Privacy Policy

Between the undersigned :

MY LUBIE, a société par actions simplifiée (simplified joint stock company) with a single shareholder and a capital of 1,384 euros, whose registered office is located at 42 rue de Maubeuge 75009 Paris, registered in the Paris Trade and Companies Register (RCS) under number 889 812 210.

Hereinafter referred to as the " Data Controller",

on the one hand, and

and on the other,

Any individual browsing the website of the Data Controller.

Hereinafter referred to as the " Data Subject ",

on the other hand,

Without exception or limitation, the Data Subject and the Data Controller are subject to this privacy policy. The purpose of this policy is to inform you of how the Data Controller has collected and processed certain of your personal information in connection with your use of the https://mylubie.com website (hereinafter referred to as the "Site") in accordance with applicable law, including European Regulation No. 2016/670 and Law No. 78-17 (collectively referred to as "the Legislation").

This privacy policy forms an integral part of the Data Controller's general terms and conditions of sale.

Article 1. Definitions

Data Controller: means MY LUBIE, a simplified joint stock company with a single shareholder and capital of 1,384 euros, whose registered office is located at 42 rue de Maubeuge 75009 Paris, registered with the Paris Trade and Companies Register (RCS) under number 889 812 210.

Data subject: means any natural person browsing the Site of the Data Controller, who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Browsing: refers to consultation of the Site.

Site: refers to the infrastructure developed by the Data Controller in accordance with the computer formats usable on the Internet, comprising data of various kinds, and in particular text, sound, still or animated images, videos and databases, intended to be consulted by the Person concerned https://mylubie.com.

Data: refers to any information relating to the Person concerned.

File: refers to any structured set of Data accessible according to specific criteria, whether this set is centralized, decentralized or distributed functionally or geographically.

Processing: means any operation or set of operations which may or may not be performed using automated processes and applied to Data or sets of Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction.

Pseudonymization: refers to the processing of Data in such a way that it can no longer be attributed to the Data Subject without recourse to additional information.

Legislation: means any law and regulation relating to Data protection, and in particular European Regulation n°2016/679 and Law n°78-17.

Subcontractor: means any natural or legal person, public authority, department or body other than the Data Controller who processes Data on behalf of the Data Controller.

Recipient: refers to any natural or legal person, public authority, service or other organization that receives communication of the Data, whether or not it is a Third Party. However, public authorities which may receive communication of Data, in particular in the context of an investigative mission, are not considered to be Recipients within the meaning of this definition.

Third Party: means any natural or legal person, public authority, department or other body other than the Data Controller, the Subcontractor and those persons who, under the direct authority of the Data Controller or the Subcontractor, are authorized to process the Data, and in particular tour operators, travel agencies and reservation systems.

Consent: means any free, specific, informed and unambiguous expression of will by which the Data Subject accepts, by a declaration or by a clear positive act, that Data concerning him or her may be Processed by the Data Controller.

Supervisory Authority: refers to the Commission Nationale de l'Informatique et des Libertés (CNIL), the French independent public authority responsible for regulating Data protection;

Article 2. Processing principles and categories of data processed

In accordance with the Law, the Data Controller undertakes to comply with the following principles for each Processing operation:

Lawfulness ;
Fairness ;
Transparency;
Purpose limitation;
Data minimization ;
Accuracy ;
Limitation of storage ;
Integrity ;
Confidentiality;
Accountability.

The Data Controller undertakes to implement all the principles established by the GDPR, in accordance with its Article 5.

The Data Controller collects and processes a variety of data, including:

Personal information (surname, first name, gender, postal address, e-mail address, telephone number, date of birth, age, date of registration and unsubscription to customer accounts and to the Data Controller's newsletter, messages exchanged with the Data Controller, telephone conversation with the Data Controller's customer service).

Banking information
Payment method
Credit card number

Information relating to your order, such as :
Product ordered
Delivery address
Delivery tracking number
Order price
Purchase history

Technical information
Browsing behavior
IP address
Products added to shopping cart
Collection of consent

Data will be collected and processed for various purposes:

Purchase
Contact with the data controller
Newsletter registration
Creation of a customer account
Browsing the site

Article 3. Processing

PURPOSE OF PROCESSING

TYPE OF DATA

LEGAL BASIS FOR PROCESSING

DATA RETENTION PERIOD

MANAGEMENT OF PRODUCT PURCHASES, DELIVERIES, INVOICING AND ACCOUNTING STANDARDS

First name, surname, e-mail address, postal address, telephone number, delivery address, order placed, delivery tracking number, date of registration and deregistration, method of payment, credit card number.

Contract, legal obligation and legitimate interest of the Data Controller in establishing, exercising and defending its legal rights.

10 years from purchase of product

EXCEPT

15 months from product purchase for bank details (immediately for the visual cryptogram)

CREATION AND MANAGEMENT OF CUSTOMER ACCOUNTS

First name, last name, e-mail address, postal address, telephone number, customer account creation date, customer account deletion date, consent.

Consent of the person concerned

3 years from last connection to customer account

MANAGEMENT OF COMMERCIAL RELATIONS

First name, last name, e-mail address, postal address, telephone number, purchase history, shopping cart, date customer account created, date customer account deleted, consent obtained.

Legitimate interest of the Data Controller in managing the customer relationship

3 years from the last contact with the Data Subject

COMMERCIAL PROSPECTING (E.G. USEFUL INFORMATION, PRODUCT ADVICE, CART ABANDONMENT REMINDERS, PERSONALIZED OFFERS)

First name, last name, e-mail address, shopping cart, postal address, telephone number, purchase history, collection of consents.

Consent of the Data Subject or legitimate interest of the Data Controller in promoting its products

3 years from the last contact with the Data Subject

Newsletter

Electronic address

Consent of the person concerned

3 years from the last contact with the Data Subject

IMPROVEMENT OF WEBSITE SECURITY

IP address, browsing data

Legitimate interest of the Data Controller to improve and manage the site, to secure and administer the site, to prevent fraud and malicious acts.

13 months

CUSTOMER SERVICE MANAGEMENT

First name, last name, e-mail address, postal address, telephone number, purchase history, exchanges, IP address, collection of consents.

Consent of the Data Subject and legitimate interest of the Data Controller in improving its products and customer service.

3 years from the last contact with the Data Subject

SITE STATISTICS AND PERSONALIZED ADVERTISING

IP address, Navigation data, Collection of consent

Consent of the person concerned

6 months

Article 4. Recipients

In principle, the Data Controller is the sole recipient of the Data.

However, the Data Controller may transfer the Data to other recipients, in particular in connection with the management of Product purchases by the Data Subject, and/or to any public authority that may request it, in particular in connection with an investigation.

Certain recipients may process your data as subcontractors on behalf of the Data Controller.

The Data Processor undertakes to require its subcontractors to provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that processing meets legal and regulatory requirements and guarantees the protection of the Data Subject's rights.

In addition, the Data Processor may disclose to any recipient or third party the data processed where there is a legal obligation to do so or where the Data Processor considers in good faith that this is necessary in order to:

Respond to any claims made against it;
Comply with the requirements of the courts and/or the administrative order and/or the supervisory authority;
Fulfill any contract to which the Data Subject is a party;
Safeguard the vital interests of all natural persons;
The performance of a task in the public interest.

In the event that the Data Controller is acquired by a third party, the Data Controller reserves the right to share data with the acquiring third party, subject to the latter's compliance with this privacy policy.

Article 5. Data subject's rights

The Data Subject has the right to access his/her data. The general purpose of the right of access is to provide individuals with sufficient, transparent and easily accessible information on the processing of their data so that they can become aware of and verify the lawfulness of the processing and the accuracy of the data processed.

The Data Subject has the right to obtain from the Data Controller the rectification and/or erasure of inaccurate or outdated data as soon as possible, unless circumstances to the contrary prevent the exercise of this right, and in particular :

The exercise of the right to freedom of expression and information;
Compliance with a legal obligation;
The public interest in the field of public health, archives, scientific or historical research or statistics;
Establishing, exercising or defending legal rights.

The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of data based on the performance of a task in the public interest or on the necessity of a legitimate interest of the Data Controller.

The Data Subject has the right to request the Data Controller to restrict data processing in the following cases:
The accuracy of the personal data is contested by the Data Subject, for a period allowing the Data Controller to verify the accuracy of the data;
The processing is unlawful and the Data Subject objects to the erasure of the data and requests that their use be restricted;
The Data Controller no longer needs the data for the purposes of processing, but it is still necessary for the Data Subject to establish, exercise or defend legal claims;
The Data Subject has objected to the processing in the course of verifying whether the legitimate grounds pursued by the Data Controller outweigh those of the Data Subject.

The Data Subject who has obtained the limitation of data processing is informed by the Data Controller before the limitation of processing is lifted.

The Data Subject has the right to receive the data he or she has provided to the Data Controller in a structured, commonly used and machine-readable format.

The Data Subject has the right to lodge a complaint with the supervisory authority if he or she considers that he or she has been the subject of unlawful data processing by the Data Controller.

The Data Subject has the right to define directives concerning the fate of data after his/her death with the Data Controller, who will implement all technical means to ensure that this wish is respected.

Article 6. Data security

The Data Controller takes appropriate technical and organizational measures to protect Data against destruction, loss, alteration, misuse and unauthorized access, modification or disclosure, whether such actions are intentional or accidental.

The purpose of these technical and organizational measures is to ensure the confidentiality, integrity, availability and resilience of the Site and the information systems where the Files are stored.

The Site is encrypted using SSL (Secure Socket Layer) to ensure the security of the Data Subject's browsing.

Article 7. Modification of the privacy policy

The Data Controller reserves the right to modify this Privacy Policy from time to time.

In the event of substantial modification of the present Privacy Policy, the Person concerned will be personally informed of the new Privacy Policy.

The Data Subject is invited to consult this Privacy Policy on a regular basis to take note of any changes.

The Data Subject may send any questions about this Privacy Policy to the DPO at the following address: pierre@mylubie.com

Article 8. Invalidity of the Privacy Policy

If any provision of this Privacy Policy is found to be invalid pursuant to a rule of law in force or a court decision that has become final, it shall be deemed unwritten, without invalidating the entire Privacy Policy or altering the validity of its other provisions.

Article 9. Cookies

By browsing the Site, the Person concerned may consent or object to the installation of cookies on his/her computer.

When browsing the Site, the Person concerned may consent or object to the installation of Cookies on his/her computer terminal.

Generally speaking, cookies record information relating to the browsing of computers on the Site (pages consulted, date and time of consultation, etc.), information which may be read during subsequent visits by the Person concerned to the Site, with transmission of the Data to the Data Controller. The installation of these non-functional cookies requires the consent of the Person concerned.

Certain cookies are essential to the proper functioning of the Site and do not require the consent of the Person concerned before being installed.

Cookies are automatically deleted within thirteen (13) months of their installation if the Person concerned does not renew his/her consent before the expiry of this period.

The cookies present on the Site are as follows:

Cookie name	Type of cookie	Data sent to	Purpose	Expiration date
_cmp_a	Required	United States	Determines whether the user has accepted the cookie consent box	1 day
_shopify_d	Required	United States	Required for secure payment	Session
Cart	Required	United States	Required for shopping cart functionality on the Website	14 days
Cart_currency	Required	United States	Required for secure payment	14 days
Cart_sig	Required	United States	Required for secure payment	14 days
Cart_ts	Required	United States	Required for secure payment	14 days
Cookieconsent_ preferences_dis abled	Required	Ireland	Stores cookie authorization for current domain by user	1 year
Cookietest	Required	United States	Used to determine whether the visitor has accepted the cookie consent box	Session
Is_eu	Required	Ireland	Determines whether the visitor is from the EU and therefore subject to EU data regulations	Session
omScrollHeight	Required	United States	Records the user's screen size in order to adjust the size of images on the site	Session

At any time, the Data Subject may configure his/her browser:

For Microsoft Internet Explorer 8.0 and above (including Edge)
Click on the menu in the browser toolbar
Go to "Settings
Click on "Cookies and stored data" and "Manage and delete cookies and site data".
For Mozilla Firefox
Click on the menu in the browser toolbar
Go to "Tools" and "Options
Click on "Privacy
Select "Cookies
For Google Chrome
Click on the menu in the browser toolbar
Click on "Settings", then on "Privacy and security".
Click on "Cookies