personal data for your own needs from various companies (that are different data processors). This only applies to the Personal data that you have sent to us, that we process with your consent for the purposes of fulfilling this contract and that are processed automatically. In this case, we will provide you with a copy of your data in an organised,commonly used and machine-readable format, or (when technologically possible) we may directly send your data to another Processor.
  • the right to object - you have the right to oppose certain types of processing, for reasons connected to your specific situation, at any time, provided that this processing is performed for the legitimate interests of PALAIS DES THES. We will be authorised to continue processing Personal data if we can demonstrate that the processing is justified for overriding and legitimate reasons which prevail over your interests, your rights and freedoms, or if we need this data to start or continue legal action, or defend ourselves in court. If you oppose the processing of your Personal data for direct marketing purposes, we will no longer process your Personal data for these purposes.
  • right to withdraw your consent - when we process your Personal data based on your consent. You have the right to withdraw your consent at any time. However, this withdrawal does not affect the legality of the processing that took place before this withdrawal.
  • the right to send us orders regarding the use of your Personal data after your death - in France, you have the right to provide us with instructions about the management (for example, storage, erasure and disclosure) of your data after your death. You may modify or revoke your instructions at any time

10. Exercising these rights

If you have any questions about this Privacy Policy, the way in which we process your Personal data or if you wish to exercise one of your rights, please contact our specific department at the following email address: rgpd@palaisdesthes.com.

All requests will be processed within the time period stipulated by applicable legislation. However, please note that certain Personal data may be exempt from these requests in certain situations, such as if PALAIS DES THES has to continue to process your Personal data for its legitimate interests or in order to comply with a legal requirement.

Exercising your right of access (or any other right) will not lead to any costs. Sometimes, we cannot grant your request if it is manifestly unfounded or excessive.

If you are not satisfied with our response to your claim or if you think that the processing of your Personal data does not comply with applicable data protection legislation, you can lodge a complaint with the competent data protection oversight authority. The Commission Informatique et Libertés [French Data Protection Agency] ("CNIL") is the data protection authority governing PALAIS DES THES' data protection activities.

We may need to ask you for specific information to help us to confirm your identity and ensure your right of access to this information (or to exercise your other rights). This is an appropriate security measure to ensure that your Personal data is not disclosed to someone who is not entitled to receive it.

11. How is the data kept secure?

PALAIS DES THES ensures that Personal data is processed securely and with full confidentiality, including when some operations are carried out by subcontractors. As such, technical and organisational measures have been adopted to prevent the loss, misuse, alteration and deletion of your Personal data. These measures have been designed to match the sensitivity of the processed data and the risk presented by processing. We have implemented procedures to deal with any attempted data security breaches and we will inform you of any attempted breach, along with any competent oversight authority, when we are legally required to do so.

Unfortunately, the security of internet data transfers, as well as of data storage systems, cannot be 100% guaranteed. If you have any reason to believe that your interactions with us are no longer secure (for example, if you think that the security of your account with us is compromised), please inform us immediately using the contact details above.

12. Third party websites

The Website may contain links to other websites used by third parties. Please note that this Privacy Policy only applies to the Personal data collected by PALAIS DES THES. We are not responsible for the Personal data that third parties may collect, save and use on their own websites. We recommend that you carefully read the privacy policy of each website before you visit it.

In addition, PALAIS DES THES is not responsible for hyperlinks that link to the Website that may be included in third party websites, even if PALAIS DES THES has authorised the publisher of these third party sites to include these links.

13. Cookies

13.1 What are cookies?

"Cookies" are small text files which often include unique user IDs, and which are sent by web servers to web browsers to then be sent back to the server every time the browser requests to view a page from the server.

Cookies are very useful as they help websites to recognise you, to allow you to connect to a website when you visit a specific page, to provide a secure connection to a website and to improve your user experience through increased ease of browsing and/or by adapting a page's consent to your interests.

13.2 How are cookies used?

When prior consent is required for their use, the consent validity period for cookies is 6 months. At the end of this period, we will ask you for your consent again.

The cookies we send to your device as Website operators are called "internal cookies". The cookies sent to our Website and/or our application by third parties are called "third party cookies". Third party cookies send third party characteristics or features to or via a website (for example, advertising, interactive or analytical content). Those who create these third party cookies may collect some of your personal information and recognise your device both when you visit this website and other websites.

An audience measurement cookies that does not require consent lasts for 13 months. In addition, we store information collected via these cookies for a maximum period of 25 months, in accordance with applicable regulations.

The following types of cookies are used by our Website:

  • Technical cookies:
    These cookies help you to navigate our Website and to use its features more effectively. These cookies also help our Website to remember your previous activities during the same browser session.
  • Functional cookies :
    These cookies help our Website to remember the choices you make when you visit your Website, so that we can offer you improved, more personalised features.
  • Social media cookies:
    These cookies are used to display or share our content with other people on social networks such as Facebook, Twitter, LinkedIn, Pinterest, Instagram, etc. Even if you do not use these buttons or sharing applications, social media websites may still track your browsing activity on the Website if your account or your session is active on your device at that time.
  • Analytical cookies:
    These cookies are used by us or by third party service providers to analyse the use and performance of our Website. We also use Google Analytics cookies to obtain web analytics data. Google Analytics collects information about how you interact with our Website, including information about the pages you visit and how long you spend on our Website.
  • Google Analytics :
    Google Analytics is a web analytics service offered by Google which monitors and reports website traffic. Google uses the data it collects to monitor and verify how our service is used. This data is shared with other Google services. Google may use the collected data to contextualise and personalise advertising in its own advertising network.
    You may refuse to make your activity data available to Google Analytics by installing the Google Analytics opt-out browser add-on. This add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing browsing activity information with Google Analytics. For more information about Google's privacy practices, please see the web page covering Google's privacy policy: https://policies.google.com/privacy?hl=en.
  • Statistics cookies:
    These cookies provide us with statistics, as well as traffic and use volumes for the various areas that make up our website and app (sections and contents visited, browsing patterns, time spent on the website), which helps us make our services more interesting and user-friendly.
  • Advertising cookies:
    These cookies are used to show you adverts or to send you information to match your interests in connection with how you use the website and the application while you are browsing other websites and applications online. These are also used to limit the number of times you see an advert and to help measure how effective an advertising campaign is. These cookies are mainly used by advertising agencies and we are not always in control of how they are used.
13.3 How to block the use of cookies

There are two ways to refuse cookies.

When you first visit our Website, you will be asked for your consent for us to use your data using cookies by an information banner that will appear at the bottom of the page.

Using the buttons "Accept all" and "Reject all", you will be able to accept or reject all of the cookies we would send to your computer or your device (including targeted advertising cookies, some audience measurement cookies and social media cookies created by "share" buttons when these collect personal data). Nevertheless, a third "Personalise" button will also appear on this banner, and you can use it to see a list of the categories of cookies used and to choose whether or not to consent to each of these.

However, if you wish to reject the use of every type of cookie on a website, you can do this by changing your browser's settings to block the use of cookies. Please note that if you block the use of cookies using your browser's settings, you may not be able to view all or part of that website, including our Website.

Each browser offers different cookie management settings. These are generally found in the help menu of each browser.

  • Firefox :
    Click the menu button and select "Settings".
    Select the "Privacy and Security" panel.
    In the "History" drop-down box, select the option "Use custom settings for history".
    Untick the boxes "remember browsing and download history" and "remember search and form history".
    The changes you made will be automatically saved.
  • Internet Explorer :
    Click on the "tools" button, then on "Internet Options".
    Click on the "Privacy" tab, then on "Advanced" under the "Settings" section. Here you can accept or block first and third party cookies. Click OK when you have made your choice.
  • Google Chrome :
    Select the Chrome menu icon.
    Near the bottom of the list, select "Settings".
    In the "Security and Privacy" section, select "Cookies and other site data".
    Select "Block all cookies".
    This change will automatically be applied.
  • Safari :
    Go to "Settings" > "Safari" > "Privacy & Security" > "Block All Cookies".
    Then click "Block All Cookies".

Please note that if you block the use of cookies using your browser's settings, you may not be able to view all or part of the website, including our Website.

In addition, if you wish to block the use of analytical cookies and/or advertising and retargeting cookies, both of which are provided by our third party service providers, please visit the following URL to stop the use of these cookies.

Google Analytics: cookies opt-out

Description of cookies and their purposes:

  • Google Analytics _ga ;
  • Google Analytics _gid. These cookies are used to distinguish users. [https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage] ;
  • Google Analytics _gat. These cookies are used to reduce the number of requests. However, if Google Analytics is implemented using Google Tag Manager, this cookies will be called: _dc_gtm_. [https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage].

Google Analytics is a web analytics service provided by Google LLC ("Google"). In general, the information about the way you use the Website that is created by cookies is sent to a Google sever in the United States, where it is stored.

Google will use this information for our own purposes to analyse how you use the Website, to compile Website activity reports and to provide us with additional services covering the use of the Website and of the internet in general. The IP address sent to Google Analytics by your browser will not be added to other Google data.

You may reject the use of Website usage data created by these cookies (such as your IP address) as well as the processing of this data by Google, by downloading and installing the plug-in available on your browser using the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB

14. Contact details

If you have any other questions or comments about your Privacy Policy, please contact us at the following address: rgpd@palaisdesthes.com.

15. Changing this privacy policy

PALAIS DES THES may periodically change this Privacy Policy to match the way our practices in this area change. When we change this Privacy Policy, we will also change the "last updated" date at the top of the first page. We recommend that you regularly check this Privacy Policy to stay up to date with the way PALAIS DES THÉS protects your personal data.

Log In