PERSONAL DATA

PREAMBLE

Being concerned about the protection of your privacy, ENOVAP is committed to ensuring the highest level of protection of your personal data.

As part of its activities, ENOVAP provides its customers with an e-commerce service accessible from the website www.enovap.com.

To deliver its service, ENOVAP collects personal data about individuals on its website (the "Website")

The purpose of this section is to provide you with complete information on the use made by ENOVAP of the personal data of its customers.

ENOVAP, as Data Controller, undertakes to comply with the provisions of Regulation (EU) No 2016/679 of 27 April 2016 on the protection of personal data.

In the personal data collection forms on the website, the User is particularly informed of the mandatory or optional nature of the data collection. In the event of non-provision of a mandatory data field, ENOVAP will not be able to perform its services.

1. WHO COLLECTS YOUR PERSONAL DATA?

The company collecting the personal data and implementing the data processing is:

ENOVAP, Société par Actions Simplifiée with a capital of 18,622.00 Euros, whose head office is located Technopole de l'Aube, 2 rue Gustave Eiffel 10430 ROSIERES PRES TROYES, registered with the Trade and Companies Register of Troyes under the number 814 824 074, and whose intra-Community VAT number is FR66814824074 (hereinafter referred to as the "Company").

2. WHAT ARE THE PURPOSES OF COLLECTING YOUR PERSONAL DATA?

The privacy of users is protected by European data protection regulations. The Company is authorized to use the personal data of its users only if it has a valid legal basis and must ensure that it has one or more of the following legal bases:

  • Execution of a contract (for example to process and execute a product order of the Company);
  • Execution of a legal obligation (eg keeping bills), or;
  • the legitimate interest of the Company;
  • When the user has given consent.

A "legitimate interest" of the Company must not conflict with the rights and freedoms of the users. Examples of legitimate interests mentioned in the GDPR include fraud prevention, direct marketing and data sharing within a group of companies.

The Company collects and records personal data of its Clients to perform the following treatments:

1. Management of the shopping basket and orders:

- Execution of the contract between the User and the Company;

- legitimate interest of the Company;

2. Management of payment and credit transactions:

- Execution of the contract between the User and the Company;

3. The management of delivery operations:

- Execution of the contract between the User and the Company;

4. The fight against fraud during the payment of the order and management of unpaid invoices after order:

- Execution of the contract between the User and the Company;

- legitimate interest of the Company;

5. The management of the customer relationship (mail / phone / email), the follow-up of the orders of the after-sales service, the returned products and the refunds:

- Execution of the contract between the User and the Company;

6. Customer satisfaction management (collection of customer reviews about products and customer service performance):

- Legitimate interest of the Company to improve products and service;

7. Statistics, analysis, selection and segmentation of clients to improve the knowledge of Users:

- Execution of the contract between the User and the Company;

- legitimate interest of the Company;

8. The sending of the Newsletter by email:

- Consent of the User;

- legitimate interest of the Company;

3. TO WHOM IS YOUR DATA TRANSMITTED?

Your data is transmitted only to partners who process the data for the account and according to the instructions of the Company (subcontractors).

3.1. The recipients of this data are:
  • Police authorities in the context of judicial requisitions concerning the fight against fraud;
  • customs services in case of delivery abroad;
  • Secure payment services on the site;
3.2. This data is transmitted only in the context of:
  • The fight against fraud and the recovery of unpaid bills;
  • The shipment of your orders;
  • The management of telephone calls, their possible registrations and the sending of postal mails;
  • Personalization of the contents of the site;
  • Performing maintenance and technical development of the website, the internal applications and the information system of the Company;
  • Collection of customer reviews;
  • The dispatch of the Newsletter;
3.3. The Company may also share personal data:
  • In the event of a sale, transfer or amalgamation of the Company or a part of it, or if the Company acquires or merges with another company.
  • If such a transaction takes place, the Company will ensure that the other party complies with data protection legislation.
4. WHAT ARE YOUR RIGHTS ON YOUR PERSONAL DATA?

In application of articles 14 to 22 of regulation 2016/679 of 27 April 2016, any natural person using the service has the right to exercise the following rights:

  • A right of access;
  • a right of rectification;
  • Right to oppose and erase the processing of his data;
  • a right to oppose profiling;
  • a right to limit treatment;
  • A right to the portability of its data.

Finally, when the Company detects a personal data breach likely to create a high risk for the rights and freedoms of the Customer, the Customer will be informed of this violation as soon as possible.

These rights may be exercised with the Company which collected the personal data in the following manner:

By email at the following address: serviceclient@enovap.com.

The application must be accompanied by a proof of identity.

The Company shall reply within one month after the exercise of the right. In some cases, due to the complexity of the request or the number of requests, this time can be extended by 2 months.

In the case of non-response or unsatisfactory response, the data subject has the option of referring the matter to the supervisory authority of his country of residence.

5. WHAT DOES YOUR DATA BECOME AFTER YOUR DEATH?

The User may provide guidelines for the retention, erasure and communication of his personal data after his death in accordance with Article 40-1 of Law 78-17 of 6 January 1978. These directives can be general or particular.

The User can formulate his advance directives at the following address: serviceclient@enovap.com.

6. IS YOUR DATA SENT OUT OF THE EUROPEAN UNION?

You are hereby informed that personal data concerning you may be transmitted for the purposes set out above to companies located in countries outside the European Union and which do not have an adequate level of protection with regard to privacy. Protection of personal data.

Prior to the transfer outside the European Union, and in accordance with the regulations in force, the Company implements all the procedures required to obtain the guarantees necessary to secure such transfers.

7. HOW LONG IS YOUR DATA KEPT FOR?

The Company has established specific rules regarding the retention period of Users' personal data.

A separate shelf life will be applied to prospects and customers to calculate the most relevant shelf life:

  • For "prospects" who have never made a purchase from the Company, the starting point of the retention period is the subscription to the Newsletter;
  • For "customers" who have made at least one purchase on the site or application, the starting point of the retention period is their last purchase on the site or application.

For some types of processing, the retention of data is subject to specific retention periods. For example, information related to purchases is kept for 10 years.

For more information on the retention periods applied by the Company, you can contact customer service at the following address: serviceclient@enovap.com.

8. WHAT ARE THE SECURITY MEASURES TAKEN BY THE COMPANY TO PROTECT YOUR PERSONAL DATA?
8.1. Internally

As the controller, the Company takes all necessary precautions to preserve the security and confidentiality of the data, in particular to prevent them from being distorted, damaged, or unauthorized third parties having access to it:

  • the physical security of the buildings housing our systems,
  • the security of the computer system to prevent external access to your data,
  • secure copies of your data.

When using subcontractors, the Company ensures compliance by the latter with the rules relating to data protection.

8.2. Payment providers

To ensure the security of payments, the Company uses the services of a PAYBOX provider, certified PCI-DSS. This standard is an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and thus secure the protection of card and transaction data.

When you place an order for payment by credit card on the Website, our order taking system connects in real time with the PAYBOX system which collects your data and carries out various checks to avoid abuse and fraud.

The data is stored on PAYBOX's servers and is not transmitted to the Company's servers at any time. PAYBOX requests authorization from the bank and sends us a transaction number that allows operations up to the amount of the authorization.

In order to be able to debit the account during the invoicing or to credit it following a return, PAYBOX keeps the banking data associated with the authorization number, the time necessary for the realization of the transaction and the treatment of the possible claims (returns, litigations ).

9. IS THE DATA OF MINORS UNDER 18 YEARS COLLECTED?

In accordance with the general conditions of sale, it is necessary to be 18 years old to access the website and make purchases.

Thus no data concerning minors are collected on the Company's Website.

10. CAN YOU RECEIVE COMMERCIAL SOLICITATION?

The Company does not use your contact information to send you targeted advertising, in particular by email, post, SMS, mobile notification, on social networks or third party websites.

The Company uses the services of companies that use cookies to distinguish Users and then personalize the advertisements they receive based on their browsing history.

11. DOES THE COMPANY USE COOKIES, TAGS AND TRACERS?

When using the Website, information relating to the navigation of your terminal (computer, tablet, smartphone, etc.), may be recorded in "Cookies" files placed on your device, subject to the choices that you would have expressed about Cookies and that you can change at any time.

11.1. What is a cookie?

The term "cookie" encompasses several technologies that make it possible to perform navigation tracking or behavioral analysis of the user. These technologies are multiple and constantly evolving. There are, in particular, cookies, tag, pixel, Javascript code.

The cookie is a small text file saved by the browser of your computer, tablet or smartphone and which allows to keep user data to facilitate navigation and allow certain features.

There are two types of cookies:

  • First party cookies, deposited by the Company for the purposes of navigation and operation of the site;
  • Third-party cookies deposited by third-party partner companies to identify your interests and send you personalized offers. These third party cookies are directly managed by the companies that publish them and must also comply with the data protection regulations.

11.2. Why are cookies, tags and tracers used?

Cookies that the Company issues on the site allow:

  • to establish statistics and volumes of use and use of the various elements that make up our services (audience measurement cookies);
  • adapt the presentation of the Website according to the terminal used;
  • to adapt the presentation of our Site according to the affinities of each user;
  • memorize information relating to a form that you have filled in on the Website (newsletter registration, contents of an order basket, etc.);
11.3. Setting up your browser software

You can configure your browser software to have cookies stored in your device or, conversely, rejected, either systematically or by their issuer. You can also configure your browser so that the acceptance or the refusal of cookies are proposed to you punctually, before a cookie is likely to be registered in your terminal.

How to exercise your choices, depending on the browser you use?

For the management of cookies and your choices, the configuration of each browser is different. It is described in the help menu of your browser, which will allow you to know how to change your wishes for cookies.

12. THE DELEGATE TO THE PROTECTION OF THE DATA OF THE COMPANY
12.1. Their mission

The purpose of the Data Protection Officer (DPO) appointed within the Company is to ensure compliance with the regulations and rules described in this document.

It ensures in particular to establish a register of the processing of personal data implemented in the company and to ensure the compliance of these with the regulations and changes.

It ensures the awareness of teams and responds to users wishing to exercise their rights concerning the personal data collected by the Company.

12.2. Contact the data protection officer

You can contact the data protection officer at dpo@enovap.com