Protection of personal data

Personal data index 3 - 08/12/2021



You can modify your personal data by sending us an email to rgpd@bambisol.com

*Note what you want to change in the email.

Please note that we follow the regulations adopted by the National Commission for Computing and Liberties (Cnil) from September 17, 2020 through two deliberations: its amended guidelines and its recommendation on cookies and other tracers.

 

BAMBIGROUP

Data protection statement

Thank you for visiting our online store.

BAMBIGROUP attaches particular importance to the protection and confidentiality of your data .

In the following we inform you about the processing of personal data in connection with the services we offer under www.bambisol.fr which incorporates this data protection declaration.

Personal data means all information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR). This includes information such as your name, email address, mailing address or phone number. Information that is not directly associated with your identity, such as the number of users of a website, does not fall into this category.


1 Who is responsible for processing your personal data?

The responsible person (hereinafter referred to as " BAMBIGROUP " or "we") within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations data is:

BAMBIGROUP - 3 rue Georges Cuvier BP 207 - 82000 Montauban France

Email: contact@bambisol.fr

2 Contact details of the data protection officer

You can contact our data protection officer at the following contact details:

Audrey Marlien

13 rue Voltaire

82000 Montauban France

and by e-mail: contact@bambisol.fr

3 Purposes and legal bases of processing and storage period

In the following, we inform you about the different purposes for which we process personal data, the legal basis on which such processing takes place and the duration of data storage.

Insofar as we obtain the consent of the person concerned for the processing of personal data and the processing of their order, we preserve the personal information for a period of 2 years.

We collect the data necessary for the processing of the order placed by the buyer as well as the dispatch of the order, or even for communication with the buyer to inform him of the confirmations of purchase and dispatch of his order. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first interest, the legal basis for the processing is given. by art. 6 para. 1, point f of the GDPR.

The personal data of the person concerned will be kept for as long as the purpose for which they were collected. We do not keep any data on our servers or hard drive and all data is with service providers who are themselves protected

3.1 Data collected by our SHOPIFY technical platform 

Our online store is hosted by the SHOPIFY platform.

Here is the data collected by SHOPIFY:

- Last name and first name of the buyer

- E-mail

- Billing and delivery addresses

- Payment information

- The telephone number if provided

- IP address

- The information of orders initiated

- Connection information (internet browser and connection medium (mobile, computer, etc.)

3.2 The purpose of collecting this information collected by our SHOPIFY technical platform

The data mentioned in the previous paragraph is collected in order to:

- Process the buyer's order

- Analyze risks and fraud attempts

- Allow to identify the customer

- Allow the buyer to track their order and shipment

- Respond to technical support and order-related questions

Shopify may also retain information if the buyer opts into Shopify Pay to pre-populate checkout information. Shopify can also customize and improve the customer experience on a Shopify store by presenting goods and services that may satisfy the visitor.

Shopify uses some of the personal information the customer provides to perform some level of automated decision making - for example, Shopify uses certain personal information (e.g. IP addresses or payment information) to automatically block certain potentially fraudulent transactions for a short period of time. period of time.

 

3.3 When is this personal information collected?

Shopify collects this information when the visitor or buyer uses or accesses a store that uses the Shopify Services, such as when they visit a merchant's site, place an order, or create an account on a merchant's site.

Shopify also collects this information when the buyer chooses Shopify Pay or Shopify Pay to pre-populate payment information.

Additionally, Shopify works with third parties who provide information about merchants' customers, such as to help them weed out merchants associated with fraud.

 

3.4 When and why SHOPIFY shares this information with third parties?

Shopify works with a variety of third parties and service providers to help provide Merchants with the Services, and Shopify may share Personal Information with them to support these efforts.

Shopify may also share information in the following circumstances:

  • to prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the Shopify Terms of Service or any other agreement relating to the Services or otherwise required by law.
  • If the merchant whose store is being visited or accessed invites Shopify to transfer this information (for example, if it authorizes a third-party application that accesses the customer's personal information).
  • Comply with legal requirements, or respond to lawful court orders, subpoenas, warrants, or other requests by public authorities (including to meet national security or law enforcement requirements).
  • Personal Information may also be shared with a business that acquires Shopify's business or that of a merchant whose store is visited or accessed, whether through a merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding.
  • Shopify is responsible for all onward transfers of personal information to third parties pursuant to the EU-US Privacy Shield Framework, the Swiss-US Privacy Shield Framework and the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada.

3.5 Cookies

We keep your choice for 6 months.

In order to make our store work well, when a visitor visits our site, the following cookies are used:

  • _orig_referrer: used when connecting with the shopping cart
  • _secure_session_id: used for store navigation
  • cart: used when connecting with the shopping cart
  • cart_sig: used when ordering
  • cart_ts: used when ordering
  • checkout_token: used when placing an order
  • secret: used when ordering
  • Secure_customer_sig: used when connecting by login
  • storefront_digest: used when connecting by login

The following cookies are used for analysis and statistics:

_landing_page

Trace the landing page on the site

_orig_referrer

Trace the landing page on the site

_s

Shopify statistics

_shopify_fs

Shopify Statistics

_shopify_s

Shopify statistics

_shopify_sa_p

Shopify Marketing and Referral Statistics

_shopify_sa_t

Shopify Marketing and Referral Statistics

_shopify_uniq

Shopify Statistics

_shopify_visit

Shopify Statistics

_shopify_y

Shopify statistics

_y

Shopify Statistics

tracked_start_checkout

Shopify ordering statistics

 

To see the full list of cookies that SHOPIFY uses for the operation of our store, see the following link: https://www.shopify.com/legal/cookies?utm_source=blog&utm_medium=blog&utm_term=923140105&utm_content=gdpr

 

3.6 Newsletter (NewsLetter)

If the visitor or buyer registers for our newsletter, we use his e-mail address for sending the respective newsletter, in which we regularly inform about new products and promotion periods. .

In order to ensure registration for the newsletter, i.e. to prevent unauthorized registration by third parties, we send a confirmation e-mail after initial registration for the newsletter. information using the double Opt-In method, in which we ask to confirm the registration.

The legal basis is your agreement pursuant to Art. 6 para. 1 point 1 GDPR. In connection with his registration for the newsletter, we also store his IP address and the date and time of the registration and confirmation in order to enable us to trace and prove the registration at a later time.

The legal basis for this storage is a legitimate interest under the terms of Art. 6 para. 1, point f of the GDPR, the legitimate interest being the possibility of proving the registration. We keep the email address to send the newsletter until the person unsubscribes or until we stop sending the newsletter.

The newsletters contain pixel tags to enable the statistical evaluation of our newsletter campaigns. This is a thumbnail graphic embedded in the HTML-formatted email, which allows us to determine if and when the reader opened an email and what links were called in the email. The IP address is also transmitted to our servers.

However, we do not store any other personal data. The legal basis for the use of pixel tags is a legitimate interest under the terms of Art. 6 para. 1, point f of the GDPR, the legitimate interest being the evaluation and optimization of our newsletter.

The subscriber may, at any time, object to all BAMBIGROUP newsletters.

 

3.7 Opposition to canvassing

If we receive an objection from you to soliciting advertising, we may include your personal details (name, address, telephone number, fax number, e-mail address) in a block list allowing us to ensure that we do not send more unwanted advertising.

The legal basis is a legitimate interest under the terms of Art. 6 para. 1, point f of the GDPR, where the legitimate interest consists in the fact that we can fulfill our obligations resulting from your opposition to direct marketing. The data will be kept for this purpose until you expressly revoke in writing the objection to direct marketing.

 

3.8 Contact form and e-mail contact

Contact forms that can be used for electronic contact are available on our platforms. By clicking on the "Send" button, you agree that the data entered in the input mask will be transmitted to us. In addition, we store the date and time of your contact. You can also contact us via the email address provided. In this case, the user's personal data transmitted by e-mail and our response will be stored. The personal data voluntarily transmitted to us in this context enables us to process your request and contact you. The legal basis for data transmission is Art. 6 para. 1, point a of the GDPR. We use the data for this purpose until the conversation with you is over. The conversation is over when it can be inferred from the circumstances that the facts in question have finally been clarified.

 

3.9 Facebook Pixel

We use the "Facebook pixel" of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA on our website. Pixel tags are embedded on our pages. When you visit our pages, the pixel tag establishes a direct connection between your browser and the Facebook server.

Facebook receives from your browser, among other things, the information that our page has been called up by your device. If you are a Facebook user, Facebook can associate your visit to our pages with your account. We would like to point out that we as the provider of the pages are not informed of the content of the transmitted data or how it is used by Facebook. We can only choose to which segments of Facebook users (based on age, interests, for example) our advertising should be displayed.

By calling the pixel from your browser, Facebook can also find out how successful a Facebook ad was, i.e. whether it led to an online purchase. This allows us to measure the effectiveness of Facebook ads for statistical and market research purposes.

Please click here if you do not wish your data to be stored via Facebook pixels: https://www.facebook.com/settings?tab=ads#_=_. You can also deactivate the Facebook pixel on the Digital Advertising Alliance page using the following link: http://www.aboutads.info/choices/.

This transmission of data to the United States is permitted under the terms of Art. 45 GDPR, insofar as Facebook has the Privacy Shield certification and offers an adequate level of data protection according to Commission Implementing Decision (EU) 2016/1250 (http://eur-lex.europa.eu /legal-content/FR/TXT/HTML/?uri=CELEX:32016D1250&from=FR). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

The legal basis is a legitimate interest under the terms of Art. 6 para. 1 sentence 1 f GDPR, namely the pursuit of our business purposes, namely the targeted promotion of our services and products.

 

  1. Rights of the data subject

If you process personal data, you are data subject under the terms of the GDPR and you have the following rights vis-à-vis the controller:


5.1 Right to information

You can ask us to confirm whether your personal data will be processed by us.

If such processing has taken place, you can request the following information from us:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if no specific information on this subject is possible, the criteria for determining the storage period;

(5) the existence of a right to rectify or delete your personal data concerning you, a right to limit processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information on the origin of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling in accordance with Art. 22, par. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to ask whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transmission.

This right to information may be limited insofar as it is likely to render impossible or seriously impede the achievement of statistical purposes and the limitation is necessary for the achievement of statistical purposes.

5.2 Right of rectification

You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is incorrect or incomplete. The person responsible will proceed with the rectification without delay.

Your right to rectification may be limited insofar as it is likely to make impossible or seriously impede the achievement of statistical purposes and the limitation is necessary for the achievement of statistical purposes.

5.3 Right to restriction of processing

You can request that the processing of personal data concerning you be limited, under the following conditions:

(1) if you dispute the accuracy of the personal data held about you for a period enabling us to verify the accuracy of the personal data;

(2) if the processing is unlawful and you oppose the erasure of the personal data and instead request that the use of the personal data be restricted;

(3) if we no longer need the personal data for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims, or

(4) if you have objected to the processing pursuant to Art. 21, para. 1 GDPR and it has not yet been established whether our justified reasons outweigh yours.

If the processing of personal data concerning you has been restricted, these data may only be processed – apart from their storage – with your consent or for the purpose of asserting, exercising or defending legal claims or protecting rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, we will inform you before the restriction is lifted.

Your right to restriction may be limited insofar as it is likely to render impossible or seriously impede the achievement of statistical purposes and the restriction is necessary for the achievement of statistical purposes.

5.4 Right to erasure

5.4.1 Obligation to delete

You can ask us to delete personal data about you immediately and we are required to delete such data immediately if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or processed.

(2) You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1, point a or art. 9 para. 2, point a of the GDPR, and the processing is not based on any other legal basis.

(3) You object to the processing pursuant to Art. 21, para. 1 GDPR and there are no compelling legitimate reasons for the processing, or you object to the processing pursuant to Art. 21, para. 2 GDPR.

(4) The personal data concerning you have been unlawfully processed.

(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under European Community law or the law of the Member States to which we are subject.

(6) The personal data concerning you was collected in the context of information society services provided in accordance with Art. 8 para. 1 GDPR.

5.4.2 Information to third parties

If we have made the personal data concerning you public and we are obliged to delete it in accordance with Art. 17, para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the costs of implementation, to inform data controllers who process personal data that you, as a person concerned, have requested the deletion of all links to such personal data or of copies or replications of such personal data.

5.4.3 Exceptions

The right to deletion does not exist insofar as the processing is necessary

(1) to enable the exercise of freedom of expression and information;

(2) in order to enable the performance of a legal obligation required for processing under European Community or Member State law to which the controller is subject or the performance of a task in the public interest or in the the exercise of official authority conferred on the controller;

(3) for reasons of public interest in the field of public health, in accordance with Art. 9 para. 2, points h and i and art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the law referred to in point a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or

(5) In order to assert, exercise or defend legal claims.

5.5 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without our intervention, provided that

(1) processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract in accordance with Art. 6 para. 1, point b GDPR

(2) the processing is carried out using automated methods.

By exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one controller to another, insofar as this is technically possible. The freedoms and rights of other people must not be affected.

The right to portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on us.

5.6 Right to object

You can exercise your right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, pursuant to Article 6, para. 1, point e or f of the GDPR; this also applies to profiling based on these provisions.

We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or to defend legal rights.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing for advertising purposes of the personal data concerning you; this also applies to profiling, insofar as it is associated with this type of direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right to object in connection with the use of information society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

You also have the right to object to the processing of personal data concerning you for statistical purposes, in accordance with Art. 89, s. 1 GDPR, for reasons arising from your particular situation.

Your right to object may be limited insofar as it is likely to make it impossible or seriously impede the achievement of statistical purposes and the limitation is necessary for the achievement of statistical purposes.

5.7 Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

5.8 Automated decision in individual cases, including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – and resulting in legal effects against you or significantly and similarly affecting you. This provision does not apply where the decision

(1) is necessary for the conclusion or performance of a contract between you and the person responsible,

(2) is admissible under European Community or Member State law to which the person responsible is subject and where such law provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests or

(3) is taken with your express consent.

However, these decisions cannot be based on special categories of personal data under the terms of Art. 9 para. 1 GDPR, except where Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in points (1) and (3), we will take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and contest the decision.

5.9 Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have a right of appeal to a supervisory authority, in particular in the Member State in which you reside, work or suspect an infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority with which the complaint was lodged informs the complainant of the status and results of the complaint, including the possibility of a legal remedy under Article 78 of the GDPR.

 

6 Amendment of the data protection declaration; change of purpose

We reserve the right to amend this data protection declaration in accordance with the provisions relating to data protection. You can find the current version here or another easily accessible location on our website or app. If we intend to process your data for other purposes, i.e. those for which it was collected, we will inform you beforehand in accordance with the legal provisions.