The objective of S3DEL's privacy policy is to:
The company S3DEL and its service providers, responsible for processing personal data on the sites, collect information about you, particularly during the creation of your Customer Account or during your purchases.
As the person determining the purposes and means of processing, the data controller is the S3DEL company and various service providers such as:
We collect data necessary to achieve a specific purpose.
The data we collect may have as legal basis:
The following table presents the information to be provided when the data is collected from the concerned person (Article 12 of the GDPR).
Types of processing | Data concerned by the processing | Purposes of processing | Legal bases for processing | Recipients |
---|---|---|---|---|
Commercial and marketing prospecting actions |
Identity, Contact details, Exchanges related to project implementation, Statistics | The processing aims to enable prospecting operations, including: - Production of statistics - Site improvement - Development of commercial strategy - Satisfaction survey | Consent Legitimate interest, namely informing and promoting similar products and services and rewarding our best customers | Internally: the communication and marketing departments Externally, our IT service providers |
Customer management | Identification data | The processing aims to enable prospecting operations, including: - Management of contractual relationship - Production of statistics - Carrying out satisfaction and customer surveys - Management of complaints, after-sales service, and warranties | Consent Execution of a contract Compliance with a legal obligation | Internally: the departments responsible for processing your request |
Purchase management | Identification data, Payment data, Transaction data | The processing aims to enable prospecting operations, including: - Management of contractual relationship - Management of complaints, after-sales service, and warranties - Management of accounting - Improvement of offers | Execution of the contract Compliance with a legal obligation | Internally: the department in charge of commercial management |
Management of individual rights | Identification data | The processing aims to ensure the management of your rights as covered by the GDPR and the Data Protection Act | Compliance with a legal obligation | Internally, the DPO and those authorized to ensure the management of your rights. Externally, certain regulated professions (lawyers), our providers and subcontractors |
Management of unpaid debts and disputes | Identification data, Payment data, Transaction data, | The processing aims to: - Management of contractual relationship - Management of accounting - Management of data controller's rights | Execution of the contract Compliance with a legal obligation Legitimate interest, namely debt recovery | Internally: the accounting department. Externally: authorized service providers, including regulated professions (lawyers, auditors), our providers and subcontractors |
Fraud management | Identification data, Payment data, Transaction data, Navigation and connection data. | The processing aims to: - Prevention and fight against illegal or unauthorized activities by the terms of use - Listing of proven unpaid debts - Identification of persons in a situation of unpaid debts in order to exclude them from future transactions | Compliance with a legal obligation Legitimate interest of the site | Internally: Our accounting department Externally: financial, judicial, or state agencies, public bodies upon request and within the limits of what is permitted and justified by the regulations, our providers and subcontractors |
Management of promotional operations | Identification data | The processing aims to: - Selecting suppliers - Develop our commercial strategy - Production of statistics | Consent | Internally: the commercial management department. Externally: authorized providers capable of processing the data you provide us and allowing us to offer you the proposed services |
Online browsing (cookies) |
Navigation data, Duration of your visit, Technical information (IP address, browser used, etc.) |
The processing aims to: \- Ensure the maintenance of the site and its features \- improving the site's interactivity (services offered by third-party websites, such as sharing buttons). \- Disseminating appropriate content depending on the device used. |
Consent Legitimate interest, namely the operation of the site for functional cookies |
Internally: the communication services. Externally, our providers and subcontractors |
In addition to the recipients mentioned above, and in order to achieve the aforementioned purposes, we disclose your personal data only to:
S3DEL retains personal data for a period that does not exceed the length necessary for the purposes for which they are collected, in accordance with the provisions of the amended French Data Protection Act of January 6, 1978 and the GDPR.
Data may be retained afterward in the following cases when conservation is necessary:
The criteria for determining retention periods are as follows:
Bank cards are only saved after an explicit request from the client, on the payment page (if this option is available to you). They are kept for a future order to improve your shopping experience on our websites. The cards saved for a future purchase are stored in a secure area at our payment provider (STRIPE). S3DEL does not store this information. You have the option to delete your saved card at any time, on the payment page.
Cookies have a limited lifespan of thirteen months after their initial deposit in the user's terminal equipment (following the expression of consent), as recommended by the CNIL. You can change your preferences at any time via the cookie manager whose link is present at the bottom of our website pages. To learn more about cookies and how we commit to using them, please visit this page.
Commercial management : Your data is stored for the duration of the contractual relationship and according to the prescription periods for storage or protection of the rights of the data controller.
Commercial operations management : The data is kept until the withdrawal of consent or 3 years from the last contact. They can also be stored:
The customer account data, created by the user, is intended to be stored until the account is deleted by the user. However, the account may be considered inactive due to no usage for 2 years and could be subject to deletion.
People's rights management : When a person exercises their right to object to receiving prospecting, in order to guarantee its effectiveness, the information allowing for this right to be taken into account is kept for a minimum of 3 years from the exercise of the right.
Unpaid bills management : In cases of unpaid bills, the data is removed from the file listing people in unpaid situations no later than 48 hours after the unpaid amount has been effectively settled. Exceptionally, and when necessary and proportionate circumstances justify it, the data can be stored to prevent renewal. In the event of non-regulation, the information may be kept in the file listing individuals for up to 3 years from the occurrence of the unpaid amount. They can then be archived to meet accounting and tax obligations or serve as evidence in case of litigation within the applicable statute of limitations.
Supporting documents sent to Customer Relations : The processing related to the request for supporting documents aims at combating fraud and unpaid amounts. The data is stored for 30 days from the month following their receipt and 24 months from the date of the transaction in case of dispute. Supporting documents containing copies of bank cards are immediately deleted.
Internally, some employees may have access to the data necessary for their job functions.
Our various partners and service providers may have access to the data for the execution of their contract, in accordance with the purposes outlined above and regulations. The different categories of recipients are:
The data can be transmitted in the context of business operations (mergers, acquisitions, disposals, restructurings, etc.).
Your data is not transferred to third countries and remains hosted within the European Union.
The data controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of knowledge, implementation costs, and the nature, scope, context, and purposes of the processing as well as the risks, which vary in likelihood and severity, for the rights and freedoms of individuals. When assessing the appropriate level of security, particular consideration is given to the risks presented by the processing, particularly those arising from the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored, or otherwise processed, or unauthorized access to such data, whether accidental or unlawful.
The concerned individuals have the following rights, which they exercise under the conditions provided by the GDPR:
Please visit cnil.fr for more information on your rights.
These rights can be exercised directly with the data controller.
To exercise these rights or for any questions about the processing of your personal data, we invite you to contact us:
If you believe, after contacting us, that your "Data Protection and Freedom of Information" rights are not respected, you may lodge a complaint with a supervisory authority.
The French supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL).
Date of last update: 06/01/2023
Our site uses cookies or similar technoloEgies to ensure a better user experience and to compile visit statistics. Our site uses cookies or similar technoloEgies to ensure a better user experience and to compile visit statistics.