Last updated on 6 June 2018
1) What personal data are collected and for what purposes?
When you browse our websites, we collect several types of information concerning you:
- e-mail address
- postal address (postcode and town)
- telephone number
- password (kept in an encrypted database)
- company name (optional)
- order invoices
- order history (type and number of products purchased)
- any other data that you provide following a request for one of our services
These personal data are collected only with your consent and for the purposes specified in each of the forms, namely in particular:
- order handling (e.g. payment, delivery, invoices)
- customer relations monitoring
- complaints management
- sending of promotions and special offers (if the person has given their consent by ticking the box "I agree that Velleminfroy may contact me to propose promotions and special offers connected to Velleminfroy")
- sending of newsletters and information on Velleminfroy events and activities (if the person has given their consent by ticking the box "I agree to receive newsletters from Velleminfroy")
- publication of testimonials on the blog
- booking a table at the Le Paradis Vert restaurant
- conducting of customer satisfaction and other surveys or product tests
The mandatory or optional nature of the information requested is indicated by the use of an asterisk.
Any use of personal data for purposes other than those listed above will require your prior agreement.
The Velleminfroy websites do not allow the registration or the collection or storage of data concerning anyone aged 13 or under.
2) How are your personal data collected?
We collect the data that you provide in particular when:
- you create your customer account on the www.boutique-velleminfroy.fr/ website
- you place an order on the www.boutique-velleminfroy.fr/ website
- you browse our different websites
- you take part in a competition
- you contact our Customer Service department
- you write a comment/remark/testimonial on our blog
- you book a table via the site www.restaurant-velleminfroy.fr/
3) What information are you likely to receive?
Giving us your personal data means that you will receive the following information:
- service e-mails necessary to the tracking of your order (order confirmation, information on the delivery of the package)
- VELLEMINFROY newsletters
- promotions and special offers
4) Are data shared with third parties?
The personal data collected on our websites are intended only for our own use. On no account will they be transferred, rented or sold to third parties without your prior consent.
We may use approved, trustworthy subcontractors (service providers, hosting providers, representatives, suppliers) to process them on our behalf, in accordance with these privacy and security rules.
Furthermore, personal data may be disclosed to third parties if we are compelled to do so by law, a regulatory provision or a court order or if such disclosure is rendered necessary by an enquiry, an injunction or legal proceedings, in France or abroad.
5) What about your bank data?
When you make a purchase on the www.boutique-velleminfroy.fr/ website, your payments are secure. We do not collect your payment data. All your bank details are collected only by our certified service provider, CIC MONETICO, which enables us to guarantee the security of your payments.
Cookies are items of information transmitted by the server to your web browser (date and time of your visit, pages most often consulted, your computer's operating system, browsing software, etc.). Cookies are used on our sites for statistical purposes. In order to optimise the sites' content and services and adapt them to your expectations, all the Velleminfroy websites (see list on page 1) collect your IP address (an IP address is a number attributed to your computer by the internet access provider). This information is anonymous and reflects all the connections made and not that of a single person.
When you browse our sites, you have the possibility of accepting or disabling cookies at any time, either individually or all at once. If you refuse, your browsing of our site will not be affected.
In accordance with the recommendations of the CNIL (French data protection agency), cookies are kept for a maximum of 13 months.
7) How are your personal data protected?
We undertake to take all the technical and organisational actions measures necessary to the application of appropriate security to guarantee the protection of your personal data that we have collected so that they are not lost, misappropriated, consulted, altered or disclosed by any unauthorised third parties.
The personal data collected are stored on servers in the European Union.
8) How long are your personal data retained?
Personal data are kept only for the length of time corresponding to the reason for collecting them, as stated in the paragraph concerning the purpose of the data collected.
Generally, most of the data (e.g. the information about your customer account and your order history) are kept for as long as you are an "active" customer and for a period of 5 years after your last activity (e.g. purchase, connection to your account). Your data are then kept in a restricted access archive for a further period (between 5 and 10 years) for limited reasons authorised by law (payment, warranty, disputes, etc.). After this period has passed, we undertake to delete the personal data from our databases.
9) What are your rights?
Under current regulations, you have the following rights:
- right of access and rectification
- right of deletion of personal data
- right to withdraw your consent at any time
- right to oppose processing of personal data
- right to data portability
You can exercise these rights at any time by either of these two methods:
- by e-mail on email@example.com
- by post at this address:
Eaux Minérales de Velleminfroy
ZAE Heiden Est
8 rue du Luxembourg
If you contact us for one of these reasons, please make sure your request contains the indispensable information to identify you (surname, forename, e-mail) as well as any other information necessary to confirm your identity.
If you exercise one of these rights, we will endeavour to respond to your request as quickly as possible, within the legal time limit of one (1) month, at no cost to you.
10) How to contact us and tell us your choices concerning the use of your data?
For any questions or complaints concerning this document and, generally, on the collection and processing of your personal information by Velleminfroy, do not hesitate to contact us by e-mail on firstname.lastname@example.org or send a letter to this address:
Eaux Minérales de Velleminfroy
ZAE Heiden Est
8 rue du Luxembourg
You can withdraw your consent or oppose the uses of your data described above through your customer account.
Cookies: these are items of information transmitted by the server to your web browser enabling us to carry out analyses and adapt our different services to customer demand
Personal data: encompasses all the information relating to an identified or identifiable person. An identified or identifiable person is, within the meaning of the Directive, "an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person"
Right of access: this is the right any person has to know whether information collected is processed, and where applicable, the purpose of that processing or the recipients of the processed data.
Right of rectification: this is the right any person has to alter the information transmitted, in order to correct it or update it.
Right to oppose the processing of personal data: this is the right any person has to oppose, at any time, for reasons related to their own particular situation, the processing of personal data concerning them.
Right of data portability: this is the right any person has to obtain a copy, on a readable medium, of the data stored by the Controller
Right of deletion of personal data: this is the right any person has to ask that information concerning them held by the Controller be deleted.
General Data Protection Regulation: the GDPR is a Regulation intended to guarantee data protection and strengthen people's rights in this area, as well as to render accountable the different players processing data. The Regulation came into force in France on 25 May 2018.
Controller: This is the person who determines the purposes and means of the processing of personal data. The controller implements appropriate technical and organisational measures to protect data and to be able to demonstrate that processing is carried out in compliance with the GDPR.
Subcontractor: this refers to organisations that process personal data on behalf of another organisation, as a form of service. This may be, in particular, an IT service provider, IT security companies, digital services companies or marketing agencies.
Data processing: the processing of personal data is the operation or set of which is performed on personal data, whether this is the saving, retention or modification of data. Article 4.2 of the European Regulation gives a longer definition, stating that data processing is "collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".