Privacybeleid

PROTECTION OF YOUR PERSONAL DATA BY SAS MLB

YOUR REQUEST TO EDIT YOUR PERSONAL DATA & INFORMATION :

  • • As a user of the services provided by SAS MLB, you can edit your personal data and information from within your customer account.
  • • If you wish to delete your customer account, you can also do so with your personal login information. Note: this action is irreversible, if you delete your customer account you will lose your order history and access to any available discounts or promotion codes. You will, however, be able to create a new customer account at any point thereafter if you wish.
  • • It is possible to export your personal data from within your customer account should you wish to do so.
  • • For all other requests regarding your personal data and information, please get in touch with our data protection team.

OVERVIEW

This page describes the guidelines applied by SAS MLB when collecting different types of data about our customers. The information described on this page is detailed in SAS MLB’s data protection guidelines. This page also contains our commitment regarding data protection and security, in order to protect your privacy to the best of our ability.

DEFINITIONS

In order to avoid any misinterpretations, below are clarifications of terms used:

  • Personal data : all information directly or indirectly pertaining to a physical, identified or identifiable person.
  • Processing: all actions or operations managed through automated processes and applied to personal data (including but not limited to collecting, storing, sharing, conserving, extracting, using, segmenting…)

PROCESSING RESPONSIBILITY

All processing of personal data shared with SAS MLB is handled under the responsibility of SAS MLB, 5 rue d’Aboukir 75002 Paris - n° SIRET 53960923000062

HOW DO WE COLLECT YOUR PERSONAL DATA?

Collection of your personal data (such as your name and contact information) is typically based on your customer relationship with SAS MLB. For example, we collect data when you perform actions on our website, such as account sign-ups, website transactions or other such actions. When you communicate with SAS MLB, for example through a phone call, by creating a customer account or by sending us an e-mail, the identification data for those communications is stored in our systems for usage of our services. When you visit www.maisonlabiche.com and download any of our site’s webpages, you share anonymous data with us, like your IP address and browsing history. The performance of our services is optimized through cookie usage. We are able to collect some of this data with your consent. We record calls to our customer care team in order to verify conversations, where necessary. We also collect prospective customer information when these individuals enter contests and giveaways.

WHAT TYPE OF DATA DO WE COLLECT?

The data we collect includes your first and last names, phone number, e-mail address, date of birth, direct marketing and consent information, information about your point of contact within the company, company name, any information provided by yourself, customer segmentation information, order, delivery and billing details. We store information which may be connected to you as a customer. Data collection during any communication with SAS MLB may contain information about both communicating parties, time of communication, routing information, data transfer protocol, communication type and localization information. During Internet browsing, “bespoke data” may be collected with the help of cookies. This data is not associated to an individual. The customer information we collect helps us personalize and continually improve your onsite experience with SAS MLB. We use this information to process orders, deliver our products, handle payments and communicate with you regarding your orders, our products, services and promotional offers, to store and update our customer database, as well as to share content and recommendations you may like. We also use this information to improve our physical stores and website, prevent or detect fraud or abuse, and allow third parties to provide technical, logistical or other services on our behalf.

TYPE OF DATA WE COLLECT:

  • • Information you share with us :
    We store and save information you share with us on our website or through other channels. You may choose not to communicate specific information with us; however, this may limit the services we are able to provide to you. We use the information you provide to communicate with you, fulfil your requests, personalize your future purchases and improve our services
  • • Information that is automatically collected :
    Each time you get in touch with us, we receive and save certain types of information. Like many websites, we use cookies and obtain certain types of information when your web browser connects to www.maisonlabiche.com or advertisements and other types of content, displayed on other websites by SAS MLB, or on behalf of it.
  • • E-mail information :
    In order to optimize the relevance of our e-mails, and if your device allows, we frequently receive confirmation that you have received and/or opened e-mails sent by SAS MLB. If you do not wish to receive our e-mails, you may notify us through your customer account.

HOW DO WE PROCESS YOUR PERSONAL INFORMATION?

All SAS MLB employees and third-party partners abide by strict privacy guidelines where your data is concerned. We protect the confidentiality of your data and are mindful to use it only as intended. Your personal data is processed with the intention of producing and delivering communication services and other services. We also use your data to communicate with you about our products and services. We may use your data for database segmentation purposes, through billing information, spend thresholds, duration of the customer relationship and external classifications. We use both summarized and specific information with the purpose of communicating most relevantly with our customers. Prospective customer information is used for direct marketing purposes. We aim to ensure that all customer information is correct and up-to-date at all times. We delete obsolete or unnecessary data wherever possible. We protect all information relating to you and prevent access to your data for third parties.

WHERE DO WE SEND YOUR DATA?

We only submit your data to relevant authorities and telecommunication companies as permitted by applicable legislation and as described to you. When working with third parties, security agreements are always in place to cover the protection of your personal information. We are responsible for the way this data is used.

SAS MLB DATA PROTECTION GUIDELINES

The objective of this data protection policy is to describe the guidelines and practices in place at SAS MLB to ensure the protection of your personal information and of your privacy. We regularly update this policy as operations, services and legislations evolve or change. For this reason, we encourage our customers to regularly refer to its latest version. Our basic principles include the protection of our customers’ privacy, as well as the confidentiality of their personal data in all operations undertaken by the company. When processing customer data, we abide by French legislation, guidelines and best practices, and SAS MLB upholds the highest possible level of data protection in doing so. Personal and identifying data, as well as location information, are collected only for specific pre-determined legal purposes and are not processed in ways that contradict these. We protect your personal information whenever processed by using SSL (Secure Sockets Layer) software, which encrypts information entered before it is sent or shared. We ensure physical and electronic security of your information, as well as safe storing for all data collected, stored and shared for our customers. As such, our security guidelines may require us to request proof of your identity before sharing your personal information with you. We are continually training our employees and internal teams on the most up-to-date and relevant data protection guidelines.

GENERAL CUSTOMER DATA PROTECTION GUIDELINES

The management of personal data must always be justified as serving SAS MLB’s operations. We have defined our objectives as they pertain to collection, processing and storage of personal data in the following section. SAS MLB only processes customer information where it is necessary to its operations, as defined in the usage purposes. We do not process or store incorrect, incomplete or obsolete information. Processing of customer information is generally based on a relevant relationship, with information received during the use or registration of a service, with customer consent. We may also process your information for other reasons, such as upon your request, or when the law requires it. Your information may be processed within SAS MLB, and we encourage all customers to keep their information (including contact information) up-to-date. We record conversations with our customer care team in order to verify commercial transactions, for quality assurance purposes and in order to supervise and continually improve the quality of service you receive. Please note, as a SAS MLB customer, you are entitled to verifying which information pertaining to you is being stored in our system, or to having that information removed. You may also refuse the use of your personal information, according to related legislation. This inspection can be conducted once yearly, at no cost. The request for an inspection should be made in writing and signed by both yourself and SAS MLB.

COLLECTING, STORING, EXTRACTING & PROCESSING OF PERSONAL INFORMATION

OVERVIEW OF DATA COLLECTED DIRECTLY VIA SAS MLB SERVICES:

Contact form :

  • • Data collected : e-mail address and message
  • • Purpose : Customer relationship management
  • • Data storage : Customer database
  • • Storage duration : 1 year
  • • Data access : SAS MLB customer care department
  • • Is the data stored and/or processed outside the EU : No

Customer account creation :

  • • Data collected : first name, last name, address, phone number, e-mail address, date of birth, direct marketing consent information, personal information, company contact, name of company, information provided by the customer, customer segmentation, order, delivery, billing information. We store information pertaining to you as a customer.
  • • Purpose : Order / Order tracking / Address / Returns / Refunds / Credits / Loyalty management
  • • Data storage : Customer database
  • • Storage duration : customer lifetime / Inactive customers are deleted after 2 years
  • • Data access : logistics/operations teams (partial access – only data pertaining to processing and shipping of orders) / marketing department / customer care department
  • • Is the data stored and/or processed outside the EU : No

Newsletter subscription :

  • • Data collected : e-mail address
  • • Purpose : marketing newsletters
  • • Data storage : opt-in information in customer database
  • • Storage duration : customer opt-in duration, excluding customer request
  • • Data access : marketing department
  • • Is the data stored and/or processed outside the EU : No

According to information technology and liberties legislation, you may request access to data relating to yourself, and modification of this information at any time.

OVERVIEW OF DATA SHARED WITH THIRD PARTIES VIA SAS MLB SERVICES :

Google Analytics

  • • Third party : https://analytics.google.com/analytics
  • • Third party location : United States of America
  • • Purpose : Site traffic analysis + remarketing
  • • Is the data stored and/or processed outside the EU : Yes
  • • Third party GDPR compliance: https://privacy.google.com/intl/fr_fr/businesses/compliance/

Google Adwords

  • • Third party : https://adwords.google.com
  • • Third party location : United States of America
  • • Purpose : Advertising + remarketing
  • • Is the data stored and/or processed outside the EU : Yes
  • • Third party GDPR compliance: https://privacy.google.com/intl/fr_fr/businesses/compliance

Mailchimp

  • • Third party : https://mailchimp.com/
  • • Third party location : United States of America
  • • Purpose : E-mail marketing
  • • Is the data stored and/or processed outside the EU : Yes
  • • Third party GDPR compliance: https://kb.mailchimp.com/fr/accounts/management/about-the-general-data-protection-regulation

DATA SENDING & SHARING

SAS MLB may only submit your personal data to third parties in accordance with relevant legislation. We may submit information upon request to relevant authorities, for example to the police and other security authorities, as well as other authorities for purposes specified by relevant legislation. Customer information represents an important component of our business, but we are not in the business of commercializing that information. We only share this information for reasons and purposes explicitly outlined above, and we are bound to the confidentiality and privacy guidelines outlined herein. Additionally, we may share your information with third parties, in which case we take care to ensure the protection of your data is upheld by those third parties. If your data is processed outside the EU, we will protect your information by ensuring our third party partners also uphold appropriate protection of your data.

PROCESSING OF IDENTIFYING DATA AND LOCATION INFORMATION VIA ELECTRIONIC COMMUNICATIONS

SAS MLB treats all data and messages deriving from communications with you as confidential. Our employees are bound by confidentiality guidelines and are forbidden from using any messages or other confidential information. When communication takes place via a network, it leaves a trace. These traces are referred to as identifying data if they can be connected to a physical person. These are created via phone calls, e-mails, SMS among others, and may contain information about the individuals partaking in those communications, the connection or routing information, the data transfer protocol or terminals used, and their location. SAS MLB processes this identifying data and location information according to relevant legislation, for the purpose of providing relevant services, billing those services, for technical development and more. This information may be used for billing other service providers where relevant and necessary. SAS MLB may also process identifying data in the event of abusive behavior or usage, or in the event of a technical issue. In all the events listed above, we only process identifying data and location information where necessary in fulfilling a specific task or purpose.

USAGE OF LOCATION INFORMATION

Localization of a physical person may only occur where the localized individual consents to being localized. A customer may not be localized if they do not consent to geo-localization services. If we share location information with service providers, we ensure through appropriate means that consent exists prior to sharing that information.

IDENTIFYING DATA & LOCATION INFORMATION – AUTHORIZED INDIVIDUALS

Only specific SAS MLB individuals whose work requires access to identifying data and location information may access and process this data. This authorization is granted only to individuals performing tasks linked to billing, maintenance, development of communications services and/or networks, prevention and/or investigation of abuse, customer care and marketing. Individuals who are permitted to process and access this data may only do so within the limits of specific individual and required tasks.

DURATION OF TREATMENT AND STORAGE OF IDENTIFYING DATA & LOCATION INFORMATION

We process identifying data and location information as long as necessary in order to perform billing, technical development, marketing, surveys and data security tasks. However, this is only done wherever needed and without unduly compromising the confidentiality of a message and protection of privacy. We store data required for billing purposes for at least one year from the date of invoicing and for a period never exceeding three years from the date of invoicing, unless there is a reason to store the data for a longer period. Data is only stored as permitted by relevant legislation.

WEBSITES AND ONSITE TRAFFIC

We also collect data pertaining to website visits. This data contains IP addresses and corresponding DNS names, as well as the organization which recorded the IP address, the name and address of the page(s) visited, the time of page download(s) and the browser type. Please note, IP addresses are required in order to ensure correct Internet access, and these are used to direct messages transmitted on the Internet to their relevant destinations. Generally speaking, an IP address is not connected to the physical person using the device, but it can be connected to an organization which recorded the IP address. The IP address may be connected to a physical person or organization upon request from the authorities.

COOKIES

As a SAS MLB customer, you may visit our website anonymously. However, as with most websites, we use cookie technology. When you load our website, the cookie generates a random number for your browser, which does not display your identity. Cookies help SAS MLB determine its most popular webpages, which pages are being browsed and duration of browsing time, among other information. This data is used to develop and continually improve our services, and accurately target advertising on other websites. You can prevent the storage of cookies by editing your browser settings. In some cases, this may slow down or block your web browsing or access to certain webpages.

DATA SECURITY

We guarantee the safety of our data by employing means that are proportional to the corresponding threat, both in severity, sophistication and cost. SAS MLB has specific methods in place to prevent data security violations and to minimize any risk. Additionally, we use all means possible to guarantee the confidentiality of messages and protection of privacy so these are not unduly compromised through any action performed via our services. We provide information about actions related to data security via appropriate channels, such as our website and our customer communications. In order to prevent any violation of data security and minimize associated risks, we can among other things, prevent the reception of electronic messages and delete viruses and other dangerous software, as well as additional preventative measures, within the limits of authorized and legal methods. We use physical, administrative and technical methods in order to protect the confidentiality of our messages and the identifying data shared across our communications network. These actions help mitigate the risk that any data relating to our customers is shared with third parties, and prevent any abusive or unauthorized use of this data. Some of our services also use standard encrypting. Please note, as a user of SAS MLB services, you must also apply the appropriate methods to ensure your own data security. We encourage you to store and use our services and your devices with care, and monitor their usage, for example by creating secure and unique passwords, using anti-virus software and firewalls, and to keep all your operating systems updated.

CLIENT COMMUNICATIONS AND DIRECT MARKETING

SAS MLB sends client communications relating to its products and services based on the consent provided by the customer in the customer account. SAS MLB also sends electronic direct marketing communications. You may forbid SAS MLB from sending you direct marketing communications. You can do so by following the instructions contained in the related communication itself, or from your customer account.