agnès b. Privacy policy

Enactment date : 30 May 2024

Last Update : 30 September 2024

1 - GENERAL STATEMENT

This Privacy Policy describes how CMC AGNES B., the data controller, processes the personal data of customers on our website (hereinafter "our Platform"), in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 or General Data Protection Regulation (hereinafter the "GDPR"), which applies only to natural persons (Recital 14 of the GDPR)

This privacy policy describes how CMC AGNES B. collects and processes your personal data through AGNES B. websites, devices, products, services, online and physical stores.

By using this platform, you signify your consent to our collection, use and disclosure of your data as described in this privacy policy.

From time to time, we may change our privacy policy. We will notify you of any material changes to our policy, as required by law. We will also post an updated copy on our platforms. Please check our platforms regularly for updates.


2 - WHAT TYPE OF PERSONAL INFORMATION DO WE COLLECT ?

We collect various types of data from you, as described below, in order to improve your experience on our platform. Here's how we collect and use the different categories of data: 

Contact details and contract management :

  • Data collected : First name, last name, postal address, email addresses, telephone numbers
  • Purposes: to manage user registration, purchases, respond to inquiries and send personalized communications.

Payment information :

  • Data collected: Order details, payment information, delivery address, order status, transaction history, billing summary, payment information (payment method, credit card number and expiry date).
  • If you choose to have your order shipped to a collection point, your personal address will no longer be required to complete the purchase contract.
  • Purpose: to manage the payment process and order tracking.

Information/on-line requests :

  • Data collected : Country, first name, last name, email, telephone number and order number
  • Purpose: to meet customer requirements 

Marketing purposes :

  • Data collected: title, first name, last name, email address, telephone number, date of birth, product preferences
  • Purposes: to subscribe you to our newsletters and inform you about our new collections and exclusive offers. We may also send you personalized or non-personalized advertising about products and offers.

Preferred data :

  • Data collected: preferred stores and products
  • Purposes: to understand your interests and preferences in order to improve our Platform and our products.

Statistical information :

  • Data collected: Device type, region, browser type, reference sites, device, browsing history, purchase history, search terms.
  • Purposes: to enhance your experience on our Platform, improve our products and analyze browsing activity, website interactions, purchases and search terms.

In accordance with Article 9 of the RGPD, no sensitive personal data will be collected or processed.


3 - RETENTION PERIOD : HOW LONG DO WE KEEP YOUR PERSONAL DATA ?

Contact details and contract management :

  • Legal basis: contract
  • Retention period: Duration of our contractual relationship 

Payment information :

  • Legal basis : 
  • Single payment: contract
  • Payment in instalments: contract 
  • Delivery to a relay point: consent
  • Shelf life :
  • One-off payment: The time required to complete the transaction, i.e. the actual payment, which may be deferred until receipt of the goods or performance of the service, plus, where applicable, the withdrawal period for distance sales of goods and services. In short, this is the duration of our contractual relationship.
  • Payment in instalments: Bank details will be kept until the last payment due date.
  • Dispatch to relay points: until your consent is withdrawn, i.e. 3 years since our last contact. At the end of these 3 years, we may contact you again to find out whether you wish to continue receiving commercial solicitations. In the event of a negative response, we will delete the data concerned.

Customer enquiries/on-line requests :

  • Legal basis: contract 
  • Retention period: Duration of our contractual relationship 

Online inquiries from non-customers :

  • Legal basis: consent or legitimate interest in preserving the proper functioning of our pages on social networks and in asserting, exercising or defending legal rights, as the case may be.
  • Shelf life :
  • If the legal basis chosen is consent, the retention period will last until your consent is withdrawn, i.e. 3 years from our last contact. At the end of these 3 years, we may contact you again to find out whether you wish to continue receiving commercial solicitations. In the event of a negative response, we will delete the data concerned.
  • If the legal basis chosen is legitimate interest, the retention period will last until the objective of the legitimate interest is achieved, namely the proper functioning of our social networks and the exercise or defense of legal rights.

Marketing purposes concerning customers:

  • Legal basis: consent
  • Retention period: until you withdraw your consent, i.e. 3 years since our last contact. At the end of these 3 years, we may contact you again to find out whether you wish to continue receiving commercial solicitations. In the event of a negative response, we will delete the data concerned.

Marketing purposes concerning non-customers:

  • Legal basis: consent
  • Retention period: until you withdraw your consent, i.e. 3 years since our last contact. At the end of these 3 years, we may contact you again to find out whether you wish to continue receiving commercial solicitations. In the event of a negative response, we will delete the data concerned.

Preferred data :

  • Legal basis :
  • Explicit consent 
  • Or contractual basis if the processing is necessary for the conclusion or performance of a contract between you and us.
  • Or compliance with a legal obligation under EU or Member State law if the processing is permitted under the EU or Member State law to which we are subject and which also provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests.
  • Shelf life :
  • If the basis chosen is explicit consent, the retention period will last until your consent is withdrawn, i.e. 3 years since our last contact. At the end of these 3 years, we may contact you again to find out whether you wish to continue receiving commercial solicitations. In the event of a negative response, we will delete the data concerned.
  • If the chosen basis is the contract, the retention period will last as long as our contractual relationship lasts.
  • If the chosen basis is the legal obligation, the retention period will therefore depend on what the legal obligation prescribes.


Statistical information :

  • Legal basis: consent or legitimate interest
  • Shelf life :
  • If the basis chosen is consent, the retention period will last until your consent is withdrawn, i.e. 3 years since our last contact. At the end of these 3 years, we may contact you again to find out whether you wish to continue receiving commercial solicitations. In the event of a negative response, we will delete the data concerned.
  • If the chosen basis is legitimate interest, the retention period will last until the objective of the legitimate interest is achieved, i.e. statistics.

Essentially, we have a legitimate interest in collecting, processing or storing your data for as long as it is necessary or relevant for our business needs, but also to resolve disputes, enforce our agreements and otherwise required by law.


4 - HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect data directly from you, both online and offline. This happens when you create an account or manage your product purchases. In addition, data is collected when you contact customer service to resolve queries, subscribe to our newsletter to receive personalized communications, participate in surveys or take part in promotions.

We also collect data passively using tracking tools such as browser cookies, pixels, web beacons and similar technologies. These tools capture data about your interactions with us, including your browsing and purchasing behavior. These tools are used on our websites and in our e-mails. Data on user activity over time on our Platform is collected, with third parties also involved in this data collection.

In addition, we obtain data about you from third parties, such as social media platforms and visitors who use our "share" function on the product page.


5 - THIRD PARTY SHARING : WHO DO WE SHARE YOUR INFORMARTION WITH ?

We may disclose data to third parties who provide services on our behalf. These are our authorized partners such as UPS, Odity or Adyen who manage payment and shipping processes on our behalf or who collect and store personal data collected on our platform.

Before disclosing your personal data, we ensure that their personal data protection policy complies with the provisions of the GDPR and sufficiently protects your data.

Furthermore, the data disclosed is only that which is strictly necessary for the purposes for which it is disclosed.

We will only disclose data if we believe we need to do so in order to :

  • To enable our authorized partners to perform their contractual obligations or pre-contractual measures
  • To comply with the law
  • To respond to a court order or subpoena 
  • To respond to any request from a government investigative body
  • If you are the winner of a prize draw or other contest with anyone who requests a list of winners.

If the third party is located outside the European Union, we are only able to disclose your data in the following limited cases: 

Without the consent of either you or the national supervisory authority, we can only disclose your data :

  • To a country whose level of data protection has been deemed adequate by the European Commission
  • If both we and the recipient are bound by binding company rules
  • If both we and the recipient have signed standard contractual clauses (in accordance with the standard clauses drawn up by the European Commission), if and only if local law cannot derogate from them.
  • If the data recipient has undertaken to comply with a code of conduct duly approved by the supervisory authority.
  • If the data recipient has undertaken to apply appropriate safeguards as part of a certification mechanism duly approved by the supervisory authority.
  • If you have given your explicit consent to the proposed transfer, after having been informed of the risks that this transfer could entail for him/her due to the absence of an adequacy decision and appropriate safeguards
  • If the transfer is necessary for the performance of a contract between you and us, or for the implementation of pre-contractual measures taken at your request.
  • If the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person.
  • If the transfer is necessary for the establishment, exercise or defense of legal claims

Without your consent, but after prior notification to the national supervisory authority, we may only disclose your data to third-party recipient(s) with whom we have signed atypical contractual clauses designed to establish appropriate safeguards.

Finally, upon prior notification of you and the supervisory authority, the transfer can only take place if these cumulative criteria are met: 

  1. The transfer is not repetitive
  2. It only concerns a limited number of people
  3. It is necessary for the purposes of our overriding legitimate interests
  4. These legitimate interests are not overridden by your interests or rights and freedoms and if we have assessed all the circumstances surrounding the data transfer and have offered, on the basis of this assessment, appropriate safeguards with regard to the protection of your personal data.

In the latter case, we will inform you and the national supervisory authority of the transfer and the overriding legitimate interests we are pursuing.


6 - HOW DO WE CONSOLIDATE DATA COLLECTED FROM VARIOUS SOURCES ?

We consolidate store and e-commerce data to deduplicate customer data from both channels.


7 - YOUR RIGHTS

1. Right to be informed

You can control your own data. Therefore, you have the right to be informed in an accurate, transparent, comprehensible and easily accessible form.

If your data is obtained directly, i.e. collected from you, you will immediately be informed of the identity of the processor, if any, the purpose of the data collection and whether it is mandatory or optional, the recipients of the data, the rights of the individual and any transfer of data to countries outside the European Union.

If your data is obtained indirectly, i.e. collected from a third party, the latter must provide you with all previous data as soon as possible, but after one month at the latest.

2. Right of access

You can obtain confirmation that we collect and/or process your data, where and which data. You can also access all the data we hold about you.

3. Right of rectification

You have the right to obtain, as soon as possible, the rectification of any of your data that may be inaccurate or erroneous. You may also request that your data be completed, if necessary.

You can update your account at any time by logging in and changing your profile settings.

4. Right to erasure

Barring legal exceptions, you may ask us to delete your data as quickly as possible if, in particular, you consider that the processing carried out by us on your data is no longer necessary with regard to the purposes for which it was collected.

5.Right to restriction

of processing You have the right to obtain from us the limitation of processing where one of the following conditions applies:

a) you contest the accuracy of your personal data, for a period allowing us to verify the accuracy of your personal data;

b) the processing is unlawful and you object to the erasure of your personal data and request instead that their use be restricted;

c) We no longer need your personal data for the purposes of processing, but you require it for the establishment, exercise or defense of legal claims;

d) You have objected to the processing pending verification of whether our legitimate reasons outweigh yours.

6.Right to data portability

You have the right to retrieve part of your data in an open, machine-readable format or to ask us to transfer it to another organization. This right only applies to data that you have provided to us directly, actively and knowingly (for example, data you have entered into an online form) or to data generated when using a service or device in the course of concluding or managing your contract, and which is processed automatically, on the basis of consent or the performance of a contract.

7.Right to object

This right can only be exercised if the chosen basis for processing is the task carried out in the public interest or the purpose of legitimate interests.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes, which includes profiling insofar as it is related to such direct marketing. Furthermore, this objection prevents us from further processing for these purposes.

In the event that your data is processed with regard to one of these legal bases, you should contact the person entitled by following the procedure described below "HOW TO EXERCISE THESE RIGHTS?"

8.Right not to be subject to a decision based solely on automated processing

You may choose not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects you in a similar way.

9.The right to define general (relating to all your personal data) or specific (concerning certain data) directives relating to the conservation, deletion and communication of your personal data after your death (article 85 of the French Data Protection Act).

In France, an additional right is granted to you, giving you the opportunity, before you die, to set down guidelines for how your data will be processed after your death. You can choose whether your data should continue to be processed, whether it should be deleted, whether it should be passed on to the person(s) you have designated, or whether we should follow the instructions of the person(s) you have designated.


8 - HOW TO EXERCISE YOUR RIGHTS?

To submit a request, please contact us at the following address: [email protected]

A reply will be given within one month. However, an extension of two months may be granted if the request justifies it, and you will be informed of this extension.

If you do not receive a reply, or if it is impossible to reply, you will be informed as soon as possible, but no later than 1 month.

Finally, no payment can be demanded to carry out a communication or take a measure, except in the case of manifestly unfounded or excessive requests.


9 - TRACKING TOOLS AND USE OF COOKIES

Cookies are small text files stored on your computer, tablet, smartphone or similar device by a website. They may be strictly necessary, or used for website functionality, analytics or third-party marketing, but they never cause damage to your device.

For more information on cookies and how to manage them, please read our Cookie policy complete.


10 - THIS SITE IS NOT INTENDED FOR CHILDREN

Our platform is intended for adults. We do not knowingly collect personally identifiable information from children under the age of 16. If you are a parent or legal guardian and believe that your child has given us data, you may write to us at the address listed at the end of this website policy. Please mark your requests "COPPA information request."


11 - REASONABLE SAFETY MEASURES

We have implemented technical and organizational measures to guarantee a level of security commensurate with the risks involved.

There is no exhaustive list of measures to be put in place, as this depends on the nature of the processing and the persons concerned. What's more, this security obligation is not an obligation to achieve results.

If you click on a link to a third-party site, you will be redirected to a site that we do not control. We are not responsible for the privacy practices of third parties. This includes third parties who may have advertisements or content on our site. We suggest you read their privacy policies carefully.


12 - CONTACT US

If you have any further questions about our privacy practices, you can e-mail us at [email protected]