Policy on the protection of your personal data
The protection of personal data is governed in France by the General Data Protection Regulation of 27 April 2016, better known as the GDPR, and by the amended Data Protection Act of 6 January 1978.
As data controller, we are committed to protecting the data of our customers and prospects that we process for the purposes of our business. That is why we are committed to complying with the principles and rules applicable to the protection of personal data.
As such, this policy sets out how we collect and process your personal data in order to provide you with new services on a daily basis while respecting your rights.
1. What data do we process?
As part of our business relationship, we process the following Data in particular:
your surname, first names, title, postal address, email address, landline or mobile phone number, date of birth, affiliated store and loyalty card number.
When this information is essential for the provision of our services, it is marked with an asterisk on the form or contact sheet.
We also process Data when you purchase our products and use our services, in particular data relating to the amount and nature of your purchases, your bank details, your orders and your invoices.
When you browse our websites and mobile applications, we also process Data such as identification, connection and, where applicable, location data.
We collect your Data directly when you provide it to us yourself. Your Data may also be provided to us indirectly by partners.
2. When do we process your Data?
Your Data may be processed if you are one of our customers or if you are not yet a customer but receive our commercial offers as a prospective customer.
2.1 If you are a customer:
Your Data may be processed when you:
visit our websites, which may use cookies;
subscribe to our newsletter and receive offers;
wish to take advantage of our deferred payment offers;
participate in satisfaction surveys or register for an event organised by us (competitions, commercial operations, etc.);
interact with us, particularly on social media.
For these processing operations, we rely on your consent. Please note that sending marketing communications by SMS/email is in our legitimate interest as it concerns products or services similar to those for which your Data was collected.
Your Data may also be processed when you:
join our loyalty programmes;
create and use an account on our websites or mobile applications;
purchase our products online or in our stores and have them delivered;
take advantage of our deferred payment offers;
contact our after-sales service.
This processing is necessary for the performance of our services (pre-contractual or contractual measures).
Your Data may also be processed when we:
conduct statistical studies;
offer you products and services tailored to your interests, purchasing habits or needs;
defend our interests (prevention and combating of fraud, disputes);
ensure the safety of people and property at our sales sites;
work to improve our services.
This processing is in our legitimate interest. If you do not wish to receive targeted advertising from us or our partners, please see the section below entitled ‘How to exercise your rights’.
Finally, your Data may be processed when you exercise your rights over your Data or to enable us to meet our legal obligations.
2.2 If you are not yet a customer (prospect):
Your Data may be processed when you:
subscribe to our newsletter and receive offers;
visit our websites, which may use cookies;
register for an event organised by us (competitions, sales promotions, etc.);
interact with us, particularly on social media.
For these types of processing, we rely on your consent.
Your Data may also be processed when:
we carry out statistical studies;
we ensure the safety of people and property at our sales sites.
The implementation of these processing operations is in our legitimate interest.
Finally, your Data may be processed when you exercise your rights over your Data or to enable us to meet our legal obligations.
Whether you are a customer or a prospect, you may be required to provide us with the data of a third party, particularly in the context of referral programmes. In this case, you guarantee that you have their consent and you must inform us as soon as this person decides to withdraw it.
3. Who are the recipients of your data?
We ensure that the individuals who access your Data are authorised and subject to a confidentiality obligation.
These recipients may be authorised personnel from the departments responsible for handling commercial relations and support functions (communication, administrative and financial, legal and compliance, general services, security, technical and logistical services, information systems, etc.) within our company, as well as another company within the Green Trend group that provides us with support.
Your Data may be transmitted to certain partners and service providers specialising in payment and transaction services (e.g. banks, payment service providers), customer relationship management (e.g. marketplace partner sellers, franchisees, call centre providers), product delivery (e.g. carriers), after-sales service
(e.g. suppliers for product recalls), social or legal audits and due diligence, assistance in the event of disputes (e.g. solicitors, experts, advisers, etc.) and IT and security support providers.
With regard to deferred or instalment payment options, your Data may be transmitted to certain providers specialising in payment and transaction services (e.g. banks). Eligibility for this facility and its granting involves a credit risk analysis based on automated decision-making. You have the right to obtain human intervention, to express your point of view and to contest this decision.
Your Data is usually processed within the European Union. In some cases, the processing of your Data may result in a transfer outside the European Union. We ensure that appropriate safeguards are in place to protect and secure your Data. These safeguards may include the conclusion of a transfer agreement based on the standard contractual clauses adopted by the European Commission and/or any other mechanism approved by supervisory authorities.
We may need to disclose your Data to partners in the context of a possible business takeover. We may also be required to disclose your Data in response to requests from public authorities, in particular to meet national security, anti-fraud or law enforcement requirements. In such cases, we are not responsible for the conditions under which the staff of these authorities process your Data.
How long are your data retained?
Your Data is processed in accordance with the following retention rules:
Commercial prospecting
Statistical studies
Customer account and loyalty programme management
Maximum of 3 years after the last contact
Purchase and order management
5 years from the date of issue of the invoice
Customer relationship management and after-sales service
Maximum of 3 years after the last contact/processing of the file
Management of requests to exercise rights
Maximum of 6 years from the date of processing of the request