1 – Parties to this act
Between the undersigned: 1° The simplified joint stock company ENTOMA with a capital of 22,812.62 Euros, registered in the Paris Trade and Companies Register under number 788416709, whose registered office is located at 61 avenue de saxe 75007 Paris, and having as its VAT number FR505788416709. Hereinafter referred to as the “Data Controller”, on the one hand, and 2° Any natural person browsing the Data Controller’s website; Hereinafter referred to as the “Data Subject”, on the other hand, It has been set out and agreed as follows:
2 – Purpose
3 – Definitions
Supervisory Authority means the Commission Nationale de l’Informatique et des Libertés (CNIL), the French independent public authority responsible for regulating data protection;
Consent means any free, specific, informed and unambiguous expression of will by which the Data Subject accepts, by a declaration or by a clear positive act, that Data concerning him/her may be processed by the Data Controller.
Cookie means a file enabling the Data Subject’s browsing on the Site to be traced.
Recipient means any natural or legal person, public authority, service or other body that receives communication of the Data, whether or not it is a Third Party. However, public authorities that are likely to receive communication of Data, in particular in the context of an investigation mission, are not considered as Recipients within the meaning of this definition.
Data means any information relating to the Data Subject.
File means any structured set of Data accessible according to determined criteria, whether this set is centralised, decentralised or distributed in a functional or geographical manner.
Legislation means any law and regulation relating to Data protection, and in particular the European Regulation n°2016/679 and the law n°78-17.
Browsing means the consultation, acknowledgement, order and/or purchase of Products on the Site by the Person concerned.
Data subject means any natural person who browses the Site, when he or she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Products means the products offered for sale on the Site by the Data Controller to the Data Subject.
Pseudonymisation means the processing of Data in such a way that it can no longer be attributed to the Data Subject without the need for additional information.
Data Controller means the simplified joint stock company ENTOMA with a capital of 22,812.62 Euros, registered in the Paris Trade and Companies Register under the number 788416709, whose registered office is located at 61 avenue de saxe 75007 Paris, which alone or jointly with others, determines the purposes and means of the Processing.
Site means the infrastructure developed by the Data Controller in accordance with the computer formats usable on the Internet, comprising data of various kinds, and in particular texts, sounds, still or animated images, videos and databases, intended to be consulted by the Person concerned in order to find out about, reserve, order and/or purchase Products (www.jiminis.com).
Subcontractor means any natural or legal person, public authority, department or other body other than the Data Controller who processes the Data on behalf of the Data Controller.
Third party means any natural or legal person, public authority, department or other body other than the Controller, the Processor and those persons who, under the direct authority of the Controller or the Processor, are authorised to process the Data, and in particular tour operators, travel agencies and reservation systems.
Processing means any operation or set of operations, whether or not carried out using automated processes, applied to the Data or sets of Data, such as limitation, erasure or destruction.
4 – Principles of treatment
In accordance with the Legislation, the Data Controller undertakes to respect the following principles for each Processing operation:
- Purpose limitation
- Data minimisation
- Limitation of retention Integrity
5 – Processed data
In the context of Browsing, the Data Controller collects and processes a number of Data, including :
- Personal information (surname, first name, gender, postal address, email address, telephone number, date of birth, age, date of registration and unsubscription to the controller’s customer account and newsletter, messages exchanged with the controller, telephone conversations with the controller’s customer service)
- Banking information (payment method, credit card number)
- Information about your order (product ordered, delivery address, delivery tracking number, order price)
- Technical information (browsing behaviour on the Site, IP address, products added to the basket, collection of consent).
6 – Treatment context
Data may be collected and processed by the Data Controller on various occasions, including :
Purchase of Products on the Site
Contact with the Data Controller Newsletter subscription
Creation of a referral link
Creation of a customer account
Browsing the Site.
7 – Duration of storage of your data
If you leave a comment, the comment and its metadata are retained indefinitely. This allows subsequent comments to be automatically recognised and approved rather than left in the moderation queue.
For users who register on our site (where possible), we also store the personal data indicated in their profile. All users can view, edit or delete their personal information at any time (with the exception of their username). Site managers can also view and modify this information.
|Purpose of the Processing||Data concerned||Legal basis of the processing||Duration of Data Retention|
|Management of product purchases and deliveries||First name, last name, email address, postal address, telephone number, delivery address, order placed, delivery tracking number, registration and deregistration date, payment method, payment method, credit card number||Contract, legal obligation and legitimate interest of the controller to establish, exercise and defend its legal rights||10 years from the purchase of the Product EXCEPT 15 months from the purchase of the product for the banking data (immediately for the visual cryptogram)|
|Creation and management of customer accounts||First name, last name, email address, postal address, telephone number, date customer account created, date customer account deleted, consent obtained||Consent of the Data Subject, legitimate interest of the Controller to create a customer account following the purchase of a product by the Data Subject||3 years from the last time the Data Subject logs on to his/her customer account OR immediately upon deletion of his/her customer account|
|Commercial relationship management and prospecting||First name, last name, email address, postal address, telephone number, purchase history, consent||Consent of the Data Subject and legitimate interest of the Controller to promote its Products||3 years from the last contact by the Data Subject or from the end of the commercial relationship|
|Newsletter management||Email address, surname, first name, telephone number, consent form||Consent of the Data Subject||When you unsubscribe|
|Securing and improving the Site||IP address, Navigation dataIP address, Navigation data||Legitimate interest of the Data Controller in improving the Site and managing the Site, securing and administering the Site, preventing fraud and malicious acts.||13 months|
|Complaints management Site statistics and personalised advertising||First name, last name, email address, postal address, telephone number, IP address, browsing data, collection of consent||Consent of the Data Subject and its Products and customer service.||3 years from the last contact by the Data Subject or from the end of the commercial relationship|
|Sponsorship||E-mail address, name and surname, consent form||Consent of the Data Subject||3 years after the application for a sponsorship link|
7 – Treatment details
The Data Controller reserves the right to anonymise the Data being Processed before deleting it. The anonymised data may then be processed for statistical purposes.
8 – Recipients of the data
In principle, the Data Controller is the sole Recipient of the Data. However, the Data Controller may transfer the Data to other Recipients, in particular in the context of the management of the purchases of Products by the Person concerned, and/or to any public authority that may request it, in particular in the context of an investigation mission. The following Recipients may process your data, as Subcontractors, on behalf of the Data Controller:
- PrestaShop S.A., SA with a capital of 339 501,30 euros RCS PARIS B 497 916 635 head office : 4, rue Jules Lefebvre, 75009 Paris
- FACEBOOK FRANCE SARLU with capital of €4,950,000 RCS Paris 630 085 802 Registered office: 6 rue Menars, 75002 Paris
- GOOGLE FRANCE SARLU au capital de 7 500€ RCS Paris 443 061 841 Siège social : 8 rue de Londres, 75009 Paris
- TWITTER FRANCE SASU with a capital of 37 000€ RCS Paris 789 305 596 Head office : 10 rue de la Paix, 75002 Paris
- SHIPUP SAS with a capital of 1 258€ RCS Nanterre 822 856 068 Head office : 47 rue Marcel Dassault, 92100 Boulogne Billancourt
- FLUX TENDU, SAS with a capital of 20 000€ RCS Rennes 821274164 Head office : 1 rue raoul ponchon – 35000 Rennes
- MONDIAL RELAY SASU with a capital of 500 400€ RCS Lille 385 218 631 Head office : 5 Avenue Antoine Pinay, 59510 Hem
- LA POSTE SA with a capital of 3 800 000 000€ RCS Paris 356 000 000 Registered office: 9 rue du Colonel Pierra Avia, 75015 Paris
- NET REVIEWS SAS with a capital of 594 740€, RCS Marseille 750882375 Head office : 18 AV ROBERT SCHUMAN 13002 Marseille
- STRIPE FRANCE SARLU au capital de 1 000€ RCS Paris 807 572 011 Siège social : 10 Boulevard Haussmann, 75009 Paris
This list of the Data Processors of the Data Controller may change at any time. The Data Controller undertakes to require its Subcontractors to provide sufficient guarantees as to the implementation of appropriate technical and organisational measures so that the Processing complies with legal and regulatory requirements and guarantees the protection of the Data Subject’s rights, particularly in the event of the transfer of Data outside the European Union. In addition, the Controller may disclose to any Recipient or Third Party the Data that is subject to Processing where a legal obligation to do so exists or where the Controller considers in good faith that this is necessary to:
Enforce any contract to which the Person concerned is a party Safeguard the vital interests of any natural person The performance of a task in the public interest.
9 – Data subject’s rights to data
The Data Subject has a number of rights in relation to the Data which he or she may exercise, except in the case of applicable legislative or regulatory exceptions, by making a request to the data controller at the following address
SAS ENTOMA – 61 avenue de saxe 75007 Paris – firstname.lastname@example.org
The data controller shall accompany the Data Subject in the exercise of his/her rights to the Data. In the event of reasonable doubt as to the identity of the Data Subject requesting the exercise of his/her rights to the Data, the data controller may request that a copy of an official identity document be attached to the request. Requests will be processed as soon as possible and at the latest within the time limits set by the Legislation.
9.1 – Right of access
The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not Data are being processed and, where they are, access to such Data and the following information:
- The purposes of the processing
- The categories of Data
- The Recipients or categories of Recipients to whom the Data has been or will be disclosed, in particular recipients established in third countries or international organisations
- Where possible, the duration of the retention of the Data or, where this is not possible, the criteria used to determine this duration
- The existence of the right to request from the Controller the rectification or erasure of Data, or a restriction of the processing of Data, or the right to object to such processing The right to lodge a complaint with a supervisory authority
- Where the Data is not collected from the Data Subject, any available information as to its source
- The existence of automated decision-making, including profiling, and, at least in such cases, relevant information concerning the underlying logic and the significance and intended consequences of such processing for the Data Subject.
- The Controller shall provide a copy of the Data being Processed and reserves the right, in return for providing such a copy, to pay a reasonable fee based on administrative costs for any additional copies requested by the Data Subject.
9.2 – Right of deletion and rectification
The Data Subject has the right to obtain from the Data Controller the rectification and/or erasure of inaccurate or outdated Data as soon as possible, unless the contrary situation prevents the exercise of this right, and in particular:
- Exercising the right to freedom of expression and information
- Compliance with a legal obligation
- The public interest in the field of public health, archives, scientific or historical research or statistics
- The establishment, exercise or defence of legal claims.
9.3 – Right of objection
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the Processing of Data based on the performance of a task carried out in the public interest or the necessity of the legitimate interest of the Data Controller.
The Data Controller undertakes not to process the Data any further unless he/she can demonstrate compelling legitimate grounds for the Processing which override the interests and rights and freedoms of the Data Subject, or for the establishment, exercise or defence of legal claims.Furthermore, the Data Subject has the right to object at any time to the Processing of Data carried out for the purpose of canvassing by the Data Controller, insofar as the Data Subject is linked to such canvassing.
Finally, where Data are processed for scientific or historical research or statistical purposes, the Data Subject has the right to object, on grounds relating to his or her particular situation, to the processing of the Data, unless the Processing is necessary for the performance of a task in the public interest.
9.4 – Right to limitation
The Data Subject has the right to obtain from the Controller the restriction of the Processing of the Data where:
- The accuracy of the Personal Data is contested by the Data Subject, for a period of time allowing the Person
- The Data Controller no longer needs the Data for the purposes of the Processing but the Data are still necessary for the Data Subject to establish, exercise or defend legal claims
- The Data Subject has objected to the Processing in accordance with Article 9.3, during the verification as to whether the legitimate grounds pursued by the Controller override those of the Data Subject.
- The Data Subject who has obtained the restriction of the Processing of the Data is informed by the Controller before the restriction of the Processing is lifted.
9.5 – Right to data portability
The Data Subject shall have the right to receive the Data he or she has provided to the Controller in a structured, commonly used and machine-readable format, and shall have the right to transmit such data to another controller without the Controller’s interference, where:
- The Processing is based on the Consent of the Data Subject or on the performance of a contract to which the Data Subject is party;
- The Processing is carried out by means of automated processes.
- The Data Subject, when exercising his/her right to Data portability, has the right to have the Data transmitted directly from the Controller to another Controller, where technically possible.
- 9.6 – Right to lodge a complaint with the supervisory authority
- The Data Subject has the right to lodge a complaint with the Supervisory Authority if he/she considers that he/she is the subject of unlawful Processing of Data by the Controller.
9.5 – Droit à la portabilité des données
The Data Subject has the right to define directives on the fate of the Data after his/her death with the Data Controller, who will use all technical means to ensure that this wish is respected.
10 – Data security
The Controller shall take appropriate technical and organisational measures to protect the Data against destruction, loss, alteration, misuse and unauthorised access, modification or disclosure, whether such actions are intentional or accidental.
These technical and organisational measures are intended to ensure the confidentiality, integrity, availability and resilience of the Site and the information systems where the Files are stored.
In order to secure the Person’s browsing, the Site is SSL (Secure Socket Layer) encrypted.
13 – Cookie management
When browsing the Site, the Person concerned is asked to consent to the installation of Cookies on his/her computer terminal.
In general, Cookies record information relating to the browsing of computers on the Site (the pages consulted, the date and time of consultation, etc.), information that may be read during the Data Subject’s subsequent visits to the Site with transmission of the Data to the Data Controller. The installation of these Cookies requires the consent of the Person concerned.
Some Cookies are essential for the proper functioning of the Site and do not require the consent of the person concerned prior to their installation.
The Data Subject may refuse to give consent to the installation of non-functional Cookies, withdraw consent and/or set the Cookies at any time by using the Controller’s Cookie Manager below or by configuring his/her browser in the following manner:
For Chrome :
- Choose the “Delete browsing data” menu
- Check the box “Cookies and other site data” and then “Delete data”.
For Mozilla Firefox :
- Choose the “Tools” menu and then “Options”.
- Click on the “privacy” icon
- Locate the “cookie” menu and select the options that suit you
For Microsoft Internet Explorer 6.0 :
- Select the “Tools” menu, then “Internet Options”. Click on the “Confidentiality” tab
- Select the desired level with the cursor.
For Microsoft Internet Explorer 5 :
- Choose the ‘Tools’ menu, then ‘Internet Options’. Click on the ‘Privacy’ tab
- Customise the level” with the slider
For Netscape 6.X and 7. X :
- Choose the “Edit” menu > “Preferences” Privacy and Security
For Opera 6.0 and above :
- Choose the menu “File” > “Preferences” Privacy.