PERSONAL DATA PROTECTION POLICY

 THES DE LA PAGODE is committed to ensuring the protection and security of your data and undertakes to respect the trust you have placed in it.

THES DE LA PAGODE commits to take adequate protective measures for the personal information it collects and processes relating to individuals, in compliance with applicable European and French personal data protection regulations, to ensure an appropriate level of confidentiality and security for your data.
 

1. Why have we set out a data protection policy?
2. Who is responsible for its processing?
3. How do I contact your data protection officer?
4. What kind of personal data may be processed?
5. On what grounds and for what purposes will my data be processed?
6. Who may be the recipients of the information that we process?
7. How long may personal data be stored?
8. How are data and payments kept secure?
9. What is the procedure for data collection via cookies?  
10. What commercial offers may I receive?
11. What are my rights?
12. What is the framework for transfer of my information outside the European Union?
13. Update of the personal data protection policy



1. Why have we set out a data protection policy?  

 

We want to inform you about the use of your personal data which our company collects and processes as part of the performance of the contract or in response to your requests, with your consent when required, and in the legitimate interest of the company, a distance selling company, which is to foster customer loyalty, canvass in order to adapt our offers or those of our partners and to measure your satisfaction.
In compliance with the provisions of the General Data Protection Regulation (GDPR), as well as the French laws of 6 January 1978, last modified on 20 June 2018, relating to Data Processing, Data Files and Individual Liberties, and 21 June 2004, relating to Trust in the Digital Economy, we want to inform you transparently, through this policy, about the data that we collect and its processing (purposes, basis, etc.), as well as your rights relative to the data that we process.
This complete policy sets out and explains the information that we may communicate to you when personal data is being collected via questionnaire/form or when orders are placed for shipping.


2.  Who is responsible for its processing?


THES DE LA PAGODE defines and implements processing as Data Protection Officer.

THES DE LA PAGODE
S.A.S. (Simplified Joint Stock Company) with capital of €1,829,600
SIREN No: 428 815 310 00043
Headquarters: 4 avenue Bertie Albrecht - 75008 PARIS - France
Telephone: 01 48 04 54 07 (cost of a local toll-free call from a landline)



3. How do I contact your data protection officer?


THES DE LA PAGODE has designated a Data Protection Officer (DPO) before the competent authority (the CNIL).

For any questions relating to your personal data, you may email: 
dpo@thesdelapagode.fr or use the postal address: DPO THES DE LA PAGODE, 4 avenue Bertie Albrecht - 75008 PARIS – France.



4. What kind of personal data may be processed?



4.1 What is personal data?


Personal data is understood to mean any information relating to an identified individual, or that may be identified, directly or indirectly, by reference to an identity, a customer identification number or account number allocated by the company, or other personal information such as a user code, password or log in data, IP address, cookies, etc.

 

4.2 How do you collect this information?


We collect your data directly or indirectly via responses that you enter to forms or questionnaires, your purchasing behaviour or requests you make to our customer service, particularly when:

  • creating your account,

  • subscribing to the newsletter,

  • requesting a catalogue,

  • getting in touch with our customer service,

  • posting a review or a comment,

  • placing an order,

  • tracking an order, shipping, and payments,

  • participating in studies, surveys and consumer testing,


It is also the information suggested by your interests and your navigation on our site or those of our commercial partners (cookies, shopping habits, etc.)

We collect only data that is strictly necessary and in line with the purpose of the processing that we carry out.

Some personal information is obligatory (for example, opening an account before placing an order) and some is optional and helps us to get to know and serve you better.



4.3 What categories of data do we process?


In the course of our relationship with you, THES DE LA PAGODE collects and processes a variety of personal data.


This information may be listed under several categories:


  • Data relative to your personal information, identity and contact details, which are essential to contact you, perform the contract and process your requests, for example: name, surname, title, postal address, billing and shipping address, landline and mobile numbers, email and date of birth.

  • Data relative to or inferred from your purchases and requests to customer service: customer number, order history, deliveries, products ordered, codes of offers targeted or availed of, additions to checkout basket and purchase history. We ask your opinion on our products and gifts to analyse your satisfaction and determine the preferences of our customers.

  • Other behavioural information, inferred from your purchase habits and your navigation on our site, to better target your tastes and interests, your preferences and your demographic based on your age and purchase habits as a loyal or future customer or, on the contrary, a dissatisfied customer the reasons for which invite you to share with us.

  • Wellness information based on your purchases allowing us to offer you similar products.

  • Financial information necessary for payment for purchased products and of outstanding amounts, payment methods, payments plans, or unpaid fees and reminders, bank card number, when you enter this information by post or telephone, or the detection of fraud when placing orders or use of certain methods of payment.

  • For payment by card on the site, we the SYSTEMPAY provider which offers a secure online payment service and registers your payment card number only as long as necessary to process payment for your order. Information relating to your identifying information will not appear unencrypted on the internet, for your security.

  • Connection and navigation information (date, time of connection and/or navigation, type of browser, ISP, browser language, IP address, login, password, cookies, site visit history, permissions granted on the site and additions to cart and cart abandonment, which allows us to contact you if you have not completed the order process),

  • Other information which you may communicate to us.



5. On what grounds and for what purposes will my data be processed?


Processing your information is vital to the quality, tailored and relevant service which we wish to provide. This may be necessary to fulfil an order or a request, satisfy a legal obligation, or simply satisfy the legitimate interest of the data processing we carry out for which we depend on your consent.

In any event, we strive to ensure an appropriate level of protection and commit to limiting the use of your information only to relevant data that is necessary to the stated objective.



Necessary for performance of contract or satisfaction of a legal obligation.

 

Some information must be collected and processed to be able to respond to your requests, whether it be an order of a product, a request for contact, a catalogue or a gift, to manage the resulting relationship, to open an account, to manage your subscription to our newsletters or mailings and respond to any request for information on your part, and more generally to process your orders, shipping and potential returns, your payments, etc. or to satisfy accounting, tax and regulatory obligations.

We are also obliged to process data to manage the rights that you exercise and to ensure their effectiveness (rights to access, rectify, remove, limit, object, port and erase data, provision in event of death, etc.)



Collection and processing with your consent,


Some processing requires your consent which means we will request such, for example, to be able to use your contact details, send you offers or messages through your email, show you banners on third party websites, target your preferences and habits based on your browsing on our site in particular, communicate your contact details to commercial partners, build profiles, make exemptions or automated decisions, or to collect information that falls within the category of data considered sensitive.

Where obligatory, you are asked to provide your consent expressly either by clicking on or ticking a consent box.

Your consent is required in accordance with the law, where you are not a customer of our company, for the use of your electronic contact information, or if you are a customer, in order to expand our offer, or in the event that we collect information from you that falls under the category of data considered sensitive.

In any case where your consent is not obligatory, you retain the right to object to its processing or to revoke your consent, as set out below.

Every message sent to your email address contains a link to unsubscribe.



Legitimate interest of our company

 

As a distance selling company, we also wish to have you discover our products, receive inquiries and opinions, publish them, foster customer loyalty and broaden our offering in order to provide extra personalised services and benefits from our company and our commercial partners which we carefully select for you.

At the end of statistical studies or satisfaction surveys, we may also be required to carry out processing of your information.

Information may be the subject of automated decisions aimed at evaluating your personal preferences or interests (personalised offers, A/B testing, targeted emails, etc.)


6. Who may be the recipients of the information that we process?



6.1 Services of our company and its providers


Information collected is primarily intended for THES DE LA PAGODE SAS, the data protection officer, in particular services involved and authorised by the company to process data: customer service, commercial service, accounting, finance and recovery and IT and logistics.

Some data, particularly personal in nature, may be communicated securely to providers, technical partners or subcontractors linked to THES DE LA PAGODE by contract for the execution of sub-contracted tasks necessary to the management of your account, fulfilment of your requests, delivery of goods by the Post Office, distributor or to drop off points, sending of our catalogue via post, fulfilment of services, combating fraud, making payments, for certain aspects of after-sales services, carrying out satisfaction surveys or competitions and such data necessary for site management.

 

6.2 Our commercial partners and social networks

 

Some of your personal data including name, surname and address may be communicated to partners which may contact you via post for marketing purposes provided you do not object; your email may be communicated for the purposes of commercial offers if you have expressly accepted.

Social networks (Facebook, Instagram, Twitter, etc.) of which you are a member, may also access your available data through the site if you click or have a session open.

 

6.3 Authorities

Personal information may be also communicated upon request of an authority or in order to satisfy our legal and regulatory obligations;

Information may be provided in the context of the exercise of an appeal relating to the use of personal data, especially to justify compliance with our obligations.



7. How long may personal data be stored?


THES DE LA PAGODE keeps your personal data from the time of collection until the end of the relationship or final contact, for the period necessary for each purpose and until you object or your consent is withdrawn, within the limits set out below.

  • For our customers' information, a period of three years following the end of the commercial relationship (successful payment, delivery of the last item of the order, whichever date is later, or return or exchange of products in the event of subsequent withdrawal or warranty period)

  • For browsing and connection data: 13 months from the storage of advertising cookies

  • For payment data: the time necessary to save your payment or payments in case of payment by instalments and the withdrawal period, in order to refund the same method of payment, according to the secure procedure set out below in the case of a payment on the site.




8. How are data and payments kept secure?

8.1. Combating fraud

 

In order to ensure the security of payments during on-site transactions, to avoid fraud and protect consumers in the context of distance selling, THES DE LA PAGODE has put in place the necessary measures to fight fraud and may be required to carry out automated processing of some of your personal data, the purpose of which is to check, or have its sub-contractors check, orders placed on the Site in order to verify the propriety of the information entered during these events.

For data collected on the Site, we use the secure protocol SSL which guarantees you a high level of protection.

THES DE LA PAGODE regularly commissions penetration and vulnerability tests on its website and its network infrastructure to ensure the compliance of its security systems


8.2. Security of payments

 

We commit to ensuring the security of your personal data through strict procedures within our company.

To ensure the security of payments, THES DE LA PAGODE uses the services of certified PCI-DSS providers. This is the standard in international security whose objective is to guarantee the confidentiality and integrity of the data of cardholders and thus the protection of card and transaction data. When you pay for an order via bank card, our control system connects in real time with our providers' payment system, which collects your details and proceeds to various verifications to prevent abuse and fraud. This data is stored on the servers of these payment providers and are not at any time transmitted to the servers of THES DE LA PAGODE. When you enter your card number, authorisation requests are automatically transmitted in encrypted mode. The authorisations and data are then verified with your bank to prevent abuse and frauds.

To be able to debit the account during billing or to credit it after a return, our payment providers save the banking details associated with an authorisation number as long as necessary to carry out the transaction and process any potential claims (returns, disputes, etc.).

For any payment over a certain threshold, the 3D-secure procedure is activated.

When you communicate a card number on a paper medium (purchase order), only restricted and authorised personnel can access it during the time necessary for a successful payment to be registered.

These purchase orders are then stored securely, physically and logistically, for the duration set out below, to allow us to satisfy our legal and regulatory obligations, before being destroyed.



8.3 Physical and logistical security measures

 

We take the appropriate measures for the retention of personal data in a secure location, where only specific employees may access it as a necessary part of their role.

Information on a paper medium is destroyed by shredder, after the retention term has expired.




8.4 The security of your password and username



To access your account, you will receive a username and a password.

These are personal identifiers whose use is placed under your responsibility. You must see to the security of your username and password and prevent their communication to a third party, except if you control their use.

For optimum security and prevention of fraud, we urge you to choose complex passwords.



8.5 Information in the event of infringements of rights


In compliance with GDPR, if after a breach or an error, a violation or a loss of data is noticed, THES DE LA PAGODE will inform CNIL as soon as possible, as well as, where appropriate, those whose data has been compromised.



9. What is the procedure for data collection via cookies?

 

Data is collected via cookies and trackers, particularly concerning your preferences.

We also invite you to refer to the cookie usage policy of our partners, social networks and providers storing cookies.



10. What commercial offers may I receive?



a. You are a customer:

 

You may receive commercial offers from our company via post or email, without having specifically requested it; our offers are targeted and selected to meet your expectations and please you.

You may also receive offers from our partners as mentioned in chapter 6.2.

To opt out of THES DE LA PAGODE newsletters and our commercial offers sent via email and/or via post, you may do so by clicking the link at the bottom of the email, send an email to news@thesdelapagode.fr or write to us at the address THES DE LA PAGODE, 4 avenue Bertie Albrecht - 75008 PARIS – France, mentioning your name, surname, email and customer number if possible.

b. You are no longer a customer of our company:


By filling in one of our company’s information request forms on our website (catalogue request, newsletter subscription, account creation) or by replying to a paper offer or in the press, you may receive:

  • our commercial offers via post, and, if you have expressly agreed, via email

  • offers from our partners and, in particular, by email if you have expressly agreed

To opt out of THES DE LA PAGODE newsletters and our commercial offers sent via email and/or via post, you may do so by clicking the link at the bottom of the email, send an email to news@thesdelapagode.fr or write to us at the address THES DE LA PAGODE, 4 avenue Bertie Albrecht - 75008 PARIS – France, mentioning your name, surname, email and customer number if possible.

c. Specifics of THES DE LA PAGODE electronic commercial offers and by telephone



After a purchase on our site, and as part of the commercial relationship, THES DE LA PAGODE will send you commercial offers via post and/or email for products similar to those you have purchased.

 

When you place a new order or re-register with our company, after you unsubscribing, you will once again be part of our database and may receive our electronic offers and printed newsletters and offers.

 

On offers sent via email by THES DE LA PAGODE, the sender THES DE LA PAGODE is clearly identified and the commercial offer is indicated in the subject of the message. At the end of each message, you have the option to unsubscribe from our emails with a single click.

By providing you telephone number during an order, you consent to being contacted for any purpose necessary for your order.

You can object to telephone canvassing by companies of which you are not a customer by entering the numbers you do not wish to be called on as part of a commercial canvass on www.bloctel.gouv.fr. If you are a customer of the company, you must opt out directly through the company.

As part of quality monitoring and training our customer service agents, some phone calls (incoming and outgoing) may be listened to and/or recorded.


11. What are my rights?


In compliance with the French Data Protection Act of 6 January 1978 and Regulation (EU) 2016/679, you may request access to your information, to have it corrected, modified or removed, to object to its processing by THES DE LA PAGODE, or to request its portability, by writing to the address below or via email to news@thesdelapagode.com :


THES DE LA PAGODE

4 avenue Bertie Albrecht

75008 PARIS

France

For any request relating to personal data you may contact the DPO at the following address: dpo@thesdelapagode.fr, or submit a complaint to the National Information Science and Liberties Commission (CNIL).

Please remember to include all your information (name, surname, email and, if possible, customer number) so that we can do what is necessary in an acceptable time frame.

You can access and change your contact information at any time in your customer area under the heading 'My account' and manage your newsletters under the heading 'My personal information' or by writing to us at the address above.

In the event of a request for removal of your data, we may nonetheless keep them in our archives for the period necessary to satisfy our legal, accounting and fiscal obligations.

Right to access

You may request of THES DE LA PAGODE confirmation that your personal data is or is not processed by our services. If it is, you may find out the information processed and request a copy.

Right to rectification

You have the right to request that THES DE LA PAGODE modify or remove incorrect information concerning you in its database.

Right to erasure

Do you want THES DE LA PAGODE to erase your information contained in its database? It is possible.

Right to object and withdrawal of consent

If do not want to appear on a file, you can do so by exercising one of these rights and at any time.

We draw your attention to the fact that when you make a purchase from our company, after you have previously unsubscribed, as a customer, you will be likely to receive our offers and newsletters again. If you do not want to, you must unsubscribe again.

Right to restriction of processing

You may request the discontinuation of processing concerning you for the time of a verification (e.g. for the exercise of the right of opposition, THES DE LA PAGODE must verify whether legitimate reasons would justify the continuation of the processing) or the limitation of the data processed.

Right to portability

This is the right to have the personal data we have collected about you transmitted, in a structured, commonly used and computer-readable format, to us or to another controller of your choice, where technically possible.

Right to define guidelines regarding the fate of our data after death

The law offers you the possibility to define directives regarding the fate of your data after your death.

Without a directive on your part, after a certain period of inactivity, THES DE LA PAGODE deletes your data. Nonetheless, your heirs may exercise rights to your data after your death.

Right to submit a complaint to CNIL

You may contact our company or the DPO, whose contact information is contained in chapter 3, if you need information or have a complaint regarding the protection of your data.

You may also submit a complaint to the relevant French authority whose details are below:

Commission Nationale de l’Informatique et des Libertés (CNIL)
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07

Telephone: 01 53 73 22 22

For more information on your rights, refer to the CNIL website.

 

12. What is the framework for transfer of my information outside the European Union?


Our servers are located in France. However, it is possible that some processing sub-contracted to our providers and sub-contractors for the performance of their services may lead to your data leaving the EU.

E.g. We use analytics services, GOOGLE services and notably Google Analytics, an American company.

If other processing outside the EU is carried out for the purposes of the services entrusted to our subcontractors by our company, we will ensure that this processing is governed by contractual clauses adapted to ensure the appropriate level of protection, equivalent to the European standard, in particular with regard to the protection and exercise of the rights of data subjects, violations of rights and remedies in the event of a complaint.



13. Update of our data protection policy


The present policy may be updated periodically and without notice. Any changes take effect immediately from the publication of the new policy on the site www.thesdelapagode.com/en.Nonetheless, we use your data in compliance with the existing Policy in force at the time you submit said data, except in the event of objection or withdrawal of consent.