Règlement général sur la protection des données

INTRODUCTION

The new European regulation on the protection of personal data took effect on May 25, 2018 for all companies operating in Europe.
The application of this text, which is in reality a European regulation, pursues three objectives set by the Union :

1/. Strengthen people's rights, in particular by creating a right to the portability of personal data and provisions specific to minors ;

2/. Make all people involved in the processing data feel responsible (data controllers and subcontractors) ;

3/. Increase the credibility of the regulation through enhanced cooperation between data protection authorities, which will be able in particular to adopt joint decisions when data processing is transnational and sanctions strengthened.

At SAUTAM, of course, we attach great importance to the protection of your data. We are doing our best, on this page, to detail you, in complete transparency, the principles with which SAUTAM collects different types of data on its customers, as well as our commitments concerning the security and data protection policy in order to respect your life as much as possible. private.
Like all e-merchants, we collect data on our Internet users and we work with several third-party providers, who therefore have access to part of our data..
These datas are essentials to guarantee you the best possible experience on our site and to ensure that each order is handled smoothly and efficiently.

In order to avoid an imprecise interpretation here are some explanations for the understanding of the terms used:

Personal data : any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly.

Processing : any operation or set of operations which is performed upon personal data, whether [...] or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction...

SUMMARY

1. Where are my personal data stored?
2. How do we collect data about you?
3. What personal data do you collect from me and what is it used for?
4. Register of data transmitted to subcontractors through SAUTAM services
5. List of types of informations we collect
6. Consent
7. Age of consent
8. Are my passwords secure?
9. Is my number credit card secure?
10. Security
11. Sending and sharing data

ARTICLE 1 - WHERE ARE MY PERSONAL DATA STORED?

Our store is hosted on Shopify Inc. Their online e-commerce platform provides us with the service to sell our services and products to you.

Your data is stored in Shopify's data storage system, databases, and their application. Your data is stored on a secure server protected by a firewall.

Direct payment :

If you make your purchase through a direct payment gateway, then Shopify will store your credit card information. This information is encrypted in accordance with the data security standard established by the payment card industry (PCI-DSS). Information relating to your purchase transaction is kept for as long as necessary to complete your order. Once your order is finalized, the information relating to the purchase transaction is deleted.

All direct payment gateways adhere to the PCI-DSS standard, managed by the PCI Security Standards Council, which is the joint effort of companies such as Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure processing of credit card data by our store and its service providers.

For more information, please see the Shopify Terms of Service here or the Privacy Policy here.

Services provided by third parties :

In general, the third-party providers we use will only collect, use and disclose your information to the extent necessary to perform the services they provide to us.

However, some third party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies with regard to information we are required to provide to them for your purchase transactions.

Keep in mind that some suppliers may be located or have facilities located in a jurisdiction different from yours or ours. So if you decide to proceed with a transaction that requires the services of a third party provider, then your information may be governed by the laws of the jurisdiction in which that provider is located or those of the jurisdiction in which its facilities are located.

For example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, the information belonging to you that was used to complete the transaction could be disclosed under the laws of the United States, including the Patriot Act.

Once you leave our store site or are redirected to a third party website or application, you are no longer governed by this Privacy Policy or the General Terms and Conditions of Sale and Use of our website.

Links :

You may be required to leave our website by clicking on certain links on our site. We are not responsible for the privacy practices and content of these third-party Web sites and recommend that you carefully read their privacy policies.

ARTICLE 2 – HOW DO WE COLLECT DATA ABOUT YOU?

Collecting your personal details (such as name and contact details) is most often based on your business-to-customer relationship or other relevant relationship with us. For example, we collect data when you perform actions on our services, by registering as a user of our site, by using SAUTAM's services or by providing us with other information.

When you use SAUTAM's network and communication services, for example by placing a call or creating your customer account or sending an e-mail, identification data is stored in our systems for the use of the services.

When you visit the SAUTAM website or load pages on it, you share various types of anonymous browsing data with us, such as your IP address and browsing history. These services running is based on the use of cookies.

We may collect data based on your consent.

We record customer service calls so that we can verify the actual discussion, if necessary.

We also collect data from our potential customers when they participate in contests, sweepstakes or occasional events.

ARTICLE 3 – WHAT PERSONAL DATA DO YOU COLLECT FROM ME AND WHAT IS IT USED FOR?

Order :

When you make a purchase from our store, as part of our buying and selling process, we collect the personal information you provide to us, such as your name, mailing address, phone number and e-mail address in order to be able to prepare and deliver your package to you.

These order data are sent to the various service providers who work to ensure that your package arrives at your home: our logistician who prepares the package and the carrier who delivers it to your home.

They have absolutely no right to use your data for anything other than to process your order and must delete this data from their computer system after processing. These service providers store the data in data centers in Europe.

However, if you choose to be delivered outside of Europe, your data such as your postal address is necessarily transmitted to the logistics services of the carrier who will deliver you to that country.

Navigation :

When you browse our store, we also automatically receive your computer's Internet Protocol address (IP address), which allows us to obtain more details about the browser and operating system you are using.

E-mail Marketing (if applicable) :

With your permission, we also use your e-mail address to send you our weekly newsletter. Please note that if you no longer wish to receive these e-mails, you can unsubscribe at any time by clicking the “unsubscribe” link located at the bottom of the newsletter. The onset is immediate.

In order to send you newsletters you might have been looking for, we also communicate to our service provider the list of products you have ordered.

Statistics :

In order to constantly improve our service, we use software and services operated by third-party providers that allow us to better understand our business. As such, we provide these tools with data on our customer base, your browsing history on our site and information on the products ordered.

Most of our tools are hosted in France or in Europe, but some have an activity in the United States.

As a result, all this data manipulated for statistical purposes outside Europe is completely anonymized.

Advertising :

Like most online merchants, we log visits and then display targeted advertising when you browse other websites. This process does not manipulate any personal data and neither the advertising network nor the third-party sites displaying our advertisements have access to your personal details.

However, if you no longer wish to see our advertisements, you can clear the cookies in your web browser.

How to clear cookies ?
How to Delete Cookies in Every Major Browser

Social networks :

If you use Facebook to create your account and use it to connect to SAUTAM, we do not recover anything more than your email, last name, first name and the ID of your Facebook profile.
We do not have access to your photos, friend list, posts, etc. We will never post on your page without your consent.

ARTICLE 4 – REGISTER OF DATA TRANSMITTED TO SUBCONTRACTORS THROUGH SAUTAM SERVICES

Omnisend
- Provider informations: https://www.omnisend.com/
- Provider location: Britain
- Goal: Marketing e-mails
- Is the data stored or processed outside the EU? No
- Provider's RGPD: https://www.omnisend.com/privacy/

Google Analytics
- Provider informations: https://analytics.google.com/analytics
- Provider location: United States
- Goal: Site traffic analysis + Remarketing
- Is the data stored or processed outside the EU? Yes
- Provider's RGPD: https://privacy.google.com/intl/fr_fr/businesses/compliance/

 GDPR + Cookie Management
- Provider informations: https://isenselabs.com/
- Provider location: United States
- Goal: Managing cookies
- Is the data stored or processed outside the EU? Yes
- Provider's RGPD: https://gdpr.apps.isenselabs.com/pages/privacy_policy

Facebook
- Provider informations: https://www.facebook.com/
- Provider location: United States
- Goal: Connect to your customer account through your Facebook account
- Is the data stored or processed outside the EU? Yes
- Provider's RGPD: https://fr-fr.facebook.com/business/gdpr

ARTICLE 5 – LIST OF TYPES OF INFORMATION WE COLLECT

Information you give us :

We collect and store all information you give us through our website or other means. You can choose not to communicate certain information to us, but this decision may nevertheless limit the use of our services. We use the information you provide to us, in particular to respond to your requests, to personalize your future purchases, to improve our services and to communicate with you.

Information collected automatically :

Whenever you come into contact with us, we receive and store certain types of information. Like many other websites, we use "cookies" in particular and obtain certain types of information when your browser accesses the SAUTAM website or advertisements and other content displayed on other websites by SAUTAM or on its behalf.

E-mails communications :

To optimize the usefulness and interest of our e-mails, if your computer allows it, we frequently receive a confirmation of e-mails sent by SAUTAM that you have opened. If you do not wish to receive an e-mail from us, all you have to do is notify us in your account or click on the “unsubscribe” link located at the bottom of the newsletter. The onset is immediate.

How do you get my consent ?

When you provide us with your personal information to complete a transaction, verify your credit card, place an order, schedule a delivery or return a purchase, we assume that you consent to our collecting your information and using it for this end only

If we ask you to provide us with your personal information for another reason, for marketing purposes for example, we will ask you directly for your express consent, or we will give you the opportunity to refuse.

How can I withdraw my consent ?

If after giving us your consent, you change your mind and no longer consent to us contacting you, collecting your information or disclosing it, you can notify us by contacting us at contact@sautam.co or by mail to: SAUTAM, 7 Place Henri IV, 94220 Charenton-Le-Pont, France

ARTICLE 7 – AGE OF CONSENT

By using this site, you represent that you are at least the age of majority in your country, state or province of residence, and that you have given us your consent to allow any minor dependent on you to use this Site.

ARTICLE 8 – ARE MY PASSWORDS SECURE?

Passwords are stored “encrypted” and cannot be broke. Your passwords are therefore totally safe.

ARTICLE 9 – IS MY CREDIT CARD NUMBER SECURE?

For payments by credit card, we work with one of the world's largest online payment provider, Mollie, which has a sales office in Paris and is responsible for the security of your data.

At no time do we have access to your bank card number.
Our service provider has numerous approvals and certificates justifying the security of their computer system: https://docs.mollie.com/overview/security

ARTICLE 10 – SECURITY

To protect your personal data, we take reasonable precautions and follow industry best practices to ensure that it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, it will be encrypted using the SSL security protocol and stored with AES-256 type encryption. While no data transmission over the Internet or electronic storage of files is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

Please note that as a user of the SAUTAM services, you must also use the most appropriate methods to ensure your own data security. We encourage you to store and use our services and your terminals with care and control their use, for example by using secure codes and unique passwords, and to use sufficient anti-virus and firewall services and keep them so as the updated operating system.

Cookies

Here is a list of cookies we use. We have listed them here so that you have the option of choosing whether you want to allow them or not.

_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).

_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits.

_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.

cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.

_secure_session_id, unique token, sessional.

storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

ARTICLE 11 – SENDING AND SHARING DATA

We may disclose your personal information if the law requires us to do so, for example the police and security authorities, as well as other authorities for the reasons specified by law, or if you violate our Terms and Conditions of Sale and Use

Our job does not in any way consist of trading information relating to our customers. Thus, we share this information only in the cases previously expressed and for the purposes described in this privacy policy.

However, we may submit your data to our subcontractors, in which case we will ensure that the confidentiality of your data is maintained and that our subcontractors ensure the proper processing of such data.

Processing of identification and location data related to electronic communication

SAUTAM treats all data and messages created during the communication as confidential. Our staff is under an obligation of secrecy and a ban on the use of messages or other confidential information. When communication takes place over a network, it always leaves a trace. These network traces are called credentials if they can be connected to a person. Network traces are created, for example, when making phone calls, sending e-mail and SMS messages, and browsing the Internet, and may contain information about callers, connection route or routing, communication protocol of data transfer used, the event and the terminals used or their location.

SAUTAM manages the identification and location information of the communication in accordance with applicable law for the purposes, for example, of the implementation and use of services, billing and technical development. The data may also be used for billing other service providers as far as necessary.

SAUTAM can also manage identifiying data in the event of misuse, breach of data security and repair of breakdown.

In all of the above situations, we only process identification and location data to the extent necessary to accomplish a certain specific task.

Persons authorized to manage identification and location data

Only people specific to SAUTAM, whose work requires access to identification and location data, can process this data.

In practice, authorization is only granted to persons performing tasks related to invoicing, maintenance or development of communication networks or services, prevention and investigation of abuse, customer service and marketing. Persons entitled to to manipulate data may only manage it to the extent required to perform individual tasks.

Duration of the data identification and location processing and data storage

We process identification and location data for as long as necessary for billing, technical development, troubleshooting, marketing, misuse investigation or data security purposes. However, manipulation only takes place to the extent required by the actions and without unduly compromising a message's confidentiality and privacy.

We store the data required for invoicing for at least one year from the due date of the invoice and for a period not exceeding three years from the due date of the invoice, unless it is necessary to keep data for a longer period related to the collect of the invoice. Otherwise, data is stored to the extent permitted and required by relevant legislation.

Website and record visitors

We also collect data about website visits. This data includes the IP address and the corresponding DNS name, the organization that recorded the IP address, the name and address of the page visited, the time the page was loaded and the type of browser.

Please note that the IP address is an identification required for the operation of the Internet, used to direct messages transmitted over the Internet to the appropriate places. Typically, the IP address is not connected to the person who uses the computer, but it can be connected to the organization that registered the IP address. The IP address connection can be established at the request of the authorities.

Click on this link to control or for a request to delete your personal data.