Welcome to our " Privacy Policy " page for the e-commerce website published by the POILÂNE company accessible at  https://www.poilane.com/  (the " Site" ).

Thank you for using our Site and our online sales services (the " Services ") for the products offered on our Site (the " Products "). Your privacy is important to us and we take the protection of your data very seriously. 

On this page you can find out, among other things 

·       what Personal Data we process about you;

·       why and how we treat them ;

·       where the data comes from ;

·       who intervenes and ;

·       what legal basis we have for doing so.

POILÂNE, a simplified joint stock company with a share capital of €1,605,344, domiciled at 8 rue du cherche-midi, Paris (75006), registered in the Paris Trade and Companies Register under number 324 445 030 (" POILÂNE ", " we ", " us"  or " our "), including our subsidiaries, are committed to protecting and respecting the privacy of any person whose Personal Data we process in the context of the provision of our POILÂNE branded Products and Services.

POILÂNE is the controller of the Personal Data (the " Controller "). This means that we decide how we store and use your Personal Data. We are required under the GDPR to provide you with all of the information set out in the Privacy Policy.

We are very keen to explain here how we process your Personal Data and how we go about respecting your integrity in accordance with EU Regulation nᵒ 2016/679, the so-called General Data Protection Regulation (" GDPR "). We encourage you to read this Privacy Policy. Using it should help you make informed decisions.

If you have any questions about this Privacy Policy or about your Personal Data in general, please contact us at  poilane@poilane.com .

The processing carried out by POILÂNE through the Site concerns simple visitors and Users of the Site wishing to purchase Products (the " Data Subjects ").

Your Personal Data is collected directly from you, for example, in the course of using your User Account, using the Services, or when you seek to contact us.

You can also post reviews of Products on the Site. Submitting a review does not require the collection of Personal Data, only a pseudonym and your review are required. However, you can decide to transmit your Personal Data if you wish.

Technical information (for example, IP address, information on your browser, etc.) is also transmitted to POILÂNE by your terminal when you use the Site.

By " Personal Data " we mean any information about a person from which that person can be directly or indirectly identified. This does not include data where the identity has been removed (anonymous data).

Below you will find an overview of the different categories of Data Subjects covered by this Privacy Policy as well as the :

·       type of Personal Data about you that we use and store;

·       purposes for which the Personal Data is collected;

·       legal basis for the processing operations.

4.1           Category of Data Subjects

The Data Subjects of the processing are the visitors and Users of the Site.

4.2           Type of Personal Data

POILÂNE collects your Personal Data, in particular when you place an order, create a User Account, subscribe to our newsletter or contact customer service.

POILÂNE may also collect your Personal Data when you use or consult the Site via your browser's cookies. 

The Personal Data collected by POILÂNE if you are a User are the following:  

·       surname, first name ;

·       e-mail ;

·       telephone number (when you want to contact us) ;

·       postal address ;

·       postal address of delivery if different from the address given, name and surname of the beneficiary ;

·       payment data ;

·       any other information provided by the User through his/her use of the Site.

POILÂNE also collects information about your browsing activity on the Site, for example: 

·       the type of terminal you are using (smartphone, computer, tablet...);

·       the operating system of your terminal;

·       your internet service provider ;

·       the browser used;

·       the IP address of your terminal;

·       the geolocation of your terminal;

·       your language preferences. 

4.3           Purpose & legal basis of processing

The following are the purposes for which we collect your Personal Data and the associated legal bases for processing: 

Purpose:
·       To enable the proper functioning of the Site (including dealing with questions and requests sent via our contact form)
Legal basis for processing:
·       Our legitimate interest: the management of the service 

Purpose:
·       To execute the order and delivery of the requested Product(s)
Legal basis for processing: ·   Performance of the sales contract (T&C of sale)

Purpose:
·       To ensure the creation, security, customisation and management of your User Account 
Legal basis for processing: ·       Execution of a contract and of the Termsand Conditions of Use of the Site

Purpose:
·       To ensure the publication of online notices
Legal basis for processing: ·       Your consent (spontaneous opinion)

Purpose:
·       To enable you to access and use the Site 
Legal basis for processing: ·       Our legitimate interest: cookies strictly necessary to provide the service you have expressly requested

Purpose:
·       To store information about your preferences, and to enable us to personalise the Site according to your interests (cookies)
Legal basis for processing: ·       Your consent (cookies)

Purpose:
·       To prepare reports or compile statistics in order to improve our Products and Services (cookies)
Legal basis for processing: ·       Your consent (cookies)

Purpose:
·       Retain Personal Data required to meet legal obligations and manage data requests from authorized authorities
Legal basis for processing: ·       To meet our legal or regulatory obligations

Purpose:
·       To send marketing communications about our Products or Services (such as newsletters about POILÂNE brand news)
Legal basis for processing: ·       Your consent 

Purpose:
·       Complaints and claims management
Legal basis for processing: ·       Performance of the sales contract (T&C of sale)

If you choose not to provide the Personal Data we request, we may not be able to provide you with the Products and/or Services you have requested or fulfil the purposes for which we have requested the Personal Data.

Access to your Personal Data is strictly limited to : 

·       employees of POILÂNE who are authorised by virtue of their position and bound by an obligation of confidentiality; 

·       to POILÂNE's subcontractors contractually responsible for the execution of tasks necessary for the proper functioning of the Site and its Services, namely the cloud storage of the Site and of your Personal Data, online payment, delivery of Products, management of customer service, management of the CRM, management of Product reviews, management of our modules relating to data protection, logistics, presentation of Products via the import of the catalogue, translation of content, etc. 

Within the framework of the execution of their services, POILÂNE's subcontractors respect the provisions of the GDPR.

POILÂNE may share your Personal Data with judicial authorities, independent administrative authorities or any other organisation if required by law.

Third parties with whom we share your Personal Data are limited (by law and by contract) in their ability to use your Personal Data for the specific purposes we have identified. We will always make every effort to ensure that the third parties with whom we share your Personal Data are subject to confidentiality and security obligations consistent with this Privacy Policy and applicable laws. We will only allow them to process your Personal Data for specific purposes and in accordance with our instructions.

Except as expressly stated above, we will never share, sell or rent your Personal Data to a third party without notifying you and/or obtaining your consent. If you have given us your consent to use your information in a particular way, but subsequently change your mind, you should contact us and we will stop doing so.

POILÂNE does not transfer Personal Data outside the EEA, to countries that have not been the subject of an adequacy decision by the European Commission within the meaning of Article 45 of the GDPR, or without the European Commission's standard contractual clauses having been concluded.

We will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected, including to meet any legal or accounting requirements.

In determining the appropriate retention period for Personal Data, we take into account the amount, nature and sensitivity of the Personal Data, the potential risk of harm resulting from the unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and the possibility of achieving those purposes by other means, as well as applicable legal requirements.

For Personal Data relating to Users of the Site, we retain Personal Data for : 

·       claims, questions, complaints: 3 years after a claim, question or complaint has been closed;

·       contact form: 3 years from your request;

·       subscription to a newsletter: as long as the Data Subject does not unsubscribe; 

·       account creation: until your account is deleted.

After the set deadlines, the Data are either deleted or kept after being anonymised, notably for statistical purposes. They may be kept in the event of pre-litigation and litigation. It is reminded that deletion or anonymisation are irreversible operations and that POILÂNE is no longer able to restore them.

As a Data Subject, you have various rights. These rights are not absolute and each of these rights is subject to certain conditions in accordance with the GDPR and applicable national laws.

·        the right of access  - you have the right to obtain confirmation from us as to whether or not your Personal Data is being processed by us and certain other information (similar to that provided in this Privacy Policy) about how it is being used. You also have the right to access your Personal Data, by requesting a copy of your Personal Data. This allows you to know and verify that we are using your information in accordance with data protection laws. We may refuse to provide information where it would reveal Personal Data about another person or adversely affect the rights of another person.

·        the right of rectification  - you can ask us to take steps to correct your Personal Data if it is inaccurate or incomplete (for example, if we have the wrong name or address).

·        the right to erasure  - also known as the "right to be forgotten", this right allows you, in simple terms, to request the erasure or deletion of your Personal Data where, for example, there is no compelling reason for us to continue using it or its use is unlawful. This is not, however, a general right to erasure and there are some exceptions, for example where we need to use the information to defend a legal claim or to be able to comply with a legal obligation.

·        the right to restrict processing  - you have the right to "block" or prevent further use of your Personal Data when we are assessing a request for rectification or as an alternative to erasure. Where processing is restricted, we may still retain your Personal Data, but we may not use it further.

·        the right to data portability  - you have the right to obtain and re-use certain Personal Data for your own purposes in different companies (which are separate Data Controllers). This only applies to Personal Data that you have provided to us, which we process with your consent and for the purpose of performing the contract, which is processed by automated means. In this case, we will provide you with a copy of your data in a structured, commonly used and machine-readable format or (where technically possible) we may pass your data directly to another Data Controller.

·        the right to object  - you have the right to object to certain types of processing, on grounds relating to your particular situation, at any time, provided that such processing is for the purposes of the legitimate interests pursued by POILÂNE. We will be permitted to continue to process Personal Data if we can demonstrate that the processing is justified on compelling legitimate grounds that override your interests, rights and freedoms or if we need it for the establishment, exercise or defence of legal claims. If you object to the processing of your Personal Data for direct marketing purposes, we will no longer process your Personal Data for such purposes.

·        the right to withdraw your consent  - where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior such withdrawal.

·        the right to provide us with instructions on how to use your Personal Data after your death  - In France, you have the right to provide us with instructions on how to handle (for example, retention, deletion and disclosure) your data after your death. You may change or revoke your instructions at any time.

If you have any questions about this Privacy Policy, how we process your Personal Data or if you wish to exercise any of your rights, please contact our dedicated department at poilane@poilane.com.

If you are not satisfied with our response to your complaint or if you believe that the processing of your Personal Data does not comply with applicable data protection laws, you may file a complaint with the relevant data protection supervisory authority. The Commission Informatique et Libertés (" CNIL" ) is the lead data protection authority for POILÂNE.

Any such request will be considered within the time limits provided by applicable law. Please note, however, that certain Personal Data may be exempt from such requests in certain circumstances, including if POILÂNE needs to continue processing your Personal Data for its legitimate interests or to comply with a legal obligation. 

There will be no charge for exercising your right of access (or any other right). Sometimes we will not be able to comply with your request if it is manifestly unfounded or excessive. 

We may need to ask you for specific information to help us confirm your identity and ensure your right to access that information (or exercise your other rights). This is an appropriate security measure to ensure that Personal Data is not disclosed to anyone who does not have a right to receive it. 

POILÂNE ensures that Personal Data is processed in complete security and confidentiality, including when certain operations are carried out by subcontractors. To this end, appropriate technical and organisational measures are put in place to prevent the loss, misuse, alteration and deletion of your Personal Data. These measures are adapted according to the level of sensitivity of the data processed and the level of risk presented by the processing or its implementation. We have procedures in place to deal with any suspected data breach and will notify you and any relevant supervisory authority of a suspected breach where we are legally required to do so.

Unfortunately, the security of data transmissions over the Internet or data storage systems cannot be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you believe that the security of an account you have with us has been compromised), please notify us immediately by contacting us using the contact details above.

The Site may contain links to other websites operated by third parties. Please note that this Privacy Policy applies only to Personal Data collected by POILÂNE. We are not responsible for Personal Data that third parties may collect, store and use on their own websites or applications. We recommend that you carefully read the privacy policy of each website and/or application you visit.

Furthermore, POILÂNE is not responsible for hyperlinks to the Site, which third party websites and/or applications may include, even if POILÂNE has authorised the third party editor of the said website and/or application to place such a link.

13.1           What are cookies? 

Cookies " are small text files, often containing unique identifiers, that are sent by web servers to web browsers, and which can then be sent back to the server whenever the browser requests a page from the server.

Cookies are very useful and allow a website to recognise you, to log in when you visit a particular page, to provide a secure connection to a website and to enhance your User experience by improving your browsing experience and/or tailoring the content of a page to your interests. 

13.2           How are cookies used?

Where prior consent is required for their use, the period of validity of the consent to the deposit of cookies is  6 months . At the end of this period, we will ask for your consent again. 

The cookies we set as operators of our Site are called "internal cookies". Cookies that third parties have set for us on our Site are called "third party cookies". Third party cookies enable us to provide third party features or functionality on or through a website (for example, advertising, interactive and analytical content). The people who create these third-party cookies may collect some of your Personal Data, recognize your computer both when you visit the website in question and when you visit other websites.

The retention period for an audience measurement cookie that does not require consent is  13 months . However, the information collected through these cookies is kept by us for a maximum of  25 months , in accordance with the applicable regulations.

The types of cookies that are used on our Site are the following:

·        Technical cookies : 

These cookies allow you to move around our Site and use its features more efficiently. These cookies also allow our Site to remember your previous action during the same browsing session.

·        Functionality cookies : 

These cookies allow our Site to remember the choices you made during your visit in order to provide you with enhanced and more personalized features. 

·        Social network cookies :

These cookies allow our content to be displayed or shared with others, including on social networks such as Facebook, Twitter, Instagram, LinkedIn, etc. Even if you do not use these sharing buttons or applications, social networks may track your browsing on the Site if your account or session is activated on your computer at that time.

·        Analytical cookies : 

These cookies are used by us or by third party service providers to analyse the use and performance of our Site. We use Google Analytics cookies to obtain web analytics data. Google Analytics collects information about your interaction with our Site, including information about the pages you visit and the length of your visit to our Site. 

Google Analytics

Google Analytics is a web analysis service provided by Google that tracks and reports website traffic. Google uses the collected data to track and monitor the use of our service. This data is shared with other Google services. Google may use the data collected to contextualise and personalise ads in its own advertising network.

You can opt out of making your activity on the service available to Google Analytics by installing the Google Analytics opt-out browser add-on. This add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about site visits activity.

For more information about Google's privacy practices, please visit Google's privacy policy webpage: https://policies.google.com/privacy?hl=en. 

·        Statistical cookies :

These cookies enable us to establish statistics and volumes of traffic and use of the various elements making up our Site and our application (sections and content visited, route, time spent on the Site), which enables us to improve the interest and ergonomics of our Services.

·        Advertising cookies :

These are cookies used to show you advertisements or to send you information tailored to your interests in connection with your use of the Site while you are surfing the Internet outside the Site. In particular, they are used to limit the number of times you see an advertisement and to help measure the effectiveness of an advertising campaign. These cookies are mainly dependent on advertising agencies and we do not always control their use.

13.3           How to block the use of cookies :

There are two ways to refuse the use of cookies. 

When you first visit our Site, you will be asked to consent to the use of your data by cookies via an information banner that will be displayed prominently at the bottom of the page. 

Thanks to the "Accept all" and "Refuse all" buttons, you can accept or refuse in a global manner so that we can deposit cookies on your computer or your device (cookies linked to operations relating to targeted advertising, certain audience measurement cookies, social network cookies generated in particular by their sharing buttons when they collect personal data). Nevertheless, a third button "Personalize" present on this banner, will allow you to obtain the details of the categories of cookies used and thus to choose to consent or not by objective.

However, if you wish to refuse the use of any type of cookies on a website, you can do so by changing your browser settings to block the use of cookies. Please note that if you block the use of cookies through this browser setting, you may not be able to use or view all or part of the relevant website, including our Site.

Each web browser offers different ways of configuring cookie management. In general, these are described in the help menu of each browser. 

·        Firefox:  https://support.mozilla.org/fr/kb/cookies-informations-sites-enregistrent

o   Click on the menu button and select "Preference Options". 

o   Select the "Privacy and Security" panel. 

o   Set the "Retention Rules" menu to "Use custom settings for history".

o   Uncheck the "Accept cookies" box. 

o   The changes you have made will be automatically saved.

·        Internet Explorer:  https://support.microsoft.com/en-us/products/windows?os=windows-7

o   Click on the "Tools" button, then on "Internet Options".

o   Click on the 'Privacy' tab, then under 'Settings', move the slider up to block all cookies or down to allow all cookies, then click OK.

·        Google Chrome:  https://support.google.com/chrome/answer/95647?hl=fr

o   Select the Chrome menu icon.

o   Select "Settings".

o   At the bottom of the page, select "Show advanced settings".

o   In the "Privacy" section, select "Content settings".

o   Select "Prohibit all sites from storing data".

o   Select OK.

·        Safari:  https://www.apple.com/legal/privacy/fr-ww/cookies/

o   Click on "Settings" > "Safari" > "Privacy" > "Cookies and website data". 

o   Then select "always block".

Please note that if you block the use of cookies through this browser setting, you may not be able to use or view all or part of the website, including our Site.

In addition, if you wish to block the use of analytical cookies and/or advertising and retargeting cookies, both of which are provided by our third party service providers, please access the following URL to opt out of the use of these cookies.

Google Analytics : the opt-out for cookies

Description of the cookies and their purpose :

Google Analytics _ga ;

Google Analytics _gid. These cookies are used to distinguish users. [https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage];

Google Analytics _gat. These cookies are used to reduce the number of queries. However, if Google Analytics is deployed via the Google Tag Manager, these cookies will be named : _dc_gtm_. [https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage].

Google Analytics is a web analysis service provided by Google LLC ("Google"). The information generated by the cookie about your use of the website is generally transmitted to a Google server in the USA and stored there. 

Google will use this information on our behalf to analyse your use of the website, to compile reports on website activity and to provide us with additional services relating to the use of the website and the internet in general. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data.

You may refuse the use of data generated by cookies in connection with the use of our website (in particular your IP address) and the processing of such data by Google by downloading and installing the plug-in available on your browser at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB

If you have any further questions or comments about our Privacy Policy, please contact us at poilane@poilane.com.  

POILÂNE may change this Privacy Policy from time to time to reflect our changing privacy practices. When we change this Privacy Policy, we will also change the " Last Updated"  date at the top of the first page. We encourage you to periodically review this Privacy Policy to be informed of how POILÂNE is protecting your Personal Data.