Privacy Policy.
1 – Parties to this agreement
Between the undersigned: 1° The simplified joint-stock company K-EYES with a capital of 22,812.62 Euros, registered with the Fréjus Trade and Companies Register under number 979923240, whose registered office is located at ZI Les ferrières, Rue du liège, 83490 Le Muy, and having VAT number FR44979923240. Hereinafter referred to as the “Data Controller,” On the one hand, And 2° Any natural person browsing the Data Controller’s website; Hereinafter referred to as the “Data Subject,” On the other hand, It has been stated and agreed as follows:
2 – Purpose
This Privacy Policy applies, without restriction or reservation, between the Data Subject and the Data Controller. Its purpose is to provide information on how the Data Controller collects and processes certain personal data relating to the Data Subject, in accordance with applicable law, particularly European Regulation No. 2016/679 and Law No. 78-17 (hereinafter referred to as the “Legislation”), in connection with the use of the website www.k-eyes.com (hereinafter referred to as the “Site”) by the Data Subject. This Privacy Policy is an integral part of the Data Controller’s General Terms and Conditions of Sale.
3 – Definitions
Supervisory Authority means the French National Commission on Informatics and Liberty (CNIL), an independent public authority regulating Data protection;
Consent means any free, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they accept, through a statement or a clear affirmative action, that Data concerning them be processed by the Data Controller.
Cookie means a file that allows tracking the Data Subject’s journey on the Site.
Recipient means any natural or legal person, public authority, service, or other body that receives communication of the Data, whether or not it is a Third Party. However, public authorities that may receive communication of the Data, particularly as part of an investigation mission, are not considered Recipients within the meaning of this definition.
Data means any information relating to the Data Subject.
File means any structured set of Data accessible according to specified criteria, whether this set is centralized, decentralized, or functionally or geographically distributed.
Legislation means any law and regulation relating to Data protection, in particular European Regulation No. 2016/679 and Law No. 78-17.
Browsing means consulting, learning about, ordering, and/or purchasing Products on the Site by the Data Subject.
Data Subject means any natural person browsing the Site, as soon as they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more specific elements of their physical, physiological, genetic, mental, economic, cultural, or social identity.
Products means the products offered for sale on the Site by the Data Controller to the Data Subject.
Pseudonymization means the processing of Data in such a way that it can no longer be attributed to the Data Subject without additional information.
Data Controller means the simplified joint-stock company K-EYES, with a capital of 22,812.62 Euros, registered with the Paris Trade and Companies Register under number 821 239 878, whose registered office is located at ZI Les ferrières, Rue du liège, 83490 Le Muy, and having VAT number FR59821239878, who alone or jointly with others determines the purposes and means of the Processing.
Site means the infrastructure developed by the Data Controller according to computer formats usable on the Internet, including data of various kinds, notably texts, sounds, still or moving images, videos, databases, intended to be accessed by the Data Subject to learn about, book, order, and/or purchase Products (www.k-eyes.com).
Processor means any natural or legal person, public authority, service, or other body that processes Data on behalf of the Data Controller.
Third party means any natural or legal person, public authority, service, or other body other than the Data Controller, the Processor, and the persons under the direct authority of the Data Controller or the Processor who are authorized to process the Data, including tour operators, travel agencies, and booking systems.
Processing means any operation or set of operations performed or not using automated processes and applied to Data or sets of Data, such as limitation, erasure, or destruction.
4 – Principles related to processing
In accordance with the Law, the Data Controller commits to respecting the following principles for each Processing:
Lawfulness;
Fairness;
Transparency;
Purpose limitation; Data minimization; Accuracy;
Retention limitation; Integrity;
Confidentiality; Responsibility.
5 – Processed Data
As part of Browsing, the Data Controller collects and processes certain Data, including:
Personal information (name, first name, gender, postal address, email address, phone number, date of birth, age, registration and deregistration date for the customer account and the Data Controller's newsletter, messages exchanged with the Data Controller and its customer service).
Banking information (payment method, credit card number).
Information about your order (ordered products, delivery address, delivery tracking number, order price).
Technical information (browsing behavior on the Site, IP address, products added to the cart, consent collection).
6 – Context of processing
Data may be collected and processed by the Data Controller on various occasions, including:
Purchase of Products on the Site
Contact with the Data Controller Newsletter subscription
Creation of a referral link
Creation of a customer account
Browsing on the Site.
7 – Details of processing
|
Purpose of Processing |
Data concerned |
Legal basis for Processing |
Data retention period |
|
Management of product purchases and deliveries |
First name, last name, email address, postal address, phone number, delivery address, order placed, delivery tracking number, registration and deregistration date, payment method, payment method, credit card number |
Contract, legal obligation, and legitimate interest of the Data Controller to establish, exercise, and defend its rights in court |
10 years from the purchase of the Product EXCEPT 15 months from the purchase of the product for banking data (immediately for the visual cryptogram) |
|
Creation and management of customer accounts |
First name, last name, email address, postal address, phone number, customer account creation date, customer account deletion date, consent collection |
Consent of the Data Subject, legitimate interest of the Data Controller to create a customer account following a product purchase by the Data Subject |
3 years from the last login of the Data Subject to their customer account OR immediately from the deletion of their customer account |
|
Commercial relationship management and prospecting |
First name, last name, email address, postal address, phone number, purchase history, consent collection |
Consent of the Data Subject, legitimate interest of the Data Controller to promote its Products |
3 years from the last contact by the Data Subject or from the end of the commercial relationship |
|
Newsletter management |
Email address, first name, last name, phone number, consent collection |
Consent of the Data Subject |
Upon unsubscription |
|
Site security and improvement |
IP address, browsing data |
Legitimate interest of the Data Controller to improve the Site and manage the Site, secure and administer the Site, prevent fraud and malicious acts. |
13 months |
|
Complaint management, Site statistics, and personalized advertising |
First name, last name, email address, postal address, phone number, IP address, browsing data, consent collection |
Consent of the Data Subject and their Products and customer service. |
3 years from the last |
|
Referral |
Email address, first and last name, consent collection |
Consent of the Data Subject |
3 years after the referral link request |
The Data Controller reserves the right to anonymize the Data being processed before deleting it. The anonymized data may then be processed for statistical purposes.
8 – Data Recipients
As a rule, the Data Controller is the sole Recipient of the Data. However, the Data Controller may transfer the Data to Recipients, particularly in the context of managing Product purchases by the Data Subject, and/or to any public authority that requests it, especially as part of an investigation mission. The following Recipients may process your data as Sub-processors on behalf of the Data Controller:
FACEBOOK FRANCE SARLU with a capital of €4,950,000 RCS Paris 630 085 802 Headquarters: 6 rue Menars, 75002 Paris
GOOGLE FRANCE SARLU with capital of 7,500€ RCS Paris 443 061 841 Headquarters: 8 rue de Londres, 75009 Paris
CRITEO SA with capital of 1,677,273€ RCS Paris 484 786 249 Headquarters: 32 rue Blanche, 75009 Paris
OUTBRAIN UK LIMITED Foreign company registered with the RCS RCS Paris 534 895 727
AWIN SAS SASU with capital of 58,050€ RCS Paris 432 845 964 Headquarters: 8 rue Saint Fiacre, 75002 Paris
TWITTER FRANCE SAS SASU with capital of 37,000€ RCS Paris 789 305 596 Headquarters: 10 rue de la Paix, 75002 Paris
DIDUENJOY SAS with capital of 1,000€ RCS Paris 801 901 273 Headquarters: 42 rue Jean Baptiste Pigalle, 75009 Paris
DATABILITY SOLUTIONS PVT LTD Incorporated company in the USA Headquarters: 2035 Sunset Lake Road Suite B2, Newark New Jersey 19702 USA
TRADEDOUBLER SARLU with capital of 7,622.45€ RCS Nanterre 431 573 716 Headquarters: 8 rue Barthélémy d’Anjou, 92100 Boulogne Billancourt
SHIPUP SAS with capital of 1,258€ RCS Nanterre 822 856 068 Headquarters: 47 rue Marcel Dassault, 92100 Boulogne Billancourt
ALPHA DIRECT SERVICES SASU with capital of 22,912,625€ RCS Beauvais 533 296 240 Headquarters: rue Hyppolite Bayard, 60000 Beauvais
LA POSTE SA with capital of 3,800,000,000€ RCS Paris 356 000 000 Headquarters: 9 rue du Colonel Pierra Avia, 75015 Paris
UPS UNITED PARCEL SERVICE FRANCE SAS with capital of 57,069,000.00€ R.C.S. Paris 334 175 221 Headquarters 20 RUE ESCOFFIER 75012 Paris
ANAFORE PTE LTD. Private limited company 10 Anson Road, #26-04, International Plaza, Singapore 07990, SINGAPORE Tel. 65 9179 1176
ZENDESK UK LTD Foreign company not registered with the RCS Headquarters: 30 Eastbourne terrace, London UK
METAPHORA LLC Foreign company not registered with the RCS Headquarters: 347 Fifth Ave. Suite 1402, New York, NY, 10016
STRIPE FRANCE SARLU with capital of 1,000€ RCS Paris 807 572 011 Headquarters: 10 Boulevard Haussmann, 75009 Paris
SNAP GROUP SAS SASU with capital of 100€ RCS Paris 820 920 056 Headquarters: 16 rue de la Rochefoucauld, 75009 Paris
PERFMAKER SAS with capital of 30,000€ RCS Paris 833 952 831 Headquarters: 24 Boulevard St Denis, 75010 Paris
MONDIAL RELAY SASU with capital of 500,400€ RCS Lille 385 218 631 Headquarters: 5 Avenue Antoine Pinay, 59510 Hem
CYBOT A/S Danish company DK34624607 Havnegade 39, 1058 Copenhagen, Denmark
KLAVIYO, INC. Incorporated company in the USA : 125 Summer St, Floor 6 Boston, MA 02111 United States
PUSHOWL. Creatorbox Softwares Private Limited, a company incorporated : #811, 10th A Main, Suite No. 909, 1st Floor, Indiranagar, Bangalore, Karnataka, India, 560038
RECHARGE, INC. Incorporated company in the USA : 3030 Nebraska Avenue, Los Angeles California US 90404
SHOPIFY INTERNATIONAL LIMITED. Attn: Data Protection Officer. c/o Intertrust Ireland: 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland
JUDGE.ME Ltd, C/O Buckworths 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB
USEDROP Creative Bot, Inc., 5224 Cheryl Avenue, Glendale, CA91214.
This list of the data controller’s Subcontractors may change at any time. The data controller undertakes to require its Subcontractors to provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the Processing complies with legal and regulatory requirements and ensures the protection of the Data Subject’s rights, especially in the event of Data transfer outside the European Union. Furthermore, the data controller may disclose the Data being processed to any Recipient or Third Party when there is a legal obligation to do so or when the data controller in good faith considers it necessary to:
To execute any contract to which the Data Subject is a party To protect the vital interests of any natural person The performance of a task carried out in the public interest.
In the event of the data controller being purchased by a Third Party, the data controller reserves the right to share the Data with the purchasing Third Party provided that this Third Party complies with this Privacy Policy.
9 – Rights of the data subject over the data
The Data Subject has a number of rights over the Data that they can assert, except where legislative or regulatory exceptions apply, by making a request to the data controller at the following address:
K-EYES - ZI Les ferrières, Rue du liège, 83490 Le Muy - contact@k-eyes.com
The data controller will assist the Data Subject in exercising their rights over the Data. In case of reasonable doubt about the identity of the Data Subject making a request to exercise their rights over the Data, the data controller may request a copy of an official identity document to support the request. Requests will be processed as quickly as possible and at the latest within the deadlines set by the Legislation.
In the context of direct mail, the Data Subject can register on the Robinson List; the contact details will be included in the opposition file to advertising solicitation by mail. To register on the Robinson List, simply visit its official website and sign up there or contact UFMD directly, Union Française du Marketing Direct – Robinson List Service – 1 rue François Vidal, CS30238, 33506 LIBOURNE CEDEX.
9.1 – Right of access
The Data Subject has the right to obtain from the Data Controller confirmation as to whether Data are or are not being processed and, when they are, access to said Data as well as the following information:
The purposes of the processing.
The categories of Data.
The Recipients or categories of Recipients to whom the Data have been or will be disclosed, in particular Recipients established in third countries or international organizations.
Where possible, the retention period of the Data or, when not possible, the criteria used to determine this period.
The existence of the right to request from the Data Controller the rectification or deletion of Data, or a restriction of Data processing, or the right to object to this processing. The right to lodge a complaint with a supervisory authority.
When the Data is not collected from the Data Subject, any available information about its source.
The existence of automated decision-making, including profiling, and, at least in such cases, useful information about the underlying logic, as well as the significance and expected consequences of this processing for the Data Subject.
The Data Controller provides a copy of the Data being processed and reserves the right, in return for providing this copy, to charge reasonable fees based on administrative costs for any additional copy requested by the Data Subject.
9.2 – Right to deletion and rectification
The Data Subject has the right to obtain from the Data Controller the rectification and/or deletion of inaccurate or outdated Data as soon as possible except in situations preventing the exercise of this right, in particular:
The exercise of the right to freedom of expression and information.
Compliance with a legal obligation.
The public interest in the field of public health, archives, scientific or historical or statistical research.
The observation, the exercise or the defense of rights in court.
If K-EYES is not the holder and controller of the data processing, notably when it acts as an advertiser for direct mail, the Data Subject can register on the Robinson list, the contact details will be included in the file for objection to advertising solicitation by postal mail. To register on the Robinson List, simply visit its official website and sign up or contact directly the UFMD, French Union of Direct Marketing – Robinson List Service – 1 rue François Vidal, CS30238, 33506 LIBOURNE CEDEX.
9.3 – Right to object
The Data Subject has the right to object at any time, for reasons related to their particular situation, to Processing of Data based on the performance of a task carried out in the public interest or the necessity of the legitimate interest of the Data Controller.
The Data Controller then undertakes to no longer process the Data, unless they demonstrate that there are legitimate and compelling grounds for the Processing that override the interests and rights and freedoms of the Data Subject, or for the establishment, exercise, or defense of legal rights. Furthermore, the Data Subject has the right to object at any time to the Processing of Data carried out for marketing purposes by the Data Controller, insofar as the Data Subject is linked to such marketing.
Finally, when Data is processed for scientific or historical research purposes or for statistical purposes, the Data Subject has the right to object, for reasons related to their particular situation, to the processing of the Data, unless the Processing is necessary for the performance of a task carried out in the public interest.
9.4 – Right to restriction
The Data Subject has the right to obtain from the Data Controller the restriction of Processing of the Data when:
The accuracy of the Personal Data is contested by the Data Subject for a period allowing the Data Controller to verify the accuracy of the Data. The processing is unlawful and the Data Subject objects to its deletion and instead requests the restriction of its use.
The Data Controller no longer needs the Data for the purposes of Processing but the Data is still necessary for the Data Subject to establish, exercise, or defend legal rights.
The Data Subject objected to the Processing in accordance with Article 9.3, during the verification of whether the legitimate grounds pursued by the Data Controller override those of the Data Subject.
The Data Subject who has obtained the restriction of Data Processing is informed by the Data Controller before the restriction is lifted.
9.5 – Right to data portability
The Data Subject has the right to receive the Data they provided to the Data Controller in a structured, commonly used, and machine-readable format, and has the right to transmit this data to another data controller without the Data Controller hindering this, when:
The Processing is based on the Consent of the Data Subject or on the performance of a contract to which the Data Subject is a party;
The Processing is carried out using automated methods.
The Data Subject, when exercising their right to Data portability, has the right to have the Data transmitted directly from the Data Controller to another data controller, when technically feasible.
9.6 – Right to file a complaint with the supervisory authority
The Data Subject has the right to file a complaint with the Supervisory Authority if they believe they are subject to illegal Data Processing by the Data Controller.
9.7 – Right to set instructions on the fate of data
The Data Subject has the right to set instructions on the fate of the Data after their death with the Data Controller, who will use all technical means to enforce this will.
10 – Data security
The Data Controller takes appropriate technical and organizational measures to protect the Data against destruction, loss, alteration, misuse, unauthorized access, modification, or disclosure, whether these actions are intentional or accidental.
These technical and organizational measures aim to ensure the confidentiality, integrity, availability, and resilience of the Site and the information systems where the Files are stored.
To secure the User's Browsing, the Site is SSL (Secure Socket Layer) encrypted.
11 – Changes to the privacy policy
The Data Controller reserves the right to occasionally modify this Privacy Policy, particularly the list of Recipients in Article 8.
In the event of a substantial change to this Privacy Policy, the Data Subject will be personally informed of the new Privacy Policy.
The Data Subject is invited to regularly review this Privacy Policy to be aware of any changes to it.
The Data Subject can send questions about this Privacy Policy to the Data Controller at the following address: contact@k-eyes.com
12 – Invalidity of the Privacy Policy
If any provision of this Privacy Policy is found to be invalid under applicable law or a final court decision, it shall be deemed unwritten without nullifying the entire Privacy Policy or affecting the validity of its other provisions.
13 – Cookie Management
While browsing the Site, the Data Subject is asked to consent to the installation of Cookies on their device.
Generally, Cookies record information related to computer navigation on the Site (pages visited, date and time of visit, etc.), which can be read during subsequent visits by the Data Subject with transmission of Data to the Data Controller. Installing these Cookies requires the Data Subject’s consent.
Some Cookies are essential for the proper functioning of the Site and do not require the Data Subject’s consent before installation; these are called functional Cookies.
In accordance with Article 7 of this Privacy Policy, Cookies are automatically deleted thirteen (13) months after installation if the Data Subject does not renew consent before this period expires.
The Data Subject can refuse to give consent for the installation of non-essential Cookies, withdraw consent, and/or configure Cookies at any time using the Data Controller’s Cookie manager below or by configuring their browser as follows:
For Mozilla Firefox:
Choose the "tools" menu then "Options"
Click on the "privacy" icon
Locate the "cookie" menu and select the options that suit you
For Microsoft Internet Explorer 6.0:
Choose the "Tools" menu, then "Internet Options." Click on the "Privacy" tab
Select the desired level using the slider.
For Microsoft Internet Explorer 5:
Choose the "Tools" menu, then "Internet Options." Click on the "Privacy" tab
Customize the level using the slider
For Netscape 6.X and 7.X:
Choose the "Edit" > "Preferences" > Privacy and Security menu
Cookies
For Opera 6.0 and later:
Choose the "File" > "Preferences" > Privacy menu.