PRIVACY POLICY

Our company attaches the utmost importance to the protection and confidentiality of individuals’ personal data. We are firmly committed to respecting your privacy and ensuring the security of your personal data (hereinafter referred to as « PDS »), collecting and using it exclusively in accordance with the laws in force.

Through this Data Protection Policy, we wish to inform you in a transparent manner about the types of data we collect, as well as how we collect, use and protect it.

Our website, accessible at https://www.atelierchoux.com (hereinafter referred to as « Our Site »), provides easy access to our Data Protection Policy. We undertake to update it in line with legal and regulatory developments, while complying with best practice and the recommendations issued by the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés – CNIL). We therefore encourage you to consult this page regularly to ensure that you are in agreement with all its conditions.

Who we are

Our company, Atelier Choux, is a Société par Actions Simplifiée (simplified joint stock company) with a capital of €10,000, whose registered office is located at 88 rue de Miromesnil, 75008 PARIS. We are registered with the Paris Trade and Companies Registry under number 818 303 026. In this document, we will be referred to as « Our Company » and we assume responsibility for collecting, processing and using the data you provide to us.

In accordance with current regulations, Our Company is not required to appoint a Data Protection Officer. However, a number of people within our organization have been designated as Data Protection Officers to ensure ongoing compliance with these regulations. They are responsible for implementing and regularly updating best practices in personal data protection (DCP).

What data do we collect and how do we use it?

The information that Our Company collects about you is strictly limited to the data that you provide when using our services and interacting with us. This data includes:

  • The information needed to create your account and for billing:
    • Your full name
    • Your postal address
    • Your telephone number
    • Data essential for payment processing
    • Your login and password (which are encrypted and stored only to verify your authentication on the site)
    • Contact details for purchase recipients
  • Financial information related to transactions (processed by Stripe):
    • Credit card number and expiry date
    • Cardholder’s name and address
  • Data relating to your browsing habits:
    • Cookie identifier
    • Pages you’ve visited
    • The actions you have carried out on the site
    • The frequency of your visits
    • Demographic and geographical data
  • Information about your buying habits:
    • Your purchase history
    • Your preferences and habits

All this data is processed in accordance with our commitment to your privacy and in compliance with the laws in force. Our aim is to offer you quality services while guaranteeing the security and confidentiality of your personal information.

How are they collected?

With your prior consent, this data is collected when you send it to us, whether as part of an order, opening a customer account or registering for our newsletter. It is mainly used to process your orders, manage any warranties, provide our services and ensure the technical management of Our Site.

What do we use your data for and on what legal basis?

We guarantee that the personal data you provide will only be used for explicit and legitimate purposes. This data enables us to:

  • To manage the processing of your orders, payments, delivery of products and provision of services requested by you.
  • Manage our customer base.
  • Send you newsletters, with your consent.
  • Facilitate and optimize the processing of your orders as much as possible.
  • Improve our service to you, based on your preferences and habits.
  • Implement measures to prevent fraud and manage the risk of non-payment.
  • Quickly handle and resolve your complaints or answer your questions.

All these uses of your data are carried out in accordance with the law and with the aim of offering you an optimal experience while guaranteeing the security and confidentiality of your personal information.

With whom do we share your data? (Recipients of your data)

We may pass on your information to third parties, such as service providers associated with Our Company, our partners and affiliated companies. The main purpose of this data transmission is to process your order, to send you our newsletters, or to improve and optimize our services to you.

We would like to reassure you about the confidentiality of all your personal data. Access to this information is strictly restricted to Our Company’s employees, service providers and agents who need it to carry out their duties. We wish to emphasize that all our employees who have access to your personal data are bound by an obligation of confidentiality, and disciplinary sanctions and/or other measures are provided for in the event of non-compliance with these obligations.

For payment processing, your payment data will be forwarded to the following authorized bank service providers: Stripe. Please visit the websites of these service providers for further information on their data protection practices.

Furthermore, we would like to inform you that we do not share, sell or disclose your data (including customer files) to third parties who have no connection with Our Company.

Will your personal data be transferred?

If you are accessing our Site from outside the European Union, whose laws regarding the collection, use and transfer of data differ from those of the European Union, please note that Our Site is subject to French law, as well as the corresponding terms of use and this Policy. Consequently, by using our Site in these circumstances, you consent to the transfer of your personal data to the European Union.

Under no circumstances will your personal data be transferred to countries outside the European Economic Area, unless they are already recognized by the European Commission as offering an adequate level of protection to citizens at the date of transfer.

You can consult the list of these countries at the following address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

What do we use Cookies, targeting and social plugins for?

Our Company uses small text files, commonly known as cookies, which are deposited on your hard disk when you visit Our Site. These cookies record information such as your language preference, the length of your visit and the pages you consult. Their purpose is to improve the fluidity of your experience on Our Site, to analyze the frequency of visits and the use of the site by our users, and to generate statistics to improve the presentation of our products and our communication.

You can customize the settings for these cookies in your browser. If you prefer to prevent cookies from being stored on your hard drive, you can select the « Reject cookies » option in your browser settings.

Certain functions on Our Site, such as sharing content on social networks and direct video playback, depend on services offered by third-party sites. These features use cookies that enable them to track your browsing habits, analyze your online habits, measure Our Site’s audience, identify your centers of interest, and provide you with targeted offers. These cookies are only placed if you give your consent. You have the option of viewing the nature of these cookies, accepting or rejecting them, either globally for the entire site and its services, or individually for each service.

In addition, you may delete cookies already stored on your computer at any time. However, please note that this action may result in a loss of certain functionalities and a less optimal experience when browsing Our Site. We accept no liability in this respect.

Our Site also integrates plugins from social networks such as Facebook or Instagram. If you do not wish Facebook or Instagram to associate the data collected via Our Site with your profile, we recommend that you log out of the corresponding service before visiting Our Site. You can also completely block the loading of these plugins by using browser extensions such as the « NoScript » script blocker (http://www.noscript.net/).

Our Newsletters and Advertising Initiatives

If you have expressly given your consent for this purpose, you will receive our newsletter as well as regular information concerning commercial offers and products from Our Company.

We’d also like to point out the service we use to send our newsletters: the Klaviyo service.

Your data enables us to contact you in the context of our marketing campaigns, whether by e-mail or by post. It is also used to keep you informed of news or new products from our company that may be of interest to you.

How long is your data stored?

At Our Company, we take care not to keep your personal data longer than is necessary to achieve the purposes for which it was collected. The retention period is determined according to the purpose of the processing and complies with current legislation.

Consequently, data relating to our customers is kept for the duration of the commercial relationship, with an extension of 3 years for promotion and prospecting purposes. This is without prejudice to any legal retention obligations or applicable limitation periods.

Data concerning prospective customers is kept for a period of 3 years from the last contact with our company.

What security measures do we apply to your data?

The protection and security of your personal data is a priority for Our Company. We are committed to maintaining their confidentiality and preventing any alteration, destruction, disclosure or unauthorized access by third parties.

To this end, we have put in place appropriate physical, electronic and organizational security measures to prevent the loss, misuse, unauthorized access, alteration or destruction of your personal data.

Among these measures, we use technologies specially designed to secure the transfer of your data. However, despite our efforts, we cannot guarantee total protection, as there are unavoidable risks associated with data transmission in general. We therefore encourage you to exercise caution to avoid unauthorized access to your personal data. In particular, we recommend that you log off when you share your computer, and that you keep your password and account confidential.

We would like to assure you that your credit card payments are secure thanks to 3D Secure technology, which involves double identification of the cardholder via a secure one-time code sent by SMS. Your bank can only validate your payment once you have entered this secure code. Our company does not store your bank details under any circumstances. All transmissions to banks are encrypted and secure.

What are your rights?

At any time, whether when creating your customer account, placing an order, or through the personal settings of your account on Our Site, you have the right to access, modify, update or request the deletion of your personal data.

In addition, you may exercise your right to access, modify, update or delete your data free of charge and without having to provide any justification. To do so, please send your request in writing to our head office at the following address Atelier Choux – 88 rue de Miromesnil, 75008 Paris.

In order to process your request efficiently, please send us a copy of your ID. The maximum processing time for these requests is one month.

In addition, you have the option of revoking your consent to the collection and use of your data at any time, without having to provide any justification. You can do this by clicking on the hypertext link at the bottom of our correspondence, either to stop advertising solicitation or to stop receiving our newsletters.

Who should I contact in the event of a dispute?

In the event of difficulties, our Customer Service and Marketing Departments are available to answer your questions and will do their utmost to find a satisfactory solution to your problem.

Furthermore, in accordance with the French Data Protection Act of January 6, 1978 as amended, as well as the European General Data Protection Regulation n°2016/679, you have the right to lodge a complaint at any time with the CNIL (Commission Nationale de l’Informatique et des Libertés), the supervisory authority in France. You can do this electronically, by telephone, or by sending a letter to the following address:

Postal address: 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07

Website: https://www.cnil.fr/fr/plaintes

Telephone number: 01 53 73 22 22

You can also contact an equivalent supervisory authority in another EU member state, if you are domiciled there. You can find a list of these authorities at the following link:

http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm