M2B SHOP

Personal Data Protection Policy

Objective

The objective of S3DEL's privacy policy is to:

  • Provide you with information related to personal data that is processed by our services;
  • Inform you about your rights and how you can exercise them.
    This Policy was drafted in compliance with the provisions of the General Data Protection Regulation ("GDPR"), the amended French Data Protection Act of 1978. It may evolve depending on the regulations, case law, and doctrine of supervisory authorities.

Who is responsible for processing your data?

The company S3DEL and its service providers, responsible for processing personal data on the sites, collect information about you, particularly during the creation of your Customer Account or during your purchases.

As the person determining the purposes and means of processing, the data controller is the S3DEL company and various service providers such as:

  • S3DEL
    RCS of Macon: 793 203 035
    Headquarters: 356 rue du Bessey - 71570 La Chapelle de Guinchay
    Phone numbers: 03 85 38 69 35
    E-mail address: contact@s3del.com
  • M2B INFORMATIQUE
    RCS of Bourg-En-Bresse: 479 021 990
    Headquarters: 19 RTE DE MARCHON - 01100 OYONNAX
    Phone numbers: 04 74 12 19 40
    E-mail address: contact@m2b.fr

What type of data do we collect?

We collect data necessary to achieve a specific purpose.

The data we collect may have as legal basis:

  • Your consent (Article 6.1.a of the GDPR), which can be withdrawn at any time;
  • The execution of our contractual relationship or pre-contractual measures (Article 6.1.b of the GDPR);
  • Compliance with a legal obligation to which we are subject (Article 6.1.c of the GDPR);
  • Legitimate interest pursued by the data controller (Article 6.1.f of the GDPR), respecting your interests and rights.

The following table presents the information to be provided when the data is collected from the concerned person (Article 12 of the GDPR).

Types of processingData concerned by the processingPurposes of processingLegal bases for processingRecipients
Commercial and marketing prospecting actions Identity,
Contact details,
Exchanges related to project implementation,
Statistics
The processing aims to enable prospecting operations, including:
- Production of statistics
- Site improvement
- Development of commercial strategy
- Satisfaction survey
Consent
Legitimate interest, namely informing and promoting similar products and services and rewarding our best customers
Internally: the communication and marketing departments
Externally, our IT service providers
Customer management Identification data The processing aims to enable prospecting operations, including:
- Management of contractual relationship
- Production of statistics
- Carrying out satisfaction and customer surveys
- Management of complaints, after-sales service, and warranties
Consent
Execution of a contract
Compliance with a legal obligation
Internally: the departments responsible for processing your request
Purchase management Identification data,
Payment data,
Transaction data
The processing aims to enable prospecting operations, including:
- Management of contractual relationship
- Management of complaints, after-sales service, and warranties
- Management of accounting
- Improvement of offers
Execution of the contract
Compliance with a legal obligation
Internally: the department in charge of commercial management
Management of individual rights Identification data The processing aims to ensure the management of your rights as covered by the GDPR and the Data Protection Act Compliance with a legal obligation
Internally, the DPO and those authorized to ensure the management of your rights.
Externally, certain regulated professions (lawyers), our providers and subcontractors
Management of unpaid debts and disputes Identification data,
Payment data,
Transaction data,
The processing aims to:
- Management of contractual relationship
- Management of accounting
- Management of data controller's rights
Execution of the contract
Compliance with a legal obligation
Legitimate interest, namely debt recovery
Internally: the accounting department.
Externally: authorized service providers, including regulated professions (lawyers, auditors), our providers and subcontractors
Fraud management Identification data,
Payment data,
Transaction data,
Navigation and connection data.
The processing aims to:
- Prevention and fight against illegal or unauthorized activities by the terms of use
- Listing of proven unpaid debts
- Identification of persons in a situation of unpaid debts in order to exclude them from future transactions
Compliance with a legal obligation
Legitimate interest of the site
Internally: Our accounting department
Externally: financial, judicial, or state agencies, public bodies upon request and within the limits of what is permitted and justified by the regulations, our providers and subcontractors
Management of promotional operations Identification data The processing aims to:
- Selecting suppliers
- Develop our commercial strategy
- Production of statistics
Consent Internally: the commercial management department.
Externally: authorized providers capable of processing the data you provide us and allowing us to offer you the proposed services
Online browsing (cookies) Navigation data,
Duration of your visit,
Technical information (IP address, browser used, etc.)
The processing aims to:
\- Ensure the maintenance of the site and its features
\- improving the site's interactivity (services offered by third-party websites, such as sharing buttons).
\- Disseminating appropriate content depending on the device used.
Consent
Legitimate interest, namely the operation of the site for functional cookies
Internally: the communication services.
Externally, our providers and subcontractors

Who are the recipients?

In addition to the recipients mentioned above, and in order to achieve the aforementioned purposes, we disclose your personal data only to:

  • The company S3DEL, which needs to know them to ensure their management
  • Service providers and subcontractors carrying out services on our behalf; they are carefully selected and act in accordance with our instructions, including: logistics and transport providers, payment service providers, banks, etc.
  • Financial, judicial or state agencies, public bodies upon request and within the limits permitted by the regulations
  • Credit assessment and collection agencies in the context of creditworthiness assessment or debt collection in case of unpaid invoices
  • Certain regulated professions such as lawyers, notaries, auditors.

What are the retention periods?

General rules

S3DEL retains personal data for a period that does not exceed the length necessary for the purposes for which they are collected, in accordance with the provisions of the amended French Data Protection Act of January 6, 1978 and the GDPR.

Data may be retained afterward in the following cases when conservation is necessary:

  • For the exercise of the right to freedom of expression and information,
  • To comply with a legal obligation,
  • For the performance of a public interest mission or exercise of public authority with which the data controller is invested,
  • For reasons of public interest in the field of public health,
  • For archiving purposes in the public interest,
  • For scientific, historical, or statistical research purposes,
  • Or for the establishment, exercise, or defense of legal rights.

The criteria for determining retention periods are as follows:

  • Legal or regulatory provisions
  • The doctrine and case law of supervisory authorities
  • Sectoral references

Specific rules

Bank cards are only saved after an explicit request from the client, on the payment page (if this option is available to you). They are kept for a future order to improve your shopping experience on our websites. The cards saved for a future purchase are stored in a secure area at our payment provider (STRIPE). S3DEL does not store this information. You have the option to delete your saved card at any time, on the payment page.

Cookies have a limited lifespan of thirteen months after their initial deposit in the user's terminal equipment (following the expression of consent), as recommended by the CNIL. You can change your preferences at any time via the cookie manager whose link is present at the bottom of our website pages. To learn more about cookies and how we commit to using them, please visit this page.

Commercial management : Your data is stored for the duration of the contractual relationship and according to the prescription periods for storage or protection of the rights of the data controller.

Commercial operations management : The data is kept until the withdrawal of consent or 3 years from the last contact. They can also be stored:

  • For a duration of 3 years from the last contact that the people they relate to had with our company;
  • After the execution of the contract, in intermediate archiving, to comply with accounting or tax obligations or to provide evidence in case of litigation and within the applicable limitation period.

The customer account data, created by the user, is intended to be stored until the account is deleted by the user. However, the account may be considered inactive due to no usage for 2 years and could be subject to deletion.

People's rights management : When a person exercises their right to object to receiving prospecting, in order to guarantee its effectiveness, the information allowing for this right to be taken into account is kept for a minimum of 3 years from the exercise of the right.

Unpaid bills management : In cases of unpaid bills, the data is removed from the file listing people in unpaid situations no later than 48 hours after the unpaid amount has been effectively settled. Exceptionally, and when necessary and proportionate circumstances justify it, the data can be stored to prevent renewal. In the event of non-regulation, the information may be kept in the file listing individuals for up to 3 years from the occurrence of the unpaid amount. They can then be archived to meet accounting and tax obligations or serve as evidence in case of litigation within the applicable statute of limitations.

Supporting documents sent to Customer Relations : The processing related to the request for supporting documents aims at combating fraud and unpaid amounts. The data is stored for 30 days from the month following their receipt and 24 months from the date of the transaction in case of dispute. Supporting documents containing copies of bank cards are immediately deleted.

Who has access to personal data?

Internally, some employees may have access to the data necessary for their job functions.

Our various partners and service providers may have access to the data for the execution of their contract, in accordance with the purposes outlined above and regulations. The different categories of recipients are:

  • Carriers,
  • Banks, payment service providers, and credit institutions,
  • IT providers, hosting and telephony services,
  • Providers in charge of combating fraud and recovering unpaid bills,
  • "Authorized third parties" (public authorities or judicial auxiliaries) are organizations that can access certain data contained in public and private files, based on a text authorizing them, for example, the tax administration, administrations of justice, police and gendarmerie, bailiffs.

The data can be transmitted in the context of business operations (mergers, acquisitions, disposals, restructurings, etc.).

Do we transfer data abroad?

Your data is not transferred to third countries and remains hosted within the European Union.

Security

The data controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of knowledge, implementation costs, and the nature, scope, context, and purposes of the processing as well as the risks, which vary in likelihood and severity, for the rights and freedoms of individuals. When assessing the appropriate level of security, particular consideration is given to the risks presented by the processing, particularly those arising from the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored, or otherwise processed, or unauthorized access to such data, whether accidental or unlawful.

People's rights / your rights

The concerned individuals have the following rights, which they exercise under the conditions provided by the GDPR:

  • Right to object, to withdraw their consent at any time. When the processing of your personal data is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent carried out before the withdrawal of consent.
  • Right of access to personal data concerning you (Article 15 of the GDPR)
  • Right to rectify data concerning them if it is inaccurate (Article 16 of the GDPR)
  • Right to erasure of data concerning them, subject to the conditions for exercising this right in accordance with the provisions of Article 17 of the GDPR
  • Right to restrict processing (Article 18 of the GDPR)
  • Right to data portability (Article 20 of the GDPR)
  • Right to object (Article 21 of the GDPR)
  • Right to define directives regarding the fate of your personal data (storage, deletion, and communication of data) after your death (Article 85 of the amended Data Protection Act)
  • Right to lodge a complaint with a supervisory authority (Article 104.4 of the amended Data Protection Act)
  • Automated decision-making. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or similarly significantly affects them. The data subject has the right to obtain human intervention on the part of the data controller, to express their point of view and to contest the decision.

Please visit cnil.fr for more information on your rights.

These rights can be exercised directly with the data controller.

Exercising your rights

To exercise these rights or for any questions about the processing of your personal data, we invite you to contact us:

  • Head office address: 356 rue du Bessey - 71570 La Chapelle de Guinchay
  • Phone number: 03 85 38 69 35
  • Email address: contact@s3del.com

Complaint

If you believe, after contacting us, that your "Data Protection and Freedom of Information" rights are not respected, you may lodge a complaint with a supervisory authority.

The French supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL).

Date of last update: 06/01/2023

Our site uses cookies or similar technoloEgies to ensure a better user experience and to compile visit statistics. Our site uses cookies or similar technoloEgies to ensure a better user experience and to compile visit statistics.