Privacy policy (GDPR)
PRIVACY POLICY (GDPR)
PREAMBLE
The company cats&green tea , concerned about the rights of individuals, particularly with regard to automated processing and in a desire for transparency with its customers, has implemented a Confidentiality Policy covering all of these processing operations, the purposes pursued by the latter as well as as means of action available to individuals so that they can best exercise their rights.
This Privacy Policy applies to the site: https://catsandgreentea.fr
Each of the expressions mentioned below will have the following meaning in this Privacy Policy:
- “Website” or “Site”: designates the website accessible under the URL: https://catsandgreentea.fr
- “The Publisher” or “the Seller” or “the Company”: designate the company SASU cats&green tea, with share capital of €2,000, whose head office is located at the following address: 6, rue d’Armaillé, 75017, Paris, France and registered in the Paris Trade and Companies Register under SIRET number 827 792 441 00012.
- “cats and green tea”: is the name chosen by the company SASU cats&green tea for its e-commerce site. It is a registered trademark.
- “Customer” or “User” or “you”: designate Internet users who use the services of the website
- “Process” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The purpose of this Privacy Policy is to expose users of the site to:
- The way in which their personal data is collected and processed. All data capable of identifying a User must be considered personal data. This concerns in particular the first and last name, age, postal address, e-mail address, location of the User or even their IP address;
- What are the rights of users regarding this data;
- Who is responsible for the processing of personal data collected and processed;
- To whom this data is transmitted;
- The site’s policy regarding “cookie” files.
This Confidentiality Policy supplements the legal notices, the General Conditions of Use and the General Conditions of Sale (CGU/CGV) which users can consult at the address below:
https://catsandgreentea.fr/pages/cgu-cgv
https://catsandgreentea.fr/pages/mentions-legales
ARTICLE 1: GENERAL PRINCIPLES REGARDING DATA COLLECTION AND PROCESSING
In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of data from users of the Site respects the following principles:
- Lawfulness, loyalty and transparency: data can only be collected and processed with the consent of the User who owns the data. Each time personal data is collected, the User will be informed that their data is being collected, and for what reasons their data is being collected;
- Limited purposes: the collection and processing of data is carried out to meet one or more objectives determined in these general conditions of use;
- Minimization of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the site are collected;
- Retention of data reduced over time: data is kept for a limited period, of which the User is informed. When this information cannot be communicated, the User is informed of the criteria used to determine the retention period;
- Integrity and confidentiality of data collected and processed: the Data Controller undertakes to guarantee the integrity and confidentiality of the data collected.
In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data can only take place if they comply with at least one of the conditions below. after listed:
- The User has expressly consented to the processing;
- The processing is necessary for the proper performance of a contract;
- The processing meets a legal obligation;
- The processing is explained by a necessity linked to the protection of the vital interests of the data subject or of another natural person;
- The processing may be explained by a necessity linked to the execution of a mission of public interest or which relates to the exercise of public authority;
- The processing and collection of personal data is necessary for the purposes of the legitimate and private interests pursued by the Data Controller or by a third party.
ARTICLE 2: PERSONAL DATA COLLECTED AND PROCESSED IN THE CONTEXT OF BROWSING THE SITE
1. DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION
The personal data collected on the site https://catsandgreentea.fr are as follows:
- Last name and first names)
- Civility
- E-mail address
- IP adress
- Phone Number
- Delivery adress billing adress
- Consent
- Information relating to the order: order number, transaction type, purchase details, invoice, unpaid amounts, discounts, product returns. The credit card number is processed by Shopify (Shop Pay).
- Information provided by the User himself in the communications he sends to us, for example to report a problem or submit questions or comments concerning the website or its content.
This data is collected when the User performs one of the following operations on the Site and is kept under reasonable security conditions for the periods mentioned below:
Newsletter Sign-Up:
Purpose: subscribing to our newsletter allows users of the site to receive the newsletter and our communications on our activities as well as our product and service offers. The legal basis is consent (art 6.1.a)
Data collected: email, user's IP address.
Data recipient: The Data Controller, our internal Marketing department, the subcontractor for the technical management of the newsletter. This subcontractor is the company Omnisend, whose head office is in Great Britain. Certain personal data (e.g. IP address, email address) may therefore be transferred outside the EU.
Here is its privacy policy:
https://www.omnisend.com/privacy/
Retention period: The time the user subscribes to the newsletter.
Website and contact form:
Purpose: The contact form allows users to communicate with
us and also allows us to respond to their requests (questions,
requests for information or comments requiring a response.) The legal basis is consent (art.6.1.a)
Data collected: Marital status, last name, first name, email address, communications.
Data recipient: The Data Controller, our internal Marketing department, the website subcontractor. This subcontractor is the company Shopify, whose head office is in Canada. Certain personal data (e.g. email IP address) may therefore be transferred outside the EU.
Here is its privacy policy:
https://www.shopify.com/legal/privacy
Retention period: the time necessary to process the request received via the contact form.
CDN - website accelerator and cache:
Purpose: Content Delivery Network - CDN and cache memory: this is a
technology that makes it possible to speed up a website. The role of the CDN network is to
duplicate all content of the site in a geographical area close to the country of user connection. This allows the site to load pages faster and improves the user experience on the site. The legal basis is the execution of this contract (art. 6.1.b.)
Data collected: email address, IP address.
Recipient of the data: The Data Controller, our internal Marketing department, the website subcontractor. This subcontractor is the company Shopify, whose head office is in Canada. Certain personal data (e.g. email, IP address) may therefore be transferred outside the EU.
Here is its privacy policy:
https://www.shopify.com/legal/privacy
Shelf life: the duration of the site’s existence.
Sale of interior decoration products and services:
Purpose: Sale of articles and services in the field of decoration
indoor. The legal basis is contractual or pre-contractual execution (art.6.1.b)
Data collected: Marital status, first and last name, email address, telephone number, billing and delivery postal address, communications, order number, type of transaction, purchase details, purchase amount, data relating to invoice payments ( payment terms, unpaid amounts, discounts), return of products.
Recipient of the data: The Data Controller, our internal Marketing and sales department, the subcontractor who sends the order. This subcontractor is the company Sendcloud whose head office is in France. We him
provide your name and postal address for shipping the products.
Sendcloud does not transfer personal data outside the EU if transactions
concern EU countries. However, it may use subcontractors in
outside the EU in order to ensure delivery of orders intended for these countries.
You can find more information regarding its privacy policy
on the following link:
https://www.sendcloud.fr/data-processing-addendum/?ajs_aid=1e2ed1c2-4237-42fc-ac96-7445396a410a
Shelf life: commercial prescription time
Creation of the customer account:
Purpose: Customer identification, order and transaction management. There
legal basis is compliance with a legal obligation which here is the execution of a
CONTRACT. (art. 6.1.c)
Data collected: Marital status, first and last name, email address, purchase history.
Recipient of the data: The Data Controller, our internal Marketing and Sales department, the website subcontractor. This subcontractor is the
Shopify company headquartered in Canada. Certain personal data (e.g. email, IP address) may therefore be transferred outside the EU.
Here is its privacy policy:
https://www.shopify.com/legal/privacy
Retention period: lifespan of the customer account.
Management of requests for access rights and other rights relating to the GDPR:
Purpose: Management of requests for rights of access, modification, rectification and other rights of data subjects arising from the European regulation on the protection of personal data which entered into force on May 25, 2018. The legal basis is compliance with a legal obligation (art.6.1.c)
Data collected: Title, last name, first name, email address, communications,
IP adress.
Recipient of the data: The Data Controller, where applicable
lawyers in charge of litigation and defense of the Data Controller, the subcontractor who operates the technical management of the site. This subcontractor is the company Shopify, whose head office is in Canada. Certain personal data (e.g. email, IP address) may therefore be transferred outside the EU.
Here is its privacy policy:
https://www.shopify.com/legal/privacy
Duration of retention: The time of legal prescription of the rights of the
controller and/or data subjects.
Attack detection and litigation against fraud:
Purpose: Detection of attacks and litigation against fraud.
The legal basis is the legal obligation of security and data protection
personal data established by the GDPR (art. 32 et seq.) - art. 6.1.c. This service is imposed under a legal obligation.
Data collected: Title, last name, first name, email address, communications,
IP adress.
Recipient of the data: The Data Controller, where applicable
lawyers in charge of litigation and defense of the Data Controller, the subcontractor who operates the technical management of the site. This subcontractor is the company Shopify, whose head office is in Canada. Certain personal data (e.g. email, IP address) may therefore be transferred outside the EU.
Here is its privacy policy:
https://www.shopify.com/legal/privacy
Shelf life: The period of civil or criminal limitation.
Furthermore, when making a payment on the Site, proof of the transaction including the order form and the invoice will be kept in the Site's computer systems. Tax, accounting and legal regulations require us to keep purchase invoices for ten years under the Commercial Code, the Civil Code and the Consumer Code.
If you make your purchase through a direct payment gateway, then Shopify will store your credit card information.
This information is encrypted in accordance with the payment card industry's data security standard (PCI-DSS).
Information relating to your purchase transaction is retained for as long as necessary to complete your order.
Once your order is finalized, the information relating to the purchase transaction is deleted.
All direct payment gateways comply with the PCI-DSS standard, managed by the PCI Security Standards Council, which is the joint effort of companies such as Visa, MasterCard, American Express and Discover.
PCI-DSS requirements ensure the secure processing of credit card information by our store and its service providers.
For more information, please see Shopify's Terms of Service ( https://www.shopify.com/en/legal/conditions ) or its Privacy Policy ( https://www.shopify.com/en/ legal/confidentiality )
During your navigation on the Site, a certain amount of information is automatically recorded via connection cookies. This information allows us to identify visitors to our Site. The collection of this information is based on our legitimate interest in knowing our customers better and improving our services accordingly.
The use of cookies on this Site is described in detail in article 5 of this document.
2. TRANSMISSION OF DATA TO THIRD PARTIES
We may share your personal data with our service providers who help us provide the services we offer, including transaction processing, logistics and shipping of your orders.
We will also respond to requests for personal data when the law requires us to do so or when the communication of this data is necessary to protect our rights and/or comply with legal action served on us.
3. DATA HOSTING
The Site is hosted by:
OVH, whose head office is located at the following address; 2 rue Kellermann, 51100 Roubaix, France. Tel number: 1007 (from France), +33 9 72 10 10 07 from abroad.
Website: https://www.ovhcloud.com/fr/
The Site is operated by:
Shopify
whose headquarters are located at the following address:
151 rue O'Connor, ground floor, Ottawa, Ontario K2P 2L8, Canada
Tel: 1-613-241-2828
Website: https://www.shopify.com/
Email: assistance@shopify.com
ARTICLE 3: DATA PROCESSING RESPONSIBLE AND DATA PROTECTION DELEGATE
1. THE DATA PROCESSOR
The person responsible for processing personal data is: Ms. Gavriela Gazi. He can be contacted as follows:
- by email to: welcome@catsandgreentea.fr
- by mail to the address: 6, rue d'Armaillé, 75017, Paris (France)
The Data Processing Manager is responsible for determining the purposes and means used to process personal data.
2. OBLIGATIONS OF THE DATA PROCESSOR
The Data Controller undertakes to protect the personal data collected, not to transmit them to third parties without the User having been informed and to respect the purposes for which this data was collected.
In addition, the Data Controller undertakes to notify the User in the event of rectification or deletion of data, unless this entails disproportionate formalities, costs and procedures for him.
In the event that the integrity, confidentiality or security of the User's personal data is compromised, the Data Controller undertakes to inform the User by any means.
ARTICLE 4: USER RIGHTS
In accordance with the regulations concerning the processing of personal data, the User has the rights listed below.
In order for the Data Processing Manager to grant his request, the User is required to communicate to him: his signed valid identity document as well as the address at which the Data Processing Manager can contact the User , and if relevant, their account or personal space or subscriber number.
The Data Controller is required to respond to the User within a maximum of 30 (thirty) days. This period may be extended by two months if the complexity of the request and/or the number of requests so requires.
PRESENTATION OF USER RIGHTS REGARDING DATA COLLECTION AND PROCESSING
1. Right of access, rectification and right to erasure
The User can read, update, modify or request the deletion of data concerning him, by respecting the procedure set out below:
* Electronically: by sending an email to: welcome@catsandgreentea.fr
* By registered postal mail A/R: cats&green tea, 6, rue d'Armaillé, 75017, Paris
If he has one, the User has the right to request the deletion of his personal space by following the following procedure:
* Electronically: by sending an email to: welcome@catsandgreentea.fr
* By registered postal mail A/R to the following address:
cats&green tea, 6, rue d'Armaillé, 75017, Paris
2. Right to data portability
The User has the right to request the portability of his personal data, held by the site, to another site, by complying with the procedure below:
* Electronically: by sending an email to: welcome@catsandgreentea.fr
* By registered postal mail A/R to the following address:
cats&green tea, 6, rue d'Armaillé, 75017, Paris
3. Right to restriction and opposition to data processing
The User has the right to request the limitation or to oppose the processing of his data by the Site, without the Site being able to refuse, unless he demonstrates the existence of legitimate and compelling reasons, which can prevail over the interests and the rights and freedoms of the User.
In order to request the limitation of the processing of their data or to formulate an opposition to the processing of their data, the User must follow the following procedure:
* Electronically: by sending an email to: welcome@catsandgreentea.fr
* By registered postal mail return to the following address:
cats&green tea, 6, rue d’Armaillé, 75017, Paris (France)
4. Right not to be subject to a decision based exclusively on an automated process
In accordance with the provisions of Regulation 2016/679, the User has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects concerning him, or significantly affects him in a way similar way.
5. Right to determine the fate of data after death
The User is reminded that he can organize what should happen to his data collected and processed if he dies, in accordance with law no. 2016-1321 of October 7, 2016.
6. Right to refer the matter to the competent supervisory authority
In the event that the Data Controller decides not to respond to the User's request, and the User wishes to contest this decision, or, if he believes that one of the rights listed above, he is entitled to refer the matter to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr ) or any competent judge.
We recommend that you contact us first before filing a complaint, as we are available to resolve your issue.
ARTICLE 5: USE OF “COOKIES” FILES
The Site may use “cookie” techniques.
A "cookie" is a small file (less than 4 KB), stored by the Site on the User's hard drive, containing information relating to the User's browsing habits.
These files allow the Site to process statistics and information on traffic, facilitate navigation and improve the service for the comfort of the User.
For the use of "cookies" files involving the saving and analysis of personal data, the User's consent is necessarily requested.
This User consent is considered valid for a maximum period of 13 (thirteen) months. At the end of this period, the Site will again request the User's authorization to save "cookies" files on their hard drive.
1. User’s opposition to the use of “cookies” files by the Site
The User is informed that he can object to the recording of these “cookie” files by configuring his browser software.
For information, the User can find at the following addresses the steps to follow in order to configure their browser software to oppose the recording of “cookies” files:
- Chrome : https://support.google.com/accounts/answer/61416?hl=fr
- Firefox : https://support.mozilla.org/fr/kb/enable-and-disable-cookies-website-preferences
- Safari : https://www.apple.com/legal/privacy/fr-ww/
- Internet Explorer : https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
-
CNIL: https://www.cnil.fr/fr/cookies-les-outil-pour-les-maitriser
If the User decides to deactivate "cookies" files, he or she will be able to continue browsing the Site. However, any malfunction of the Site caused by this manipulation cannot be considered to be the fault of the Site Editor.
2. Description of the “cookies” files used by the Site
The Site Editor draws the User's attention to the fact that the following cookies (main cookies) are used during navigation:
Cookies necessary for the operation of the online store:
| NAME | FUNCTION | DURATION |
|---|---|---|
| _ab | Use linked to access to the administrator interface. | 2 years |
| _customer_account_shop_sessions | Use with the _secure_account_session_id cookie to track the user session of new customer accounts | 30 days |
| _secure_account_session_id | Use to track user session of new customer accounts | 30 days |
| _secure_session_id | Use related to tracking a user session through the multi-step checkout process and maintaining connection of order, payment and shipping details. | 24 hours |
| _shopify_country | For stores where the pricing currency/country is set by geolocation based on IP address, this cookie stores the country we detected. It helps avoid geolocation searches based on IP address after the first request. | session |
| _shopify_m | Use related to managing customer privacy settings. | 1 year |
| _shopify_tm | Use related to managing customer privacy settings. | 30 mins |
| _shopify_tw | Use related to managing customer privacy settings. | 2 weeks |
| _storefront_u | Use related to updating customer account information. | 1 minute |
| _tracking_consent | Use related to the storage of user preferences set by a merchant according to the privacy rules of the visitor's region. | 1 year |
| _cmp_a | Use related to managing customer privacy settings. | 1 day |
| vs | Payment-related use. | 1 year |
| cart | Use linked to the shopping cart. | 2 weeks |
| cart_currency | Setting after a payment to keep the same currency as the last payment in new baskets. | 2 weeks |
| cart_sig | A hash of the contents of a basket. It is used to verify the integrity of the shopping cart and guarantee the performance of certain shopping cart operations. | 2 weeks |
| cart_ts | Payment-related use. | 2 weeks |
| cart_ver | Use linked to the shopping cart. | 2 weeks |
| checkout | Payment-related use. | 4 weeks |
| checkout_token | Payment-related use. | 1 year |
| customer_account_locale | Use for new customer accounts | 1 year |
| dynamic_checkout_shown_on_cart | Payment-related use. | 30 mins |
| hide_shopify_pay_for_checkout | Payment-related use. | session |
| keep_alive | Use linked to the location of buyers. | 2 weeks |
| master_device_id | Use linked to merchant identifiers. | 2 years |
| previous_step | Payment-related use. | 1 year |
| discount_code | Payment-related use. | session |
| remember_me | Payment-related use. | 1 year |
| secure_customer_sig | Use linked to the identification of a user after registering in a store as a customer, so as not to force them to log in again. | 1 year |
| shopify_pay | Payment-related use. | 1 year |
| shopify_pay_redirect | Payment-related use. | 1 hour, 3 weeks or 1 year depending on the value |
| shop_pay_accelerated | Payment-related use. | 1 year |
| storefront_digest | Condensed online store password storage, to allow merchants to get an overview of their password-protected online store. | 2 years |
| tracked_start_checkout | Payment-related use. | 1 year |
| checkout_session_lookup | Payment-related use. | 3 weeks |
| checkout_prefill | Payment-related use. | 5 months |
| checkout_queue_token | Payment-related use. | 1 year |
| checkout_queue_checkout_token | Payment-related use. | 1 year |
| checkout_worker_session | Payment-related use. | 3 days |
| checkout_session_token | Payment-related use. | 3 weeks |
| checkout_session_token_< |
Payment-related use. | 3 weeks |
| cookietest | Use to ensure the proper functioning of our systems. | 1 month |
| order | Usage related to order status page. | 3 weeks |
| identity-state | Use related to client authentication. | 24 hours |
| identity-state-< |
Use related to client authentication. | 24 hours |
| identity_customer_account_number | Use related to client authentication. | 12 weeks |
| card_update_verification_id | Payment-related use. | 20 months |
| customer_account_new_login | Use related to client authentication. | 20 months |
| customer_account_preview | Use related to client authentication. | 7 days |
| customer_payment_method | Payment-related use. | 1 hour |
| customer_shop_pay_agreement | Payment-related use. | 20 months |
| pay_update_intent_id | Payment-related use. | 20 months |
| location | Payment-related use. | 2 weeks |
| profile_preview_token | Payment-related use. | 5 months |
| login_with_shop_finalize | Use related to client authentication. | 5 months |
| preview_theme | Usage related to the theme editor. | session |
| shopify-editor-unconfirmed-settings | Usage related to the theme editor. | 4 p.m. |
| wpm-test-cookie | Use to ensure the proper functioning of our systems. | session |
Reporting and data analysis:
| NAME | DESCRIPTION | DURATION |
|---|---|---|
| _landing_page | Tracking landing pages. | 2 weeks |
| _orig_referrer | Tracking landing pages. | 2 weeks |
| _s | Data analytics provided by Shopify. | 30 mins |
| _shopify_d | Data analytics provided by Shopify. | session |
| _shopify_fs | Data analytics provided by Shopify. | 30 mins |
| _shopify_s | Data analytics provided by Shopify. | 30 mins |
| _shopify_sa_p | Data analytics provided by Shopify related to marketing and sponsorships. | 30 mins |
| _shopify_sa_t | Data analytics provided by Shopify related to marketing and sponsorships. | 30 mins |
| _shopify_y | Data analytics provided by Shopify. | 1 year |
| _y | Data analytics provided by Shopify. | 1 year |
| _shopify_ga | Shopify and Google Analytics. | session |
| customer_auth_provider | Data analytics provided by Shopify. | session |
| customer_auth_session_created_at | Data analytics provided by Shopify. | session |
| shop_analytics | Data analytics provided by Shopify. | 1 year |
| unique_interaction_id | Data analytics provided by Shopify. | 10 minutes |
ARTICLE 6: CONDITIONS FOR MODIFICATION OF THE CONFIDENTIALITY POLICY
This Confidentiality Policy can be consulted at any time at the address indicated below:
https://catsandgreentea.fr/pages/confidentiality-policy
The publisher of the Site reserves the right to modify it in order to guarantee its compliance with the law in force.
Consequently, the User is invited to regularly consult this Confidentiality Policy in order to stay informed of the latest changes that will be made to them.
The User is informed that the last update of this Privacy Policy took place on: 05/19/2024
ARTICLE 7: USER ACCEPTANCE OF THE CONFIDENTIALITY POLICY
By browsing the Site, the User certifies having read and understood this Confidentiality Policy and accepts its conditions, with particular regard to the collection and processing of their personal data, as well as the use of files. "Cookies".
Continuing to browse this site constitutes unreserved acceptance of these provisions and conditions of use.
For any additional information on the protection of personal data, we invite you to consult the site: https://www.cnil.fr/
The currently online version of these conditions of use is the only one enforceable for the entire duration of use of the site and until a new version replaces it.
ARTICLE 8: APPLICABLE LAW
These conditions of use are governed by French law and subject to the jurisdiction of the courts of the Publisher's head office, subject to a specific attribution of jurisdiction resulting from a particular law or regulation.
