Version : October 2019
The Benaga company, operating under the trade name HelloMoon, collects and processes personal data concerning individuals browsing or registered on its e-commerce website www.hellomoon-shop.com, through which they can order various fashion products (the "Site").
HelloMoon is committed to protecting the privacy and personal data of its customers. Accordingly, it ensures that it adopts and complies with a personal data processing policy that complies with current regulations and in particular with the General Data Protection Regulation no. 2016/679 of April 27, 2016 (the "GDPR").
Accordingly, the purpose of this privacy and personal data protection policy (the "Policy") is to set out the terms and conditions under which HelloMoon processes personal data concerning:
- Persons browsing and registered on the Site ("Registrants") and -
- Registrants purchasing products or services from the Company ("Customers").
(together, the "Registrants" and the "Customers", the "Users" or "you", "your")
HelloMoon reserves the right to modify the Policy at any time. We may notify you of any material changes to the Policy either by email or by posting a notice on our website.
With regard to the information collected by cookies, we refer you to the cookies policy, which can be accessed at any time on the Site.
1. Data controller
HelloMoon is responsible for the processing of personal data collected and processed under the conditions of this Policy applicable to Users.
Benaga, operating under the trade name Hellomoon, is a société par actions simplifiée (simplified joint stock company) with a single shareholder and a share capital of 1,000 euros, whose registered office is located at 4, avenue de Strasbourg - Cellule A1, Didenheim (68350), registered in the Mulhouse Trade and Companies Register under number 832 236 228 (hereinafter, the "Company" or "we").
You can contact the Company at the following address:
Email : [email protected]
Find out more The data controller is the person, in this case the Company, who determines the methods and purposes of personal data processing. As the name suggests, the data controller is responsible for the processing of personal data and is the user's main contact for asserting his or her rights in relation to the processing.
2. Sources and categories of personal data
2.1 Source of personal data collection
The Company collects your personal data mainly in the following cases:
- When you use our Site or simply browse it, in particular via cookies),
- When you create a personal account on the Site,
- When you order products or gift cards, and when you contact us.
The Company also collects your personal data when you subscribe to our newsletter, to events organized by the Company / or when you participate in surveys organized by or for the Company.
More generally, the Company collects all personal data that you provide to us spontaneously and voluntarily, in particular to our customer service department.
We may also collect information about you from authorized third parties. These sources may, for example, be commercial partners (physical or online stores, consumer service providers, etc.), advertising agencies, distributors or data analysts.
2.2 Categories of personal data
The Company mainly collects and processes the following categories of personal data:
- Information required to create a personal account: your first and last name, e-mail address, telephone number, postal code. -
- Data relating to the ordering of products and the follow-up of the commercial relationship, such as, for example, the list of products ordered, written exchanges, invoices, etc. -
- Banking data necessary for the placing of the order, i.e. essentially the surname and first name of the holder of the bank card, the bank card number, its cryptogram and its expiry date, -
- Data necessary or simply useful for the processing of your order:
- full address, contact telephone number, your door code... -
- data relating to gift cards purchased on the site (date of purchase, remaining balance...), -
- Information collected by cookies installed on our Site, such as the pages consulted, is presented in the Company's cookie policy accessible here [insert link].
The Company also processes personal data about you obtained from third-party sources, for example as part of a commercial partnership.
This data may be combined for the purposes set out below.
2.3 Compulsory provision of data
Some of this information may be mandatory for the implementation of services, essentially access to the Site, ordering products and the processing of your order by us.
When creating your personal account or on the product order form, mandatory data is indicated on our forms by an asterisk.
Failure to provide the mandatory data will prevent us from providing the services concerned.
2.4 - Data accuracy
The Company makes every effort to keep personal data accurate and complete. To ensure that we have the most up-to-date information, you can notify us of any changes to your contact details or any other data by contacting the Company at the above address.
2.5 - Personal data and social networks
Our Site may include social networking functions.
These may include, for example, so-called social login services ("register via Facebook"). If you activate them or use them while you are a member of the relevant social network, we may receive personally identifiable data from the operators. As a rule, we receive the following data from social networks:
- Your public profile information stored on the social network, -
- Information on the type of terminal you are using, -
- Your social network profile account ID.
For more information, please consult the personal data protection policies of the social networks concerned.
2.6 - Location of personal data
Personal data collected on our website and/or via our application are hosted in France.
3. Purposes and legal basis of processing
Your personal data is processed by the Company for the following purposes, categorized according to the applicable legal basis.
3.1 Necessary for the performance of the contract
To manage the relationship with Users, which includes in particular:
- Creating and using a personal account on the Site, -
- Managing acceptance of the general terms of use, the general terms of sale and this privacy and data protection policy, -
- For Customers, ordering products, -
- For Customers, paying for products, -
- For Customers, processing your product order, -
- Management of your credit and gift card balance, -
- Communication with Users, in particular the Company's sales department,
- - Management of Customer complaints and product returns, -
- Management of User loyalty programs, -
- Management of sponsorship operations, -
- And more generally, the performance of any contract concluded between Users and the Company.
3.2 On the basis of our legitimate interest, in respect of your rights
- (i) To carry out analyses, particularly statistical, demographic and marketing analyses, for example on the use of our Site or on the ordering of products or on consumer habits, -
- (ii) To improve the Site and all our products and services, -
- (iii) To manage Users' opinions and comments on products and services, as well as to carry out satisfaction surveys and polls,
For processing operations (i) to (iii) above, the Company's legitimate interest is to define the type of customers for its products and services, develop its business and improve its sales and marketing strategy.
- (iv) To offer Customers, by e-mail, products or services similar to those ordered and purchased from the Company, -
- (v) To offer Users, by telephone or post, any product or service or to inform you of commercial offers from the Company or its third-party partners, -
- (vi) To pass on your postal address and telephone number to third parties or commercial partners, for the purposes of prospecting with human intervention,
For processing operations (iv) to (vi) above, the Company's legitimate interest is to develop its business-
- (vii) To manage collection and litigation, -
- (viii) To detect, investigate, prevent or take action regarding illegal activities, abuse, suspected fraud or situations involving potential threats to the security or rights of a person or entity and to use as evidence in the event of litigation, -
- (ix) Investigate, prevent and prevent breaches of our general terms and conditions of sale, this Policy and our property, -
- (x) Protect and defend our property, rights and interests, including in litigation before any court or administration.
In this respect, the above personal data processed on the basis of its necessity for the performance of the contract are, at the end of the contract, processed on the present basis of our legitimate interest, namely to preserve our rights in the event of recourse.
For purposes (vii) to (x) above, the Company's legitimate interest is to enforce its rights and prevent fraud and any prohibited or illegal activity.
- - (xi) To communicate with Users regarding the modification or improvement of our services and changes to the Policy.
The Company's legitimate interest is to develop its service and customer relations.
3.3 With Users' consent
- (i) To keep your credit card number, in order to facilitate your subsequent purchases, -
- (ii) To implement the promotion of non-analogous products or services through the transmission of advertising and prospecting offers, by e-mail, by offering Users, for example, personalized services or to inform them of commercial offers from the Company or its third-party partners, -
- (iii) To personalize our services and the user experience, based on preferences and/or consumption habits, -
- (iv) To transfer, rent or exchange customer files and/or prospect files to third parties or commercial partners, in order to offer you products or services directly, by e-mail.
3.4 To meet a legal obligation
- (i) To meet the legal and regulatory obligations to which the Company is subject, -
- (ii) To manage Users' requests in respect of their personal data rights.
4. Communication of personal data
Personal data collected and processed may be passed on :
- To authorized persons in the relevant departments within the Company, who are subject to an obligation of confidentiality. -
- To service providers or subcontractors used by the Company for the purposes set out in article 3.- of the Policy. - These are
- essentially: -
- our advertising agencies, -
- our IT service providers, -
- our data hosts, -
- our payment service providers (Paypal and Banque Populaire) -
- and our transport service providers. - In the event of
- a claim, theft or other breach of the law, personal data may be transmitted to our insurance company and/or brokerage firm, which is required to maintain the confidentiality of the data transmitted, and, where applicable, to the police and legal authorities. -
- To administrative, judicial and police authorities, fraud prevention agencies and, more generally, to public bodies in order to comply with our legal obligations or to enable us to defend our rights and interests, - If necessary,
- to our legal advisers and lawyers,
- - If we sell or transfer our business or part of it and your personal data relates to that part sold or transferred, or if we merge with another company, we will share your personal data with the new owner of the company or our merger partner, respectively.
5. Security of personal data
The Company implements organizational, technical, software and physical security measures to protect personal data against loss, unauthorized access, disclosure or alteration.
For further information
For example, the servers used by the Company are fully protected, and the Company has implemented a User password protection policy.
6. Data retention
The Company retains your personal data for the time necessary to achieve the purposes for which it is intended, plus any statutory periods for archiving, retention of certain data and prescription. At the end of processing, personal data will either be deleted or anonymized by the Company.
The retention period depends on the type of personal data and its purpose.
In this context, the Company retains and applies the following retention periods.
Purpose |
The duration of the conversation |
---|---|
Create a user account, execute the order of a product and more generally manage the relationship with the User | As long as the user account is active and then 5 years following the closure of said account |
Legal obligation to retain electronic contracts for an amount greater than €120 (article L.213-1 of the Consumer Code) | 10 years following delivery of the property |
Dispute management (recovery, contractual or tortious breaches, etc.) | According to the limitation period applicable to the obligations applicable between the parties (in common law, period of five years following the event generating the claim) and during the duration of the pre-litigation/litigation |
Commercial prospecting, either directly by the Company or by a third-party company to which the personal data would be transferred | 3 years following the last contact from the User (subject to withdrawal of consent or opposition, where applicable) |
Personalization of services and user experience, based on preferences and/or consumption habits | As long as the user account is active and then 5 years following the closure of said account |
Improvement of the website and products and services | As long as the user account is active and then 5 years following the closure of said account |
Establish statistics | As long as the user account is active and then 5 years following the closure of said account |
Prevention and fight against fraud and more generally any illegal activity or potential threat to the Company | According to the limitation period applicable to the obligations between the parties (under common law, a period of five years following the event giving rise to the claim) and during the duration of the pre-litigation/litigation, where applicable |
Data collected by cookies | View the Company's Cookie Policy |
7. User rights
Users are informed that they have, under the conditions of the RGPD and the laws applicable in France, a right of access, rectification, deletion and portability of their personal data, as well as a right to limit and object to the processing of such data.
Users also have the right to organize the fate of their personal data in the event of their death, as well as the right to lodge a complaint with the CNIL, whose website can be accessed at http://www.cnil.fr and whose head office is located at 3 Place de Fontenoy, 75007 Paris.
For processing based on consent, the User may withdraw consent at any time, without prejudice to the lawfulness of the processing prior to such withdrawal.
The User may exercise his rights, free of charge, by contacting the Company at the above address.
Furtherinformation
In addition to the information below, the Company invites the User to consult the CNIL website :
- - Right of access: the User has the right to obtain from the Company confirmation that his or her personal data are or are not being processed and, where they are, access to said data as well as information relating to the purposes of the processing (art. 15 of Regulation 2016/679 on the protection of personal data ("RGPD")).
- Requests that are manifestly unfounded, excessive or repeated may not be answered. -
- Right of rectification: the User has the right to obtain from the Company, as soon as possible, the rectification of his/her personal data that he/she deems inaccurate (art.
- 16 of the RGPD), -
- Right to erasure: the User has the right to obtain from the Company the erasure of his/her personal data, under the conditions provided for in Article 17 of the RGPD, -
- Right to portability: the User has the right to receive the personal data concerning him/her that he/she has provided to the Company, in a structured, commonly used and machine-readable format (art. 20 of the RGPD).
- This right applies only to the data that provided, when the processing is based on consent or on a contract and is carried out using automated processes, -
- Right to the limitation of processing: the User may obtain from the Company the limitation of the processing of his personal data under the conditions of article 18 of the GDPR, -
- Right to withdraw consent: the User has the right to withdraw his consent to the processing of his data if such processing is based on consent.
- The withdrawal of such consent does not affect the lawfulness of the processing based on consent carried out prior to the withdrawal thereof. -
- Right to object: the User has the right to object at any time, for reasons relating to his or her particular situation, to processing of his or her personal data, where such processing is based on legitimate interest and under the conditions of art.
- 21 of the RGPD,
- - Right to organize the fate of his/her personal data in the event of death: the User may define general or specific directives relating to the retention, deletion and communication of his/her personal data after his/her death (Act 78-17 of 6 January 1978 as amended, art.
- 40, II),
- - Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, the User has the right to lodge a complaint with a supervisory authority if he considers that the processing of personal data concerning him constitutes a breach of the regulations applicable to personal data (art. 77 of the RGPD).