Privacy policy

PREAMBLE

This privacy policy applies to the site: oceanheritage.com

The purpose of this confidentiality policy is to expose users of the site to:

The way in which their personal data is collected and processed. All data capable of identifying a user must be considered personal data. These include the first and last name, age, postal address, email address, location of the user or even their IP address.

What are the rights of users regarding this data.

Who is responsible for the processing of personal data collected and processed.

To whom this data is transmitted.

Possibly, the site's policy regarding "cookie" files.



ARTICLE 1: GENERAL PRINCIPLES REGARDING DATA COLLECTION AND PROCESSING

In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of data from users of the site respects the following principles:

Lawfulness, loyalty and transparency: data can only be collected and processed with the consent of the user who owns the data. Each time personal data is collected, the user will be informed that their data is being collected, and for what reasons their data is being collected.

Limited purposes: the collection and processing of data is carried out to meet one or more objectives determined in these general conditions of use.

Minimization of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the site are collected.

Retention of data reduced over time: data is retained for a limited period, of which the user is informed. When this information cannot be communicated, the user is informed of the criteria used to determine the retention period.

Integrity and confidentiality of data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.

In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data can only take place if they comply with at least one of the conditions below. after listed:

The user has expressly consented to the processing.

The processing is necessary for the proper performance of a contract.

The processing meets a legal obligation.

The processing is justified by a necessity linked to the protection of the vital interests of the data subject or of another natural person.

The processing may be explained by a necessity linked to the execution of a mission of public interest or which falls within the exercise of public authority.

The processing and collection of personal data is necessary for the purposes of the legitimate and private interests pursued by the controller or by a third party.

ARTICLE 2: PERSONAL DATA COLLECTED AND PROCESSED IN THE CONTEXT OF BROWSING THE SITE

A. DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION

The personal data collected on the Oceanheritage.com site are as follows:

Identity: title, surname, first name, address, delivery address, telephone number, email address, date of birth, internal processing code allowing identification of the customer, data relating to registration on opposition lists.

Data relating to orders: transaction number, details of purchases, amount of purchases, data relating to the payment of invoices (payments, unpaid amounts, discounts), product returns.

Data relating to means of payment: not collected on the e-commerce site, only by the banking establishment in charge of validating payment by credit card.

Data necessary for carrying out loyalty and prospecting actions: purchase history.

This data is collected when the user performs one of the following operations on the site:

When the user accepts cookies.

When the user creates a customer account.

When an order is placed.

Furthermore, when paying on the site, proof of the transaction including the order form and invoice will be kept in the site publisher's computer systems.

The data controller will keep all the data collected in its site computer systems under reasonable security conditions for the following periods:

If you request deletion, rectification or restitution, this action must be carried out within one month.

The data of a user who has been inactive for 3 years is deleted or anonymized in order to maintain their statistical value.

The collection and processing of data serves the following purposes:

Identification data (last name/first name, delivery address, telephone number) is used to manage orders and carry out delivery.

The date of birth can be used to send the customer either a gift or a personalized promotional offer on their birthday.

The users' email address provided during any order is used to inform the customer about the progress of their order.

The email address of users who have agreed to receive the Newsletter is used for newsletters.

Location or IP address data is used to better target advertisements or products offered to the user.

The contact details can be used for sending a Newsletter if the user has accepted this option.

Delivery details are used to deliver orders to the user.

Data recipients

Ocean Heritage Laboratory's customer and billing services receive all categories of data.

Our subcontractors, responsible for delivering orders, are recipients of the identity, address and telephone number of our customers.

The email addresses of customers who have agreed to receive the newsletter are made available to the Marketing department of Ocean Heritage Laboratory.

B. TRANSMISSION OF DATA TO THIRD PARTIES

The personal data collected by the site are not transmitted to any third party (except for the first and last name, postal address and telephone number which are transmitted to the delivery service as part of the delivery of an order) , and are only processed by the site editor.

C. DATA HOSTING

The Oceanheritage.com site is hosted by: shopify

The data collected and processed by the site are exclusively hosted and processed in France.



ARTICLE 3: DATA PROCESSING RESPONSIBLE AND DATA PROTECTION DELEGATE

A. THE DATA PROCESSOR

The person responsible for processing personal data is: Jacques Le Bozec

He can be contacted as follows:

By email to contact@ocean-heritage.com

The data controller is responsible for determining the purposes and means used to process personal data.

B. OBLIGATIONS OF THE DATA PROCESSOR

The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user having been informed and to respect the purposes for which these data were collected.

The site has an SSL certificate to ensure that information and data transfer passing through the site are secure

An SSL certificate (“Secure Socket Layer” Certificate) aims to secure the data exchanged between the user and the site.

In addition, the data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this entails disproportionate formalities, costs and procedures for the user.

In the event that the integrity, confidentiality or security of the user's personal data is compromised, the data controller undertakes to inform the user by any means.

C. THE DATA PROTECTION OFFICER

Furthermore, the user is informed that the following person has been appointed Data Protection Officer: Jacques Le BOZEC.

The role of the Data Protection Officer is to ensure the proper implementation of national and supranational provisions relating to the collection and processing of personal data. He is sometimes called DPO (for Data Protection Officer).

The data protection officer can be contacted as follows:

By email to contact@ocean-heritage.com



ARTICLE 4: USER RIGHTS

In accordance with the regulations concerning the processing of personal data, the user has the rights listed below.

In order for the data controller to grant his request, the user is required to communicate to him: his first and last name as well as his email address, and if relevant, his account or personal space number or subscriber.

The data controller is required to respond to the user within a maximum of 30 (thirty) days.

To assert their rights, the user can contact the data protection officer via the contact page on the website www.ocean-heritage.com., at the address contact@ocean-heritage.com

A. PRESENTATION OF THE USER’S RIGHTS REGARDING DATA COLLECTION AND PROCESSING

Right of access, rectification and right to erasure.

The user can read, update, modify or request the deletion of data concerning him, by respecting the procedure set out below:

The user must send an e-mail to the person responsible for personal data, specifying the subject of their request and using the contact e-mail address provided above.

If he has one, the user has the right to request the deletion of his personal space by following the following procedure:

The user must send an e-mail to the person responsible for processing personal data, specifying the name used for their customer account and using the contact e-mail address provided above. The request for deletion of data will be processed within 30 working days.

Right to data portability.

The user has the right to request the portability of his personal data, held by the site, to another site, by complying with the procedure below:

The user must make a request for portability of their personal data to the person responsible for processing personal data using the contact email address provided above.

Right to restriction and opposition to data processing

The user has the right to request the limitation or to oppose the processing of his data by the site, without the site being able to refuse, unless he demonstrates the existence of legitimate and compelling reasons, which can prevail over the interests and the rights and freedoms of the user.

In order to request the limitation of the processing of their data or to formulate an opposition to the processing of their data, the user must follow the following procedure:

The user must make a request to limit the processing of their personal data to the personal data controller using the contact email address provided above.

Right not to be subject to a decision based exclusively on an automated process

In accordance with the provisions of Regulation 2016/679, the user has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects concerning him, or significantly affects him in a way similar way.

Right to determine the fate of data after death

The user is reminded that he can organize what should happen to his data collected and processed if he dies, in accordance with law no. 2016-1321 of October 7, 2016.

Right to refer the matter to the competent supervisory authority

In the event that the data controller decides not to respond to the user's request, and the user wishes to contest this decision, or, if he believes that one of the rights listed above, he is entitled to refer the matter to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr) or any competent judge.

B. PERSONAL DATA OF MINORS

In accordance with the provisions of Article 8 of European Regulation 2016/679 and the Data Protection Act, only minors aged 15 or over can consent to the processing of their personal data.

If the user is a minor under 15 years of age, the consent of a legal representative will be required so that personal data can be collected and processed.

The site editor reserves the right to verify by any means that the user is over 15 years old, or that he or she has obtained the consent of a legal representative before browsing the site.



ARTICLE 5: USE OF “COOKIES” FILES

The site may use “cookies” techniques.

A "cookie" is a small file (less than 4 KB), stored by the site on the user's hard drive, containing information relating to the user's browsing habits.

These files allow it to process statistics and traffic information, facilitate navigation and improve the service for user comfort.

For the use of "cookies" files involving the saving and analysis of personal data, the user's consent is necessarily requested.

This user consent is considered valid for a maximum period of 13 (thirteen) months. At the end of this period, the site will again request the user's authorization to save "cookies" files on their hard drive.

User opposition to the use of “cookies” files by the site

The user is informed that he can oppose the recording of these “cookies” files by configuring his browser software.

For information, the user can find at the following addresses the steps to follow in order to configure their browser software to oppose the recording of “cookies” files:

Chrome: https://support.google.com/accounts/answer/61416?hl=frFirefox: https://support.mozilla.org/fr/kb/enable-and-disable-cookies-website-preferences
Firefix: https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences?redirectlocale=fr&redirectslug=Activer+et+d%C3%A9sactiver+les+cookies

Safari: http://www.apple.com/legal/privacy/fr-ww/

Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies

Opera: http://www.opera.com/help/tutorials/security/cookies/

If the user decides to deactivate "cookies" files, they will be able to continue browsing the site. However, any malfunction of the site caused by this manipulation cannot be considered to be the fault of the site publisher.

Description of the “cookies” files used by the site

The site editor draws the user's attention to the fact that the following cookies are used during navigation:

_utma: This cookie is associated with Google Analytics. It is used to distinguish unique visitors to a site. It is set to expire after 2 years.

_utmz: This cookie is associated with Google Analytics. It stores information useful for identifying a traffic source. It is set to expire after 6 months.

_ga: This cookie is associated with Google Analytics. It helps distinguish unique users by assigning a randomly generated number as the customer ID. It is set to expire after 14 months.

_gid: This cookie is associated with Google Analytics. It stores and updates a unique value for each page visited.



ARTICLE 6: CONDITIONS FOR MODIFICATION OF THE CONFIDENTIALITY POLICY

The site editor reserves the right to modify it in order to guarantee its compliance with current law. Consequently, the user is invited to regularly consult this confidentiality policy in order to stay informed of the latest changes that will be made to it.

The user is informed that the last update of this confidentiality policy took place on: 05/12/2021.

Your personal data is collected and processed by Ocean Heritage Laboratory, as indicated in the legal notices, which therefore acts as data controller.

What categories of data are processed?

We process the data of our customers, people sponsored by customers and users of the site:
• Identity, contact details (telephone number, email);
• Data relating to the connection: identifier, date and time of connection, etc.;
• Data relating to navigation on the site;
• Data relating to transactions carried out (products and services purchased, expenses incurred, promotional codes), etc.;
• Data relating to the loyalty program: loyalty card, number of points, rewards requested, emails and SMS sent, etc.
The data collected during your browsing on the site and use of the service is optional. The data collected as part of the loyalty program is mandatory. Otherwise, the loyalty program will not be able to function properly.

For what purposes and on what legal basis?

Creation and management of a loyalty program:
Execution of the contract
Sending commercial solicitation messages:
Consent by SMS: Exception relating to the sending of messages relating to offers and services similar to those already purchased
Response to contact from you: Consent
Production of statistics: legitimacy of the company (improvement of the loyalty program and commercial events, measurement of the site's audience and improvement of its ergonomics)

Who is the recipient of the collected data?

Recipients of all or part of the data, depending on their needs:
• Our staff responsible for managing and running the loyalty program and commercial relations
• The relevant personnel of our service providers and suppliers (e.g.: host, service provider in charge of the loyalty program, etc.).
• The data is entrusted to service providers under conditions likely to result in the transfer of data outside the European Union (United States). These transfers are secured by signing standard contractual clauses with the service providers concerned.

For what durations is the data collected?

Data relating to the management of the loyalty program is kept for the duration of the commercial relationship plus 3 years.
Data relating to the sending of commercial solicitations is kept for 3 years from the last contact.
Data relating to people sponsored by our clients is not kept unless the sponsored person registers on our services.
Data collected via cookies is retained for a maximum of 13 months.


What are your rights and how to exercise them?

In accordance with the Data Protection Act of 01/6/1978 as amended and the General Data Protection Regulations which came into force on May 25, 2018, you have the right to access, rectify, delete, opposition and portability of personal data concerning you.
You can revoke the consent you gave at any time.
You also have the right to define directives relating to the fate of your data after your death.
To exercise these rights, you can write indicating your name, first name, address and, if possible, customer number, providing information likely to prove your identity:
• At the following address: 74 F Rue de Paris, 35000 RENNES
• By e-mail: contact@ocean-heritage.com
You can also exercise your rights by going directly to our establishment.
You have the right to lodge a complaint with us with the supervisory authority.