Personal Data Policy – Safeguarding and protecting your data
SAN MARINA makes protecting your privacy one of its top priorities and strives to ensure that any personal data entrusted to us is properly protected.
In order for the www.sanmarina.fr website (hereinafter referred to as the “Website”) published by SAN MARINA (hereinafter referred to as the “Company”) to work properly, the Company is required to collect a certain amount of personal data (hereinafter referred to as “Data”).
The purpose of this policy is to provide you with as much information as possible on how your personal data will be processed, in compliance with the French law No.78-17 of 6 January 1978 pertaining to data processing, files and freedoms in its modified version, as well as in accordance with other applicable French and European texts, especially the GDPR regulations (European Regulation of 27 April 2016). This policy may be supplemented by any relevant clause on data collection forms related to specific data processing purposes.
1- The data controller The data controller who collects data and is responsible for processing that data is:
The company known as SAN MARINA
Address: 30 Avenue du Chateau de Jouques / Espace de la Sainte Baume 13882 Gemenos
Marseille register of trade and commerce (RCS): 321 875 205
Categories of personal data collected
Definition: “Personal data” refers to any information regarding a natural person, or a natural person who is consulting the Website that directly or indirectly enables that person to be identified.
The Company collects Data from adult individuals. As a result, the Company cannot be held liable, and the Company reserves the right to carry out any checks to ascertain the age of the person concerned and, if necessary, to immediately delete any customer account and/or cancel any ongoing order if the aforementioned conditions have not been met.
When you register and/or create your personal account and/or place an order and/or interact on the Website, the Company collects Data including the following:
Last name, first name, postal delivery address and if applicable, any additional information about the delivery. Billing address, email address, date of birth, telephone number, size, shoe size, gender, clothing preferences, style preferences, IP addresses when browsing the information on the website about transactions and tracking of the commercial relationship (details of products purchased, quantities, amounts, terms of payment, any discounts granted) information relating to participation in contests and/or all promotional operations (date, frequency, responses to contests, prizes awarded) and product reviews.
In addition, the Company collects connection data (date, time, visitor’s computer protocol, pages viewed) when using the Website for statistical purposes.
The Company processes the geolocation of the customer’s account using their IP address only when the customer creates the account. This Data is used to facilitate the account creation process and may be reused temporarily thereafter to archive and store the contents of the shopping bag for fifteen days if the order is not completed.
The Company also collects information about the device used to connect to the Website (type of device, operating system, browser, access provider, IP address of the device, geolocation).
When ordering a product on the Website, only banking service providers with whom the Company has entered into contractual agreements also collect and process the Data relating to your payment methods (bank card number, expiry date and visual cryptogram – the crytogram is not stored.)
Payment processes are secure.
The Company processes only part of the bank card number which is made up of the first six (6) numbers and four (4) last numbers, as well as the expiry date transmitted by the bank. This information is insufficient for completing payment transactions.
Some Data is mandatory, others are optional in accordance with the specifications made when the Data is collected.
2- Purpose of data collection: why do we collect it?
First, the Company requires most of the Data that you share with it to process and deliver your orders, as well as for the purposes of maintaining a commercial relationship, offering you products to suit your taste, running commercial prospecting operations through various channels: e-mail, postal mail, SMS notification on mobile phones, social media, etc.
As a result, the Company is required to collect Data for the following purposes:
- Processing based on your consent
-Replying to your contact request
-Commercial prospecting operations with prospects
-Making an electronic payment, if applicable
-Depositing cookies to provide targeted content and advertising tailored to your areas of interest to improve your experience on the Website and to share content on social media (see the cookies policy)
-Participating in specific promotional operations
-Assigning your nearest store
-Managing pages on social media.
- Processing carried out to perform our contractual obligations
-Participating in the loyalty programme
-Managing customer accounts, shopping bags and orders
-Managing payment transactions
-Managing customer relationships via telephone, chat and email, following up on after-sales services, product returns and refunds
-Managing customer satisfaction
- Processing carried out based on the Company’s legitimate interest
-Commercial prospecting operations with our customers for the purposes of advertising our products and services
-Statistical analysis operations for the purposes of managing and improving our offers and services
Please note that certain pages on the Website may contain web beacons that count the number of visitors to the Website and/or to provide us with certain indicators. These web beacons may be used by some of the Company’s subcontractors, for example to measure and improve the effectiveness of the Website. In any event, the information obtained from these beacons only generates statistics on the number of visits to certain pages of the Website to improve your experience.
-Offering products tailored to your preferences
-Managing product reviews to improve our offers
-Fighting against fraud on order payments and managing unpaid bills after orders have been completed
-Recording conversations between customer service agents and customers over the telephone or via chat for the purpose of improving our services
-Managing requests to exercise customer rights
-Reorganising our business operations.
- Processing carried out on the basis of legal provisions:
-Organising meetings with the Company’s stakeholders for the purpose of the extra-financial reports required by the Commercial Code.
3- How do you process the data and who has access to it?
Your Personal Data is hosted within the European Union.
The Data collected is intended only for use by the Company, our employees who are authorised to process it (sales, marketing, logistics, finance, etc.) and only for specific purposes.
The Company may however share Data with commercial and technical subcontractors temporarily and securely. These subcontractors may include:
- Logistics and transport providers delivering packages
- Loyalty programme and customer relationship management (CRM) service providers
- IT service providers and consultants who assist with maintaining our database and related software and applications. These service providers may sometimes need to access your data to perform the tasks we request of them
- The agencies we call upon to implement our advertising, marketing and sales campaigns
- Sister companies which may be tasked with acting on our behalf as subcontractors (IT services, accounting control, legal services, etc.) within the scope of applicable regulations.
Guaranteed measures have been taken to ensure that your Data is properly protected.
It may be shared with subcontractors in countries located outside the territory of the European Union.
If the European Commission does not consider that the protection regime of such a country is adequate, a cross-border flow agreement in accordance with the standard contractual European Commission clauses will be drawn up to regulate the Data transfer and provide protection to respect the requirements of French and European regulations.
Your Data may also be shared for the purposes of replying to an injunction from legal authorities.
The Company may also be required to share the Data with certain regulated professions such as lawyers, notaries or auditors as they perform their tasks, or directly to judicial or administrative authorities when applying legal provisions.
During the running of our business, we may be required to share your Data with partner companies, for example when we organise competitions; your consent is requested on such occasions. The information notice and specific opt-in agreement will then be applied by our Company. When you have consented to your Data being shared with our partners, the processing of your Data will fall under their own data protection policy and will be their responsibility.
The Company may be required to share your Data as part of a restructuring or reorganisation of its entities, or a transfer operation in some form, for any reason whatsoever (including the sale of a business, dissolution, liquidation, merger, etc.).
In all cases, the Data will never be shared with third parties for commercial purposes, nor sold or exchanged without your express consent.
4- Retention period of your Data
Your personal Data is retained for a period of time depending on the purpose for which it has been collected, namely:
- Commercial prospecting (prospect, customer) for three (3) years from the most recent contact or most recent purchase
- Ten (10) years under our legal and contractual obligations, in particular for the purposes of commercial and fiscal prescription
- Combating in-store fraud under the conditions of legal prescription
- The Data required to comply with any other legal obligation not mentioned above is kept in accordance with current legal provisions (in particular – but not exclusively – those contained in the Commercial Code, the Civil Code and the Consumer Code).
5- How do I contact the Company to exercise my rights?
In accordance with European Data Protection Regulations, you have the right to access, oppose, modify (correct, update), erase, withdraw consent, restrict and port your Personal Data. You may also give instructions concerning the use and disclosure of your personal data after your death.
These rights can be exercised directly by contacting SAN MARINA. In accordance with current regulations, your request must be signed. We may ask you for proof of identity by, where applicable, requesting a photocopy of a form of identification bearing both your signature and the address at which you should receive the response.
You can also lodge any complaint with a supervisory authority such as the French Commission Nationale Informatique et Libertés www.cnil.fr.
SAN MARINA complies with current regulations according to each prospecting channel in French law and under GDPR.
In all cases, SAN MARINA allows you to refuse consent either via an unsubscribe link on the page, or via your customer account, or by sending a STOP text message.
If some Data are not provided or if you refuse to allow them to be collected, certain services that are normally available from the Website will no longer be available. For example, a product order and/or an entry to a competition or promotional operation.
You can exercise your rights by writing to the following address: SAN MARINA, Customer Service, Espace de la Sainte Baume, 30 Avenue du Chateau de Jouques – 13882 GEMENOS, or by contacting us by e-mail to firstname.lastname@example.org or by contacting the DPO whose contact details are provided in Article 6 below.
You may also unsubscribe from the newsletter at any time by clicking on the unsubscribe link provided. You can also change the configuration of the newsletters in the “My account” page on the Website www.sanmarina.fr
7- The DPO (Data Protection Officer) or DPD (Délégué à la Protection des Données)
SAN MARINA has a Data Protection Officer tasked with ensuring that the Company complies with current personal data protection regulations.
You can contact the SAN MARINA DPO at the following address: DPOSanmarina@sanmarina.fr or at the registered office of the Company, which can be found in Article 5.
You can also check the CNIL website at www.cnil.fr
8- What about cookies?
What is a cookie?
Cookies are small text files that are saved onto your hard drive by the Company’s server or by a third-party server. Cookies are always active, and are needed for a Website to work properly. Repeat visitors to a Website are recognised using their unique identity information. Cookies are generated by your internet browser inside your computer.
There are two different types of cookies: cookies issued by SAN MARINA , and cookies issued by third party websites at the request of the Company.
Cookies issued by third-party sites are neither deposited nor controlled by SAN MARINA, but by third-party companies. The aim of these cookies is to target your areas of interest through the various product pages that you may have consulted on the Website, to tailor the advertising offers made by other brands to your preferences.
Cookies are used to improve your browsing experience. This basically means that they are used to memorise your preferences (especially for wishlist recommendations). Cookies are essential for the shopping bag and the purchasing process to run smoothly; as the content of your shopping bag is saved as a cookie, you can’t make a purchase without cookies! This information can be recorded during one browsing session and/or retained for later visits.
Cookies also allow us to remember pop-in or pop-up type elements that you have already seen before, so that you only view them once (for example the pop-in “subscribe to our newsletter!”).
Cookies also help us collect statistics about the pages of the Website that have been visited by internet users, how often they visit these pages and how the website is used generally. They allow the Company to improve how user-friendly the Website is and provide links to social media so you can share content. The Data retrieved in cookies are completely anonymous and do not contain any personal information.
What are cookies not used for?
The Company does not store sensitive personal information such as your password, address or banking information, etc. in the cookies we use. The Company does not resell any of the information it has collected through cookies. Cookies are only used on the Website. Cookie Data is collected anonymously and does not contain any personal information, so cookies are in no way connected with spyware.
Cookies are not a type of virus and cannot harm your computer.
Who uses cookie information?
The information stored in cookies on the Website is used exclusively by the Company, with the exception of cookies inserted by third parties, which are created by external entities to perform data extractions at the request of the Company to improve your experience while using the Website.
You can configure your computer to accept or refuse certain cookies. At any time and whenever is convenient to you, you can decide to configure your computer in such a way as to:
- either systematically save all cookies issued on the website you visit,
- or configure your browser software so that it allows you to accept or refuse the various cookies that may be offered to you on a regular basis,
- or systematically refuse all cookies issued on the website you visit.
Depending on your preferences and the browser you use, you must go to the relevant page to configure your computer:
- For Internet Explorer: https://www.apple.com/legal/privacy/fr-ww/cookies/
- For Google Chrome: https://www.apple.com/legal/privacy/fr-ww/cookies/
- For Mozilla Firefox: https://www.apple.com/legal/privacy/fr-ww/cookies/
- For Safari: https://www.apple.com/legal/privacy/fr-ww/cookies/
- For Opera: https://help.opera.com/en/latest/web-preferences/