Pursuant to the amended Statute No. 78-17 of 6 January 1978 and the regulation (EU) 2016/679 of 27 April 2016 on data protection (hereinafter, the “GDPR”), the Company informs any User accessing the services offered on the Site of its commitment to comply with the confidentiality, integrity and security of the data that the User will be required to communicate to it through the Site or in stores.
Any personal data identifying the User directly (in particular his or her surname, first name, postal, electronic or telephone details) or indirectly are considered as confidential data and are treated as such, subject to changes in the legal framework on the qualification of personal data (hereinafter, the “Personal Data”).
Words, terms and expressions hereafter, when used in singular or plural with initial capital letters shall have the meanings set forth in the TOU and/or the TOS, if not otherwise defined elsewhere herein.
ARTICLE 1. IDENTITY OF THE CONTROLLER
The controller which collects the User’s data on the Site and in stores is Jacquemus, a limited liability corporation with sole shareholder (“société par actions simplifiée à associé unique”) duly organized under the laws of France, with a capital of €74,787.00, whose registered office is located at 69, rue de Monceau, 75008, Paris, France, registered with the Paris Companies Register under identification number 793 555 368 (hereinafter the “Company”).
ARTICLE 2. PERSONAL DATA LIKELY TO BE COLLECTED
When browsing the Site, visiting the stores and/or using the various services offered by the Company, the User agrees that the Company may collect the following categories of data:
- Personal identification data: last name, first name, date of birth, postal address, email address, telephone number, citizenship, language;
- Connection and browsing data: IP address, password;
- Personal data related to an order: gender, size preferences;
- Personal data such as the geographical area of connection, the day and time of consultation of the Site, the services consulted and/or used.
The User undertakes to provide updated and valid Personal identification Data, within the framework of the information required on the Site and guarantees not to make any false declaration or provide any erroneous information.
ARTICLE 3. METHOD PERSONAL DATA COLLECTION
The Users consent to the collection of their Personal Data by the Company when their provide information during the following processes:
- User Account creation form;
- Subscription to the Company’s newsletter;
- Order form;
- Delivery form;
- In-store form;
- Reservation of a product in stores;
- Subscription to a waitlist for a product;
- Creating a basket of Products;
- Account creation form with third party partners and providers such as Facebook, or Instagram.
ARTICLE 4. LEGAL BASIS FOR COLLETING AND PROCESSING PERSONAL DATA
Users’ Personal Data are collected on the basis of the following legal grounds:
- The specific, free, and informed consent of the User (in particular for the creation of the User account, and the subscription to the newsletter and special offers from partners of the Company, etc.);
- The performance of a statutory obligation by the Company;
- The performance of a contract concluded between the Company and the User (in particular for the performance of the terms of use/terms of sale);
- The legitimate interest of the Company (in particular to ensure the security of transactions).
ARTICLE 5. PURPOSES OF PERSONAL DATA PROCESSING
Mandatory Personal Data are the data strictly necessary for the processing or the requests of the User. Should such data not be provided, the User is informed that certain services offered by the Company may not be provided or available. The compulsory nature of the information requested is made known to the User at the time of collection.
The optional Personal Data collected by the Company is intended to allow a better knowledge of the Users and to improve their browsing experience on the Site and/or in stores.
Personal Data is collected and processed for the following purposes:
- Creation of the User Account;
- Subscription to the Company’s newsletter;
- Contact and assistance;
- Management of the commercial relationship;
- Commercial prospecting and sending newsletters;
- Service improvement;
- Management of operations related to any order (confirmation, follow-up, delivery, etc.);
- Access to the User Account on the Site (accessible by login and password);
- Making appointments online;
- Contacting the Company through the online form.
Users are informed that, subject to their prior, specific and affirmative consent, the Personal Data transmitted may be transferred to the Company’s business partners and/or companies belonging to the same group as the Company, so that the latter can inform Users about their offers and services.
ARTICLE 6. RETENTION PERIOD OF PERSONAL DATA
Personal Data are kept by the Company for the period during which such data is necessary to meet the above-mentioned purposes, and in particular:
- Data relating to the management of files (follow-up of orders, invoicing) are deleted or archived at the end of a period of five (5) years after the end of the relationship with the Company;
- Data relating to the management of the customer- and prospect-to-Company relationship (loyalty programs, and prospecting campaigns, follow-up of the relationship, newsletter, etc.) are deleted or archived at the end of a period of three (3) years after the end of the relationship with the Company.
This Personal Data may also be kept for a period of ten (10) years thereafter in the archive, with restricted access, in order to (i) comply with the Company’s legal and regulatory obligations, and/or (ii) enable it to assert a legal claim, before being permanently deleted.
ARTICLE 7. RECIPIENT OF PERSONAL DATA
The User’s Personal Data is intended for use by the persons duly authorized to process it within the Company, in particular, and depending on the nature of the processing and the type of data, the persons in charge of the sales department, customer service, marketing, administrative, logistics and IT departments.
While carrying out its activities and providing its services, the Company may use of subcontractors and may transfer Personal Data outside of the European Union, notably to its subsidiaries located in the UK and the US and/or its foreign partners located in the US and in the Middle East.
These subcontractors:
- Process the User’s Personal Data on the Users’ behalf and on their instructions;
- Present sufficient guarantees as to the implementation of appropriate technical and organizational measures to ensure the security and confidentiality of the User’s data.
The Company shall ensure that the subcontractors and employees offer and warrant the same level of protection as the Company, and represents that such subcontractors and employees process the Personal Data exclusively for the authorized purposes, and with the required discretion and level of security.
In cases where the Company uses subcontractors located in countries offering levels of protection that are not equivalent to the level of protection of personal data in the European Union, the Company undertakes to ensure that the said transfer is governed by the data protection agreement concluded between the European Union and countries of destination, pr by an adequacy decision by the European Commission regarding countries ensuring an adequate level of protection, or by the signature of standard contractual clauses established by the European Commission (“SCC”) or adopted by a control authority and approved by the European Commission, or by the implementation of internal binding company rules (“BCR”), or by an approved code of conduct, an approved certification mechanism or an administrative arrangement or legally binding and enforceable text adopted to enable cooperation between public authorities.
Finally, the Company may transfer or allow access to User Personal Data to administrative or judicial authorities in order to satisfy the requirements of any law, regulation, legal process or enforceable governmental request.
ARTICLE 8. MEASURES IMPLEMENED BY THE COMPANY TO ENSURE THE SECURITY AND CONFIDENTIALITY OF THE PERSONAL DATA
The Company undertakes to process Personal Data in a manner that is:
- Lawful;
- Fair;
- Transparent;
- Proportionate;
- Relevant;
- Within the strict framework of the purposes pursued and announced;
- For the duration necessary for the processing operations put in place;
- Secure.
The Company implements and updates the appropriate technical and organizational measures to ensure the security and confidentiality of the Personal Data, preventing such data from being altered, damaged or provided to unauthorized third parties.
ARTICLE 9. USERS’ RIGHTS IN PERSONAL DATA
It is possible for the Users, by simple written request, to access their Personal Data, to request its modification or correction, or to demand that it no longer appears in the Company’s database.
As part of the right of access, the Users are authorized, in accordance with article 15 of the GDPR, to question the Company in order to obtain: (i) communication of the Personal Data concerning them in an accessible form; (ii) confirmation that their Personal Data is or is no longer being processed; (iii) communication of the purposes of the processing, the categories of Personal Data processed and the recipients to whom their Personal Data is provided; and (iv) the duration of the storage of their Personal Data or the criteria used to determine this duration.
In accordance with article 16 of the GDPR, the right of rectification gives the Users the right to require the Company to rectify, complete or update their Personal Data when it is inaccurate, incomplete, equivocal or out of date.
Under the conditions set forth in article 17 of the GDPR, the Users have a right to the deletion of their Personal Data, allowing them to ask the Company to delete their Personal Data as soon as possible, in particular when it is no longer necessary with regards to the purposes for which it was collected.
The Users also have the right to limit the processing of their Personal Data in the cases listed in article 18 of the GDPR. They may thus request that their Personal Data be kept only for the purposes of:
- Verifying the accuracy of the Personal Data that they dispute;
- Being used for the purpose of ascertaining, exercising or defending their rights in court, even though the Company no longer has any use for it;
- Verifying whether the legitimate reasons pursued by the Company prevail over their own in the event that they oppose processing based on the legitimate interest of the Company;
- Satisfying their request for limitation of the use of their data—rather than deletion—in the event that the processing of his/her data is unlawful.
The Users have the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the processing already carried out, based on the consent given prior to the withdrawal.
In the circumstances provided for in article 20 of the GDPR, the Users have a right to the portability of their Personal Data, allowing them to recover from the Company the Personal Data they have provided, in a structured, commonly used and machine-readable format, for the purpose of forwarding them to another data controller.
In accordance with article 21 of the GDPR, the User has the right to object, at any time, to the processing of his Personal Data for commercial prospecting purposes.
In accordance with article 85 of Statute no. 78-17 of January 6, 1978 relating to data processing, files and freedoms, the Users have the possibility to define specific directives relating to the conservation, deletion and communication of their personal data post-mortem. These specific directives will only concern the processing carried out by the Company and will be limited to this scope only.
In order to exercise the aforementioned rights of access, rectification, deletion, limitation, portability and opposition, the Users need only send their request:
- By email to the following address: legal@jacquemus.com ; or
- By post mail to the following address: Jacquemus – 69, rue de Monceau, 75008 Paris, France.
The Company will provide the person exercising one of these rights with information on the measures taken, as soon as possible and in any event within one (1) month of receipt of the request. This period may be extended by two (2) months, depending on the complexity and number of requests.
If the Company does not comply with the request, it will inform the person as soon as possible, and at the latest within one (1) month of receipt of the request, of the reasons for its inaction and of the possibility of lodging a complaint with a supervisory authority and of lodging a judicial appeal.
The exercise of these rights shall be free of charge. However, in the event of a manifestly unfounded or excessive request, the Company reserves the right: (i) to require payment of a fee taking into account administrative costs; or (ii) to refuse to comply with such requests.
ARTICLE 10. REMEDIES IN CASE PERSONAL DATA’S VIOLATION
In the event of a violation of the Personal Data that may create a risk to its rights and freedoms, the Company shall notify the CNIL, French independent administrative authority on personal data, of the violation as soon as possible, and, if possible, seventy-two (72) hours at the latest after becoming aware of such violation. The Company will also inform the User as soon as possible in accordance with the provisions of article 34 of the GDPR.
Without prejudice to any other administrative or jurisdictional remedies, the Users who considers that the processing of their Personal Data constitutes a violation of the provisions of the legislation in force, may file a complaint with a competent supervisory authority such as the CNIL.
ARTICLE 11. REQUEST FOR INFORMATION
For any questions concerning the processing of their Personal Data and the exercise of their rights, Users may contact the dedicated service, specifying “RGPD information request” in the subject line of their request:
- By email at the following address: legal@jacquemus.com; or
- By post mail to the following address: Jacquemus – 69, rue de Monceau, 75008 Paris, France.
ARTICLE 12. MODIFICATION OF THE PERSONAL DATA PROCESSING POLICY
The Company reserves the right to modify this Personal Data processing policy in order to comply with the requirements of the legislation protecting privacy or in order to adapt the same it to the Company’s practices. Therefore, the User is invited to consult it on a regular basis in order to be aware of any changes and modifications.