Personal data protection policy

Last updated on: : Jully 7 2021

Preamble

Our data protection policy was established in accordance with the recommendations of the National Commission for Data Processing and Freedoms. Its purpose is to inform users of the Site www.uvpr.fr  about how their personal data are processed and the commitments and measures we have taken to ensure that visitors' personal data are respected, users and customers of the Association Une Vie pour Rien ?.

It was established in accordance with the provisions of the Data Protection and Freedom Act of 6 January 1978,, of the European Regulation on Personal Data (R.G.P.D.) of 23 May 2018 and the Transposition Act of the European Regulation on the Protection of Personal Data (R.G.P.D.) of 20 June 2018..

 

The version currently published on our website is the current version of this policy. The Association reserves the right to modify it at any time in order to comply with the legal obligations in force. It is therefore the responsibility of each user to regularly review this policy in order to stay informed of any changes that may be made to it.

By browsing our website, the user acknowledges having read, understood and accepted this data protection policy.

ARTICLE 1 – DEFINITIONS

a) Technical terms relating to the protection of personal data

On our website, the following terms have the meaning ascribed to them in the meaning of R.G.P.D. (art.4) :

  • Consent: « any free, specific, informed and unequivocal expression of the will of the data subject by which the data subject accepts, by a declaration or by a clear positive act, that personal data concerning him or her be the subject of processing »
  • Personal data: « toute information se rapportant à une personne physique identifiée ou identifiable (ci-après dénommée «personne concernée») ; est réputée être une «personne physique identifiable» une personne physique qui peut être identifiée, directement ou indirectement, notamment par référence à un identifiant, tel qu’un nom, un numéro d’identification, des données de localisation, un identifiant en ligne, ou à un ou plusieurs éléments spécifiques propres à son identité physique, physiologique, génétique, psychique, économique, culturelle ou sociale; »
  • Controller: « la personne physique ou morale, l’autorité publique, le service ou un autre organisme qui, seul ou conjointement avec d’autres, détermine les finalités et les moyens du traitement; lorsque les finalités et les moyens de ce traitement sont déterminés par le droit de l’Union ou le droit d’un État membre, le responsable du traitement peut être désigné ou les critères spécifiques applicables à sa désignation peuvent être prévus par le droit de l’Union ou par le droit d’un État membre; »
  • Subcontractor: « the natural or legal person, public authority, department or other body that processes personal data on behalf of the controller; »
  • Processing: « any operation or set of operations carried out or not carried out using automated processes and applied to personal data or data sets, such as collection, recording, organisation, structuring, retention, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of provision, approximation or interconnection, limitation, erasure or destruction; »
  • Personal data breach: « a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of personal data transmitted, stored or otherwise processed, or unauthorised access to such data; 
 
b) Other terms used herein
  • « Association» : désigne l’association Une Vie Pour Rien au n° Siren 478920002 dont le siège social est 5 rue Francis de Pressense 44000 NANTES.
  • « Policy» : désigne la présente Politique de Protection des Données Personnelles ;
  • « Site» : désigne le site internet uvpr.fr  ou tout autre site internet exploité par l’Association et mis à disposition dans le cadre des Services ;
  • « Utilisateur »: means any individual who uses the Site and has access to its content;
 
 
 

ARTICLE 2 – DATA COLLECTED

a) Consent

By browsing our Site, the User consents to the collection and processing of personal data that he provides. This consent serves as a legal basis for the processing of the collected data.

The Association collects and processes the data strictly necessary for the purposes for which they are processed. We undertake to our users not to process the data for purposes other than those mentioned below. If we are to offer a new service on our Site, requiring the collection and processing of data, we undertake to collect the consent of our users once again before offering them the new service in question.

Whenever our Site processes personal data, it shall take all reasonable steps to ensure the accuracy and relevance of the personal data in relation to the purposes for which it processes it.

 

b) Access to data

The data we collect on our website is for our exclusive use only. The personal data of our users are not communicated to third parties but may be accessible by our service providers and subcontractors in the context of the maintenance and development of the Site. The personal data accessible by our service providers and subcontractors are not processed, collected or used by the latter who can only access it for IT maintenance.

Le responsable du traitement de vos données de l’Association Une Vie Pour Rien est joignable à l’adresse suivante : [email protected]As the controller of the data it collects, it undertakes to comply with the legal provisions in force. In particular, it is its responsibility to provide users with complete information on the processing of their personal data and to maintain a register of processing in line with reality.

ARTICLE 3 – TREATMENT FINALITY

Nous collectons les données des utilisateurs uniquement pour les finalités de traitement suivantes :

a) Browsing our websiteOur Association collects your browsing information for statistical purposes only. We invite you to refer to our corresponding cookie policy.

b) Creation of a Customer account To place an order on the Site, the User can create a customer account. To this end, the employee must provide his or her surname, first name, address, country and email address as well as a telephone number (optional). The information is processed for order processing purposes only.

c) Placing an order To place an order on the Site, all Customers must enter a delivery address. These data are processed only for the delivery and processing of the order.

d) Preventing and combating computer fraud (spamming, hacking, etc.) : matériel informatique utilisé pour la navigation, l’adresse IP, le mot de passe.

 

We do not exceed the legal time limits for storing the data and your data are kept only for the time necessary for the processing of the purposes for which they were collected.

ARTICLE 4 – NON-COMMUNICATION OF PERSONAL DATA

Our Association shall not process, host or transfer the Information collected on its users to a country outside the European Union or recognized as « inadequate » by the European Commission without informing the data owner beforehand.

However, our Association remains free to choose its technical and commercial subcontractors on the condition that they provide sufficient guarantees with regard to the requirements of the General Data Protection Regulation (RGPD : n° 2016-679). Les Données Personnelles de l’Utilisateur peuvent être traitées par des filiales de notre Association  et des sous-traitants (prestataires de services), exclusivement afin de réaliser les finalités de la présente politique.

Where the Association makes use of the services of providers, the latter shall have limited access to user data, in the course of the performance of these services and have a contractual obligation to use them in accordance with the provisions of the applicable regulations on the protection of personal data.

The Association undertakes to take all necessary precautions to preserve the security of the Information and in particular that it is not communicated to unauthorised persons.

ARTICLE 5 – DATA SECURITY AND INCIDENT NOTIFICATION

Our Site and our Association have taken all necessary and useful precautions, with regard to the state of the art in this matter, to protect your information in a secure environment in order to avoid any destruction, loss, alteration, dissemination or unauthorised access. Whatever efforts are made, no method of transmission over the Internet and no method of electronic storage is completely secure. We cannot therefore guarantee absolute security. If we became aware of a security breach, we would notify the affected users so that they could take appropriate action. Our incident notification procedures take into account our legal obligations, whether at national or European level.

In the event that the integrity and confidentiality of your data is compromised, the controller undertakes to comply with the procedures put in place under the French Data Protection Act of 6 January 1978 and the Règlement Européen sur la Protection des Données (« RGPD »).

 

ARTICLE 6 – RIGHTS OF PERSONS

With regard to the legal provisions of the French Data Protection Act of 6 January 1978 and the Règlement Européen sur la Protection des Données (« R.G.P.D »), les utilisateurs de notre Site disposent des droits suivants :

a) right of access (article 15 GDPR) and rectification (article 16 GDPR), update, completeness of Users' data, right to lock in or delete personal Users' data (article 17 GDPR), where they are inaccurate, incomplete, equivocal, outdated, or whose collection, use, disclosure or retention is prohibited

b) the right to withdraw consent at any timearticle 13-2c GDPR)

c) right to limit the processing of Users' data (article 18 GDPR)

d) right to object to the processing of Users' data (article 21 GDPR)

e) right to data portability portability which the Users have provided, where such data are subject to automated processing based on their consent or on a contractarticle 20 GDPR)

f) right to define the fate of the Users' data after their death and to choose to whom the Association must communicate (or notits data to a third party that it has previously designated.

 

Our site and our Association may not object to the request of users to exercise their rights.

Any other request may be made at any time by e-mail to the following address: [email protected]. Requests will be processed within ten (10) working days unless there are compelling reasons advanced and justified by our Association justifying an extension of the deadline.

ARTICLE 7 – REFERRAL TO THE CNIL

If our Association does not satisfy the request of the user, the latter is entitled to refer to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr) in order to assert his rights.

ARTICLE 8 – MINIMUM AGE

In accordance with the provisions of article 8 of GDPR we do not collect, directly or indirectly, personal data from persons under the age of sixteen (16) without the consent of their legal guardian. Users under sixteen (16) years of age are invited to request the agreement of a legal representative – required by Une Vie Pour Rien – so that his personal data can be collected and to be able to use the services of the Site.

Une Vie Pour Rien reserves the right to request proof of this agreement from the legal representative. The liability of our Association may not be sought in case of provision by any user of personal data concerning a minor under sixteen (16) years.

ARTICLE 9 – DEFINITION OF COOKIES

The user is informed that a cookie is a small file deposited on the terminal of any user (computer, tablet or mobile device), by our site, during its consultation. It does not contain any personal information, but makes it possible to link the user’s device to his preferences of use and experience on our site (eg : the place, the language, the size of the characters).

ARTICLE 10 – CONSENT REGARDING THE USE OF COOKIES

For the use of « cookies » files involving the storage and analysis of personal data, the consent of the user is always requested. This consent is valid for a period of thirteen (13) months, after which a new authorization will be requested from the user.

ARTICLE 11 – USE OF COOKIES

We use and collect cookies for the purpose of:

  • To process statistics and information on traffic on our site and to optimize it as best as possible;
  • Offer our users a seamless browsing experience by adapting the presentation of our site to the display preferences of the user’s terminal;
  • Remember information provided on the platform by the user.
We use the following cookies on our website:
CookieDuréeDescription
__cfduid1 monthThe cookie is used by cdn services like CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
__stripe_mid1 yearStripe is used to making credit card payments. Stripe uses a cookie to remember who you are and to enable the website to process payments without storing any credit card information on its own servers to prevent fraud.
cookielawinfo-checkbox-necessary6 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary6 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".
CookieLawInfoConsent6 monthsSaves the preset status of the button of the corresponding category as well as the status for CCPA. This only works in conjunction with the main cookie.
test_cookie15 minutesThis cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
viewed_cookie_policy11 months 30 days 5 hours 48 minutesThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not the user has consented to the use of cookies. It does not store any personal data.
woocommerce_cart_hashsessionHelps WooCommerce determine when cart contents/data changes.
woocommerce_items_in_cartsessionHelps WooCommerce determine when cart contents/data changes.
wp_woocommerce_session_2 daysContains a unique code for each customer so that it knows where to find the cart data in the database for each customer.
yt-remote-connected-devicesThis HTML storage key is used to regulate the behavior of the integrated YouTube video player.
yt-remote-device-idSaves the user settings when calling up a YouTube video integrated on other websites
 

ARTICLE 12 – NAVIGATION SOFTWARE SETUP

The user can configure his navigation software to set his choices regarding the use of cookies:

The user can also set his browser to accept or reject cookies on a case-by-case basis before they are installed, or delete cookies from his device. The user is informed that by setting his browser to refuse cookies, some features of our site may not be accessible and the responsibility of our Association or the hosting provider could not be sought as such.

ARTICLE 13 – CONFIGURATION OF SOCIAL NETWORKS

By clicking on the icons dedicated to social networks, Facebook and Bandcamp Bandcamp appearing on our site and if the user has accepted the deposit of cookies by continuing his navigation on the site, these social networks may also place cookies on the user’s terminals.

The user can consult the data protection policy of these social networks to set cookies:

 
 
 

ARTICLE 14 – MODIFICATION OF THE PRIVACY POLICY

Une Vie Pour Rien reserves the right to change this Policy at any time. If a change is made to this Policy, the new version will be published immediately on the Site. If the User does not agree with the terms of the new policy, he has the option of no longer using the Site’s Services and no longer browsing the Site.