Latest version: June, 14 2021
Personal Data Privacy Policy
ARTICLE 1.
DATA CONTROLLER
Your
personal data (hereafter “Data”) is collected and processed by GLOBAL
BIOENERGIES, registered in the Trade and Companies Register of Evry under the
number 508 596 012, and whose registered office is located 5 rue Henri
Desbruères – 91000 Evry-Courcouronnes, France (hereafter “LAST”).
As data
controller, LAST endeavors to best protect your privacy and ensure your Data
security in accordance with current regulations, particularly regulation
n°2016/679 of the European Parliament on the protection of natural persons with
regard to the processing of personal data and
the free movement of such data as of April, 27 2016.
Hereafter
you will find LAST’s policy in terms of Data protection.
ARTICLE 2.
DATA COLLECTION
Your Data
is collected from the online shopping website colors-that-last.com (hereafter
“Website”), through its customer service and the social media pages managed by
LAST.
LAST namely
collects your Data during the following operations:
- website
browsing using cookies placed on your device;
- website
transactions;
- creating a
personal account on the Website;
- subscribing
to the LAST newsletter;
- interactions
with LAST customer service;
- browsing
and subscribing on social media pages managed by LAST;
- participating
in a game or contest.
ARTICLE 3.
DATA INFORMATION COLLECTED
The Data
collected mainly include your last name, name, gender, birth date, postal and
electronic address, phone number, personal account username and password as
well as your social media usernames. Certain Data is mandatory, other is
optional.
LAST may
also be brought to process your Data relating to:
- your
browsing of the Website and social media pages managed by LAST, namely meaning
your IP address, viewed pages, visits frequency;
- payment and
any bank transaction;
- your
purchase, research and saved articles history;
- your beauty
profile;
- your
comments and other contributions published on the Website or social media pages
managed by LAST;
- your social
media accounts, if they are linked to the personal account created on the
Website.
ARTICLE 4.
PURPOSE OF THE COLLECTED DATA
The Data
collected can be used for the following purposes:
- processing
and shipping the Orders you place on the Website, as well as the ensuing
customer service;
- customer
relationship management and customizing LAST communications;
- improving
and customizing LAST special offers;
- sending the
LAST newsletter and other information relating to LAST products and services;
- establishing
business development operations and developing marketing tools;
- establishing
statistics and analyses as well as performance indicators (audience, visits)
and evaluating how the components of the Website are used (browsed sections and
contents, journey…) as well as social media pages managed by LAST to improve
their relevance and ergonomic design so as to improve your experience on the
Website and social media as well as LAST’s customer service quality;
- performing
technical operations relating to the above-listed purposes;
- the respect
of LAST’s legal and regulatory obligations.
ARTICLE 5.
LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
In
compliance with current regulations, your Data is processed based on specific
legal grounds, namely:
- your
explicit consent given to LAST to, on one hand, send you its newsletter and/or
keep you updated on its latest news via social media and, on the other hand,
share some of your Data to certain service providers or subcontractors;
- the respect
of a legal obligation requiring LAST to process your Data, such as, for
instance, order n°2011-219 from February, 25 2011 relating to keeping and
sharing Data to identify any person who has contributed to creating a content
published online;
- the
presence of a legitimate interest for LAST to process your Data to best manage
its relationship with the general public and promote its products.
ARTICLE 6.
DATA RETENTION PERIOD
The
retention period of your Data is determined according to its purposes and
LAST’s legal obligations.
The Data
collected upon your LAST newsletter subscription, your subscription to social
media pages managed by LAST or your creation of a personal account on the
Website are kept for the entirety of said subscription or existence of the said
personal account. After unsubscribing or deleting your personal account, your
Data may be kept and processed for a period of three years. At the end of this
time frame, your Data will either be deleted or made anonymous.
The Data
collected when placing a purchase order on the website is kept and processed
for a period of three (3) years. At the end of this time frame, your Data will
either be deleted or made anonymous.
The Data
collected when browsing the Website or on social media pages managed by LAST is
kept and processed for a period of thirteen months. At the end of this time
frame, your Data will either be deleted or made anonymous. However, after the
above mentioned periods, including as long as need be from the time of your
termination request, your Data may be processed for intermediary archiving in
order to comply with LAST’s legal and regulatory obligations.
ARTICLE 7.
DATA RECIPIENTS
All your
Data is strictly confidential, meaning that LAST shall not share it with any
third party that may use it for personal purposes, without your explicit
consent. However, your Data may be shared, securely and for the above mentioned
purposes, with LAST service providers and subcontractors to process and ship
orders or execute technical, marketing or advertising services. LAST is
committed to taking all the necessary precautions to share Data in compliance
with current regulations. For this matter, LAST specifies that some of its
service providers may resort to subcontractors located outside the European
Union, namely in the United States, and commits to implementing all necessary
guarantees to ensure Data sharing is done in compliance with current
regulations. Consequently, you explicitly grant LAST and its service providers
the right to share your Data outside the European Union. As a result, your Data
may be shared to respond to a court or administrative order.
ARTICLE 8.
YOUR RIGHTS
In
compliance with current regulations, you have the right to:
- withdraw
your consent;
- demand access to, amendment of or deletion of part or all of your Data;
- contest one
of its processing;
- data
portability.
You can
perform your rights by written request and with proof of identity, all sent via
e-mail to dpo@colors-that-last.com. We will reply within a month upon reception
of your request. If needed, LAST may extend this period to two months and will
send you written notification.
Should LAST
not provide a satisfactory answer to your requests, you can file a complaint to
the French National Commission on Informatics and Liberty (CNIL), located 3
Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07. Phone: 01.53.73.22.22.
1. You have
the right to withdraw your consent, at any given moment, when it has been
requested. However, this withdrawal will
not affect the legal consent-based Data processing done prior to this
withdrawal.
2. You have
the right to get confirmation from LAST that your Data is or is not processed
and, when it is, to have access to your Data as well as the following
information:
- the purpose
of its processing;
- the
categories of Data being processed;
- the
recipients or categories of recipients your Data is or will be shared with;
- when
possible, the estimated retention period of your Data or, when it is not possible, the criteria used to determine this period;
- the
existing right to ask LAST to change or delete all or part of your Data or
restrict the processing of your Data or the right to contest this processing;
- the right
to file a complaint to a supervisory authority;
when your
Data has not been collected from the Data Subject, any available information as
to its source
whether
automated decision-making is implemented, including profiling, and in any such
case, useful information about its underlying logic, as well as the importance
and expected consequences of this processing for you.
When your
Data is shared with a third country or international organization, you have the
right to remain informed about applicable guarantees relating to this Data
sharing. LAST delivers a copy of your processed Data, which can require payment
of a reasonable fee based on administrative costs for any additional copy
requested. When submitting your request electronically, the information will be
delivered via common electronic means, unless requested otherwise.
3. You have
the right, in a timely manner, to get LAST to change incorrect Data. You can
also get incomplete Data to be completed, including by providing a
complimentary statement.
4. You have
the right to get LAST to delete your Data, as quickly as possible, when one of
the following reasons apply:
- your Data
is no longer necessary for the purposes for which it was collected or otherwise
processed;
- you
withdraw consent on which the processing is based on and there is no other
existing legal ground to the processing;
- you object
to the processing under the conditions in item 6 and there is no legitimate
compelling reason for the processing;
- your Data
has been illegally processed;
- your Data
must be deleted to comply with a legal obligation
- your Data
has been collected from a child.
However,
this right to deletion does not apply when processing is necessary:
- to perform
the right to freedom of expression and information;
- to comply
with a legal obligation requiring such processing to fulfill a task in the
public interest or relating the exercise of public authority the data
controller is vested with;
- for public
interests specifically relating to public health purposes;
- for filing
purposes of public interest, for scientific research or historic or statistical
purposes;
- for the
establishment, exercise or protection of rights before courts;
5. You have
the right to get LAST to restrict Data processing when one of the following
elements apply:
- until LAST
can check the exactitude of your Data following a dispute issued from your end;
- the processing
being illegal, you object to the deletion of your Data and, instead, demand the
limitation of its use;
- LAST no
longer needs your Data for processing purposes but it is still required for you
to establish, exercise or protect your rights before courts;
- during the
time required to check if the legitimate purposes sought by LAST prevail over
yours following a dispute issued from your end under the conditions stated in
item 6.
Once
processing has been restricted, your Data may only be treated, with the
exception of retention, (i) with your consent or (ii) for the establishment,
exercise or protection of rights before courts or (iii) to protect another
natural or legal person’s rights or (iv) for important reasons of public
interest for the European Union or a Member State.
6. You have
the right to object, at any given moment, for personal reasons, to the
processing of your Data based on public interest of legitimate interests sought
by LAST.
LAST shall
therefore no longer process your Data, unless LAST demonstrates the existence
of legitimate and compelling reasons for processing that prevail over your
interests and rights and freedoms or the establishment, exercise or protection
of rights before the courts.
Furthermore,
at any given moment you have the right to object to the processing of your Data
for commercial purposes.
7. You have
the right to receive your Data from LAST, in a structured format, commonly used
and machine-readable, to share them with another data collector when:
- the processing is based on your consent or a contract, and
- In this
matter, you have the right to get your Data directly transferred by LAST to
another data collector when it is technically possible.
ARTICLE 9.
SECURITY MEASURES
Considering
the nature of the Data and the risks associated to its processing, LAST takes
all technical, physical and organizational measures required to safeguard the
security and confidentiality of said Data and prevent it from being distorted,
damaged or made accessible to unauthorized third parties.
LAST
selects subcontractors and service providers who offer guarantees in terms of
quality, security, reliability and resources to ensure the implementation of
technical and organizational measures, including those relating to the safety
of Data processing.
ARTICLE 10.
SOCIAL MEDIA
LAST is
present on social media (Facebook, Twitter, YouTube, Instagram…) and reminds
you that access to social media requires your approval of their legal
conditions including provisions regarding regulations on their Data processing
done independently of social media pages managed by LAST.
For more
information on the protection of your Data when browsing social media, LAST
encourages you to read their privacy policies.