Last updated on 21/01/2022 (Version 1.0.1)
Thank you for visiting our website. Compliance with data protection regulations is a particularly important issue for our company. The purpose of this data protection policy is to inform you as a user about the nature, scope and purposes of the processing of personal data and about your rights if you are considered a data subject as defined in Article 4, point 1) of the General Data Protection Regulation (GDPR).
1. Preamble
Our website has been designed to collect as little data about you as possible. In principle, it is possible to visit our website without entering any personal data. The processing of personal data is only necessary if you decide to use certain services (e.g. when using the contact form). This ensures that we always process your personal data in accordance with a legal basis or the consent you have given.
This privacy policy applies to the moulinduvivier.com site and is intended to expose the users of the site :
- How their personal data is collected and processed. Personal data is any data that can be used to identify a user. This includes the first and last name, age, postal address, e-mail address, location of the user or his IP address;
- What are the rights of the users regarding this data?
- Who is responsible for processing the personal data collected and processed?
- To whom these data are transmitted ;
- The site's policy on cookies.
This privacy policy supplements the legal notice and the cookie policy.
2. General principles for data collection and processing
In accordance with the provisions of Article 5 of the European Regulation 2016/679, the collection and processing of data of the users of the site respect the following principles:
- Lawfulness, fairness and transparency: data can only be collected and processed with the consent of the user who owns the data. Whenever personal data is collected, the user will be informed that his or her data is being collected, and for what purpose the data is being collected;
- Limited purposes: the collection and processing of data is carried out for one or more of the purposes set out in these general terms of use;
- Minimisation of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the site are collected;
- Time-limited data retention: data is retained for a limited period of time, of which the user is informed. Where this information cannot be provided, the user is informed of the criteria used to determine the retention period;
- Integrity and confidentiality of collected and processed data: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
In order to be lawful, and in accordance with the requirements of Article 6 of the European Regulation 2016/679, the collection and processing of personal data may only take place if they comply with at least one of the following conditions
- The user has expressly consented to the processing;
- The processing is necessary for the proper performance of a contract;
- The processing is in response to a legal obligation;
- The processing is necessary to protect the vital interests of the data subject or of another natural person;
- The processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
- The processing and collection of personal data is necessary for the legitimate and private interests pursued by the controller or a third party.
3. Personal data collected and processed in the context of navigation on the site
DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION
The data are collected and processed for the following purposes:
- Customer relationship management
- Order processing
- Processing of customer service requests
- Analysis of the ergonomics of the site by means of cookies or similar technologies that allow the collection of information on the online navigation of users, for example the type of browser, the country code corresponding to their location, the pages of the site consulted, or the possible Products searched for on the site. This data is statistical and anonymised, and does not allow a User to be identified.
TRANSMISSION OF DATA TO THIRD PARTIES
By default, WordPress does not share your personal information with anyone. If you request a password reset, your IP address will be included in the reset email.
But some of the data collected may be passed on to the following third parties:
WooCommerce
What we collect and store
- we collect information when you place an order on our shop
During your visit to the site, we monitor :
- Products you have seen: for example, to display products that you have recently viewed
- Location, IP address and browser type: we use these to estimate taxes and shipping costs
- Delivery address: we will ask you to enter this to estimate the shipping costs before you place the order, and to send the order to you!
We use cookies to track the contents of the shopping cart while you are browsing our site. See our Cookie Policy.
When you purchase from our website, we will ask you to provide information including your name, billing address, delivery address, e-mail, telephone number, payment/credit card details and possibly account details such as user ID and password. This information will be used to:
- Sending information about your account and order
- Responding to requests, including refunds and complaints
- Payment processing and fraud prevention
- Set up your account for our shop
- Comply with any legal obligations, such as tax calculations
- Improve our shop offerings
We will never send you marketing messages.
If you create an account, we store your name, address, email, and phone number, which will be used to pre-fill the order validation for future orders.
We generally store your information for as long as we need it for the purpose for which we collect and use it, and we are not legally obliged to continue to do so. For example, we store order information for 6 years for tax and accounting purposes. This includes your name, email and billing and shipping addresses. And we keep inactive accounts for 3 years.
Members of our team have access to the information you provide to us. For example, shop administrators and managers have access to :
- Order information such as what was purchased, when and where it should be sent, and
- Customer information such as your name, e-mail and billing and delivery information.
Our team has access to this information to process orders, process refunds and assist you.
What we share with others
We share data with third parties who help us manage our orders and shop services, for example our shipping platform Boxtal, which applies the principle of minimisation and collects only the data essential to the proper functioning of the parcel shipping service of the moulinduvivier.com site.
Please read Boxtal's privacy policy for more details.
Payment
We accept payments using the services of the following 2 payment gateways:
- PayPal: When processing payments, certain data will be transmitted to PayPal, including information required to complete the payment, such as the total amount or billing information. Please read PayPal's privacy policy for more details.
- Stripe: When processing payments, certain data will be transmitted to Stripe, including information required to complete the payment, such as the total amount or billing information. Please read Stripe's privacy policy for more details.
The information transmitted to the payment gateways is as follows:
-
- Name
- Address
- Telephone
- City/State/Postcode
- Unique payment identifier
- Payment provider identifier
YITH WooCommerce Wishlist
What we collect and store
While you are visiting our site, we will be tracking :
- Products you have added to the wish list: we will use this to show you and other users your favourite products and to create targeted email campaigns.
- Wish lists you have created: we track the wish lists you create and make them visible to shop staff
We will also use cookies to keep track of the contents of the selection list as you browse our site. See our Cookie Policy for more details.
Who in our team has access to the data
Members of our team have access to the information you provide to us. For example, administrators and shop managers may have access to :
- Wishlist details, such as products added, date added, name and privacy settings of your wishlists
Our team members have access to this information to provide you with better offers for the products you love.
WeGlot
The functions of the Weglot translation service are integrated on this website. The provider is Weglot SAS, 138, rue Pierre Joigneaux in Bois-Colombes 92270 France. Weglot is loaded when you call up the website so that you can select your preferred language via the language icon in the website header. This establishes a direct connection between your browser and the Weglot server when you visit this website. Weglot thus receives the information that you have visited this website together with your IP address. The storage and analysis of data is based on Article 6, paragraph 1, letter f, of the DSGVO. Appropriate consent is requested via the cookie and data protection settings of the website. The processing is then carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time. Further information on this subject can be found in the Weglot privacy policy.
Ninja Forms
Ninja Forms is a WordPress plugin for designing forms. We use it for our contact form. We collect your name and email address in order to answer your question.
Google Maps
On the Contact page, we use Google Maps (API), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Maps is a web service that displays interactive maps for viewing geographic information. This service is used to show you our location, making it easier for you to find us.
When you access subpages with Google Maps, information about your use of our website (such as your IP address) is sent to Google servers in the United States and stored there. This happens regardless of whether you are logged into a user account provided by Google or do not have a user account. If you are logged in to a Google service, your data is linked directly to your account. If you do not want the data to be linked to your Google profile, you must log out before activating the button. Google will store your data (also for users who are not logged in) as user profiles and analyse it. Such analyses are carried out in accordance with Article 6(1)(f) of the GDPR on the basis of Google's legitimate interest in providing personalised advertising, market research and/or a needs-oriented design of its website. You have the right to object to the creation of these usage profiles. To exercise this right, you should contact Google.
Google LLC, which is based in the United States, is certified under the EU-US Privacy Shield, which guarantees compliance with the level of data protection applicable within the EU.
If you do not want your data to be transmitted to Google in connection with the use of Google Maps in the future, you can also deactivate the Google Maps service completely by deactivating the JavaScript application in your browser. Google Map and the map display on this website can then no longer be used.
You can read Google's terms of use.
Google Maps also provides you with additional terms of use for its use.
Detailed information on data protection in connection with the use of Google Maps can be found on the Google website (" Google data protection policy ").
Data hosting
The website is hosted by an external service provider in the EU. This is necessary for the operation of the website as well as for the justification, realisation and implementation of the existing terms of use and may also take place without your consent.
Host: Flywheel
Personal data processed: Data provided when using the service.
Place of processing: United States
Flywheel Privacy Policy
Data is also passed on if we are entitled or obliged to pass on data due to legal provisions and/or on the orders of authorities or courts. This may include, in particular, communication for the purposes of legal proceedings, urgent intervention or the enforcement of intellectual property rights.
If your data is passed on to the service provider to the extent necessary, the service provider may only access your personal data to the extent necessary to fulfil its obligations. Service providers are obliged to handle your personal data in accordance with the applicable data protection regulations, in particular the GDPR.
Apart from the circumstances mentioned above, we do not pass on your data to third parties without your consent. In particular, we do not pass on any personal data to an entity located in a third country or to an international organisation.
How long your data is stored
As far as the retention period is concerned, we delete personal data as soon as their retention is no longer necessary to fulfil the original purpose and the statutory retention periods have ceased to apply. The final period of retention of personal data is ultimately determined by the statutory retention period. After the expiry of this period, the data concerned are regularly deleted. If retention periods must be observed, processing is restricted by blocking the data.
For users who register on our website, we store the personal information they provide in their user profile. All users can view, edit or delete their personal information at any time (except that they cannot change their username). Website managers can also view and edit this information.
4. Data controller
This website and the services offered are operated by
Le Moulin du Vivier, SARL with a share capital of 68 450€.
Whose head office is located at
Canal du Midi, Ecluse du Vivier
11400 Saint-Martin-Lalande
Registered in the Carcassonne trade and company register under number 591 950 118.
SIRET NUMBER: 591 950 118 00016
VAT ID: FR71591950118
Tel: 04 68 23 03 66
E-mail : contact@moulinduvivier.com
Website: moulinduvivier.com
Management: Sylvie Maury
The data controller is responsible for determining the purposes and means of processing personal data. For any enquiries relating to data protection legislation, please contact our Data Protection Officer: Sylvie Maury on the above contact details.
Obligations of the data controller
The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user's knowledge and to respect the purposes for which the data were collected.
The site has an SSL certificate to ensure that information and data transfer through the site is secure.
The purpose of an SSL certificate ("Secure Socket Layer" Certificate) is to secure the data exchanged between the user and the site.
In addition, the data controller undertakes to notify the user of any rectification or deletion of data, unless this would entail disproportionate formalities, costs and steps for the user.
In the event that the integrity, confidentiality or security of the user's personal data is compromised, the controller undertakes to inform the user by any means.
5. User rights
In accordance with the regulations concerning the processing of personal data, the user has the following rights
In order for the data controller to comply with the request, the user is required to provide the following information: first and last names, e-mail address and, if relevant, account number or personal space or subscriber number.
The data controller is obliged to respond to the user within a maximum of 30 (thirty) days.
Presentation of the user's rights regarding data collection and processing
Right of access, rectification and deletion
The user may view, update, modify or request the deletion of data concerning him/her, in accordance with the procedure set out below:
The user should send an e-mail to the person responsible for processing personal data, specifying the subject of the request and using the contact e-mail address provided above.
If he/she has one, the user has the right to request the deletion of his/her personal space by following the procedure below:
The user must send an e-mail to the data controller, specifying his/her personal space number. The request for deletion of the data will be processed within 10 working days.
Right to data portability
The user has the right to request the portability of his/her personal data, held by the site, to another site, by complying with the following procedure:
The user must request the portability of his/her personal data from the data controller by sending an e-mail to the above address.
Right to limit and object to data processing
The user has the right to request the limitation of or to oppose the processing of his/her data by the site, without the site being able to refuse, unless it can be shown that there are legitimate and compelling reasons, which can prevail over the interests and rights and freedoms of the user.
In order to request the limitation of the processing of his/her data or to formulate an objection to the processing of his/her data, the user must follow the following procedure:
The user must make a request to limit the processing of his/her personal data to the data controller, by sending an e-mail to the address provided above.
Right not to be subject to a decision based exclusively on an automated process
In accordance with the provisions of Regulation 2016/679, the user has the right not to be subject to a decision based exclusively on an automated process if the decision produces legal effects concerning him or her, or significantly affects him or her in a similar way.
Right to determine the fate of data after death
The user is reminded that he/she can organise what should happen to his/her collected and processed data if he/she dies, in accordance with law n°2016-1321 of 7 October 2016.
Right to refer to the competent supervisory authority
In the event that the data controller decides not to respond to the user's request, and the user wishes to contest this decision, or if he/she believes that one of the rights listed above has been infringed, he/she is entitled to refer the matter to the CNIL (Commission Nationale de l'Informatique et des Libertés) or to any competent judge.
Personal data of minors
In accordance with the provisions of Article 8 of the European Regulation 2016/679 and the French Data Protection Act, only minors aged 15 or over may consent to the processing of their personal data.
If the user is a minor under the age of 15, the consent of a legal representative will be required in order for personal data to be collected and processed.
The site editor reserves the right to verify by any means that the user is over 15 years of age, or that he has obtained the agreement of a legal representative before browsing the site.
6. Use of "cookies" files
The site uses "cookie" techniques.
We have a page dedicated to the operation of cookies and we invite you to consult it.
7. Conditions for changing the privacy policy
This privacy policy can be consulted at any time at the following address
https://moulinduvivier.com/politique-de-confidentialite/
The site editor reserves the right to modify it in order to ensure its conformity with the law in force.
Therefore, the user is invited to consult this privacy policy regularly in order to be informed of the latest changes.
However, in the event of a substantial change to this policy, the user will be informed in the following manner:
By push notification when the user visits the site again.