SECTION 1 - PERSONAL INFORMATION COLLECTED
Ordering & browsing on our website:
When you make a purchase or create a customer account on our website, as part of our buying and selling process, we collect the personal information you provide us with that we need to prepare and deliver your order, such as your name, address, e-mail address and telephone number.
This order information is passed on to our logistics service providers who prepare and ship the package to your home. They have no right to use your data for anything other than processing your order and must delete this data from their computer system after processing. If you choose to have your order delivered outside of Europe, your data, such as your postal address, is transmitted to the logistics services of the carrier who will deliver to you in that country.
When you browse our website, we automatically receive the Internet Protocol address (IP address) of your computer, which allows us to collect more details about the browser and operating system you are using. In addition, data may be stored in or retrieved from your browser, usually in the form of cookies. They collect information about you, your preferences, or your device and browser. They are generally set as a response to actions you have taken that constitute a request for services (e.g., ordering)
If you’ve decided to follow La Bonne Brosse by email (via the form on our site or by checking the corresponding box in the purchase process), we will use your email address to send you news about La Bonne Brosse (new products, advice and tips for beautiful hair, etc.) or to communicate information relating to your purchase history or navigation on our website. Please note that if you do not want to receive these emails anymore, you can unsubscribe at any time by clicking on the unsubscribe link "Unsubscribe" located at the bottom of the emails or by contacting us at email@example.com. This will take effect immediately.
The emailing tool we use is French. Moreover, and as a "processor", this emailing tool is required to comply with the legal requirements of the General Data Protection Regulation (GDPR).
We use audience analysis tools (such as Google Analytics) that allow us to better understand the activity on our website, how you react and to improve the performance of our site so that it corresponds as much as possible to your uses. As such, we provide these tools with data on your browsing history on our site and information on products ordered. All data handled for statistical purposes outside Europe is completely anonymized.
Your email address, surname, first name and order reference are transmitted to our partner who will send you a review form via email. Your email address is not published on our site at the time of publication of your review. This data is not transmitted to any other company and is only used to evaluate your experience with our products.
Advertising cookies are placed when you visit our site and display targeted advertising messages when you browse other sites. The data collected is anonymous and is only used for advertising purposes
How long do you keep my personal information?
The length of time we retain personal data depends on our business needs and legal obligations.
In connection with the purchase of products, we retain your data for as long as it is necessary for the purposes for which it was collected (e.g., managing the business relationship between you and us), and for any other related purposes such as tracking our inventory, but in compliance with applicable data security and retention laws.
If you accept to receive emails from La Bonne Brosse to follow our adventure, your data is kept until you ask us to unsubscribe or delete your personal data, or after a certain period of inactivity (a maximum of 3 years from the last contact, e.g. a click in one of our emails).
In case of creation of a customer account, the data will be kept until you send us a request to delete them or after a period of inactivity on your part (for a maximum of 3 years from the end of the business relationship (e.g. last order) or the last contact (e.g. a click in one of our emails).
When you contact us to obtain information on our products, or our brand, or when you apply for a job, the data is kept for 3 years from the date of collection or the last contact.
SECTION 2 - CONSENT
How do you obtain my consent?
When you provide us with your personal information to complete a transaction, verify your credit card, place an order, schedule a delivery or return a purchase, we assume that you consent to the collection and use of your information for that purpose only.
If we ask you to provide your personal information for any other reason, such as marketing purposes, we will ask you directly for your express consent, or we will give you the opportunity to decline.
How do I withdraw my consent?
If, after you have given us your consent, you change your mind and no longer consent to us contacting you, collecting your information or disclosing it, you may notify us by contacting us at firstname.lastname@example.org or by mail at: LA BONNE BROSSE, 15 rue Saint Simon, 75007 Paris
SECTION 3 - COOKIES
When you browse our site or place an order, data may be stored in or retrieved from your browser, usually in the form of cookies. A cookie is a small text file stored by your computer, tablet or smartphone browser that stores user data to facilitate navigation and enable other features.
We use first-party cookies, placed by La Bonne Brosse for proper functioning of our site, most of these cookies cannot be deactivated in our systems. They enable memorizing your information entered in the forms on our website so that you are not obliged to enter them again during your use, but also to manage and secure the access to your account, or to your shopping cart.
The following is a non-exhaustive list of cookies related to the operation of our site:
- session_id: unique session identifier, allows Shopify to store information about your session (referrer, landing page, etc.).
- shopify_visit: no data retained, persists for 30 minutes from last visit. Used by our website provider's internal statistics tracking system to record the number of visits.
- shopify_uniq: no data retained, expires at midnight (depending on visitor location) the next day. Calculates the number of visits to a store per unique customer.
- cart: unique identifier, lasts for 2 weeks, stores your shopping cart information.
- secure_session_id: unique session identifier.
- storefront_digest: unique identifier, undefined if the store has a password, it is used to know if the current visitor has access.
- More information here: https://fr.shopify.com/legal/cookies
We also use third-party cookies set by our partners. These third-party cookies are managed directly by the companies that issue them and must also comply with data protection regulations.
- audience measurement cookies: to evaluate site traffic (number of visits, pages viewed, shopping cart abandonment, etc.) and improve our performance.
- advertising cookies: to provide you with advertising content in relation to the interest you have shown in the brand and the products.
You can configure your browser to be informed of the existence or to block these cookies. If you choose to block these cookies, certain features of our site may be affected (such as keeping items in your shopping cart). If you wish to delete cookies from your web browser, you can follow these instructions:
Internet Explorer :
Most of these cookies expire when you end your visit to our sites. Others have a longer life span, which does not exceed 12 months, in accordance with the regulations in force. However, some cookies are exempt from the collection of this consent (this is the case of cookies that last more than 12 months).
You can also block third-party cookies:
- More information here: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser
- If you no longer wish to see our advertisements on social networks, we advise you to access the "settings" section and then "advertising preferences".
- There are also opt-out platforms for advertising cookies such as http://optout.networkadvertising.org/ or http://www.youronlinechoices.com/ or via the blue AdChoices icon
- More information on Google cookies : https://policies.google.com/privacy
SECTION 4 - DISCLOSURE
We will disclose your personal information if we are required to do so by law or if you violate our terms and conditions of sale and use or to protect our rights, property or safety and those of third parties.
We have taken precautions to comply with the General Data Protection Regulation (GDPR). Therefore, we will not share your personal information with third parties without your prior consent (except as provided above). As explained above, your information may be shared with trusted third parties who assist us in the administration and operation of our site, so long as those partners agree to keep the information confidential. And only data that does not directly identify you (e.g., cookies) may be transmitted to our partners for marketing or advertising purposes. You can of course decide to oppose this.
SECTION 5 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell you our services and products.
Your data is stored in Shopify's data storage system and databases, and in the general Shopify application. Your data is stored on a secure server protected by a firewall.
If you make your purchase through a direct payment gateway, then Shopify will store your credit card information. This information is encrypted in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction information is retained for as long as necessary to complete your order. Once your order is finalized, your purchase transaction information is deleted.
All direct payment gateways are PCI-DSS compliant, managed by the PCI Security Standards Council, which is a joint effort of companies such as Visa, MasterCard, American Express and Discover.
PCI-DSS requirements ensure the secure processing of credit card data by our store and its service providers.
SECTION 6 - SERVICES PROVIDED BY THIRD PARTIES
Generally, the third-party providers we use will only collect, use and disclose your information to the extent necessary to perform the services they provide to us.
However, some third party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we are required to provide them with for your purchase transactions.
With respect to these providers, we recommend that you read their privacy policies carefully so that you can understand how they will handle your personal information.
Keep in mind that some suppliers may be located or have facilities located in a different jurisdiction than you or us. So if you decide to proceed with a transaction that requires the services of a third party supplier, then your information may be governed by the laws of the jurisdiction in which that supplier is located or the jurisdiction in which its facilities are located.
For example, if you are located in Canada and your transaction is processed through a payment gateway located in the United States, your information used to complete the transaction may be disclosed under United States law, including the Patriot Act.
You may leave our website by clicking on certain links on our website. We assume no responsibility for the privacy practices of these other sites and recommend that you read their privacy policies carefully.
SECTION 7 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to ensure that it is not lost, misappropriated, accessed, disclosed, altered or destroyed in an inappropriate manner.
If you provide us with your credit card information, it will be encrypted through the use of SSL security and stored with AES-256 encryption. While no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Finally, we recommend that you adopt the following security measures to enhance your Internet security:
- When creating an account, use a minimum of 8 characters for your password with a mix of letters (upper and lower case) and numbers. Do not use your name, or other personal information that can be easily obtained.
- Keep your passwords confidential and avoid using the same password for multiple accounts
SECTION 8 - AGE OF CONSENT
By using this site, you declare that you are at least the legal age in your state or province of residence, and that you have given us your consent to allow any minor dependent of yours to use this website.
If our store is acquired by or merged with another company, your information may be transferred to the new owners so that we can continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
In accordance with the General Data Protection Regulation (GDPR), if you wish to: access, correct, amend, limit, challenge the accuracy of, delete any personal information we have about you, lodge a complaint, object to processing, unsubscribe from our emails, exercise your right to transparency and portability of your personal data, or if you would simply like more information on these matters, contact our Privacy Standards Officer at email@example.com or by mail at LA BONNE BROSSE, 15 Rue Saint Simon 75007 Paris. To exercise these rights, all you have to do is provide us with your surname, first name, address, email address and proof of identity.