PRIVACY POLICY
This Privacy Policy applies to the personal data (hereafter the “Personal Data”) of users of the A.P.C. website (hereafter the “Website”) as well as of all our customers (whether store or Website customers).
1. Personal Data
All Personal Data collected on the Website are processed in accordance with the regulations applicable to Personal Data protection, specifically European Regulation n°2016/679 dated April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter the GDPR), as well as with any legislation or regulation which may complement or be substituted for the GDPR (hereafter the “Data Protection Legislation).
The processing of your Personal Data and the nature of such processing activities are defined in the processing table.
1.1. Who processes and has access to you Personal Data?
1.1.1 Data controller
All Personal Data collected on the Website, or at the time of creation of your store client account are processed under the responsibility of ATELIER DE PRODUCTION ET DE CREATION “A.P.C.”, a simplified joint stock company, registered under n° 334 140 167 on the Paris Trade Register, and having its registered office at 39 RUE MADAME, 75006, PARIS (hereafter “A.P.C.” or “we”). Within the meaning of the Data Protection Legislation, A.P.C. is the data controller for these processing activities.
1.1.2 Recipients
Within A.P.C., and with regard to each processing activity, your Personal Data are only communicated or made accessible to persons by whom it is required for the needs and purpose of the relevant processing activity.
Your Personal Data may also be communicated to third parties for the purpose of the relevant processing activity.
Recipients or categories of recipients of your Personal Data are identified in the processing table.
1.1.3 Transfer of Personal Data outside the European Union
In principle, your Personal Data are stored in servers located within the European Union. However, we may sometimes transfer some of your Personal Data to third-party recipients, external to A.P.C., located in various countries, including outside the European Union. Such transfers of Personal Data to countries outside the European Union occur within a framework designed to ensure an appropriate level of protection, either by a decision of the European Commission (Adequacy Decision), or through legal instruments such as data transfer agreements.
For any question concerning our Personal Data transfers outside the European Union, please use the addresses given in the “Contact Us” section below.
1.2. What categories of Personal Data do we collect and for what purpose(s)?
Pursuant to the Data Protection Legislation, we process your Personal Data only if one of the following circumstances arises:
-The processing of your Personal Data is necessary for the performance of a contract to which you are a party, and in particular, the performance of an order you made through the Website, or implementation of pre-contractual steps taken at your request;
-Processing of your Personal Data is necessary for compliance with a legal obligation to which we are subject;
-Processing of your Personal Data is necessary for the purposes of our legitimate interests;
-You have expressly given your consent to the processing of your Personal Data for one or more specific purposes.
The Personal Data processed by us are listed by purpose in the processing table.. We process your Personal Data only for these specific purposes and the legal basis listed in said table.
Please note that in order to benefit from some Website services and functions, or to receive communications from us, you will be required to provide certain Personal Data via collection forms. Required information fields are marked with an asterisk (*). Data that are identified as being required must be given for you to be able to benefit from the corresponding functionalities on the Website, the requested service or to have marketing communications sent to you. If the required fields are not filled you will not receive the requested service.
You are solely responsible for the accuracy of the Personal Data you provide.
1.3. For how long do we keep your Personal Data?
We keep your Personal Data only for the period of time strictly necessary for the purpose of the processing. For each type of processing activity the retention periods are stated in the processing table.
1.4. How are your Personal Data protected?
We undertake to protect your Personal Data. In order to do so, we take care to implement all appropriate physical, technical and organizational measures to protect against any unauthorized or illegal processing, as well as any accidental loss, destruction of or accidental damage to your Personal Data.
1.5. What are your rights?
You have a right of access, rectification, erasure, limitation and objection with regard to processing of your Personal Data, as well as the right to define guidelines regarding what happens to your data after your death and the right to portability of your Personal Data, by submitting your request to the addresses given in the “Contact Us” section, and as provided under the Data Protection Legislation. You should indicate which right you wish to exercise as well as all necessary information in order to enable us to respond to your request.
Exercise of these rights occurs under the terms provided by the Data Protection Legislation.
-The right of access means that you may, at any time, request to be informed as to whether we are processing any Personal Data concerning you, and, where that is the case, what Personal Data are involved, as well as the characteristics of the processing activities carried out.
-The right of rectification means that you may request rectification of your Personal Data where they are incorrect. You may also request, where your Personal Data are incomplete, that they be completed insofar as it is relevant to the purpose of the processing activity in question.
-The right to erasure means that you may request erasure of your Personal Data, particularly where: (i) they are no longer necessary in relation to the purposes for which they were collected (ii) your Personal Data are processed on the basis of your consent, you wish to withdraw consent and there is no other legal ground for the processing (iii) you object to the processing of your Personal Data and wish therefore to have them deleted (iv) your Personal Data have been unlawfully processed; (v) your Personal Data must be deleted to meet a legal obligation provided either under French or European Union law.
-The right of limitation means that you may request that we carry out limited processing of your Personal Data (i) where you dispute the accuracy of your Personal Data, for a period of time enabling us to verify the accuracy of said Data, (ii) where, following processing shown to be non-compliant, you prefer limited processing to full deletion of your Personal Data (iii) we no longer need your Personal Data for the purposes of processing but you still need them for the establishment, exercise or defence of legal claims; (iv) where you have objected to the processing of your Personal Data and you wish to limit processing for the period of time required to verify whether the legitimate reason you present is indeed justified. Limited processing means that processing of your Personal Data will be understood as only storage of the corresponding Personal Data. We will not then carry out any other operation involving the Personal Data in question.
-The right to objection means that you may object to the processing of your Personal Data, where such processing is based on the pursuit of A.P.C.’s legitimate interests. The right of objection may be exercised where a legitimate reason concerning your particular situation may be proven. We will then cease the processing in question unless compelling and legitimate reasons exist, which justify continuation of such processing in accordance with Data Protection Legislation. Where your Personal Data are processed for purposes of commercial prospection, you may object at any time to processing of your Personal Data for this purpose.
-The right to define guidelines regarding what happens to your data after your death allows you to make known your instructions concerning your Personal Data and how they are kept, deleted and communicated after your death.
-The right to portability means that you may receive, on your request, and according to the Data Protection Legislation, your Personal Data in a structured, commonly used and machine-readable format, or, on your request, have them communicated directly to a third-party of your choice, where this is legally and technically possible.
Where we process your Personal Data on the basis of your consent, you are able to withdraw your consent at any time by contacting the addresses given in the “Contact Us” section or by clicking on the unsubscribe link in each of our marketing communications. However, withdrawal of your consent does not affect the lawfulness of processing carried out before consent was withdrawn.
2. Cookies
2.1. What are cookies?
A cookie is an element deposited on your terminal which records information about your consultation and browsing history on the Website.
When you log on to the Website, we may install cookies on your terminal.
Some cookies are indispensable for use of the Website (“essential” cookies), others make it possible to personalize displayed content for the purposes of preparing traffic statistics or displaying advertising.
Essential cookies which are strictly necessary for provision of the service you wish to access do not require your consent in advance for their use.
2.2. Cookies used
We use different types of cookies:
-Technical cookies are cookies which are strictly necessary for browsing on the Website as well as cookies which are necessary for the functioning of some specific functionalities. These include in particular shopping cart cookies which allow you save the contents of the shopping cart, and the identification data of the associated user, or cookies that memorize items seen during the last 48 hours. We also use cookies that allow information entered on a form on the Website to be saved (such as account access information for example) as well as personalization cookies relating to the user interface (Website version, choice of Country and Language).
-Advertising cookies allowing us to offer you A.P.C. products on or off our site, depending on your interests, determined in particular on the basis of your previous browsing (items and pages already viewed or searched for).
-Analytic and audience measurement cookies make it possible to analyze our Website traffic, prepare attendance statistics and analyze the pathways and elements searched on the site. As such we analyze the most frequently consulted pages and conversion rate.
2.3. Retention period
Pursuant to the recommendations of CNIL, cookies are kept no longer than 13 months.
2.4. Your choice concerning cookies
On your first visit to the Website, when A.P.C. plans to place cookies other than “essential” cookies on your terminal, we inform you of our use of cookies by way of an information banner. By continuing to browse the Website when this banner is displayed, you consent to our use of cookies.
You may disable cookies through your Internet browser settings. A different procedure for disabling cookies is provided by each browser. You will find below the links to the relevant pages for each of the main browsers.
For Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: http://docs.info.apple.com/article.html?path=Safari/3.0/fr/9277.html
Chrome: http://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647 ,
Firefox: http://support.mozilla.org/fr/kb/Activer%20et%20d%C3%A9sactiver%20les%20cookies ,
Instructions for disabling cookies on your smartphone are available through the links below:
For iOS: https://support.apple.com/fr-fr/HT201265
For Android: https://support.google.com/chrome/topic/3434352
If you dismiss or remove cookies, some sections and functions of our Website may not be available to you and your user experience of our Website may be affected, or even become impossible.
3. Update of privacy policy
This privacy policy may be the subject of updates.
Where you have communicated a valid e-mail address, we will inform you of any significant change by e-mail and communicate the new version of the privacy policy before implementing said change. We also recommend that you consult the privacy policy regularly to be fully informed of our undertakings in terms of protection and security of Personal Data.
4. Contact us
For any question concerning our privacy policy, and to exercise your rights, you may contact us:
-by E-mail: privacy@apc.fr
-by Post: Atelier de Production et Créations SAS (A.P.C.)
Personal Data Controller
39, rue Madame
75006 PARIS
Should our response prove unsatisfactory, you have the right to lodge a complaint with the competent supervisory authority, in Franc, the Commission Nationale de l’Informatique et des Libertés (“CNIL”)
-by Post: Commission Nationale de l’Informatique et des Libertés
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07
-on the CNIL website: www.cnil.fr
5. Personal Data processing table
Processing activity
|
Purpose
|
Legal basis for processing
|
Data collected
|
Retention period
|
Recipient(s) of data
|
|
“Online” client accounts
|
Management and administration of online client accounts
|
Consent (Art.6.1.a GDPR)
|
Title, family name, first name, e-mail address, mailing address, phone number, order history
|
Your contact Data, and account Data will be retained until you withdraw your consent (deactivation of your account) and, in any event, for a maximum period of 3 years from your last contact with us.
For orders, the retention period is that stated in the “online orders” line.
|
Within A.P.C., employees responsible for online service, customer service, marketing service and IT
Website host
External service providers in charge of A.P.C.’s advertising and communication.
|
|
“Store” client accounts
|
Management and administration of store client accounts
|
Consent (Art.6.1.a GDPR)
|
Title, family name, first name, e-mail address, postal address, telephone number, purchase history
|
Your contact Data, and account Data will be retained until you withdraw your consent (deactivation of your account) and, in any event, for a maximum period of 3 years from your last contact with us.
Data relating to your purchases will moreover be retained for a period of 5 years from your purchase (applicable statutory limitation period as provided by Article 2224 of the Civil Code).
|
Within A.P.C., employees responsible for the store network, marketing service and IT
The host service provider for our Retail solution and our Website
Website host
External service providers in charge of A.P.C.’s advertising and communication.
|
|
Online orders
|
Management of client accounts (online orders)
|
Performance of a contract (Art 6,1,b GDPR)
|
Family name, first name, contact and billing details (such as e-mail address, company, billing address, delivery address, telephone number) payment details, IP address, order details, order number, order tracking number
National ID card data in the event of a transport dispute
|
Data relating to the contract is retained:
> 5 years from the end of performance of a contract between professionals (Article L 110-4 of the Commercial Code; Article 2224 of the Civil Code) or for consumer orders of a value of less than 120 euros
> 10 years from delivery for consumer orders of a value of at least 120 euros (Article L 213-1 and Article D213-2 of the Consumer Code)
Accounting data are retained for 10 years from the closing date of the financial year (Article L123-22 Commercial Code)
|
Within A.P.C., employees responsible for online service, customer service, marketing service and IT
Website host
Logistics service provider
E-payment service provider
Transporters
|
|
Payment issues
|
Prevention of payment issues: when an order is placed on our Website, and in the event of any doubt, we may contact you for confirmation of your identity and other details
|
A.P.C. has a legitimate interest in detecting and preventing payment issues (Art 6.1.f GDPR)
|
Family name, first name, National ID card data, bank details, delivery address, e-mail address, telephone number
|
The retention period is that stated in the “online orders” line
|
Within A.P.C., employees responsible for online service, customer service, marketing service and IT
|
|
Returns management
|
Management of any items returned after purchase
|
Performance of a contract (Art 6,1,b GDPR)
|
Family name, first name, proof of purchase (order details), purchase location (online or store), address, bank details
|
Data relating to a return are retained for the same period as data relating to a contract, i.e. in principle 5 years from the end of the contract (Article 2224 of the Civil Code).
For online orders, the retention periods applicable are those provided in the “online orders” line.
|
Within A.P.C., employees responsible for online service and/or store network and employees responsible for production
|
|
“Online” information requests
|
Management of information requests made via the Website
|
Consent (Art.6.1.a GDPR)
|
Family name, first name, e-mail address, telephone number, mailing address, subject of the request
|
The retention period depends on the type of request.
For example, a request concerning an ongoing order will be retained for the period stated in the “online orders” line.
An unsolicited job application to the Human Resources department will be retained for a maximum of 24 months.
|
Within A.P.C., the employees responsible for the department contacted
|
|
Marketing action
|
Commercial marketing and advertising (including, notably, sending marketing communications and offers by e-mail and/or SMS/WhatsApp/WeChat/WeCom/Line if you have given your consent)
|
Consent (Art.6.1.a GDPR)
|
Family name, first name, e-mail address, mailing address, telephone number, title, purchase /order history, information concerning your browsing on the Website
|
Data are retained until you unsubscribe, and with regard to commercial canvassing never for more than 3 years from our last contact with you.
Should you unsubscribe, data required for management of your objection are retained for 3 years from the unsubscription date
Data from cookies are never retained for longer than 13 months.
|
Within A.P.C., employees responsible for online service, the store network, customer service, marketing service and IT
Website host
External service providers responsible for advertising and A.P.C. communication
|
|
Sales statistics
|
Sales analysis
|
A.P.C. has a legitimate interest in preparing statistics, to have an overall view of its sales, to analyze its results and improve its services (Art 6.1.f GDPR)
|
Family name, first name, e-mail address, sales information
|
3 years
|
Within A.P.C., employees responsible for online service,the store network and marketing service
Website host
|
|
Sales statistics and loyalty program
|
Analysis of sales and use of the loyalty program
|
Legitimate interest of A.P.C. to establish statistics in order to have an overall vision of its sales, and the use of the loyalty program to analyze its results to improve its services (Art 6.1.f GDPR)
|
Name, first name email address, sales information, information relating to the loyalty program
|
3 years
|
Within A.P.C., employees responsible for online service,the store network and marketing service
Website host
|
|
Connection monitoring
|
Browsing and connection history
|
Consent (Art.6.1.a GDPR)
|
Where the user connects via their account: all the account information are processed.
Where the user does not connect via a client account, only the IP address and browsing information are collected.
|
Data from cookies are retained for 13 months.
|
Within A.P.C., employees responsible for online service, customer service and IT
Website host
|