Privacy Policy
This Privacy Policy applies without restriction or reservation between NBP PARFUMS, a simplified joint-stock company (SAS) with a share capital of €15,425.00, registered with the Paris Trade and Companies Register under number 951 541 630, headquartered at 8 rue du Château Landon, 75010 Paris, and VAT number FR68951541630 (hereinafter referred to as the "Data Controller"), and any individual browsing and/or purchasing products on the website www.notesdebasdepaje.com (hereinafter referred to as the "Data Subject").
The purpose of this policy is to provide information on how the Data Controller collects and processes the Data Subject’s Data, in compliance with applicable laws, particularly Regulation (EU) 2016/679 and French Law No. 78-17 (hereinafter referred to as the "Legislation"), in connection with the website www.notesdebasdepaje.com (hereinafter referred to as the "Website").
1) Definitions
- Supervisory Authority: Refers to the Commission Nationale de l’Informatique et des Libertés (CNIL), the French public authority responsible for regulating data protection.
- Consent: Any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which they signify agreement to the processing of their Data.
- Recipient: Any natural or legal person, public authority, agency, or other body to whom Data are disclosed, excluding authorities entitled to receive data in the context of investigations.
- Data: Any information relating to the Data Subject.
- File: A structured set of Data accessible based on specific criteria, centralized, decentralized, or distributed across locations.
- Legislation: All laws and regulations concerning data protection, including Regulation (EU) 2016/679 and French Law No. 78-17.
- Navigation: Actions taken by the Data Subject on the Website, including browsing, placing orders, and making purchases.
- Data Subject: Any identifiable individual using the Website of the Data Controller.
- Products: Items available for purchase on the Website.
- Pseudonymization: Processing of Data in such a way that it can no longer be attributed to a specific Data Subject without additional information.
- Data Controller: NBP PARFUMS, which determines the purposes and means of Data processing.
- Website: The online infrastructure created by the Data Controller, enabling users to browse, access information, and purchase Products.
- Processor: Any entity that processes Data on behalf of the Data Controller.
- Third Party: Any entity other than the Data Controller, Processor, or persons authorized to process Data under the direct authority of the Controller or Processor.
- Processing: Any operation performed on Data, such as collection, storage, organization, modification, transmission, or deletion.
2) Processing Principles
The Data Controller commits to adhering to the following principles for all Processing activities:
- Lawfulness
- Fairness
- Transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity
- Confidentiality
- Accountability
3) Processed Data
The Data Controller may collect and process the following types of Data during the Data Subject's use of the Website:
- Personal information: Name, surname, postal address, email, phone number, subscription and unsubscription dates for newsletters, messages exchanged with the Data Controller.
- Payment information: Payment method, payment history.
- Order details: Products ordered, delivery address, tracking number, purchase price, order history.
- Technical information: Navigation behavior, IP address, items added to the cart, consent collection.
4) Processing Context
The Data Controller may collect and process Data during:
- Website navigation.
- Product purchases.
- Contact with the Data Controller via the Website.
- Newsletter subscription.
- Browsing sessions.
5) Processing Purposes and Data Retention
a) Product purchases and delivery
- Legal basis: Contract.
- Data: Name, email, postal address, phone number, delivery address, payment method, order history.
- Retention: 3 years from the last purchase.
b) Billing and accounting compliance
- Legal basis: Legal obligation.
- Data: Name, email, postal address, phone number, delivery details, payment details.
- Retention: 10 years from purchase.
c) Customer relations
- Legal basis: Consent.
- Data: Name, email, postal address, phone number, communication history, consent records.
- Retention: 3 years from the last interaction.
d) Marketing and newsletter management
- Legal basis: Consent or legitimate interest for previous customers.
- Data: Name, email, phone number, consent records.
- Retention: 3 years from the last interaction.
e) Customer service and complaints
- Legal basis: Legitimate interest.
- Data: Name, email, address, communication history.
- Retention: 5 years.
f) Website security and improvement
- Legal basis: Legitimate interest.
- Data: IP address, browsing data.
- Retention: 13 months.
g) Statistics
- Legal basis: Legitimate interest.
- Data: IP address, browsing data.
- Retention: 6 months.
6) Data Recipients
The Data Controller is the sole recipient of Data but may share it:
- To comply with legal obligations.
- To respond to claims or legal actions.
- To fulfill contractual obligations.
7) Data Subject Rights
The Data Subject may exercise the following rights by contacting:
NOTES DE BAS DE PAJE
8 rue du Château Landon, 75010 Paris
Email: contact@notesdebasdepaje.com
Rights include:
1. Access
2. Rectification and deletion
3. Objection
4. Limitation
5. Portability
6. Complaint to a Supervisory Authority
7. Post-mortem directives
8) Data Security
The Data Controller implements technical and organizational measures to ensure data security, integrity, and confidentiality.
9) Changes to the Privacy Policy
The Data Controller may modify this Privacy Policy and will notify Data Subjects of significant updates.
10) Nullity Clause
If any provision is deemed invalid, it does not affect the remaining provisions' validity.
