PERSONAL DATA CHARTER (hereinafter the "Charter")
As part of its activities, ENOVAP, a simplified joint-stock company, registered in the Trade and Companies Register of Troyes under number 814 824 074, whose head office is located at Technopole de l’Aube, 2 rue Gustave Eiffel 10430 ROSIERES PRES TROYES, and whose intra-community VAT number is FR66814824074, provides its Users with an e-commerce service accessible from the website www.enovap.com (hereinafter the “Website” or the “Site”) as well as a mobile application available on Apple Store and Google Play, intended to provide its users with support in stopping smoking and nicotine addiction, this application being connected to a dual-tank electronic cigarette allowing vapers to better manage their daily nicotine consumption (hereinafter the “application”).
Users of the site and the application are invited to carefully read this Personal Data Charter.
The purpose of this Charter is to provide users of the Website and the Application (hereinafter referred to as “User” or “Users”) with complete information on the use made by the ENOVAP company of its personal data.
In order to ensure the provision of product marketing services on the website as well as the services offered to the User of the application, ENOVAP is obliged to collect personal data relating to users.
This Charter thus allows the User to benefit from perfect transparency as to personal data by the Company in accordance with the provisions provided for by law n ° 78-17 of January 6, 1978 relating to data processing, files and freedoms. amended and the EU General Data Protection Regulation 2016/679 (hereinafter the “GDPR”).
In the personal data collection forms on the site, the User is notably informed of whether or not data collection is compulsory. In the event that a mandatory data field is not provided, ENOVAP will not be able to provide its services to the User.
Personal data / Data: refers to any information relating to an identified natural person or who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to him. It may in particular be the name, first name (s) of the User, his telephone number, his e-mail and postal address or his gender (eg: female, male).
Sensitive data: Personal data relating to the state of health of the User collected as part of the Application Services.
Personal data charter: referred to as this data processing charter.
Cookies: designate automatic text file type tracking procedures offered on a terminal (computer, tablet, smartphone) which records information when visiting a website or viewing an advertisement. Cookies can have various purposes, and store information for a certain period of time.
For more information on Cookies, the User can go to www.cnil.fr.
Services: refers to the services offered by ENOVAP on the Site and the Application.
Processing: refers to any operation or set of operations relating to data, such as, for example, the collection, recording, storage, consultation, communication or even the erasure and destruction of data.
User(s): refers to any natural or legal person accessing the Site or the Application.
2. Identity of the data controller
The company that collects Personal Data and implements Data Processing in its capacity as Data Controller is:
ENOVAP, Simplified Joint Stock Company with capital of 25,086.00 euros, whose head office is located at Technopole de l’Aube, 2 rue Gustave Eiffel 10430 ROSIERES PRES TROYES, registered in the Trade and Companies Register of Troyes under number 814 824 074, and whose intra-community VAT number is FR66814824074, represented by its Chairman, Mr. Alexandre Scheck (hereinafter referred to as “ENOVAP” or the “Company”).
This Charter may be amended at any time by the Company, in particular in order to comply with changes in laws and regulations, case law, technology or even the requirements of the authorities. In the event of modification of the Charter, the Company will inform the User and / or seek their agreement when necessary.
The latest version of the Policy is the one available on the Site and the Application.
Users are invited to consult the Charter before browsing the Site and the Application and to regularly familiarize themselves with the Charter in order to know the modifications and / or updates made by the Company.
The Charter is an integral part of the General Conditions of Use and Sale of the Site and the Application.
For any question relating to these conditions, Users can contact Mr. Alexis Fischer, appointed Data Protection Officer of the Company, by e-mail at the address firstname.lastname@example.org or by mail at the following address: ENOVAP Company , Mr. Alexis Fischer, 212 rue Saint-Maur – 75010 Paris
4. Personal data processed
When using the Services by the User, the Company is required to collect Personal Data concerning Users.
The entry of this Data is mandatory and is subject to automated processing for the purposes of access to the Services, management and administration of Users’ personal accounts.
The collection of Data is essential to carry out the Services for which Users request the Company.
The Company may refuse access to the Site and / or the Application if the User objects to providing the Data necessary for the purpose pursued by the Company.
The Data is processed by the Company or its authorized service providers, in accordance with the legal and regulatory provisions in force and within the limits of the General Conditions of Use and Sale of the Site and of the Application and of this policy.
4.1.1. The Data required to create a personal account:
In order to create a personal account to be able to access the Company’s Services on the Application and on the Site, the User must provide the following information:
• Gender (Male or Female)
• First name (s)
• Last name
• Date of Birth
• Time zone
• Language of the page used on site (French or English)
The following Data is also collected and processed by the Company:
• Registration date
• Information allowing to know if the user has created his account from the website or the mobile application
• Date of last connection
The User understands and accepts that his Data collected on the Site is transmitted to the Application and vice versa, the Data being identical and accessible on the Site and the Application.
4.1.2. The Data necessary for subscribing to the Company’s newsletter:
In order to subscribe to the newsletter, the User must provide the following information on the Website:
• E-mail address
• User type (“Individual”, “Professional Vape: reseller”, “Professional Vape: Others”, “Health professional”, “Media professional” or “Activist / association member”)
In the event that one of these two mandatory Data fields is not provided, the Company will not be able to provide its Services.
4.1.3. The Data necessary for making contact via the dedicated form:
• First name (s)
• Last name
• User message
• User Country
• User’s email address
• User phone number (optional)
4.1.4. The Data necessary for placing the Order from the Site:
• Last name
• First name (s)
• E-mail adress
• Telephone number (optional)
• Default billing and delivery address
• Alias of the registered address (Ex: home, office, etc.)
• Date and time of the Order
• Indication of the actual payment of the Order
• Comment about the payment in case of refusal, coming from the payment provider Monetico
• Details about the Order (references and quantities of products ordered)
• Indication of the actual dispatch of the Order
• Indication of receipt of the Order
• Parcel tracking number
• Information about the payment (Total including tax, currency used)
4.1.5. Data collected from the comments module:
• First name (s)
• Last name
• Rating (from 1 to 5 stars) of the commented Product
• Date and time of the comment
4.2. Data collected during the use of the application:
• Last name
• First name (s)
• E-mail adress
• Gender / condition (woman or man, pregnant woman)
• Smartphone operating system
• Cigarette consumption
• Geolocation data
• Latitude, longitude, date and time of data collection
• Time zone
• Information to determine whether the User is exclusively a smoker, a vaper or both
• Date and time of each cigarette smoked
• For each puff of the ENOVAP Cigarette consumed: date, time, percentage of power (0 to 100), powers sent to the reservoirs, mode used (manual, flavor mix or automatic), nicotine concentrations contained in the reservoirs, target concentration , resistance impedances, time zone, duration.
• Location of the User
• Ambient noise (measured in decibels)
• Gyroscope data
• User diary
• Health data stored on the User’s mobile (number of steps, physical activity)
• Mobile contacts
5. Sensitive data
The Company collects Sensitive Data relating to the user’s state of health (pregnancy, physical activity, etc.) which it uses as part of the Application Services. The Company uses this Sensitive Data for the purpose of providing the Services to the User exclusively.
The legal basis for the Processing of Sensitive Data is based on the consent that the User gave when creating his Personal Account on the Site or the Application, in accordance with Articles 6 and 9 of the General Data Protection Regulations, in checking the box provided for this purpose.
The Sensitive Data collected is stored on the device from which the Application was downloaded (mobile phone, tablet, etc.) and is also stored and processed by the Company and on the servers of OVH, a hosting partner. approved health.
As a subcontractor, OVH has the authorizations allowing the hosting of Health Data and ensures compliance with the legal and regulatory requirements in force, in particular in order to guarantee the confidentiality of the Data and the effectiveness of Users’ rights. For more information, the User is invited to consult the OVH confidentiality policy, in particular accessible at the following links: https://www.ovh.com/fr/files/2018-06/plaquette-gdpr-web-Final -French.pdf and https://www.ovh.com/fr/support/documents_legaux/Annex%20Traitement%20de%20d Data%20à%20caractère%20personnel.pdf.
By creating a Personal Account on the Application or the Website, the User expressly consents to the Company and OVH being able to store and process the Sensitive Data communicated by the User via the creation of the Personal Account or the use of the ‘Application and this, in order to provide the Services to the User.
In any case, the User is informed that he can withdraw at any time the consent he has given to the Company concerning the collection and Processing of Sensitive Data by contacting ENOVAP at the following address: support @ enovap .com or by contacting the Data Protection Officer directly by email at the following address: email@example.com or by post at the following address: ENOVAP Company – 212, rue Saint-Maur 75010 Paris.
6. Lawfulness of processing
Users’ privacy is protected by French and European data protection regulations. The Company is only authorized to use the Personal Data of its Users if it has a valid legal basis and must ensure that it has one or more of the following legal bases:
• The execution of a contract (for example to process and execute an order for the Company’s Products or to provide the Services on the Application);
• The fulfillment of a legal obligation (eg: conservation of invoices);
• The legitimate interest of the Company;
• The User’s consent.
A “legitimate interest” of the Company must not go against the rights and freedoms of users. Examples of legitimate interests mentioned in the GDPR include fraud prevention, direct marketing, and data sharing within a group of companies.
7. Purposes of processing
Data collection is essential for using the Site and the Application and for the Company to be able to provide the Services.
The Company is required to collect and record Users’ personal data to carry out the following Processing:
a. The provision of Services and the management of Orders:
The Company uses the User’s Personal Data for the purposes of managing User Orders, delivering the Products ordered, providing the Services and communicating with the User regarding his Orders and the Services.
The provision of Personal Data collected for the purpose of providing the Services is mandatory. In their absence, the Services cannot be properly provided.
This Data may be transmitted to the Company’s technical service providers, for the sole purpose of the proper performance of the Services, or the establishment of statistics.
b. Management of payment and credit transactions:
The Company is obliged to collect certain Personal Data from the User in order to be able to invoice the latter for the prices of the Products and the Delivery Costs.
It is recalled that the Company never has access to the confidential payment information of Users. Indeed, the company uses the services of a service provider, Monetico, for the management of payments and credit, under the conditions defined in Article 12.3 below.
c. The management of refund operations as part of the return policy:
The Company is obliged to collect certain personal data from the User in order to be able to reimburse the latter in the event of the return of the Products concerned, and in particular the User’s bank details.
In their absence, the Company will not be able to reimburse the User.
d. The fight against fraud during the payment of the order and management of unpaid bills after order:
The Company uses personal data to prevent and detect fraud and abuse in order to protect the safety of its customers, the Company and others.
e. Improving the Services and Products provided by the Company
The Company uses the User’s personal information to provide features, analyze performance, correct errors and improve the accessibility and efficiency of the Services made available and the Products offered for sale.
f. Sending the newsletter by email:
Depending on the choices made by the User, his Personal Data may be used by the Company to send him newsletters.
g. Comply with the law
The Company may be required to keep Users’ Personal Data in order to meet legal or regulatory requirements (eg: verify the identity of a User in order to detect or prevent fraud).
h. A specific purpose
The Company may need to request the User’s consent for the Processing of their Personal Data for a specific purpose that will be indicated to them.
7.1. Exception: Anonymization of Data collected for research and development purposes:
As part of the research and development of Products and Services, the Company may process the anonymization of the User’s Personal Data so as to be able to share, free of charge or against payment, with its partners all of the non-personal data relating to the use of the resulting Products and Services. The Company guarantees the User that in the event of sharing of non-personal data, any traceability or re-identification of the User from them is impossible.
8. Access to Data
The Data is transmitted only to partners who process the Data on behalf and according to the instructions of the Company (subcontractors).
8.1. The recipients of this Data are:
• Police authorities in the context of judicial requisitions concerning the fight against fraud;
• Customs services in the event of delivery abroad;
• The secure payment service on the Monetico Site;
• Partners in charge of hosting services and customer relationship management.
The Company uses the Monetico electronic payment solution offered by the Crédit Mutuel Group for payments by bank card.
In the event of payment by credit card, the User will therefore be redirected from the Site via the MONETICO secure payment screen.
User Data is then collected by the payment provider MONETICO. To this end, MONETICO has access to the Data necessary to carry out bank transfers between the Company and the Users.
For more information concerning the processing of his data by MONETICO, the User can consult the information documents relating to the protection of personal data and the security of payments accessible at the following URL addresses:
– Monetico legal information: https://www.monetico-paiement.fr/fr/informations-legales.html
– Crédit Mutuel data protection charter: https://www.creditmutuel.fr/fr/charte-internet-protection-donnees.html
– Monetico payment security: https://www.monetico-paiement.fr/fr/securiser-transactions/garanties-securite.html
8.2. These Data are transmitted only within the framework of:
• The fight against fraud and the recovery of unpaid debts;
• The shipment of your orders;
• The management of telephone calls, their possible recordings and the sending of postal mails;
• The personalization of the contents of the site;
• Carrying out technical maintenance and development operations for the website, internal applications and the Company’s information system;
• Collecting and hosting customer reviews, as well as customer relationship management;
• The dispatch of the newsletter;
8.3. The Company may also share the Data:
• In the event of sale, transfer or merger of the Company or part of it, or if the Company acquires or merges with another company.
• If such a transaction takes place, the Company will ensure that the other party complies with data protection laws.
9. User rights
9.1. Pursuant to articles 14 to 22 of the GDPR, any natural person using the Site and / or the Application has the right to exercise the following rights:
– a right of information: the obligation for the Company to make available to the User all the information that the latter has provided to him.
– a right of access: the right for the User to receive a copy of his Personal Data.
– a right of rectification: the right for the User to request the modification of his Personal Data which is erroneous or incomplete.
– a right to erasure: the right for the User to request the deletion of his Personal Data, in certain situations.
– a right to limit Processing: the fact that the Company cannot, beyond a certain time, continue to process and use the User’s Personal Data.
– a right to the portability of his data: the right for the User to receive his Personal Data provided to the Company, in a structured, commonly used and machine-readable format and / or to transmit this data to a third party, in certain situations.
– a right of opposition: the right for the User to oppose at any time, for reasons relating to his particular situation, to the Processing of Personal Data concerning him, in particular the right to oppose any when Processing for marketing purposes: when the Company uses Personal Data for direct marketing purposes.
Finally, when the Company detects a violation of Personal Data likely to create a high risk for the rights and freedoms of the User, the User will be informed of this violation as soon as possible.
The User can exercise their rights with the Data Protection Officer by email at the following address firstname.lastname@example.org or email@example.com or by mail at the following address: Société ENOVAP – 212, rue Saint- Maur 75010 Paris.
The request must be accompanied by proof of identity.
In accordance with the regulations in force, all requests must be signed and accompanied by a photocopy of an identity document bearing the signature of the requester and specify the address to which the response must be sent. A response will then be sent to the User as soon as possible and at the latest within one (1) month of receipt of the request. The User is informed that this period may be extended to two (2) months given the complexity and the number of requests.
9.2. The User has the right to lodge a complaint with a supervisory authority, if he considers that the Processing of Personal Data concerning him constitutes a violation of applicable law.
The User may formulate directives relating to the storage, erasure and communication of his Personal Data after his death in accordance with Article 40-1 of Law 78-17 of January 6, 1978.
These guidelines can be general or specific.
The User can formulate his advance directives to the following address: firstname.lastname@example.org or email@example.com.
10. Data transfer
The User is informed and accepts that certain Data concerning him may be transmitted for the needs of the purposes defined above to companies located in countries outside the European Union and not always presenting an adequate level of protection with regard to concerns the protection of Personal Data.
Prior to the transfer of Data outside the European Union, and in accordance with the regulations in force, the Company makes its best efforts to implement the guarantees necessary to secure such transfers and ensures that the transfers are carried out in accordance with the General Conditions of sale of the Site, the General Conditions of Use of the Application and this Personal Data Charter.
In particular, the Company uses the services of the HUBSPOT company for the management of part of its commercial relations. HUBSPOT may transfer User Data to its subsidiaries located in the United States, for the above purposes only.
HUBSPOT sets up mechanisms to ensure compliance with the regulations on Personal Data. To comply with the requirements of the GDPR, HUBSPOT had adopted the provisions of the Privacy Shield and standard contractual clauses (CCT) as legal mechanisms for the transfer of its customers’ Data. As the Privacy Shield is no longer a valid transfer mechanism, HUBSPOT automatically applies standard contractual clauses (CCT) of data protection approved by the European Commission for transfers of Data outside the European Union. For more information, the User can consult the confidentiality policy of HUBSPOT, the CCTs used and the information accessible at the following address: https://legal.hubspot.com/privacy-policy and HubSpot’s Commitment to Protecting EU Data Transfers.
In any case, the User is informed that he can withdraw at any time the consent he has given to the Company concerning the transfer of his Data outside the European Union and particularly to HUBSPOT by contacting ENOVAP at the following address: firstname.lastname@example.org or by contacting the Data Protection Officer directly by email at the following address: email@example.com or by post at the following address: ENOVAP Company – 212, rue Saint-Maur 75010 Paris.
11. Data retention period
The Company has determined precise rules concerning the retention period of Users’ personal data.
The starting point and the retention period of the Data vary depending on the quality of the User:
• For “prospects” who have never made a purchase from the Company, the starting point for the retention period is the subscription to the Newsletter.
• For “customers” having made at least one purchase on the Site or having created a Personal Account on the Application, the starting point of the retention period constitutes the last purchase or use of the Service on the Site or the Application. .
The Data is kept for the duration of the commercial relationship with the User.
However, the Data making it possible to establish the proof of a right or a contract, or kept for compliance with a legal obligation, may be the subject of a secure archiving for a period not exceeding the duration necessary for the purposes for which they are kept (in particular but not exclusively those provided for by the Commercial Code, the Civil Code and the Consumer Code but also by the accounting and tax provisions applicable to the Company).
User Data used for commercial prospecting purposes may be kept for a period of 3 (three) years from the end of the commercial relationship. Data relating to a User who is not a client of the Site may be kept for a period of three years from their collection by the Company or from the last contact from the prospect (whichever is later). At the end of this period, the Company may contact the User concerned again in order to find out whether he wishes to continue to receive commercial solicitations. In the absence of a positive response, the Company will delete the Data in accordance with the provisions in force, and in particular those provided for by the Commercial Code, the Civil Code and the Consumer Code.
Regarding the Retention period of the User’s bank details for reimbursement purposes, these are only kept for the period necessary for the reimbursement of the User.
For more information on the retention periods applied by the Company, you can contact customer service at the following address: firstname.lastname@example.org.
12. Data security
It is understood that Users’ Personal Data is kept under conditions that comply with the security and confidentiality requirements provided for by applicable laws and regulations. In general, the Company undertakes to comply with all the obligations imposed on those responsible for processing personal data.
In the event of a security breach or loss of Personal Data relating to the User, the Company will inform him by any means under the applicable legal conditions. It will take all necessary measures, within the limits of its human, material and financial resources, to remedy the flaw and ensure data security.
As Data Controller, the Company takes all necessary precautions to preserve the security and confidentiality of the Data and in particular, to prevent it from being distorted, damaged, or that unauthorized third parties have access to it. These measures consist of
• the physical security of the buildings housing the Company’s systems,
• the security of the Company’s IT system to prevent external access to the User’s Personal Data,
• making secure copies of the User’s Personal Data.
When developing, designing, selecting and using its services, the Company takes into account the right to the protection of Personal Data from their conception.
When it uses subcontractors, the Company ensures that they comply with the rules relating to data protection.
12.2. Relations with subcontractors
When it uses subcontractors likely to process the User’s Personal Data, the Company ensures that they present sufficient guarantees as to compliance with the rules relating to Data protection, and at least the same guarantees as those of the Company, by concluding a contract with said subcontractors to this effect.
12.3. Payment providers
In order to ensure the security of payments, the Company uses the services of a service provider, Monetico, certified PCI-DSS. This standard is an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and thus secure the protection of card and transaction data.
When the User places an order for credit card payment on the Website, the Company’s order-taking system connects in real time with the Monetico system which collects User Data and performs various checks to avoid abuse and fraud.
The Data are stored on the servers of the company Monetico and are not transmitted at any time on the servers of the Company. Monetico applies for authorization from the bank and sends the Company a transaction number which allows operations up to the amount of the authorization.
In order to be able to debit the account during invoicing or to credit it following a return, Monetico keeps the bank data associated with the authorization number, the time necessary to complete the transaction and to process any complaints (returns, disputes ).
12.4. Protective measures taken by the User
In this constant concern for security and protection, the User is invited to exercise caution to prevent unauthorized access to his Personal Data and to protect his devices (computer, smartphone, tablet) against any malicious access. If the User shares a computer, he must disconnect after each use.
13. Data of minors under the age of 18
In accordance with the General Conditions of Sale of the Site and the General Conditions of Use of the Application, it is necessary to be 18 years of age to access the Website and the Application and to place an order.
Thus, no Personal Data concerning minors is collected on the Company’s website. In the event that the Company becomes aware of the collection of Personal Data from minors, the Company will take the appropriate measures to delete this Personal Data from its servers and / or those of its subcontractors, service providers and partners.
14. Commercial solicitations
The Company may update this policy from time to time.
In the event of significant changes, the Company will notify the User by e-mail or by any other means. To the extent permitted by applicable law, using the Company Services after such a warning is equivalent to accepting updates to this policy.
15. Cookies Policy
Personal Data of Users may also be collected through Cookies.
Indeed, each time a User connects to the Site, the Company may be required, by depositing Cookies on the User’s terminal (computer, tablet, mobile, etc.), to collect information relating to his connection. and its navigation.
The Cookies issued by the Company are as follows:
– PHPSESSID, the purpose of which is to identify the User when connecting to the Site, to memorize, if applicable, the User’s shopping cart, email address, last name, first name and delivery information provided by the user ;
– PrestaShop-XXX, (where XXX is a string of random characters varying each time the User connects to the site), the purpose of which is to determine the parameters of the User’s Internet browser, such as the type of browser used and the plug-ins installed there.
These Cookies allow the Site to function optimally. The User may object and delete them using the settings of his browser, however, the use of the Site may be degraded.
The User can oppose their implementation and / or delete them at any time after having accepted them following the procedure indicated on his browser. We invite the User to refer to the help menu of his browser to configure it according to his wishes.
Here are the procedures to block Cookies from the options of the main browsers:
- For Internet Explorer ™: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies,
- For Safari ™: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac,
- For Chrome ™: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en,
- For Firefox ™: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences,
- For Opera ™: http://help.opera.com/Windows/10.20/en/cookies.html.
The User can also connect to the Youronlinechoices site, offered by digital advertising professionals grouped within the European association EDAA (European Digital Advertising Alliance) and managed in France by the Interactive Advertising Bureau France. This European platform is shared by hundreds of Internet advertising professionals and constitutes a centralized interface allowing users to express their refusal or acceptance of Cookies that may be used in order to adapt them to the browsing of the User’s terminal. advertisements likely to be displayed there: http://www.youronlinechoices.com/fr/controler-ses-cookies/. The Company informs the User that this procedure will not prevent the display of advertisements on the websites visited. It will only block technologies that make it possible to tailor advertisements to the User’s interests.
The Company informs the User that if he refuses or deactivates Cookies, he may encounter navigation problems.
A Cookie has a limited period of validity. It is deposited and stored on the User’s terminal in compliance with applicable laws and regulations and subject to the choices expressed by the latter, which he can modify at any time. The retention period for Cookies placed by the Company is twelve (12) months.
The User has, with regard to the Data thus collected, the same rights as those set out above, which he can exercise under the same conditions.
16. Update of the personal data charter
The Company may update this Personal Data Charter from time to time, in particular to comply with changes in law, case law, technology or the requirements of the authorities.
In the event of significant change, the Company will notify the User by e-mail or by any other means. To the extent permitted by applicable law, using the Company’s Services after such warning is equivalent to accepting updates to this policy.
The latest version of this Data Protection Charter is the one available on the Site and on the Application.
Enovap mission is to eliminate cigarettes. Enovap products are intended for adult smokers who want to switch from combustible cigarettes. You must be at least 21 years old to purchase products on enovap.com.
Please select the country you reside in
Not suitable for people with cardiovascular problems and pregnant women. Nicotine is highly addictive, don't start. Products prohibited to minors, by entering this site, you confirm that you are of legal age. By continuing to browse this site, you agree that cookies will be used to improve your user experience. Learn more