PERSONAL DATA PROTECTION
As part of its business of designing, manufacturing and selling costume jewelry and similar items, BALLA BIJOUX, a simplified joint stock company with share capital of €65,000, whose registered office is located at 20 Rue de la Petite Fusterie – 84000 AVIGNON, registered in the AVIGNON Trade and Companies Register under number 952 548 428, collects personal data when using its Site.
Personal data refers to all data relating to your person, such as your name, postal address, e-mail address and browsing behavior.
Pursuant to Article 4, para. 7 of the EU General Data Protection Regulation (GDPR), the body responsible for processing the Data is:
Mrs Laurence BALLESTEROS
20 Rue de la Petite Fusterie,
Telephone: +33(0)671623929 ,
Mail: contact@ballabijoux.com,
Website: https://www.ballabijoux.com/
In principle, the functionalities of the website do not require the processing of personal data. Please read carefully the following explanations concerning the personal data you entrust to us by technical means. In the event that we use a service provider for certain functionalities of our offer, or if we wish to use your data for advertising purposes, we inform you below in detail about how we proceed. Finally, we indicate the criteria that determine the shelf life.
1. Data controller
Under the Data Protection Act No. 78-17 of January 6, 1978 or the RGPD, Ms. Laurence BALLESTEROS is responsible for Processing Data collected on the site ballabijoux.com
2. Objectives and legal basis of data processing
Unless otherwise specified or agreed, our data processing activities are carried out for commercial purposes.
Our data processing has various legal bases.
– When you give us your consent in favor of certain personal data processing procedures, Article 6 I, letter a of the RGPD is authoritative (hereinafter also referred to as “consent”).
– If the processing of personal data is essential for the preparation or performance of a contract, of which the data subject is one of the (possible) parties to the contract, e.g. when you ask us a question about a product and/or order goods and the data processing is essential for the delivery of the goods, Article 6 I, letter b of the GDPR applies (hereinafter also referred to as “performance of the contract”).
– In cases where the processing of personal data is essential to fulfill a legal obligation, for example to fulfill the tax obligation to archive, Article 6 I, letter c of the RGPD applies.
– In cases where the processing of personal data is essential to protect the vital interests of the data subject or another natural person, Article 6 I, letter d of the RGPD applies.
– Pursuant to Article 6 I, letter f of the RGPD, the processing of personal data is permissible from the point of view of the Data Protection Act, provided that it is indispensable for securing a legitimate interest of our company or that of a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not prevail (hereinafter also referred to as “weighing of interests”). Thus, a legitimate interest may be admitted where the data subject and the company have a commercial relationship (Recital 47, para. 2 of the GDPR) or where personal data is processed for the purposes of direct advertising canvassing.
3. Data collected and purpose of processing
1. Purpose of processing
The information we receive from you helps us shape and constantly improve your shopping experience on ballabijoux.com. We use this data to process orders, deliver goods and provide services, as well as for payment processing (e.g. also for the necessary checks when purchasing with an invoice). We also use your information to communicate with you about orders, products, services and marketing offers (see “e-mail communication” below). In addition, we use your information to improve our store and our platform, to prevent or detect misuse of our website or to enable third parties to carry out technical, logistical or other interventions at our request.
2. General information on data collected
We record the following information:
– Information you give us: We collect and store all the information you enter on our website or send to us in any other way. You may choose not to provide us with certain information. However, this decision may deprive you of many of the services and features we offer (services/invoices).
– Information collected automatically: every time you contact us, we receive and record certain types of information. Like many other websites, we use “cookies”. As soon as you access the site, your browser provides us with certain information. Some companies offer software that lets you visit websites anonymously. Even if we are no longer able to offer you a personal shopping experience once we no longer recognize you, we want you to know that these tools exist.
The personal data we collect is collected and stored anonymously only. For example, we evaluate anonymously and in aggregate how many clicks we receive and from which website they originate.
– E-mail communication: To optimize the usefulness and interest of our e-mails, we frequently receive a confirmation of the e-mails you have opened, if your computer so permits.
3. Details of data collected
Data collected at the express request of the Customer:
Only one phase allows personal data to be collected on express request. BALLA BIJOUX expressly requests personal data when completing an Order.
If you wish to place an order in our online store, the conclusion of the contract requires that you provide us with your personal data, which we need to process your order.
Mandatory data required for contract execution is highlighted, while the rest of the data is optional. We process the data you provide us with in order to process your order. We may therefore pass on your payment details to our bank. Article 6, paragraph 1, subparagraph 1, letter b of the RGPD, which constitutes the legal basis for this data processing (“performance of the contract”).
We may also use the data you provide to send you e-mails containing technical information.
The data collected is as follows:
– Your first and last name,
– Company name (if professional customer),
– Mailing address for invoicing,
– Delivery address,
– Your country,
– Phone number,
– Email
Due to commercial and fiscal obligations, we are obliged to store your address, payment and order data for a period of ten years. Nevertheless, we apply restrictions to the processing, i.e. your data is only used to comply with legal obligations.
The order process is encrypted to prevent unauthorized access by third parties to your personal data, in particular your financial data.
Data collected automatically :
The information collected automatically relates to browsing on the Site, even in the absence of an Order. This data is collected automatically via your computer devices.
The data relating to your device is as follows:
– IP address ;
– date and time of request ;
– time zone offset from Greenwich Mean Time (GMT);
– query content (concrete page) ;
– access status/HTTP status code ;
– amount of data transferred ;
– website from which the request originates;
– navigator ;
– operating system and its surface ;
– language and version of navigation software.
In addition to the above-mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files stored on your hard disk by the browser you are using, which send certain information to the service that placed the cookie (in this case, through us). These cookies cannot execute programs or transmit viruses to your computer. They are used to make the whole web interface user-friendly and efficient. Article 6, para. 1 S. 1, letter f of the RGPD constitutes the legal basis for this data processing (“weighing of interests”).
The Data collected in connection with these cookies is as follows:
– the pages you have visited ;
– the date of your visit ;
– the time spent on each page visited ;
– the links you have activated ;
– the offers you have consulted ;
– Products you are looking for ;
– the orders you have placed; or
– your Product consumption habits.
Data communicated by the Customer via e-mail or contact form
When you contact us by e-mail or via the contact form, we save the data you provide (your e-mail address, name and telephone number, if applicable) so that we can answer your questions. Once the retention period has expired, we delete the data generated for this purpose, or, if they are still subject to legal retention obligations, we restrict their processing. If you are one of our customers or if, for example, you have questions or complaints about your order, Article 6, paragraph 1, subparagraph 1, letter b of the GDPR is the legal basis for this data processing (“contract performance”). If you are not one of our customers, Article 6, paragraph 1, subparagraph 1, letter f of the RGPD applies (“weighing of interests”).
Data collected by third parties: social networks
We currently use the following social network modules:
– Facebook,
– Instagram,
We use what’s known as the two-click solution. This means that when you visit our website, none of your personal data is passed on to the add-on provider.
You’ll recognize the add-on provider by its logo. You can contact the module provider directly by clicking on the button. The add-on provider will only receive the information that you have selected the website of our online offer if you click on the highlighted activation field.
In addition, the data referred to in this declaration will be communicated.
In the case of Facebook, the German service providers claim that the IP address is anonymized immediately after it is recorded. By activating the add-on, you enable your personal data to be communicated to the add-on provider where it is stored (with US providers in the USA). As the add-on provider collects data – in particular via cookies – we recommend that you delete all cookies in your browser’s security settings before clicking on the field with the grey background.
We have no influence whatsoever on the data collected or on the data processing procedures, nor do we know the total extent of the data collected, the purpose for which it is processed or the length of the data retention period. We therefore have no information about the deletion of data collected by the add-on provider.
The provider of the add-on module saves the data collected about you in order to establish a usage profile and uses it for advertising and market research purposes and/or to adapt its website to demand. This analysis is particularly useful for displaying needs-based advertising (also addressed to Internet users who have not opened a user account) and for informing other users of social networks about activities on our website. You have the right to object to the creation of this usage profile. To exercise this right, please contact the provider of the add-on module in question. We offer you the opportunity to interact with other users on social networks about the modules, enabling us to improve and make our offer more interesting to you as users. Article 6, paragraph 1, subparagraph 1, letter f of the RGPD is authoritative (“weighing of interests”).
The data transfer takes place regardless of whether you have an account with the add-on provider or are logged in. If you have opened an account with the provider of the add-on module, your data collected by us will be assigned directly to your existing account with the module provider. If you click on the activation button and, for example, create a link to the page, the module provider also saves this information in your user account and openly communicates it to your contacts. We recommend that you log out regularly after visiting a social network, especially before activating the button, as this prevents your profile from being passed on to the module provider.
Further information on the purpose and extent of data collection and processing by the add-on provider can be found in the data protection declarations provided by the add-on provider. You can also find out more about your rights and how to configure your privacy settings.
Here is the address of the module provider and the URL to the data protection policy:
Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA: http://www.facebook.com/policy.php; for more information about data collection :
http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo .
Facebook has agreed to abide by the EU-US Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, a subsidiary of Facebook Inc. Data protection information: https://help.instagram.com/155833707900388
4. Purpose of Processing
Processing name: Order
Purpose:
– Order management
– Order tracking
– Management by Customer Service
– Order fulfilment
Legal justification: Contract
Data concerned :
– Order Data
Name of treatment: Payment claims
Purpose:
– Managing complaints
– Managing reimbursements
– Legal justification: Contract
Data concerned: Civil status, PAYPAL transaction number
Name of treatment: After-sales service
Purpose:
– Managing your complaints
– Notify us of any changes to the Data Protection Policy or the General Terms and Conditions.
– Managing customer relations
Legal justification: Contract
Data concerned :
– Order Data
Processing name: Customer account
Purpose:
– Facilitate your future orders by pre-filling in information,
– Enable a better experience on the site by listing and making available Products already ordered
Legal justification: Consent
Data concerned :
– Order Data
– Navigation Data
Processing name: Commercial offers
Purpose:
– Conduct direct prospecting campaigns for products
– Tailor advertising messages to your habits on the Site
– Newsletter
Legal grounds: Legitimate interest, Consent (cookies)
Data concerned :
– Order Data
– Technical data
– Navigation Data
– Third-party data
Processing name: User experience
Purpose:
– Personalized experience based on identified habits,
– Speed up your browsing on the Site
Legal notice : Consent (cookies)
Data concerned :
– Technical data
– Navigation Data
Processing name: Statistics
Purpose:
– Carry out and analyze statistical studies
Legal justification: Legitimate interest and consent (cookie)
Data concerned :
– Order Data
– Technical data
– Navigation Data
Treatment name: Quality
Purpose:
– Analyze technical problems
– Detect information system anomalies
– Improve the use of the Site by analyzing customer behavior
Legal justification: Legitimate interest
Data concerned :
– Technical data
– Navigation Data
Name of treatment: Fraud
Purpose: To detect technological fraud or Account usurpation
Legal justification: Legitimate interest
Data concerned :
– Order Data
– Technical data
– Navigation Data
5. Shelf life
1. Ordering data
Order data will be processed within the framework of orders. This data will be kept in an active database for FIVE (5) years after the last order and will not be archived in an intermediate database.
Order data will be processed for after-sales service purposes. This data will be kept in an active database for FIVE (5) years after the last order and will not be archived in an intermediate database.
Order data processed in connection with any commercial offers that may be made will be kept in an active database for TWO (2) years after the last order and will not be archived in an intermediate database.
Order data will be processed for statistical purposes. This data will be kept in an active database for FIVE (5) years after the last order and will be archived TEN (10) years after the collection of the data concerned in an intermediate database in accordance with the relevant legal obligations.
Order data will also be processed for fraud management purposes. This data will not be kept in an active database, but will be kept in an intermediate database for TEN (10) years after collection.
2. Technical data
Technical data will be processed as part of any commercial offers that may be made. This data will be kept in the active database for a period of THIRTEEN (13) months from the date of collection by the cookie and will not be archived in the intermediate database.
Technical data will be processed as part of the user experience study. This data will be kept in the active database for a period of THIRTEEN (13) months from the date of collection by the cookie and will not be kept in the intermediate database.
Technical data will be processed for quality management purposes. This data will be kept in the active database for a period of THIRTEEN (13) months from the date of collection by the cookie and will not be kept in the intermediate database.
Technical data will be processed to produce statistical reports. This data will be kept in the active database for a period of THIRTEEN (13) months from the date of collection by the cookie and will not be kept in the active database.
Technical data will be processed for fraud management purposes. This data will not be kept in an active database but will be kept in an intermediate archiving database for a period of THIRTEEN (13) months from the date of collection by cookies.
All technical data is fully anonymized.
3. Navigation data
This data will be kept for a period of THIRTEEN (13) months from the date of collection by the cookie and will not be kept for intermediate storage.
Browsing data will be processed as part of the management of the user experience. This data will be kept for a period of THIRTEEN (13) months from the date of collection by the cookie and will not be kept for intermediate storage.
Navigation data will be processed for quality management purposes. This data will be kept for a period of THIRTEEN (13) months from the date of collection by the cookie and will not be kept for intermediate storage.
Browsing data will be processed for statistical reporting purposes. This data will be kept for a period of THIRTEEN (13) months from the date of collection by the cookie and will not be kept for intermediate storage.
Browsing data will be processed for fraud management purposes. This data will not be kept in an active database, but will be kept in an intermediate archive for a period of THIRTEEN (13) months from the date of collection by the cookie.
4. Third-party data
Third-party data will be processed in connection with any commercial offers that may be made. This data will be kept in an active database for TWO (2) years from the date of collection and will not be kept in an intermediate archive.
5. Bank details
Bank details will be processed as part of the transactions carried out on the site. This data will be kept in an active database until the order has been paid for in full, and will not be kept in an intermediate archive.
Bank details will be processed as part of a payment claim. This data will not be kept in an active database, but will be kept for a period of THIRTEEN (13) months from the date of debit, or FIFTEEN (15) months in the case of deferred debit payments, for intermediate storage.
Bank details will be processed for after-sales service purposes. This data will be kept in an active database until the end of the period for which we undertake to reimburse you for an order (in particular the withdrawal period or order cancellation period) and will not be kept in an intermediate archive.
Please note that bank details do not include credit card numbers, RIBs or IBANs, which are entirely managed by third-party service providers. Bank details include payment information (date, amount, principal and agent).
6. Data Sharing
We attach great importance to customer information, which helps us to improve our offering. We pass on to third parties the information we have obtained exclusively in the context described below:
– Service providers: we entrust tasks to other companies and individuals. Here are just a few examples: parcel delivery, letter and e-mail dispatch, payment processing (credit card, direct debit and payment by invoice), customer list maintenance, database analysis, advertising measures and customer service. These service providers have access to the personal data required to perform their tasks. However, they are not authorized to use them for any other purpose. Furthermore, they are obliged to handle this information in accordance with this data protection declaration and all applicable data protection laws.
– Service providers outside the EU/EEA: we cannot rule out the possibility that our subcontractors may use other service providers in third countries. In accordance with Article 28, para. 4 of the RGPD, we oblige all of our service providers to comply with the sufficient and appropriate guarantee within the meaning of Article 44 f. RGPD (transfer of data to third countries).
– Protection of the ballabijoux.com website and third parties: we disclose our customers’ accounts and personal data when we are legally obliged to do so, or if their transfer is essential to apply our general terms and conditions of sale or to comply with other agreements, or to protect our rights and those of our customers and their third parties. This involves exchanging data with companies specialized in preventing and minimizing credit card abuse and fraud. We explicitly declare that, in this context,
no data is provided
We do not sell, rent or lease to these companies for commercial purposes contrary to this data protection declaration.
7. Processing intermediates
1. Use of cookies
This website uses the following types of cookies, the scope and function of which are described below:
– Transitional cookies
– Permanent cookies
Transient cookies are automatically deleted when you close your browser. This includes session cookies. They store what is known as a session identifier, to which various requests from your browser associate the session as a whole. This allows your computer to be recognized when you return to our website. These session cookies are deleted when you close your session or browser.
Permanent cookies are automatically deleted after a set period, which may vary from one cookie to another. You can delete cookies at any time in your browser’s security settings.
You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may no longer have access to all the functions of our website.
Cookies are also used to identify you the next time you visit our site, if you have a user account, or to evaluate the effectiveness of marketing measures, such as when you access our website via a particular partner or a particular advertisement. These cookies are only saved for 30 days.
The Flash cookies used are written not by your browser, but by your Flash module. We also use HTML5 storage objects that are deposited on your machine. These objects store the necessary data independently of the browser you use, and have no automatic expiry date. If you wish to prevent Flash cookies from being processed, you will need to install the appropriate add-ons, e.g. “Better Privacy” for Mozilla Firefox ( https://betterprivacy.fr.softonic.com/mac ) or the Adobe-Flash-Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using your browser in private browsing mode. We also recommend that you regularly delete cookies and browsing history.
2. Subcontracting
We subcontract part of the processing of your data to external service providers. We carefully select the latter and subject them to our guidelines.
In addition, we may pass on your personal data to third parties when, together with our partners, we offer you the opportunity to take part in campaigns, lotteries, contracts and similar services. Further information is available when you enter your personal data or in the offer description below.
In particular, the ballabijoux.com website is hosted on the OVH platform, which collects and processes data on behalf of BALLA BIJOUX, but which mainly stores data as part of its hosting service.
In order to be fully informed of the data collected and processed by the service providers involved, here is the privacy policy of the wix.com website:
https://www.ovhcloud.com/fr/personal-data-protection/
8. Data security
BALLA BIJOUX has implemented physical, technical and administrative security measures to ensure optimal protection of the Data collected. The purpose of these measures is to prevent any unauthorized or unlawful access, use, loss, destruction, damage, theft or distribution of such Data.
Despite the diligence of BALLA BIJOUX, it cannot guarantee the effectiveness of these measures at all times, particularly in view of the fact that some Data is outsourced. If you witness any difficulties, or if you have any doubts about the use of your Data, we invite you to report them to the Data Protection Officer or to the above-mentioned departments.
9. Your rights
You have the following rights in relation to your personal data:
1. Right of access to your data
You are able to request a copy of the various Data collected from you and processed by BALLA BIJOUX, as well as the essential characteristics of their Processing (purpose, retention period, recipients, rights concerning this Data, etc.).
2. Right of rectification
In the event that Data is inaccurate or incomplete, you may request BALLA BIJOUX to rectify it.
3. Right to erase your data
You may request that your Data be deleted in certain cases defined by law. This option is available to you when:
– This Data is no longer necessary for the purposes of processing.
– You withdraw your consent and no other legal basis for the Processing exists,
– You exercise your right to object,
– The Treatment is illicit,
– There is a legal obligation to do so,
4. Right to restrict processing
Where your rights conflict with a legitimate interest of the company in the processing of Data, you may request to restrict its use.
5. Right to object to processing
If you have consented to the processing of your data, you may withdraw your consent at any time. Once you have informed us of your revocation, this affects the admissibility of processing your personal data. As long as we rely on the weighing of interests to process your personal data, you may object to the processing. This is the case when the processing is not essential for the performance of a contract concluded with you, as we explain in the descriptions of functionalities below. In the event that you exercise your right to object, we will ask you to explain why your personal data should not be processed by us. If your objection is well-founded, we will check the situation and decide whether to continue processing the data, or to adapt it, or to explain the compelling and legitimate reasons that justify our processing. You may, of course, object at any time to the processing of your personal data for advertising and data analysis purposes. You can notify us of your objection to advertising by using the contact details given in section 1.
6. Right to data portability
You have the option of requesting that the Data be fixed on a technical medium that is commonly used and readable by “conventional” computer equipment in order to transfer it to another entity.
7. Right to withdraw your consent
You have the right to withdraw your consent at any time in connection with the Processing of your Data. In the event that such withdrawal is contrary to a legitimate interest of BALLA BIJOUX, the processing of such data will be limited.
8. Setting up appeals
To exercise your rights, simply contact the Data Protection Officer either via the above e-mail address or by post addressed to the Data Protection Officer.
You also have the right to lodge a complaint with the data protection supervisory authorities about our processing of your personal data. Your rights are regulated in chapter 3 of the RGPD.
Contact details for complaints are as follows:
Commission Nationale de L’informatique et des Libertés – CNIL (French Data Protection Authority)
8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02 (France)
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
https://www.cnil.fr/
10. Changes to the data protection declaration
For legal and/or organizational reasons, our data protection declaration may be modified or amended in the future, even at short notice. You will be automatically informed of any updates to these terms and conditions by means of an e-mail and a notice on the Website.
