Privacy Policy.
1 – Parties to this act
Between the undersigned: 1° The simplified joint stock company K-EYES. with capital of 22,812.62 Euros, registered in the Paris Trade and Companies Register under number 821 239 878, whose registered office is located at ZI Les ferrières, Rue du liège, 83490 Le Muy , and having VAT number FR59821239878. Hereinafter referred to as the "Data Controller", On the one hand, And 2° Any natural person Browsing the Data Controller's website; Hereinafter referred to as the "Data Subject", On the other hand, It has been set out and agreed as follows:
2 – Object
This Privacy Policy applies, without restriction or reservation, between the Data Subject and the Data Controller. Its purpose is to provide information on how the Data Controller collects and processes certain personal data relating to the Data Subject, in accordance with the legislation in force and in particular European Regulation No. 2016/679 and Law No. 78-17 (hereinafter referred to as the “Legislation”), in relation to the use of the website www.k-eyes.com (hereinafter referred to as the “Site”) by the Data Subject. This Privacy Policy is an integral part of the General Terms and Conditions of Sale of the Data Controller.
3 – Definitions
Supervisory authority means the National Commission for Information Technology and Civil Liberties (CNIL), the independent French public authority regulating data protection;
Consent means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Data concerning him or her by the Data Controller.
Cookie means a file allowing the path of the Data Subject to be traced on the Site.
RECIPIENT means any natural or legal person, public authority, service or other body which receives communication of the Data, whether or not a Third Party. However, public authorities which may receive communication of the Data, in particular in the context of an investigation mission, are not considered as Recipients within the meaning of this definition.
Data means any information relating to the Data Subject.
File means any structured set of Data accessible according to specific criteria, whether this set is centralized, decentralized or distributed functionally or geographically.
Legislation means any law and regulation relating to Data protection, and in particular European Regulation No. 2016/679 and Law No. 78-17.
Navigation means the consultation, awareness, ordering and/or purchase of Products on the Site by the Person concerned.
Person concerned means any natural person who browses the Site, provided that they can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity.
Products means the products offered for sale on the Site by the Data Controller to the Data Subject.
Pseudonymization means the processing of Data in such a way that it can no longer be attributed to the Data Subject without the use of additional information.
Data controller means the simplified joint stock company K-EYES. with capital of 22,812.62 Euros, registered in the Paris Trade and Companies Register under number 821 239 878, whose registered office is located at ZI Les ferrières, Rue du liège, 83490 Le Muy , and having VAT number FR59821239878, which alone or jointly with others, determines the purposes and means of the Processing.
Site means the infrastructure developed by the Data Controller according to the computer formats usable on the Internet comprising data of different types, and in particular texts, sounds, still or animated images, videos, databases, intended to be consulted by the Data Subject to know, reserve, order and/or purchase Products (www.k-eyes.com).
Subcontractor means any natural or legal person, public authority, agency or other body other than the Data Controller which processes the Data on behalf of the Data Controller.
Third party means any natural or legal person, public authority, service or other body other than the Data Controller, the Subcontractor and the persons who, placed under the direct authority of the Data Controller or the Subcontractor, are authorized to process the Data, and in particular tour operators, travel agencies, and reservation systems.
Treatment means any operation or set of operations performed or not using automated processes and applied to Data or sets of Data, such as limitation, erasure or destruction.
4 – Principles relating to processing
In accordance with the Legislation, the Data Controller undertakes to respect the following principles for each Processing:
Legality;
Loyalty ;
Transparency;
Purpose Limitation; Data Minimization; Accuracy;
Limitation of conservation; Integrity;
Confidentiality; Responsibility.
5 – Data processed
As part of Navigation, the Data Controller is required to collect and process a certain amount of Data, including:
Personal information (name, first name, gender, postal address, email address, telephone number, date of birth, age, date of registration and unsubscription to the customer account and the Data Controller's newsletter, messages exchanged with the Data Controller, telephone conversations with the Data Controller's customer service)
Banking information (payment method, credit card number)
Information about your order (product ordered, delivery address, delivery tracking number, order price)
Technical information (browsing behavior on the Site, IP address, products added to the basket, collection of consent).
6 – Context of the processing
The Data may be collected and processed by the Data Controller on various occasions, including:
Purchase of Products on the Site
Contact the Data Controller Subscribe to the newsletter
Creating a referral link
Creating a customer account
Navigation on the Site.
7 – Details of the treatment
|
Purpose of the Processing |
Data concerned |
Legal basis for processing |
Data Retention Period |
|
Management of product purchases and deliveries |
First name, last name, email address, postal address, telephone number, delivery address, order placed, delivery tracking number, registration and unsubscription date, payment method, payment method, credit card number |
Contract, legal obligation and legitimate interest of the Data Controller to establish, exercise and defend its rights in court |
10 years from the purchase of the Product EXCEPT 15 months from the purchase of the product for banking data (immediately for the visual cryptogram) |
|
Creation and management of customer accounts |
First name, last name, email address, postal address, telephone number, date of creation of the customer account, date of deletion of the customer account, collection of consent |
Consent of the Data Subject, legitimate interest of the Data Controller in creating a customer account following the purchase of a product by the Data Subject |
3 years from the last connection of the Data Subject to his customer account OR immediately from the deletion of his customer account |
|
Business relationship management and prospecting |
First name, last name, email address, postal address, telephone number, purchase history, consent collection |
Consent of the Data Subject, legitimate interest of the Data Controller to promote its Products |
3 years from the last contact by the Data Subject or from the end of the commercial relationship |
|
Newsletter management |
Email address, first name, last name, telephone number, collection of consent |
Consent of the Data Subject |
When unsubscribing |
|
Securing and improving the Site |
IP address, Browsing dataIP address, Browsing data |
Legitimate interest of the Data Controller to improve the Site and manage the Site, secure and administer the Site, prevent fraud and malicious acts. |
13 months |
|
Complaints Management Site Statistics and Personalized Advertising |
First name, last name, email address, postal address, telephone number, IP address, browsing data, collection of consent |
Data Subject Consent and its Products and Customer Service. |
3 years from the last dose taken |
|
Sponsorship |
Email address, first and last name, collection of consent |
Consent of the Data Subject |
3 years after the referral link request |
The Data Controller reserves the right to anonymize the Data that is subject to Processing before deleting it. The anonymized data may then be subject to Processing for statistical purposes.
8 – Recipients of the data
In principle, the Data Controller is the sole Recipient of the Data. However, the Data Controller may be required to transfer the Data to Recipients, in particular in the context of managing the purchases of Products by the Data Subject, and/or to any public authority that requests it, in particular in the context of an investigation mission. The following Recipients may be required to process your data, as a Processor, on behalf of the Data Controller:
FACEBOOK FRANCE SARLU with capital of €4,950,000 RCS Paris 630 085 802 Head office: 6 rue Menars, 75002 Paris
GOOGLE FRANCE SARLU with capital of €7,500 RCS Paris 443 061 841 Head office: 8 rue de Londres, 75009 Paris
CRITEO SA with capital of €1,677,273 RCS Paris 484 786 249 Head office: 32 rue Blanche, 75009 Paris
OUTBRAIN UK LIMITED Foreign company registered with the RCS RCS Paris 534 895 727
AWIN SAS SASU with capital of €58,050 RCS Paris 432 845 964 Head office: 8 rue Saint Fiacre, 75002 Paris
TWITTER FRANCE SAS SASU with capital of €37,000 RCS Paris 789 305 596 Head office: 10 rue de la Paix, 75002 Paris
DIDUENJOY SAS with capital of €1,000 RCS Paris 801 901 273 Head office: 42 rue Jean Baptiste Pigalle, 75009 Paris
DATABILITY SOLUTIONS PVT LTD Incorporated company in the USA Head office: 2035 Sunset Lake Road Suite B2, Newark New Jersey 19702 USA
TRADEDOUBLER SARLU with capital of €7,622.45 RCS Nanterre 431 573 716 Head office: 8 rue Barthélémy d'Anjou, 92100 Boulogne Billancourt
SHIPUP SAS with capital of €1,258 RCS Nanterre 822 856 068 Head office: 47 rue Marcel Dassault, 92100 Boulogne Billancourt
ALPHA DIRECT SERVICES SASU with capital of €22,912,625 RCS Beauvais 533 296 240 Head office: rue Hyppolite Bayard, 60000 Beauvais
LA POSTE SA with capital of €3,800,000,000 RCS Paris 356,000,000 Head office: 9 rue du Colonel Pierra Avia, 75015 Paris
ANAFORE PTE LTD. Private limited company 10 Anson Road, #26-04, International Plaza, Singapore 07990, SINGAPORE Tel. 65 9179 1176
ZENDESK UK LTD Foreign company not registered with the RCS Registered office: 30 Eastbourne terrace, London UK
METAPHORA LLC Foreign Company not registered with the RCS Registered office: 347 Fifth Ave. Suite 1402, New York, NY, 10016
STRIPE FRANCE SARLU with capital of €1,000 RCS Paris 807 572 011 Head office: 10 Boulevard Haussmann, 75009 Paris
SNAP GROUP SAS SASU with capital of €100 RCS Paris 820 920 056 Head office: 16 rue de la Rochefoucauld, 75009 Paris
PERFMAKER SAS with capital of €30,000 RCS Paris 833 952 831 Head office: 24 Boulevard St Denis, 75010 Paris
MONDIAL RELAY SASU with capital of €500,400 RCS Lille 385 218 631 Head office: 5 Avenue Antoine Pinay, 59510 Hem
CYBOT A/S Danish company DK34624607 Havnegade 39, 1058 Copenhagen, Denmark
KLAVIYO, INC. Incorporated company in the USA: 125 Summer St, Floor 6 Boston, MA 02111 United States
PUSHOWL. Creatorbox Softwares Private Limited, a company incorporated: #811, 10th A Main, Suite No. 909, 1st Floor, Indiranagar, Bangalore, Karnataka, India, 560038
RECHARGE, INC. Incorporated company in the USA: 3030 Nebraska Avenue, Los Angeles California US 90404
SHOPIFY INTERNATIONAL LIMITED. Attn: Data Protection Officer. c/o Intertrust Ireland: 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland
JUDGE.ME Ltd, C/O Buckworths 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB
USEDROP Creative Bot, Inc., 5224 Cheryl Avenue, Glendale, CA91214.
This list of the Data Controller's Subcontractors is subject to change at any time. The Data Controller undertakes to require its Subcontractors to provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the Processing meets legal and regulatory requirements and guarantees the protection of the rights of the Data Subject, in particular in the event of transfer of the Data outside the European Union. Furthermore, the Data Controller may communicate to any Recipient or Third Party the Data that is the subject of Processing when a legal obligation to do so exists or when the Data Controller considers in good faith that this is necessary to:
Enforce any contract to which the Data Subject is a party Safeguard the vital interests of any natural person The performance of a mission in the public interest.
In the event of a purchase of the Data Controller by a Third Party, the Data Controller reserves the right to share the Data with the Third Party purchaser subject to compliance with this Privacy Policy by this Third Party.
9 – Rights of the data subject over the data
The Data Subject has a certain number of rights over the Data that he or she can assert, unless there is an applicable legislative or regulatory exception, by making a request to the data controller at the following address:
K-EYES - ZI Les ferrières, Rue du liège, 83490 Le Muy - contact@k-eyes.com
The Data Controller will assist the Data Subject in exercising their rights over the Data. In the event of reasonable doubt as to the identity of the Data Subject making a request to exercise their rights over the Data, the Data Controller may request that a copy of an official identity document be attached to support the request. Requests will be processed as soon as possible and at the latest in accordance with the deadlines set by the Legislation.
As part of a direct mail campaign, the person concerned can subscribe to the Robinson list; the contact details will appear in the file for opposition to direct mail advertising. To register for the Robinson List, simply go to its official website and register there or contact the UFMD directly, Union Française du Marketing Direct – Service Liste Robinson – 1 rue François Vidal, CS30238, 33506 LIBOURNE CEDEX.
9.1 – Right of access
The Data Subject has the right to obtain from the Data Controller confirmation as to whether or not Data is being processed and, where it is, access to that Data and the following information:
The purposes of the processing
Data Categories
The Recipients or categories of Recipients to whom the Data have been or will be communicated, in particular Recipients who are established in third countries or international organizations
Where possible, the period for which the Data will be retained or, where this is not possible, the criteria used to determine this period.
The existence of the right to request from the Data Controller the rectification or erasure of Data, or a restriction of the processing of Data, or the right to object to such processing The right to lodge a complaint with a supervisory authority
Where the Data is not collected from the Data Subject, any available information as to its source
The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject.
The Data Controller provides a copy of the Data being Processed and reserves the right, in return for providing such copy, to pay a reasonable fee based on administrative costs for any additional copy requested by the Data Subject.
9.2 – Right to erasure and rectification
The Data Subject has the right to obtain from the Data Controller the rectification and/or erasure of inaccurate or obsolete Data as soon as possible, unless there is a contrary situation preventing the exercise of this right, and in particular:
The exercise of the right to freedom of expression and information
Compliance with a legal obligation
Public interest in the field of public health, archives, scientific or historical or statistical research
The establishment, exercise or defense of legal rights.
If K-EYES is not the holder and responsible for processing the data, particularly in the context where it is an advertiser for direct mail, the person concerned can subscribe to the Robinson list, the contact details will appear in the file of opposition to advertising canvassing by addressed mail. To register for the Robinson List, simply go to its official website and register there or contact the UFMD directly, Union Française du Marketing Direct – Service Liste Robinson – 1 rue François Vidal, CS30238, 33506 LIBOURNE CEDEX.
9.3 – Right of opposition
The data subject has the right to object at any time, for reasons relating to his or her particular situation, to Data Processing based on the performance of a task carried out in the public interest or the necessity of the legitimate interest of the Data Controller.
The Data Controller then undertakes to no longer process the Data, unless it demonstrates that there are legitimate and compelling reasons for the Processing which prevail over the interests and rights and freedoms of the Data Subject, or for the establishment, exercise or defense of legal claims. Furthermore, the Data Subject has the right to object at any time to the Processing of Data carried out for prospecting purposes by the Data Controller, to the extent that the Data Subject is linked to such prospecting.
Finally, when Data is processed for scientific or historical research purposes or for statistical purposes, the Data Subject has the right to object, for reasons relating to his or her particular situation, to the processing of the Data, unless the Processing is necessary for the performance of a task carried out in the public interest.
9.4 – Right to limitation
The Data Subject has the right to obtain from the Data Controller the restriction of the Processing of Data when:
The accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Data The processing is unlawful and the Data Subject opposes their erasure and requests instead the restriction of their use
The Data Controller no longer needs the Data for the purposes of the Processing, but they are still necessary for the Data Subject to establish, exercise or defend legal claims.
The Data Subject has objected to the Processing pursuant to Article 9.3, pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.
The Data Subject who has obtained the restriction of the Processing of Data is informed by the Data Controller before the restriction of processing is lifted.
9.5 – Right to data portability
The Data Subject has the right to receive the Data that he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another data controller without hindrance from the Data Controller, when:
The Processing is based on the Data Subject's Consent or on the performance of a contract to which the Data Subject is party;
The Processing is carried out using automated processes.
The Data Subject, when exercising his or her right to Data portability, has the right to obtain that the Data be transmitted directly from the Data Controller to another Data Controller, where technically feasible.
9.6 – Right to lodge a complaint with the supervisory authority
The Data Subject has the right to lodge a complaint with the Supervisory Authority if he or she considers that he or she is subject to unlawful Data Processing by the Data Controller.
9.7 – Right to define guidelines on the fate of data
The Data Subject has the right to define guidelines on the fate of the Data after his or her death with the Data Controller, who will use all technical means to ensure that this wish is respected.
10 – Data security
The Data Controller takes appropriate technical and organizational measures to protect the Data against destruction, loss, alteration, misuse and unauthorized access, modification or disclosure, whether these actions are intentional or accidental.
These technical and organizational measures aim to ensure the confidentiality, integrity, availability and resilience of the Site and the information systems where the Files are stored.
In order to secure the Person's Navigation, the Site is SSL (Secure Socket Layer) encrypted.
11 – Modification of the confidentiality policy
The Data Controller reserves the right to occasionally modify this Privacy Policy, in particular the list of Recipients in Article 8.
In the event of a substantial change to this Privacy Policy, the Data Subject will be personally informed of the new Privacy Policy.
The Data Subject is invited to regularly consult this Privacy Policy to be aware of any possible modifications to it.
The Data Subject may send his/her questions about this Privacy Policy to the data controller at the following address: contact@k-eyes.com
12 – Nullity of the privacy policy
If any of the provisions of this Privacy Policy are found to be void under a rule of law in force or a final court decision, they will then be deemed unwritten, without thereby rendering the entire Privacy Policy void or altering the validity of its other provisions.
13 – Cookie management
When browsing the Site, the Data Subject is required to consent to the installation of Cookies on their computer terminal.
In general, Cookies record information relating to the navigation of computers on the Site (the pages consulted, the date and time of consultation, etc.), information that may be read during subsequent visits by the Data Subject to the Site with transmission of the Data to the Data Controller. The installation of these Cookies requires the consent of the Data Subject.
Some Cookies are essential for the proper functioning of the Site and do not require the consent of the person concerned before their installation; these are called functional Cookies.
In accordance with Article 7 of this Privacy Policy, Cookies are automatically deleted within thirteen (13) months from their installation if the Data Subject does not renew his or her consent before the expiry of this period.
The Data Subject may refuse to give his/her consent to the installation of non-functional Cookies, withdraw his/her consent and/or configure the Cookies at any time by using the Data Controller's Cookie manager below or by configuring his/her browser as follows:
For Mozilla Firefox:
Select the “tool” menu then “Options”
Click on the “privacy” icon
Locate the “cookie” menu and select the options that suit you.
For Microsoft Internet Explorer 6.0:
Select the "Tools" menu, then "Internet Options". Click on the "Confidentiality" tab.
Select the desired level using the cursor.
For Microsoft Internet Explorer 5:
Choose the "Tools" menu, then "Internet Options". Click on the "Privacy" tab.
Customize Level » using the slider
For Netscape 6.X and 7.X:
Select the menu “Edit” > “Preferences” Privacy and Security
Cookies
For Opera 6.0 and above:
Choose the menu “File” > “Preferences” > “Privacy”.