Privacy policy

DATA PROTECTION POLICY LE DRESSING DES ALPILLES     

Policy updated as of February 12, 2021

The purpose of this personal data protection policy for the LE DRESSING DES ALPILLES site is to inform users of the site and the online services offered of their rights and obligations regarding the collection of their data. 

This protection policy also answers legitimate questions that users of our services may ask themselves during the use of the site. 

It is thus recalled that, notably, the French Data Protection Act, as well as European Regulation 2016/679 of April 27, 2016 (GDPR), which came into force on May 25, 2018, provide for a specific framework for the regulation and protection of Personal Data. 

In this context, this policy aims to provide clear, complete, and truthful information on the means and methods used by the LE DRESSING DES ALPILLES site to protect its users' data and respect their rights. 

So that you can benefit from our services in complete security and confidence, this policy presents in a single document clear, simple, and sincere information concerning the Personal Data processing operations carried out by LE DRESSING DES ALPILLES. 

Indeed, as part of our activities, we are required to collect, process, and store a certain amount of Data concerning visitors to the Site.

The purpose of this Personal Data protection policy is to inform Users about their rights, as well as the means used by the Service Provider, owner of the site, to guarantee the security of your Data and compliance with legal and regulatory requirements in this area. 

It is within this framework that this Personal Data protection policy is established.

This Policy is supplemented by:

• Our Legal Notice;
• The Site's GTU;
• The Seller SGTS;
• The Client GTCS; 

By benefiting from the online Services provided by the Service Provider, Users undertake to respect and be bound by this Policy.

DEFINITIONS

• Listing: Publication on the Site, by which a Seller offers a Product for sale;  
• Client: Refers to a User of the site who has benefited or is benefiting from the Services;
• General Terms of Use (GTU): The General Terms of Use are made available on the Site. They define and delimit the conditions of use for any person who accesses and uses the Site;
• Seller General Terms of Service (SGTS): Refers to the Seller General Terms of Service of the Site; 
• General Terms and Conditions of Sale (GTCS): Refers to the General Terms and Conditions of Sale of the Site;
• Account: Refers to an access system requiring a personal username and password, allowing the Client to purchase Products offered for sale by the Seller;
• Data: Any element (information, texts, photographs, messages, etc.) collected by the User and implemented by them within the Site and Services through its use;
• Personal Data: Within the meaning of Article 4.1 of the GDPR, refers to any information relating to an identified or identifiable natural person; an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 
• Feature(s): Each element implemented, accessible, and usable within the various Services;
• Day: Refers to a calendar day in France; 
• LE DRESSING DES ALPILLES: Refers to the Site; 
• French Data Protection Act: Refers to Law No. 78-17 of January 6, 1978 relating to information technology, files, and freedoms, accessible online at the following address: https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000886460
• Means of Access: Methods and/or functions by which the User can access one or more Services in order to use them for their own needs;
• Operator: Company that operates various electronic telecommunications networks necessary for accessing and using the Services;
• Policy: Refers to this Personal Data Protection Policy;
• Service Provider: Refers to SAS Le Dressing des Alpilles, a French simplified joint-stock company, located at route des Baux 13210 SAINT-REMY-DE-PROVENCE, registered with the Tarascon Trade and Companies Register (RCS) under number
  983 172 644, and owner of the Site LE DRESSING DES ALPILLES; 
• Product: Refers to fashion Products (clothing, accessories, leather goods, shoes, etc.) offered for sale by Sellers through the Site;
• Data Controller: Within the meaning of Article 4.7 of the GDPR, refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; 
• GDPR: Refers to Regulation (EU) 2016/679 of the European Parliament
  and of the Council of 27 April 2016, accessible online at the following address: https://eur-lex.europa.eu/legal-content/FR/TXT/PDF/?uri=CELEX:32016R0679&from=FR
• Services: All services made available to the User by the Service Provider, owner of LE DRESSING DES ALPILLES, and accessible via the Means of Access;
• Site: Refers to the website allowing Users to access the Services, namely: contact@ledressingdesalpilles.fr
• Data Processor: Refers, within the meaning of Article 4.8 of the GDPR, to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller;
• Processing: Refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 
• Third Party: Refers to natural or legal persons who have not accepted these GTU, who are not linked by common ownership or control to LE DRESSING DES ALPILLES, or other individuals unrelated to LE DRESSING DES ALPILLES and/or the User;
• User: Refers to any natural or legal person accessing the Site;
• Seller: Refers to a professional or private individual using the Site to sell luxury and second-hand products through the Site.

 

1. WHO COLLECTS YOUR DATA (IDENTIFICATION OF THE DATA CONTROLLER)?

The Data Controller for Personal Data is Ms. Andréa MESURE DE CAIRES, who can be contacted:

• By post: Route des Baux, 13210 SAINT-RÉMY-DE-PROVENCE     
• By email: contact@ledressingdesalpilles.fr

Thus, the Service Provider, through its representative, solely determines the means and purpose of the collection of Personal Data Processing necessary for the User's use of the Services, as well as other Data necessary for establishing, monitoring, and improving the contractual relationship.

 

1. WHAT ARE THE ACTIVITIES OF LE DRESSING DES ALPILLES AND THE SERVICES OFFERED?

The Service Provider operates a Site called LE DRESSING DES ALPILLES, accessible via the internet, allowing the online sale of luxury Products.  

In this regard, this platform is a marketplace allowing Clients to purchase, directly online and at affordable prices, second-hand luxury Products validated and then listed online by the Service Provider. 

For more information, please consult the GTU of the LE DRESSING DES ALPILLES Site. 

All these elements are referred to in this Policy as "Services".

In order to offer you the Services best suited to your expectations, we need to collect and process a certain amount of Personal Data.

 

1. ON WHAT OCCASIONS IS PERSONAL DATA COLLECTED?

On the Site, Personal Data is collected by the Service Provider:

• During visits to our Site (connection details);
• When completing one or more forms on the Site;
• When creating and managing an online Account;
• When browsing the Site; 
• When placing an order; 
• During exchanges between a User and the Service Provider; 
• On the occasion of a report made by a User;
• When clicking on hypertext links leading to our social networks;
• During our exchanges and your actions on our social network pages; 
• In the context of monitoring the relationship between the Service Provider and its Users.

 

1. THROUGH WHAT MEANS IS PERSONAL DATA COLLECTED BY THE SERVICE PROVIDER?

Personal Data is collected by the Service Provider on the internet, through:

• The LE DRESSING DES ALPILLES Site;
• Direct contacts (telephone, email, visit, etc.) between the User and the Service Provider;

The Service Provider is a joint data controller for the pages on the social networks listed below: 

• Facebook: https://www.facebook.com/Le-Dressing-des-Alpilles-163173322089509/
• Instagram: https://www.instagram.com/ledressingdesalpilles/
• LinkedIn: https://www.linkedin.com/company/le-dressing-des-alpilles/

For any difficulty encountered when using the pages listed above, the User may contact the operator in question, or contact the Service Provider.

 

1. FOR WHAT PURPOSES DOES THE SERVICE PROVIDER COLLECT PERSONAL DATA?

The Service Provider collects your Personal Data for the following purposes:

• Provision of Services as described above;
• Prospect management; 
• Establishment and monitoring of the contractual relationship;
• Validation and monitoring of the order and delivery, where applicable; 
• Management of requests for rights of access, rectification, portability (where applicable), and opposition;
• Statistical analyses.

The collection of Data is strictly limited to the achievement and monitoring of the purposes mentioned above.

 

1. WHAT ARE THE LEGAL BASES FOR COLLECTING PERSONAL DATA?

Article 6 of the GDPR states that processing is lawful only if and to the extent that at least one of the following applies:

"a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

1. b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
2. c) processing is necessary for compliance with a legal obligation to which the controller is subject;
3. d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
4. e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
5. f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks."

In this regard, the Service Provider recalls that the Processing carried out is based on:

The necessity related to the performance of the pre-contractual and contractual relationship;

The legitimate interest of the Data Controller;

In any event, we ensure that we do not disregard your interest or your fundamental rights and freedoms by allowing you, at any time, to object to all or part of the processing described in this Personal Data Protection Policy.

Details of your rights concerning Personal Data collected by the Service Provider are defined below.

In this context, in case of objection, we will inform you of the consequences of this objection on the provision of the requested service.

 

1. WHAT DATA IS COLLECTED BY THE SERVICE PROVIDER?

As part of our Services, we are required to collect and process the following Personal Data:

Collection based on the establishment of a contractual or pre-contractual relationship:

• Contact details: last name, first name, email address, telephone number;

Collection based on legitimate interest:

• Data related to the use of equipment provided through the Site;
• Data related to reports; 
• Data related to orders; 
• Data related to social networks; 
• Data related to exchanges between Users and the Service Provider;
• Tracking and marketing data: IP address, connection Data (dates, number of connections);

Collection based on your consent:

• Use of cookies other than technical cookies and those strictly necessary for the delivery of a Service expressly requested by the User or Third Party. This consent can be withdrawn or modified at any time via the tool provided on the Site; 
• Email address in the context of commercial prospecting;
• Transmission of contact Data to the Service Provider's partners in the context of joint action.

 

1. HOW DOES THE SERVICE PROVIDER ENSURE THE SECURITY OF MY DATA?

With regard to the Data processed, the Service Provider attaches fundamental importance to the security and confidentiality of the Data you provide to us.

This Policy is reflected in the selection of Data Processors and partners who meet the standards set by current regulations.

In addition, each employee of the Service Provider undertakes to respect a strict policy regarding security and confidentiality.

In summary, the Service Provider implements legal and organizational elements to ensure the best possible protection with regard to the type and purposes of the Personal Data collected in order to protect said Data against alteration, accidental or unlawful loss, use, disclosure, or unauthorized access.

In this regard, the Service Provider attaches fundamental importance to:

• Raising its employees' awareness of confidentiality requirements;
• Subjecting its Data Processors to compliance with their confidentiality obligations;
• Securing access to its premises and IT platforms;
• Securing access, sharing, and transfer of Data;
• Implementing a general IT security policy;
• Selecting partners and service providers carefully based on their compliance with the GDPR, among other things, as well as other regulatory obligations applicable in France.

 

8.1 DATA STORAGE

Personal Data is stored on servers benefiting from appropriate security and located in Europe, meeting adequate security standards with regard to the Data processed.

8.2 OBLIGATION OF CONFIDENTIALITY  

All employees of the Service Provider are subject to a strict obligation of confidentiality and are made aware of compliance with the provisions of regulations on the protection of Personal Data.

Furthermore, all Data Processors selected by the Service Provider have affirmed their compliance with their obligations in this area and are subject to an obligation of confidentiality.

 

8.3 LOGIN CREDENTIALS

Any access to the Account requires the communication of an email address and a personal password.

The password is strictly personal and must under no circumstances be communicated to a Third Party. 

We also remind you that neither the Service Provider nor any of our partners will ever ask you for access to your personal password.

Should you receive a request for a password renewal that you did not solicit, we invite you to ignore this request and contact the Service Provider as soon as possible. In this context, proof of identity may be requested.

In the event of password loss, the User may request a password renewal via the procedure available on the Site. 

8.4 CONCERNING DATA RELATING TO ONLINE PAYMENT

When processing an order to benefit from the Services, the subcontracted service providers mandated by the Service Provider (such as the payment provider, carrier, logistics provider, etc.) exclusively receive the data necessary for the performance of their own service.

The Data thus transmitted may be used by our service providers only for the performance of the tasks entrusted to them by the Service Provider. 

The Service Provider only collects Personal Data concerning your contact details, an e-mail address, and the means of payment used. 

 

1. FOR HOW LONG CAN MY DATA BE RETAINED BY THE SERVICE PROVIDER?

Below is a list of the main retention periods applied by the Service Provider.

 

As a principle, the Service Provider deletes the collected Data at the end of the contractual relationship, i.e., as soon as the User closes their Account, if applicable.

In the event of User Account inactivity (no connection to the Site, etc.) for a continuous period of 24 months, the collected Data will be securely deleted. Prior to this deletion, the Service Provider may solicit the User's consent to continue benefiting from their Account, which would imply the retention of Data by the Service Provider. 

In the absence of a positive response from the User, the Data will be automatically, permanently, and securely deleted, with the exception of certain statistical Data which will be anonymized and may be used to improve the Service Provider's user experience.

It is specified that in the event of Account deletion, all present Data will be deleted, except for Personal Data that may be retained by the Service Provider on the basis of a legal obligation and in accordance with the standards applicable to the processing in question.

At the end of the aforementioned retention periods, the Service Provider will delete all Personal Data permanently and securely. Upon request, the User may also receive a copy of the Data collected by the Service Provider until their Account is deleted.

If printed on paper, Personal Data will be securely destroyed, notably by cross-cut shredding or incineration of paper documents or otherwise and, if saved in electronic form, they will be destroyed.

The Service Provider also reserves the right to retain strictly anonymized statistical Data for a period longer than those mentioned above exclusively for research and scientific publication purposes.

 

1. DOES THE SERVICE PROVIDER COLLECT "SENSITIVE" DATA AND/OR DATA RELATING TO CHILDREN?

  

It is recalled that "sensitive" Data are defined as follows by the GDPR:

"Information concerning racial or ethnic origin, political, philosophical or religious opinions, trade union membership, health or sex life. In principle, sensitive data can only be collected and exploited with the explicit consent of individuals."

In this regard, the Service Provider specifies that it is not, in principle, intended to collect sensitive Data transmitted by the User in the course of providing Services. 

Concerning Personal Data relating to minors, it is also recalled that Recital 38 of the GDPR provides that:

"Children deserve specific protection with regard to their Personal Data as they may be less aware of the risks, consequences and safeguards concerned and of their rights in relation to the processing of Personal Data. Such specific protection should, in particular, apply to the use of Personal Data of children for the purposes of marketing or creating personality or user profiles and the collection of Personal Data with regard to children when using services offered directly to a child. The consent of the holder of parental responsibility should not be necessary in the context of preventive or counselling services offered directly to a child."

It is thus recalled that Article 7-1 of the French Data Protection Act sets the age limit for the use of Personal Data at 15 years.

In this regard, it is recalled that Account creation is reserved for adults. In this context, the Service Provider does not intend to collect Personal Data from minors under the age of 15.

 

1. WHAT ARE THE OBLIGATIONS OF USERS?

As a preliminary point, the User must ensure they use recognized and up-to-date internet access programs, including the various ancillary modules enabling access to the Services.

The User undertakes to provide the Service Provider with accurate and up-to-date information directly concerning them.

In this regard, each User undertakes, when transmitting Data on the Site or directly, to comply with the Service Provider's General Terms of Use.

Finally, the User undertakes not to communicate (by email, for example) information not expressly requested by the Service Provider and necessary for the provision of Services. 

 

1. OPTIONAL OR MANDATORY NATURE OF COLLECTED PERSONAL DATA

Only Data provided in a form field marked with an asterisk (*) is mandatory in order to benefit from the Service Provider's Services.

All additional Data provided by the User is not mandatory and may be transmitted optionally by the User to improve their User experience on the Site and enable the Service Provider to personalize their experience.

 

1. WILL MY CONTACT DATA BE USED FOR ADVERTISING PURPOSES? WILL I RECEIVE SPAM FROM THE SERVICE PROVIDER?

The Service Provider does not engage in commercial prospecting via email without the prior consent of the User concerned.

It is recalled that, in accordance with applicable regulatory and legal provisions, the Service Provider may only send you marketing or commercial offers if you have given your clear, unequivocal, and explicit consent to receive such items.

 In this regard, acceptance boxes are provided, where applicable, on the Site to collect your consent on this point. It is also possible, at any time, to withdraw this consent in order not to receive such offers anymore.

 

1. AUTOMATION OF TRANSMISSIONS AND PROCESSING

Personal Data collected by the Service Provider is not subject to decisions based exclusively on automation.

Automation of decision-making or processing may be carried out in an ancillary manner but will always remain under the control of a human.

 

1. WHERE IS THE DATA COLLECTED BY THE SERVICE PROVIDER PROCESSED?

The Service Provider primarily processes Data on internal servers located in Europe.

Our Data Processors are mostly established within the European Economic Area. Marginally, and for certain specific Services, Data collected by the Service Provider may be transmitted to Data Processors established outside the European Union. 

In this situation, the Service Provider ensures that appropriate safeguards are provided by the Data Processors in question to govern any transfer of Personal Data by entering into specific contracts ensuring, in particular, the continued respect of Users' rights.

 

1. WHO ARE THE RECIPIENTS OF THE COLLECTED DATA?

Personal Data collected by the Service Provider may be transmitted to Data Processors selected by the Service Provider, provided that said Data is necessary for the performance of their tasks.

Your Personal Data may also be communicated to third parties. In this case, the Service Provider may only do so after requesting and obtaining your prior and explicit authorization.

Apart from these situations, the Service Provider does not transfer or assign any Data directly or indirectly concerning its Users to Third Parties.

If you wish to access the detailed list of our Data Processors, you can contact the Service Provider directly using a contact form or at the coordinates indicated in Article 21 of this data protection Policy.

 

1. WHAT ARE THE USERS' RIGHTS?

In accordance with current general European data protection regulations, each User has the right to obtain free information concerning the Personal Data collected by the Service Provider.

Your rights and claims are notably the following:

• Article 15 GDPR - Right to information on how Personal Data is processed by the Service Provider;

• Article 16 GDPR - Right to rectification of Personal Data collected by the Service Provider via the Account or by contacting the Service Provider directly;

• Article 17 GDPR – Right to erasure, this right not concerning all collected Data;

• Article 20 GDPR - Right to data portability, this right only concerning Data collected on the basis of consent and the establishment of the contractual relationship;

• Article 21 GDPR - Right to object.

For any request in this context, the User may send their request to the contact details indicated in Article 21.

Where applicable, the Service Provider may request certain additional elements (proof of identity, username, etc.) to verify your identity in the context of exercising your rights.

 

1. WHAT HAPPENS TO MY DATA IN THE EVENT OF DEATH? WHO WILL HAVE ACCESS TO THE TRANSMITTED DATA?

The Service Provider may hold Personal Data relating to a deceased person. 

In this case, Law No. 2016-1321 of October 7, 2016, establishes the principle that the personal rights of the deceased cease upon their death. 

However, regulations provide for two exceptions in which these rights may be temporarily maintained:

• The deceased took directives during their lifetime to allow any person to organize the conditions for the storage, erasure, and communication of their personal data after their death;

• In the absence of directives or contrary mentions from the deceased, it is provided that heirs may "to the extent necessary" exercise rights relating to:
• "the organization and settlement of the deceased's estate. As such, heirs may access personal data processing concerning them in order to identify and obtain communication of information useful for the liquidation and division of the estate. They may also receive communication of digital assets or data similar to family memories, transmissible to heirs"

• "the taking into account, by data controllers, of their death. As such, heirs may have the deceased's user accounts closed, object to the continued processing of personal data concerning them, or have them updated".

Should you wish the Service Provider to record your directives regarding the transmission of Personal Data post-mortem, we invite you to contact us at the coordinates indicated in Article 21 of this Policy.

 

1. HOW ARE USERS INFORMED OF MODIFICATIONS TO THIS DATA PROTECTION POLICY?

The Service Provider may modify this Data Protection Policy at any time.

The Service Provider will inform Users by any means of modifications made to this policy.

The Service Provider invites Users to regularly review the Data Protection Policy in order to be fully informed of its provisions.

 

1. SUPERVISORY AUTHORITY

 

Should you consider that the Service Provider is not fulfilling its obligations regarding the protection of Personal Data, you can contact the competent supervisory authority. This is typically the national or regional data protection authority in your jurisdiction, whose contact details can usually be found on their official website.

 

1. HOW TO CONTACT THE SERVICE PROVIDER?

Users may contact the Service Provider for any questions they may have about this Data Protection Policy at the following addresses:

• By post: Route des Baux, 13210 SAINT-RÉMY-DE-PROVENCE, FRANCE
• By email: contact@ledressingdesalpilles.fr

In this context, proof of identity may be requested before your request is processed.