Privacy policy

Purpose of this policy

La QUINCAILLERIE is committed to security, confidentiality and the ongoing protection of the personal data (the "Data") of the users of its services, in accordance with current French and European regulations, in particular the amended French Data Protection Act of January 6, 1978 (LIL) and the General Data Protection Regulation of April 27, 2016 (RGPD).

The purpose of this policy is to inform you of the rules we apply to Data protection. In particular, it describes how we collect and process your Personal Data and how you can exercise your rights with regard to this Data. 

La QUINCAILLERIE is responsible for processing Personal Data collected via the Website. This means that we determine the purpose and means of processing the Personal Data collected.

We apply a strict policy to guarantee the protection of your Data.

Policy scope

This policy covers the use of our Site and the services accessible from this Site.

The data we collect

LA QUINCAILLERIE is likely to collect your Data in the following cases:

• We collect your Data through the form you fill in on our Website to subscribe to our services.

• We also collect your Data when you correspond with us, in particular with our customer service department, by e-mail or telephone. In this case, we may keep a copy of the exchange.

• We may also collect your Data when you interact with us on social networks.

The categories of Data we process are as follows:

• Data identifying the individual (surname, first name, date of birth, e-mail address, postal address, telephone number)
• Data relating to operations and transactions carried out in connection with orders placed on the Site (receipt and issue of payments)
• Data on contact and interaction with us: messages, emails, calls, interaction on our Site.
• Browsing data: cookies and IP address. We use cookies to enable you to access your reserved and personal areas. To find out more about our policy on the use of cookies, please consult our "Cookie handling policy" available HERE.

We do not perform any processing of Personal Data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as the processing of biometric data or genetic data, pursuant to Article 9 of the European General Data Protection Regulation 2016/679 of April 27, 2016.

• Use of collected data

We collect and process your Personal Data for specific, explicit and legitimate purposes. In this respect, we use your Data in the context of the performance of the service contract you enter into with us. The purposes and legal bases are as follows:

PURPOSE	LEGAL BASES
Carry out customer management operations concerning orders, deliveries, invoices, loyalty programs and customer relations.	This processing is necessary for the performance of our respective contractual obligations and/or is carried out with your consent.
Build up a file of users, customers and prospects.	This processing is based on your consent and/or our legitimate interest (providing you with relevant information).
Send newsletters, solicitations and promotional messages.	This processing is based on your consent and/or our legitimate interest (providing you with relevant information).
Manage people's opinions on products, services or content;	This processing is based on our legitimate interests.
Manage any disputes arising from the use of our products and services;	This processing is (i) necessary for the performance of our respective contractual obligations, and/or (ii) necessary for the establishment, exercise or defense of legal claims.
Meet our legal and regulatory obligations.	This processing is (i) necessary for the performance of our respective contractual obligations, (ii) carried out with your consent and/or (iii) necessary for the establishment, exercise or defence of legal claims.
To manage our Site and carry out internal technical operations in the context of problem resolution, testing and research.	This processing is based on our legitimate interests (ensuring the security of our Tool and improving its features).

When we collect your personal data, we inform you whether certain information is mandatory or optional. Mandatory data is required for the operation of our services. For optional data, you are entirely free to choose whether or not to provide it. We will also inform you of the possible consequences of failing to do so. 

Commercial prospecting

In accordance with applicable legislation and with your consent where required, we may use the data you provide us with for marketing purposes (for example to (i) send you our newsletters, (ii) send you invitations to our events or any other communication likely to be of interest to you).

You may withdraw your consent at any time by (i) clicking on the unsubscribe link provided in each of our communications or (ii) contacting us at ecommerce@laquincaillerie.com.

Recipients of collected data

Only the authorized and specified persons mentioned below may have access to some of your Data:

• QUALIFIED PERSONNEL ;
• The subcontractors of the FACTORY who act in the name and on behalf of the FACTORY;
• Authorized third parties, such as the relevant courts, mediators, chartered accountants, statutory auditors, lawyers, bailiffs and debt collection agencies,
• Third parties who may place cookies on your terminals with your consent (for more details, consult our "Cookie processing policy" available HERE).

Your Data will not be communicated, exchanged, sold or rented to anyone other than those mentioned above.

Data storage and transfer outside the EU

All our servers on which your data is stored and those of the service providers used to exchange and store this data are located in Europe.

To this end, the Data we collect is stored on the servers of our service provider, as indicated in the legal notice, which guarantees a high level of security.

In the event that we use subcontractors located outside the European Union, we undertake to ensure that our subcontractors present protection measures recognized as sufficient within the meaning of the RGPD. This may include, in particular, subcontractors located in any other country recognized by the European Union as ensuring an adequate level of protection for personal data ("Adequacy Decision"), subject to a data transfer agreement that complies with the standard contractual clauses adopted by the European Commission or, any other protection measure recognized as sufficient by the European Commission.

Security

We inform you that we take all necessary precautions and appropriate organizational and technical measures to preserve the security, integrity and confidentiality of your Personal Data, and in particular to prevent it from being distorted, damaged or accessed by unauthorized third parties. We also use secure payment systems that comply with the state of the art and applicable regulations.

Data retention period

We keep your Data only as long as is necessary for the purposes for which it is to be used.

La QUINCAILLERIE keeps your Data for as long as your account remains active, unless you request its deletion or that of your account.

The following categories of personal data may also be stored for different periods of time:

• Financial data relating to the invoicing of your orders (e.g. payments) are kept for the length of time required by applicable tax and accounting laws;
• Data used for commercial canvassing purposes may be kept for a period of three years from the deletion of your account, unless you have decided to exercise your right to object under the conditions set out below.
• Data enabling us to establish proof of a right or contract, or retained to comply with a legal obligation, may be subject to an intermediate archiving policy in order to meet our legal, accounting and tax obligations. This applies in particular to the 5-year statute of limitations stipulated in article 2224 of the French Civil Code.

User rights

In accordance with the applicable regulations, you have the following rights when your Data is processed:

Right of access (Article 15 of the RGPD): you have the right to obtain from us confirmation that Data concerning you is or is not being processed as well as to receive a copy of all the Data we hold about you ;

Right of rectification (Article 16 of the GDPR): you have the right to request the correction of the Data we hold about you if it is incomplete or incorrect. In this case, we may ask you to verify the new Data provided ;

Right to be forgotten (Article 17 of the RGPD): You can ask us to delete your Data when we no longer have a legitimate interest in holding it ;

Right to limitation (Article 18 of the RGPD): You may in certain cases obtain from us the limitation of the processing of your Data ;

Right to portability (Article 20 of the RGPD): You may receive from us the Data concerning you in a structured, commonly used and machine-readable format, for the purposes in particular of transmission to a third party. Where technically possible, you also have the right to obtain that the Data concerning you be transmitted directly to that third party ;

Right to object (Articles 21 and 22 of the RGPD): You may object at any time to the processing of your Data for reasons relating to your particular situation or when your Data is processed for canvassing purposes ;

Right to withdraw your consent(Article 13-2 c of the RGPD): You have the right to withdraw your consent to the processing of your Data at any time, which will not render prior processing based on that consent unlawful.

The right to determine what happens to your Data after your death, and to choose whether or not we pass on your Data to a third party designated by you. In the event of your death, and in the absence of any instructions from you, we undertake to destroy your data, unless its retention is necessary for evidentiary purposes or to meet a legal obligation.

Exercising your rights

You can exercise your rights by sending a request to our customer support at the addresses below. Any request to exercise a right must be accompanied by a copy of your identity document. A reply will be sent to you within one month of receipt of your request. To this end, we may ask you for additional information or documents.

Please note that you do not need to pay a fee to access your personal data or exercise your rights. However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive.

If you have any questions about the processing of your Personal Data or if you have any comments, requests or complaints about the confidentiality of your Personal Data, please contact us at :

• By email: ecommerce@laquincaillerie.com
• By mail: STYLES BRONZES / LA QUINCAILLERIE - 4 Boulevard Saint Germain 75005 PARIS

Complaint to the Commission Nationale de l'Informatique et des Libertés (CNIL) (French Data Protection Authority)

If the data subject's rights have not been respected, and after contacting the Data Controller, the data subject may lodge a complaint with the CNIL :

Commission Nationale de l'Informatique et des Libertés, 3 Place de Fontenoy, 75334 PARIS

Useful link: https: //www.cnil.fr/fr/webform/adresser-une-plainte

Modification of the privacy policy

We reserve the right to modify this Privacy Policy at any time. The most current version of this Privacy Policy governs our use of your information and will always be available in your account or upon request to JEAN CHARDIN.