PRIVACY AND COOKIES POLICY

FOREWORD:

The navigation on the website www.famaco-paris.fr (hereinafter, the « Website »), the creation of an account and the order of products by Users may involve the processing of Personal Data thereof.

This Privacy and Cookies Policy is intended to inform the User of the Website, before any communication of Personal Data, regarding the conditions and the manner in which they are processed by the Company and in which cookies and tracers are managed.

The Société des Ets F.PFIRTER company recognises the importance of ensuring the protection and security of privacy and Personal Data and has established this Privacy and Cookies Policy in accordance with the strictest personal data protection criteria and with all Applicable Regulations.

1. 1. Definitions

Terms beginning with a capital letter will have the meaning indicated in the glossary following this Privacy Policy.

1. 2. Personal Data Processing
   
   1. 2.1. This Privacy Policy applies to the Processing by the Company, as the data controller, of Personal Data provided by the User on the Website and which are essential for carrying out the following actions:

• • – create a personal account in order to purchase products on the Website,
  • – enable the fulfilment and the delivery of the products by the Company,
  • – enable the communication between the Company and the User,
  • – enable the Company to send newsletters, information about the Company and sale offers.

1. 1. 2.2. In compliance with the French Act No 2004-575 of 21^st June 2004 for “confidence in the digital economy”, if the User subscribes to newsletters, e-mails and sale offers of the Company, he/she has the right to refuse them by clicking on the hypertext link available at the bottom of each e-mail and reproduced as follow: “Unsubscribe”.

The table below describes:

• • – the subject and purpose(s) of any Processing,
  • – the data subjects involved in any Processing,
  • – the categories of Personal Data Processed,
  • – the recipients of the Personal Data communicated by the User,
  • – the period for which the Personal Data will be stored.

Purpose(s)	Legal basis	Data subjects	Processed Personal Data	Recipient of the Personal Data	Personal Data storage period
Creation of a User personal account	User’s consent (Art. 6,1 a) GDPR)	User	– name, first name – e-mail address	IT department of the Company	Duration of the commercial relationship
Performance of the orders and delivery of the product(s) purchased	Performance of a contract (Art. 6,1 b) GDPR)	User	– name, first name – e-mail address – postal address – phone number	Sales department of the Company	Duration of the commercial relationship
Contact request	User’s consent (Art. 6,1 a) GDPR)	User	– name, first name – e-mail address	Sales department of the Company	3 years
Sending newsletters and information about the Company	User’s consent	User	– name, first name – e-mail address	Marketing department of the Company	3 years after the last reply of the User
Sending sale offers	User’s consent (Art. 6,1 a) GDPR)	User	– name, first name – e-mail address	Sales department of the Company	3 years after the last reply of the User

1. 1. 2.3. The Company undertakes to Process the Personal Data only for the purposes mentioned above, excluding any other. In particular, the Company will not market or rent the Personal Data to third parties without the authorisation of the Users.
   2. 3. Technical and organisational measures
   3. 3.1. The Company implements appropriate technical and organisational measures in order to ensure the protection of the Personal Data and to provide the necessary guarantees for their Processing, in accordance with the requirements of the GDPR.

In particular, the Company implements all useful precautions as regards of the nature of the Personal Data communicated and of the risks resulting from the Processing thereof, in order to safeguard their security and, especially, to prevent any alteration, damage or unauthorised third party to access to the said data.

1. 1. 3.2. The technical and organisational measures implemented by the Company are duly tested, analysed and assessed in order to verify their efficiency.
   2. 4. Third party requests

The Company undertakes not to disclose the Personal Data to third parties without the consent of the Users, except in case of administrative or judicial request or injunction, or in application of a legal or regulatory requirement.

1. 1. 5. Rights of the Users
   2. 5.1. In compliance with articles 15 to 21 of the GDPR, the rights of Users include:

• • – the right to obtain confirmation that the Personal Data are or are not being processed and, when they are, the right to access the said Personal Data,
  • – the right to obtain rectification of any inaccurate Personal Data and to complete them for the purposes of the Processing,
  • – the right to obtain erasure of Personal Data, notably when:

	– the Personal Data are no longer necessary in relation to the purposes for which they were Processed,
	– the Personal Data have been unlawfully processed, – the Personal Data have to be erased for compliance with a legal obligation,

• – the right to object, on grounds relating to his or her particular situation, at any time to Processing of Personal Data concerning him or her,
• – the right to obtain restriction of the Processing of their Personal Data, notably when their accuracy is disputed or the Processing is unlawful,
• – the right to portability of their Personal Data, namely the right to receive the Personal Data in a structured, commonly used and machine-readable format.

1. 1. 5.2. In order to exercise any such rights, the User must submit a request to the Company:

• • – either by postal mail sent with acknowledgement of receipt, to the following address:
    SOCIETE DES ETABLISSEMENTS F.PFIRTER, 83 Avenue de la République, 92320 Châtillon (France), 
  • – or by e-mail sent to the following address: contact@famaco-paris.fr

Upon its receipt, the Company undertakes to acknowledge any such request from a User and to handle it as soon as possible. It further undertakes to notify any recipient of the Personal Data to which they have been communicated with the consent of the Users, of any rectification, erasure or restriction of Processing, unless such an indication proves to be impossible or involves disproportionate efforts. 

Finally, Users have the right to lodge a complaint with a Supervisory Authority, which can be the Supervisory Authority of the User’s place of residence or the CNIL in France.

1. 1. 6. Confidentiality

The Company undertakes that each member of its personnel authorised to Process the Personal Data of Users will be subject to strict obligations relating to confidentiality and protection of Personal Data, while notably undertaking:

• • – to only Process the Personal Data that are strictly required for the fulfilment of the purposes for which they have been collected,
  • – that the Personal Data will not be Processed for purposes other than the ones for which they had been collected, except in case of an administrative or judicial request or injunction, or in application of a legal or regulatory requirement,
  • – to take all measures conforming with the state-of-the-art in order to avoid any illicit or fraudulent use of the Personal Data and to protect their physical and logical security,
  • – to return, in case of cessation of his/her functions, all data, computerized files and all information media relating to the Personal Data,
  • – to immediately inform, by any means whatsoever, the Company of any Personal Data Breach of which he/her becomes aware.

1. 1. 7. Processors
   2. 7.1. The Company undertakes to work with Data Processors offering sufficient guarantees regarding the implementation of appropriate technical and organisational measures such as to ensure that the Processing of Personal Data meets the requirements of the GDPR.
   3. 7.2. As the case may be, all Processing of Personal Data performed by a Data Processor are governed by a contract entered into between the latter and the Company, in accordance with the provisions of article 28 of the GDPR. In particular, the Company imposes on its Data Processors the same obligations and the same requirement level as the ones to which it is subject with regard to the Processing of the Personal Data. 
   4. 8. Transfer of Personal Data

The Company does not transfer the Personal Data to any State that is not a member of the European Union or European Economic Area.

1. 1. 9. Personal Data Breach
   2. 9.1. Without undue delay, the Company will inform each concerned User of any Breach of his/her Personal Data that could result in a high risk for his/her rights and freedoms, in compliance with Article 33 and 34 of the GDPR. This information notably describes the likely consequences of the Personal data Breach, as well as the measures taken or proposed by the Company in order to remedy the Breach, along with the measures taken to mitigate the possible adverse effects. 
   3. 9.2. However, the information indicated in Article 9.1 above is not necessary if any one of the following conditions is met:

• • – the Company has implemented appropriate technical and organisational protection measures, and these measures were applied to the Personal Data affected by the said Breach, in particular measures that render the Personal Data unintelligible to any person who is not authorised to have access to them, such as encryption,
  • – the Company has taken subsequent measures which ensure that the high risk to the rights and freedoms of the Users is no longer likely to materialize,
  • – it would involve disproportionate efforts. 

1. 1. 9.3. The Company will inform the Supervisory Authority without delay and if possible within 72 hours after having learned of any Breach that could result in a high risk to the rights and freedoms of the Users.
   2. 10. Cookies 

The User is informed by a banner appearing when starting navigation on the Website, that, subject to his/her consent, cookies may be placed on the web browser when he/she is connected to the Website.

A cookie is a small text file that is placed and/or read by a website on the hard disk of a digital terminal (computer, tablet computer, smartphone).

The information collected by the cookies is exclusively used by the Company, except for the information collected by third-party cookies, which is used and managed by external entities. 

All the cookies are used for a maximum period of thirteen (13) months.

By accepting the cookies, the User accepts their placement on his/her computer or mobile phone. The User has the choice to prevent cookies being stored or remove the cookies by following the conditions mentioned below.

1. 1. 10.1. Cookies used on the Website

The following categories of cookies are used on the Website:

• • o Necessary technical cookies

Some cookies are necessary to enable the basic features of the Website, which cannot work properly without them. These cookies are placed on the computer or smartphone when:

• • – the User adds product(s) on the shopping basket,
  • – the User want to connect to his/her account,
  • – there is a backup of the User’s actions,
  • – the language of the Website is changed.

• • o Analytics third party cookies

The Company also uses the Google Analytics tool which measures audience on the Website in order to understand and analyse the behaviour of the User on the Website.

1. 1. 10.2. Remove or prevent the cookies being stored

By the browser

The User may change the settings of his/her browser to prevent cookies being stored or remove all the cookies. The User may also change the settings only for third-party cookies.

The User is informed that when he/she blocks some cookies, especially technical cookies, some of features of the Website may not be available.

To prevent cookies being stored or remove cookies, the User may click on the “help” tab of his/her browser or may read the support information of his/her browser.

Third-party cookies

The User may be informed about the privacy policy of Google regarding Google analytics by clicking on the following links: https://policies.google.com/technologies/partner-sites?hl=en-GB 

The Google company also developed a computer program which prevent the data from being used by Google Analytics, available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB

1. 1. 11. General provisions
   2. 11.1. In case of conflict between this Privacy Policy and the general terms and conditions accepted by the User on the Website, this Privacy Policy will prevail relating to the Processing of Personal Data mentioned in the Article 2.
   3. 11.2. Should any one of the provisions of this Privacy Policy be cancelled or declared inapplicable, in part or in whole, as a result of prevailing laws and regulations, it will be excluded from this Privacy Policy without affecting the validity and applicability of all of its other provisions. 
   4. 11.3. The Privacy Policy can be modified by the Company at any time, notably as a result of technical or normative changes. As relevant, the Company undertakes to provide Users with the new Privacy Policy.

This version was prepared on 28th, Oct. 2021.

 

GLOSSARY

1.1.	Applicable Regulation:	refers to the GDPR and any regulation of a European Union Member State in effect with regard to the protection of personal data, notably the French Data protection Act No 78/17 of the 6th January 1978, as modified (“Loi informatique et Liberté”).
1.2.	The Company	refers to SOCIETE DES ETABLISSEMENTS F.PFIRTER, a simplified joint-stock company with share capital of € 156 400, registered with the Trade and Companies Register under No 652 031 592, which corporate office is located 83 Avenue de la République, 92320 Châtillon (France), represented by its President, Mr. Bruno PFIRTER.
1.3.	Data Processor:	refers to any third party entity which processes Personal Data on behalf of the Company.
1.4.	GDPR:	refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (known as the “General Data Protection Regulation”).
1.5.	Personal Data:	refers to all information communicated by the User on the Website and processed by the Company with respect of the conditions of the Privacy Policy.
1.6.	Personal Data Breach:	refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of the Personal Data, or unauthorised access to the said data.
1.7.	Privacy Policy:	refers to this Privacy and Cookies Policy and the following glossary.
1.8.	Process or Processing:	refers to any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, restriction, erasure or destruction.
1.9.	Supervisory Authority	Refers to an independent public authority which is established by a Member State in compliance with the GDPR; in France, the Supervisory Authority is the “Commission Nationale de l’Informatique et des Libertés” (“CNIL”).
1.10.	User(s):	refers to the any natural person navigating on the Website and providing to the Company Personal Data.