Since May 25, 2018, the RGPD (General Data Protection Regulation) rules strengthen the rights of European Community citizens and give them control over the use of their personal data.
For us, your data remains confidential:
- We never sell your data
- Your data is precious: Exchanges are encrypted (https)
- Informed yes but not spammed: Never more than 4 newsletters per year
Our full commitments are available on our website and explain :
- Why we need to collect and store some of your personal data securely;
- When we need to share your data with authorized third parties, and that the security of your data will be respected;
- What your privacy rights are;
- How to manage your preferences and who to contact if you have a complaint.
If you would like to find out more about this new regulation and how it may affect you, please visit the CNIL website.
We remain at your disposal should you have any questions, and thank you once again for your loyalty.
- 1 - Introduction 2
- - Principles of personal data protection 3
- - Specificities linked to the printing of data 4
- - What personal data do we collect? 5
- - Recipients of data 6
- - What rights do you have over your personal data? 7
- - Security of data subject's personal data 8
- - Sharing of data subject's personal data 9
- - Information on cookies
- 10 - Setting up your personal data
- 11 - Contact us
1 - Introduction
1.1 Personal data: Definition
As part of the use of our webshop.3032.eu online store, we may ask you to provide us with personal data for the purposes of making purchases, generating quotations or creating a "Customer Account " to take advantage of benefits we may offer you, such as promotional codes or discounts on our prices, subscribing to our newsletter or commercial mailings.
The term "personal data" refers to all data that can be used to identify an individual through the automatic collection of several pieces of information. This includes your surname(s), first name(s), e-mail address, telephone number(s), data relating to your orders, IP address, as well as any other information that we may request and that you may choose to communicate to us.
3032 is committed to protecting the privacy of its customers. We are clear and transparent about what information we collect, and how we use it.
This policy defines the following topics:
- The general principles of personal data protection;
- The personal data we collect and process;
- The processing purposes of data collection;
- Difficulties associated with printing data;
- Your rights regarding your personal data;
- How to maintain and protect your personal data;
- How to comply with data protection rules.
1.3 Data relating to minors
In principle, our products and services are intended for adults capable of entering into contractual obligations. Users who are minors must obtain the consent of their legal guardians prior to the communication of personal data concerning them.
For registration on our sites and for some of our online services (e.g. newsletter), the minimum legal age is 16.
2 - Principles of personal data protection
The purpose of collecting this data is to provide you with the best possible quality of service. We may also use this data to send you information and/or prospecting emails.
The processing is then based on our legitimate interest in informing you and developing our business.
2.1 Service optimization & security
Data is collected for the purpose of optimizing services and ensuring their security in order to :
- manage your access to and use of certain services available on the site (orders, quotations, notices, etc.))
- Carry out operations relating to the management of users concerning contracts, orders, deliveries, invoices, loyalty programs, follow-up of relations between users Manage
- our Platform and carry out internal technical operations in the context of problem resolution, data analysis, tests, research, analysis, studies and surveys
- Improve and optimize our Platform,
- to ensure that the display of our content is adapted to your device
- To help us maintain a secure environment on our Platform
- To compile commercial statistics and statistics on the use of our services To manage
- any unpaid invoices and disputes relating to the use of our products and services
- To comply with our legal and regulatory obligations
- To collect your payments or pass on refunds collected on your behalf in collaboration with our payment service provider
- To ensure compliance with applicable legislation,
- In the event of non-compliance on your part, we may suspend your account on our platform
- Keep you informed of any changes made to the platform or our services.
2.2 Commercial promotion & advertising
Data collected for the purposes of commercial promotion and prospecting:
- To send newsletters, solicitations and promotional messages (promotions, discount codes, etc.)
- To build up a file of prospects and users
- To organize competitions, lotteries and all promotional operations, excluding online gambling and games of chance subject to approval by the Autorité de Régulation des Jeux en Ligne; to collect opinions from individuals on products, services or content.
If you do not wish us to do so, we give you the option of expressing your refusal in this respect when your data is collected, in accordance with the applicable legal provisions.
We may also use your data to send you advertising messages that may be of interest to you on social networking platforms or third-party sites.
3 - Data printing specificities
Our business involves processing and printing personal data for our customers, or data that may be printed on our equipment.
Numerous risks of loss or involuntary access to personal data must be anticipated in order to limit the risks, particularly when :
- Data transits through computers specialized in printing calculations (RIP),
- Email or data may be forgotten by the customer after having been copied to the desktop,
- Access to an email account may remain active after an Internet connection,
- A USB key may be forgotten on a computer,
- Photocopies or your originals may be left on site.
Our procedures take these specific risks into account, so that we can implement the most appropriate solutions for each risk.
In addition, files sent for printing in the case of customized co-branding projects are kept for up to 1 year after receipt, after which they are automatically deleted.
4 - What personal data do we collect?
4.1 Types of data collected
The use of personal data is made compulsory so that we can send you our communications, products and services in order to manage your online orders, their deliveries, as well as applicable guarantees.
Data collected automatically and anonymously via a set of computerized means is temporarily stored in files of its own and automatically deleted after a certain period(see "Cookie management").
This data is collected for purely technical purposes, such as connection configuration, system security, technical network management and website optimization.
The data we refer to is as follows:
- a) the IP address of the requesting processor; b
- ) the date and time of access; c
- ) the volume of data communicated; d
- ) browser software and operating system identification data; e
- ) geographical data; f
- ) Source or origin from which you accessed our website g
- ) Pages visited on the website and time spent viewing pages.
The collection of this data is necessary to monitor and prevent unauthorized use or activities that may be illegal (for example, to maintain and ensure security in the event of an attack on computer systems).
Your personal data will only be processed in cases of lawfulness. The basis of lawfulness will depend on the purposes for which the personal data has been collected and the necessity of its use.
The following are the possible legal bases for the processing of your personal data:
- Contract performance: processing is necessary for the performance of a contract in which the data subject is a party or for pre-contractual procedures required by the data subject;
- Legal obligation: processing is necessary to comply with a legal obligation to which the controller is subject;
- Defence of the vital interests of the data subject: processing is necessary to protect the vital interests of the data subject or another individual;
- Performing functions in the public interest or authority:
- processing is necessary to perform functions of public interest or to exercise the official authority of the controller who is vested;
- Legitimate business interests: processing is necessary for the legitimate interests of controllers or third parties, unless such interests are overridden by interests of the data subject or fundamental rights and freedoms requiring the protection of personal data, in particular where the data subject is a child.
- Consent of the data subject: the data subject has given his/her consent to the processing of his/her personal data for one or more specific purposes;
Only young people aged 16 or over may give their consent. In the case of minors, the consent of the child's parents or guardians is required.
No personal data will be kept longer than is necessary to achieve the purpose for which the data was collected. To determine the appropriate retention period, the criteria taken into account are: the quantity, nature and sensitivity of the personal data and the purposes of the processing.
Periods during which it is necessary to retain personal data due to legal obligations or to respond to complaints have been taken into account.
Personal data will be securely deleted after the defined retention period. Consideration will be given, over time, to actions to minimize the personal data being processed, and the possibility of anonymizing it so that it cannot be associated with or identified to the data subject, in which case it is possible to use this information without being notified again.
4.2 Data transmitted directly
The data required to create an account on 3032:
- First and last name, e-mail and postal address (billing & delivery), password, telephone number
- Files sent for the production of products
- History of orders & quotations made on our platform, as well as details of accounting operations carried out
- All messages sent by e-mail, as well as the content of any telephone calls made
4.3 Data transmitted automatically
During each of your visits, we may collect, in accordance with applicable legislation and with your consent, information relating to the devices on which you use our services or the networks from which you access our services, such as in particular your IP addresses, connection data, types and versions of Internet browsers used, types and versions of your browser's plugins, operating systems and platforms, data concerning your browsing path on our Platform, in particular your path on the various URL pages of our platform, the content you access or consult.
4.4 Data retention period
Your personal data will not be kept beyond the period strictly necessary for the management of our commercial relationship, i.e. twenty-six (26) months; however, data enabling proof of a right or contract to be established, which must be kept in order to comply with a legal obligation, will be kept for the period stipulated by the law in force.
With regard to any canvassing operations, and in accordance with current legislation, your data may be kept for a period of three (3) years from the end of the commercial relationship.
At the end of this three (3) year period, we may contact you again solely to find out whether you wish to continue receiving commercial solicitations.
Personal data relating to non-customer prospects may be kept for a period of three (3) years from the date of collection or last contact with the prospect.
With regard to the management of opposition lists for commercial prospecting, the information required to take into account your right of opposition is kept for a minimum of three (3) years from the date on which you exercise your right of opposition.
With regard to audience measurement statistics, information stored in users' terminals or any other element used to identify users and enabling their traceability or frequentation will not be kept beyond twenty-six (26) months.
4.5 Bank details
Financial transactions relating to the payment of purchases and fees are entrusted to a payment service provider, Stripe, (the "Payment Service Provider"), which ensures their smooth and secure processing. For the duration of your registration on the platform, and at least until you complete your last transaction, the provider collects and stores your personal data relating to your credit card numbers in our name and on our behalf.
We do not have access to this data. By using this payment platform, you give us your express consent to this storage.
Data relating to the visual cryptogram or CVV2, written on your bank card, are not stored.
Upon proof of your identity and if the conditions for exercising these rights are met, you may exercise your right of access, right of rectification, right of deletion, right to limit processing, right of opposition, right to lodge a complaint with the CNIL and your right to define the fate of your data after your death by contacting Ingenico (https://ingenico.fr/) or by contacting us directly (see article 13 below).
In any event, your data may be kept for twenty-six (26) months following the debit date, for evidentiary purposes in the event of any dispute concerning the transaction in accordance with article L.133-24 of the French Monetary and Financial Code. This period may be extended to fifteen (15) months to take account of the possibility of using deferred debit payment cards.
Other financial data (e.g. payments, reimbursements, etc.) are kept for the length of time required by applicable tax and accounting laws.
If your account has been suspended or blocked, we retain your data for up to ten (10) years from the date of suspension, in order to prevent you from circumventing the rules set out in our General Terms and Conditions of Sale.
4.6 Print files
Files sent for printing are kept for up to 1 year after receipt, after which time they are automatically deleted.
5. Data recipients
5.1 Internal recipients
Our various departments may have access to some of your data, such as for tracking your online orders and resolving problems in the event of a dispute (online payment problems, cancellation of an order for an unavailable product, etc.), with the exception of your bank details and account passwords.
5.2 External recipients
Certain bodies are entitled by law to access your personal data: bodies responsible for monitoring our activity (in particular the statutory auditor); public bodies such as court officers and legal representatives.
We also work in close collaboration with third-party companies that may have access to your personal data, and in particular with the subcontractors we use for technical services, payment services, transport and delivery services, identity verification, as well as with suppliers of analytical solutions, collection companies and credit agencies.
We also work with Google tools for traffic analysis (visitor statistics, pages consulted, time spent on pages, etc.) and website improvement (referencing, page optimization, quality of online content, etc.). We have already anonymized the data transmitted to Google concerning your IP address(how?) to comply with RGDP recommendations (more info here...).
We only share your data with the above-mentioned third parties in the following cases:
- When we use a service provider as part of the performance of any contract entered into between you and Us or in order to provide or improve our services
- When we use search engine and analytics providers to improve and optimize our platform (in this case Google Analytics)
6 - What are your rights regarding your personal data?
By law, the data subject has the right to request:
- Information on whether we hold personal data about data subjects and, if so, what data and why we hold it;
- Access to personal data, receive a copy of the personal data we hold about you and verify that we are processing it legitimately;
- Rectification of the personal data we hold about you in order to complete, at any time, any missing or inaccurate data we have about you;
- Deletion of personal data at any time when a storage period has been reached or data processing is no longer lawful.
- You will also have the right to ask us to delete or erase your personal data in cases where you have exercised your right to object to processing (see below);
- Objecting to the processing of personal data in cases where we depend on a legitimate interest (or a third party) and there is a valid reason for objecting.
- You also have the right to object in cases where we process personal data for direct marketing purposes;
- Opposition to automatic decision-making, including profiling;
- Limitation of data processing by requiring the suspension of the processing of personal data;
- Portability of personal data in a structured and electronic form to you or another entity;
- To withdraw consent.
- In the limited circumstances in which you have given your consent to the collection, processing and transfer of your personal data for a particular purpose, the data subject has the right to withdraw consent for that particular processing at any time.
If you wish to exercise any of these rights, please use our contacts below.
You will not be charged a fee to access your personal information (or to exercise other rights). However, we may charge you a reasonable fee if your request for access is clearly excessive or unfounded. Alternatively, we may refuse to respond to the request in such circumstances.
We may need to ask you for specific information to help us confirm your identity and guarantee your right of access to information (or to exercise one of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to anyone not entitled to receive it.
You may object to any of the types of processing defined in this document on legitimate grounds, either at the time your data is collected, or by contacting us at a later date (right to object).
You may request that the processing of your personal data be restricted, only in the cases provided for by law (right to restrict processing):
- During the period of verification that we implement, when you dispute the accuracy of your personal data, When the processing of such data is unlawful, and you wish to limit such processing rather than delete your data
- When we no longer need your personal data, but you wish to retain them to exercise your rights
- During the period of verification of legitimate grounds, when you have objected to the processing of your personal data.
You can ask us to send you all the personal data we hold about you (right of access). You can then take advantage of this right to check the accuracy of your personal data and have it rectified (right to rectification) or deleted (right to erasure), as appropriate.
You may retrieve the personal data you have provided us with in an open, machine-readable format in order to store it for your personal use or to pass it on to another data controller (right to portability).
You have the right to define directives concerning the conservation, deletion and communication of your personal data after your death.
These directives can be general, i.e. they cover all your personal data. In this case, they must be registered with a trusted digital third party certified by the CNIL.
Directives can also be specific to the data we process. In this case, please send them to the following address:
- E-mail address: contact via the contact form.
By sending us such instructions, you expressly give your consent for these instructions to be stored, transmitted and executed in accordance with the terms and conditions set out herein. In your instructions, you may designate a person to be responsible for their execution.
When you die, this person will be able to read your instructions and ask us to implement them.
If you do not designate a person, your heirs will be entitled to take cognizance of your instructions on your death and ask us to implement them. You may modify or revoke your instructions at any time by writing to us at the above address.
You have the right to lodge a complaint with the competent supervisory authority or to obtain redress from the competent courts if you consider that we have not respected your rights.
Before responding to your request, we may verify your identity and ask you to provide further information. We will endeavour to respond to your request within a reasonable time and, in any event, within the time limits set by law. If you wish to exercise this right, please contact us as indicated in article 13 below.
7 - Security of the data subject's personal data
3032 respects the best practices in terms of security and protection of information and personal data and has adopted a demanding program of policies and rules to ensure the confidentiality, integrity and availability of the information that processes and is under its responsibility.
This program is known to all 3032 employees and partners. 3032's general information security policy establishes a broad set of technical and organizational measures, structured in various security domains, including:
- 1) logical security measures, such as the use of firewalls and intrusion detection systems, the existence of an information access and logging policy; 2
- ) physical security measures, including strict control of access to 3032 physical facilities by employees, partners and visitors, as well as very limited and permanently monitored access to 3032 critical technological infrastructures;
- 3) Other measures such as masking, encryption and anonymization of personal data, as well as a set of measures aimed at respecting the principle of privacy by design and default. Whenever 3032 uses third-party companies or third parties, they will be responsible for complying with applicable legislation, for the personal data they are required to communicate and for ensuring that:
- (i) the sharing of personal data complies with applicable legal regulations;
- (ii) the transmission is made securely
- (iii) subcontractors or third parties are contractually bound to respect confidentiality and secrecy obligations and to ensure the security of personal data
- Such data may not be used for any other purpose, for its own benefit or that of a third party, nor may it be correlated with other available data.
8 - Sharing data subject's personal data
The data subject's personal data may be shared with other companies in the 3032 Group as part of its commercial activity.
- (a) government authorities, police forces and regulators;
- ) service providers (e-mail, website, carriers, financial/insurance institutions, security and surveillance);
- ) analysis tools for website visits.
9 - Information on cookies
This type of file cannot damage your equipment. Among other things, cookies enable us to store and retrieve information about the use of the website, which in turn enables us to improve its quality and offer you a better user experience.
By browsing our website, the visitor agrees that we may place cookies on your device and access them when you visit the site in the future.
9.2 What cookies do we use on our site?
The site uses these types of cookies:
- Technical cookies: these cookies enable you to navigate the site and use features such as the shopping cart.
- Web Analytics cookies: the site uses Google Analytics cookies in order to quantify the number of visitors.
- These cookies are used to analyze and measure how users navigate the Internet. This information enables this website to continually improve its services and the experience of using and purchasing products and services by users.
- For more information, please visit the Google Analytics privacy page: https://support.google.com/analytics/answer/6004245
- Personalization cookies: When a user browses and/or purchases online, the site will remember your preferences (e.g. username, language or location).
- This makes the user's browsing experience simpler, easier and more personal.
9.3 Managing cookies ?
If you wish to delete the cookies already on your computer, consult the help and support section of your Internet browser to find out how to locate the file or directory that stores the cookies.
You can find out more about cookies, how to prevent them and how to delete them on the CNIL website(https://www.cnil.fr/fr/site-web-cookies-et-autres-traceurs). Please note that if we delete our cookies or disable future cookies, you may not be able to access certain areas or features of our site.
For more information on the cookies used on our site, please consult the "Cookie management" section.
10 - Set your personal data
At any time, you can modify your personal data stored in our database for the operation of our website.
Access your personal space
You can also configure the options for receiving messages from our sales department.
There are two options:
- 1 - Subscribe to the newsletter:
- for regular mailings of our promotional messages (maximum 4 per year) 2
- - Receive special offers from our partners: for regular mailings of our promotional messages (maximum 4 per year)
Access your personal information
11 - Contact us
The data subject may contact 3032 for any questions relating to the processing of his/her data and the exercise of rights conferred by applicable legislation via the site's contact form.
3032 undertakes not to divulge or resell this data to third parties. We undertake to comply with the provisions of the French Data Protection Act (Loi Informatique et Libertés n°78-17 du 6 janvier 1978 ).
Furthermore, in accordance with art. 34 of the French Data Protection Act of August1, 2000, you have the right to access, modify, rectify and delete any personal data collected via the webshop.3032.eu website.
To exercise this right, please send us an e-mail via our contact form.
The entire 3032 team thanks you for your confidence...