You will also find a description of your right to privacy and how the law protects you.
The website Lamaisondessecrets.fr
Our website Lamaisondessecrets.fr sells goods and services for creating decorative objects, kits and workshops, a guest room, ancillary products.
La maison des secrets is a micro-enterprise located at 300 impasse du Galinier, 84410, Bédoin.
La maison des secrets is the data controller for this site and for any processing of personal data carried out by La maison des secrets or on its behalf.
The personal data we collect about you
Personal data, or personal information, means any information about an individual that can be used to identify that individual. This does not include information where the identity is hidden (anonymous data).
We collect a variety of information about our customers and visitors to the Lamaisondessecrets.fr website. This personal data is divided into different categories:
Data relating to your identity includes title, first name, last name.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes your payment card details.
Transaction-related data includes details relating to your payments and refunds, and the products and services you have purchased from us.
Profile data includes your username and password, your purchases or orders.
Technical Data includes your IP address, login data, browser type and version, time zone and location, browser plug-in types and versions, operating system and platform, and other technologies on the devices you use to access this website.
We do not collect special categories of personal data (this includes details of your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information relating to your health, genetic or biometric data). We also do not collect information relating to criminal offenses or convictions.
Remember that if you choose not to share personal data with us or refuse certain contact permissions, we may not be able to provide the requested products and services.
How is your personal data collected?
We use various methods to collect data about you, including:
Direct interactions. You may provide us with your Identity Data, Contact Data and Financial Data by contacting us by post, phone, email or social media.
This includes personal data you provide when you:
- register to receive the newsletter;
- ask questions or request information;
- create an account on our website;
- order our products or services;
- request that advertisements be sent to you;
- contact us on social networks;
- enter a contest, promotion or survey;
- contact customer service; or
- leave comments or ratings of our products or services.
Use of your personal data
We will only use your personal data in accordance with the law. Generally, your personal data will be used in the following cases:
In order to perform the contract we have or will sign with you. For example, when you buy our products, it is a contract.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override them. For example, when we carry out anti-fraud checks during the payment process.
When we have to meet any legal or regulatory obligations. For example, for maintaining our sales records in accordance with tax compliance.
In general, we do not rely on consent as a legal basis for processing your personal data, except where required by law, for example for sending direct marketing communications. Where the legal basis is consent, you have the right to withdraw your consent at any time.
See Explanations of the legal bases governing our processing of your personal data to learn more about the legal principles on which we rely to process your personal data.
Explanation of the legal grounds governing our processing of your personal data
Your preferences in terms of advertising, marketing, communication
We may use your Identity Data, Contact Data, Technical Data, Tracking Data, Usage Data and Profile Data to get an idea of what you might want or need or what might interest you. This is how we decide which products, services and offers are relevant to you and let you know. This is what we call direct marketing communication.
This can be conducted by e-mail, telephone, sms or mail. For example, you may receive the newsletter in your inbox or an interesting advertisement in your mailbox.
On our site, we do our best to make it clear to you what we are doing and what communications you will receive, whether you decide to subscribe to the newsletter, when creating your account or when making your purchase. You also have the right to change your mind at any time and opt out (but we’ll be sad to see you go, give us a chance by setting your preferences before you leave!). The easiest way to refuse it is to click on the unsubscribe link at the bottom of the communication.
Some actions that we carry out are specifically intended for you:
- e-mails, for example the newsletter;
- text messages, with, for example, the numbers for sending parcels;
- advertisements by mail, such as invitations to trade fairs, greeting cards, news, etc.
Disclosure of your personal data
Your personal data may be shared with the following categories of third parties:
- suppliers and service providers (such as technology providers, payment processing and fraud prevention providers, manufacturers, postal and courier services);
- auditors and professional advisers such as bankers, lawyers, accountants and insurers; and
- government, regulators and the police.
La maison des secrets uses third-party payment processing services STRIPE to process payments for products and services on the site. All online payments will be made in accordance with the Payment Card Industry (PCI) Data Security Standard, and your billing data (which is used by these payment processing services only to protect against frauds) are encrypted before being sent to them. Subject to the exceptions below, your credit card information is sent directly from your browser to these payment processing services. The house of secrets never sees your permanent account number (PAN). This means that the payment form is displayed either on another site or in a box on the payment page.
With STRIPE if on the payment page you have requested that your card information be saved and the payment is successful, STRIPE saves the type of card, a masked PAN (only the first 6 numbers and the last 4), the expiry date of the card as well as an associated symbol. This information is saved so that your card can be identified and used for future payments. This recorded information can be deleted via the payment form of the site, if you wish. We also store the last 4 numbers and card type separately so that we can identify transactions made by a particular card.
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, modified, disclosed or accessed without authorization. In addition, access to your personal data is limited to employees, agents, contractors and other third parties on a need-to-know basis. They will process your personal data in accordance with our instructions and are subject to the obligation of confidentiality.
We have procedures in place to deal with any suspected personal data breach. You and any relevant regulator will be notified of any such breach when required by law.
Links to Third-Party Sites
Your personal data will only be kept for the time necessary to implement the purpose for which they were collected. This includes legal, accounting or reporting requirements.
In order to determine the appropriate retention period for your personal data, we consider the amount, nature and sensitivity of that data, the potential risk of harm from unauthorized use or disclosure, the purpose for processing it, and the possibility of achieving this purpose by other means; and the applicable legal requirements.
By law, for tax purposes, we must retain basic information about our customers (including Contact Data, Identity Data, Financial Data and Transaction-Related Data) for six years, beginning when they cease to be our customers.
We also promise that you can come back any time later to reprint the products you previously ordered from us. So, unless you delete this information, we keep it in order to keep this promise.
In some cases, you can ask us to delete your data. See Your legal rights below for more information.
In some cases, we anonymize your personal data (so that it is no longer associated with you) for statistical or research purposes, in which case we may use it indefinitely, without further notice.
Your legal rights
If the General Data Protection Regulation applies to you because you are in the European Union, you have the following rights in relation to your personal data, in accordance with data protection legislation:
The right of access: this is the right to make a request for access to data concerning you in order to receive a copy of the personal data that we hold about you;
The right of rectification: the right to ask us to rectify personal data concerning you which is incomplete or inaccurate;
The right to erasure, also known as the “right to be forgotten”: in some cases, you can ask us to delete the personal data we have about you (unless there is a legal reason imperative which obliges us to keep them);
The right to restriction of processing: you have the right in certain cases to ask us to suspend the processing of personal data;
The right to data portability: you have the right to ask us for a copy of your personal data in a common format (for example a .csv file);
The right to object: you have the right to object to the processing of your personal data (for example, by prohibiting us from processing your data for direct marketing purposes); and
Rights relating to automated individual decision-making and profiling: you have the right to ask us to be transparent about any profiling we carry out or any automated decision-making.
Contact us if you wish to exercise any of the rights described above (see How to contact La maison des secrets about privacy).
You will not have to pay any fees for access to your personal data (nor for the exercise of any other right). However, we may charge you a reasonable fee if your request is manifestly unfounded, repetitive or excessive. In this case, we may also refuse to respond to your request.
We may ask you for specific information in order to confirm your identity and ensure your right of access to your personal data (or to exercise any other right). This is a security measure to ensure that this personal data is not delivered to a person who is not authorized to receive it. We may also contact you to obtain more information about your request, in order to give you a faster response.
We try to respond to all legitimate requests within one month. This one-month period may be exceeded if your request is particularly complex or if you have made several. In this case, we will notify you and keep you informed.
If you need help with our products and services, or this site in general, contact us: firstname.lastname@example.org.