PERSONAL DATA PROCESSING AND COOKIE MANAGEMENT POLICY
MARY COHR
APPLICABLE AS OF 11 MAY 2023
Preamble
Mary Cohr SAS thanks you for visiting our website at www.marycohr.com (the “Site”). Mary Cohr SAS undertakes to process your personal data in accordance with the General Data Protection Regulation (“GDPR”) and the Data Protection Act. This processing of personal data is, in particular, not limited to the following standards: - The European Data Protection Regulation (EU Regulation 2016/679 of the European Parliament and of the Council or “GDPR”) applicable since 25 May 2018; - and Law no. 78-17 of 6 January 1978 relating to data processing, files and freedoms (known as the “Data Protection Act”) amended by the Health Act of January 2016, the Law for a Digital Republic of October 2016 and LAW no. 2018-493 of 20 June 2018 on the protection of personal data set as a principle the protection of human identity, human rights, privacy and individual or public freedoms. This Policy (“Policy”) informs any concerned natural person (customer, prospect, visitor to the Site) of the manner in which Mary Cohr SAS processes personal data as well as of the rights that such person has and how to exercise them.
1- What is personal data?
A personal data (hereinafter “Data(s)” or “Personal Data(s)”) means any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or to one or more elements of its own. Example: last name, first name, phone number, email address.
2 - Who collects your Data?
The Data Controller is Mary Cohr SAS, represented by her legal representative. This personal data processing policy details the policy of Mary Cohr SAS, a simplified joint-stock company (SAS) with a capital of €3,000,000 (€), whose registered office is located at 120, avenue Charles de Gaulle, 92200 Neuilly sur Seine, registered with the NANTERRE Trade and Companies Register under number 312 246 762, in terms of personal data. This Policy applies to all Personal Data and Information you provide to Mary Cohr SAS, including browsing the Site, signing up for newsletters, or placing an order accessible through Mary Cohr SAS e-commerce. Your rights can be exercised by writing to: Mary Cohr SAS – DPO – 120 Avenue Charles De Gaulle - 92200 Neuilly sur Seine or by email to: dpo@marycohr.com.
3 – What Data is collected?
When you register on our Site, when you log into your account, make requests, and/or log out, we collect the following categories of Personal Data including: - Your identity (civility, surname, given names); - Your contact information (postal and/or electronic address, telephone numbers, comments); - Your professional data when submitting applications (CV, cover letter), - Your browsing data: We receive and store information from your computer and browser, including your IP address, software and hardware, and the page you request. For more information, we invite you to consult our cookie policy set out in paragraph 14 of this Policy. - Your reference institute - Your order data (ordered products, quantity) - Your order history - Your location data This data is automatically processed and stored in the Mary Cohr SAS information system and database. You may not submit any form to Mary Cohr SAS without first reviewing this Policy. In the event that you provide the contact details and personal data of a third party when ordering a product, for example, you warrant that the third party is informed that you have provided Mary Cohr SAS with the data concerning him and that he has accepted such communication.
4 – Is the communication of Personal Data mandatory?
The Personal Data requested in the forms are strictly necessary for the processing of your requests by our services whether it be for example a request for contact or the creation of your customer space, their communication is therefore mandatory. If you do not reply in these fields, your request will not be processed. As for cookies, you have the option to accept or refuse them, except for certain cookies that are strictly necessary for the functioning of the website. We invite you to consult our cookie policy set out in paragraph 14 of this Policy.
5 - Why do we collect your Data?
We collect your Data to best manage our services and your requests. • Processing is based on the execution of pre-contractual and contractual measures when the purpose of the collection is to: . Create and manage accounts receivable, prospects to enable your requests to be taken into account; . Manage your requests for rights; . Customize and meet your individual needs; . Ensure the follow-up of the prospect customer relationship in particular in the management of your complaints and requests;
• The processing is based on your consent when the purpose of the collection is to: . Provide personalized advertising content; . Send you newsletters, newsletters and promotional offers; • The processing is based on our legitimate interest, namely the improvement of our services and the security of our Site and IT network where the purpose of the collection is to: . Improve our website; . Improve customer/prospect service and your requests; . Administer promotions, surveys, competitions; . Analyze your comments and reviews left on our website and social media pages. On this last point, by leaving reviews, comments on our sites or by exchanging on our social media pages about our offers, our products, our events, you are likely to communicate to us content and Personal Data. This information allows us to better meet your expectations in order to improve the quality of our products and services. They can be reproduced and represented on our sites for information purposes, and used for the development of anonymized statistical studies informing us about your habits and behavior towards our products. They may not be collected or used for other purposes.
• The processing is based on e-commerce: - Creating your account on our Site - Order management (fulfillment and tracking of orders, deliveries, invoices, payments, accounting) - Customer contact management and the sending of notifications concerning the creation of an account on the Site and/or the status of the order - Delivery of orders placed - Managing the relationship with the reference institute - Management of remote complaints and after-sales service - Management of the loyalty programme - Management of Internet opinions on products and services - The commercial prospection, namely to allow the sending of the commercial information of Mary Cohr SAS, such as newsletters, new offers, or news - Managing the location of your IP address for access to the Site’s services - The management of cookies as presented below, namely: o Managing the customization of the web display and Customer preferences; o Management of the abandoned basket reminder o Management of the payment module o Statistical analysis on ordered products
6 - Confidentiality
Your Personal Data will not be sold, exchanged, transferred, or data to another company for any reason, without your consent, outside of what is necessary to respond to a request and/or transaction within the framework of the Purposes set forth hereintop.
7 – Who is the recipient of the Data?
We do not sell, exchange or transfer your Personal Data to third parties. This does not include trusted third parties or co-contractors/partners who help us operate our website or conduct our business, as long as these parties agree to keep this information confidential. The Site is hosted by OVH SAS, a company whose registered office is located at 2, rue Kellermann - 59100 Roubaix - France, registered with the Lille Métropole Trade and Companies Register under number 424 761 419. As part of order management and shipping, your data may also be transferred to our service providers such as: - our carrier for delivery, - our payment service provider for online payment made from our Site - our emailing service provider - for the management of our franchise network, the reference institute designated by the Customer As part of the management of our Site, your data may also be transferred to our cookie providers, as set out in our cookie policy set out in paragraph 14 of this Policy. In certain situations, we have a legal, regulatory and/or judicial obligation to share information in the context of investigations, preventive measures and/or decisions concerning illegal activities, alleged fraud, situations involving potential threats to the physical security of any person, violations of our Terms of Use, or when required by law.
8- What guarantees in case of transfer outside the European Union
We guarantee, in the event of transfer of your Data abroad and especially outside the European Union, to implement all appropriate measures to guarantee a sufficient level of protection of your data, such as: - Focus on countries recognized as adequate by the European Commission, that is, offering protection equivalent to that guaranteed by the European Union; - Obtain security and confidentiality guarantees from subcontractors by imposing strict contractual clauses by reserving the possibility of checking them regularly, for example by conducting audits.
9 – What are the retention periods for your Data?
Your Personal Data are stored at the site’s host (OVH SAS) and are kept for a period not exceeding twenty-four (24) months following the last update made by the registrant (recommendation of Cnil No. 02-017 of 21 March 2002), unless anonymisation or legal obligation to keep certain data for a longer period. Your Data are kept for a limited period corresponding to the purposes for which they were collected, in accordance with the regulations in force and in compliance with legal, contractual, tax, and for the defense of the legitimate interests of Mary Cohr SAS, namely five (5) years from the end of the contractual relationship, this duration corresponding to the duration of the applicable legal limitation period, in case of litigation. Your data are also kept within the framework of e_commerce for a period that does not exceed the duration necessary for the following purposes, namely:
- Regarding customer relationship management, remote complaints and after-sales service: for the period strictly necessary to process the order, complaint and after-sales service, increased by three (3) years from the end of the business relationship. In addition, the data may be retained under a legal obligation for a period necessary to fulfil this obligation. - Regarding the delivery of products: the time of the order until delivery and its payment, and as long as there are outstanding items (unpaid invoices, disputes, litigation, etc.) - Regarding Customer opinions on products and services: during the marketing period of the product; - Regarding loyalty program management: for the duration of your membership in the program - Commercial prospecting: three (3) years after your last response to a solicitation. - Regarding cookie management: thirteen (13) months from your initial express consent. You acknowledge that the data you provide to us and stored in our information systems is accurate and is proof of your identity.
10 – What are your rights on your Data?
Pursuant to Articles 14 to 22 of the GDPR, any natural person using our Site has the right to exercise the following rights: • right of access: you can request a copy of the data that concerns you personally; • right of rectification: you can request the modification of data that is inaccurate concerning you; • right of opposition: you can object to us processing your data; if your opposition request does not concern prospecting, we may, depending on the case, justify a refusal on the ground that there are legitimate and compelling reasons for processing the Data or that they are necessary for the establishment, exercise or defence of legal rights, or that you have consented – you must then withdraw that consent and not object, either a contract binds us, or a legal obligation to process your data in particular; • right to erasure: you can request that we erase data about you; • right to limitation of processing: you have the right to request that the processing of your Data be blocked for a certain period of time, for example the time to examine a dispute on your part about the use of your Data or a request to exercise rights. • right to portability: you have the right to request that the Data collected in a form with your agreement or as part of a contract be communicated to you in a readily reusable format and transmitted to the third party of your choice subject to technical feasibility.
Moreover, when a person gives his consent to the processing of his Personal Data, he has the option to withdraw it at any time. Finally, when a violation of Personal Data that may pose a high risk to your rights and freedoms is detected, you will be informed of this violation as soon as possible. You may formulate guidelines for the retention, erasure and disclosure of your Personal Data after death, in accordance with Article 40-1 of Law 78-17 of 6 January 1978. These rights and directives can be exercised and sent to us by writing to: Mary Cohr SAS – DPO - 120 Avenue Charles De Gaulle - 92200 Neuilly Sur Seine or by email to: dpo@marycohr.com In order to enable us to identify you quickly and to respond to your request, you will attach to your request any element enabling us to prove your identity (in particular request made via your customer account or email). A response will then be sent to you within 1 month of receipt of the request. In some cases, depending on the complexity of the application or the number of applications, this period may be extended by 2 months. You can also contact the Commission Nationale de l'Informatique et des Libertés (CNIL), the regulatory authority responsible for enforcing the regulations on the protection of personal data in France, by internet https://www.cnil.fr/en/agir or by post to the following address: Commission Nationale de l'Informatique et des Libertés, 3 Place de Fontenoy - TSA 80715, 75334 PARIS CEDEX.
11 – What security measures are implemented?
Mary Cohr SAS has taken the necessary steps to put in place all technical and organizational measures to ensure the security and confidentiality of the personal data processed and to prevent them from being distorted damaged, destroyed or accessed by an unauthorized third party. All the security measures put in place comply with the state of the art, particularly as regards information systems. These measures include the following: - identification of cyber risks - access and authorisation control - Data encryption - a secure IT environment To the extent that Mary Cohr SAS does not control all the risks related to the functioning of the Internet, it draws your attention to the existence of any risks inherent in its use and functioning. Mary Cohr SAS will notify, within the legal time limits, all breaches of personal data to the competent supervisory authority for the protection of personal data and will notify you if such breaches areare likely to pose a high risk to the rights and freedoms of individuals.
12 – Account Creation at www.marycohr.com
By creating an account at www.maryscohr.com, you consent to our collection, use and disclosure of your Personal Data for purposes related to your request. The information collected is the subject of a computer processing intended to facilitate the connection between you and Mary Cohr SAS. By depositing on your account your details, your message, you commit to write objectively and never excessively. Do not enter information related to sensitive data (health, racial or ethnic origin, sexual orientation, political opinions, etc.). Particular attention must be paid to sensitive data covered by Article 8 of the French Data Protection Act. Mary Cohr SAS reserves the right to withdraw a contact form for reasons of non-compliance with the French Data Protection Act and reserves the right to lodge a complaint against anyone who does not respect these commitments.
13- How do I unsubscribe?
We use the email address you provide to send you information and updates related to your inquiries, contact, information about our products, etc... If at any time you wish to unsubscribe and no longer receive emails, please email us at desabonnement@marycohr.com with the subject line “unsubscribe”.
14- Which Cookies are?
A cookie is a small computer file, a tracer that allows to analyze the behavior of users when visiting a website, reading an email, installing or using a software or mobile application. The cookies we use are listed below. These are text files stored and used to record personal and non-personal information about your navigation on the Website. Mary Cohr SAS may use them or other technologies that may collect or store Personal Data in order to improve the services provided to you. You will be notified the first time you receive a cookie by displaying a banner at the bottom of the page and you can choose to accept or refuse cookies on a case-by-case basis or systematically refuse them at any time. You can choose to disable cookies by setting your browser or through the cookie manager. Please note that some cookies, necessary for the functioning of the Website, cannot be refused.
Mary Cohr SAS reminds you that the settings may change your terms of access to its content and services requiring the use of cookies. Your prior consent to the insertion of cookies and tracers is valid for a maximum of six (6) months, in accordance with the recommendations of the Commission Nationale Informatique et Libertés (CNIL). You will therefore be invited again to express your consent or refuse to deposit these cookies when this period is used. As a reminder, cookies exempt from consent according to the CNIL (September 2020 guidelines): - tracers keeping the choice expressed by users on the tracer repository - tracers intended for authentication with a service, including those designed to ensure the security of the authentication mechanism, for example by limiting robotic or unexpected access attempts - tracers intended to store in memory the contents of a shopping cart on a merchant site or to charge the user for the products and/or services purchased - user interface customization tracers (for example, for the choice of language or presentation of a service), where such customization is an intrinsic and expected element of the service - tracers for balancing the load of equipment contributing to a communication service - tracers allowing paid sites to limit free access to a sample of content requested by users (predefined quantity and/or a limited time) For more information, you can contact Mary Cohr SAS by: • By mail: Mary Cohr SAS, Data Protection Officer (DPO) 120 Avenue Charles de Gaulle, 92200 Neuilly sur Seine • By email to dpo@marycohr.com
15- Policy Update
This Policy may be modified at any time by Mary Cohr SAS, in order to comply with all French and European legislative and regulatory developments. Updates are posted online without notice to the user and are deemed accepted without reservation when you access the Site or log into your user account.