Our company has created this Personal Data Protection Policy in order to inform individuals whose personal data it collects and processes about, in particular, data that may be collected, how the data is processed, the persons or entities with which our company shares the data, and the rights of these individuals.
The Policy comes under the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("General Data Protection Regulation" or "GDPR"), French Law No. 78-17 of 6 January 1978, as amended, relating to data processing, files and freedoms (the French Data Protection Act) and its implementing provisions.
1. What data do we collect?
A part of carrying out business activities and operating our website, we may collect and process personal data about prospects, customers, and other business partners (their managers, partners and/or staff members), as well as website users.
Amongst others, the data includes information relating to:
- Identity, including surname, first name and gender;
- Personal and/or business information, including postal address, email address, telephone and/or mobile phone numbers, position or function;
- Our contractual relationship, in particular product orders and complaints sent to our company;
- Saved correspondence and communications with our company, including emails, SMS messages and MMS messages;
- Connection data for our website, including cookies that collect information such as browser type, pages viewed, language preferences and other general traffic data;
- As well as any information shared with us using the contact form on our website or, more generally, by communicating with our company.
Where appropriate, it is specified at the time of data collection whether the data is necessary for the purpose in question.
2. On what legal grounds do we process your data?
We collect and process personal data as appropriate:
- To perform contracts concluded with our customers and other business partners, or to take pre-contractual measures at their request;
- For the purposes of our legitimate interests, such as prospecting and promotions, as well as managing relationships with our prospects, customers, suppliers and other business partners;
- To comply with our legal and regulatory obligations and to ensure that our rights are protected; and/or
- Based on consent from the natural persons in question.
If the natural person whose personal data we process has objected to such processing, we may nevertheless be permitted to carry out or continue such processing on one of the other legal bases mentioned above.
3. For what purposes do we process your data?
We collect and process personal data for the following purposes:
- Storing contracts concluded with our customers;
- Managing product orders;
- Managing invoices, accounting, and accounts receivable;
- Managing customer files;
- Managing and following up on the business relationships with our customers and other commercial partners;
- Creating and managing a database of potential customers, prospecting;
- Managing newsletters and other similar communications;
- Organising, registering and inviting to events;
- Improving browsing of the website and user experience, particularly managing audience measurement statistics.
4. Who do we share your data with?
Our company shares or is likely to share the data collected with the following persons or entities:
- Authorized members of our staff;
- Other companies in our group;
- Our subcontractors, agents or service providers;
- Our auditors;
- Supervisory authorities (regulators), administrative authorities, courts.
Our computer servers are located within the European Union (Maine-et-Loire, France) and we do not send any collected personal data outside the European Union except for data collected by Google Analytics (USA) cookies on our website.
If we are required to send any personal data we collect outside the European Union, we undertake, in accordance with legal provisions, to ensure (i) that the country to which the transfer is made ensures an adequate level of protection in application of an adequacy decision of the European Commission, (ii) if no such a decision is made, that appropriate safeguards, as referred to in Article 46 of the GDPR, have been put in place, or (iii) if no adequacy decision has been made and none of the aforementioned appropriate safeguards have been introduced, that the data transfer falls within the scope of the assumptions referred to in article 49 of the GDPR.
5. How long do we keep your data?
We keep personal data collected only for the time necessary for the purposes for which they were collected, in accordance with the regulations in force and without prejudice to the legal obligations relating to storage and prescription periods.
In particular, we keep our customers' data for the duration of the contractual relationship and for an additional 3 years for promotional and prospecting purposes.
A table for information only, relating to the retention periods of the data collected by our company, can be found in the Appendix.
6. How do we keep your data secure?
Our company implements appropriate technical and organizational measures to keep the data collected secure and to comply with its obligations under applicable regulations. In particular, our company implements means to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services.
7. What rights do data subjects have?
All natural persons whose personal data our company processes have the following rights, as recognized by applicable regulations:
- A right to access their data and receive information relating to the processing of their data (Article 15 of the GDPR; Article 49 of the French Data Protection Act)
- A right to rectify inaccurate or incomplete data (Article 16 of the GDPR; Article 50 of the French Data Protection Act);
- A right to delete data (Article 17 of the GDPR; Article 51 of the French Data Protection Act);
- A right to limit data processing (Article 18 of the GDPR; Article 53 of the French Data Protection Act);
- A right to data portability (Article 20 of the GDPR; Article 55 of the French Data Protection Act);
- A right to object to data processing (Article 21 of the GDPR; Article 56 of the Data Protection Act);
- Where data processing is based on consent, the right to withdraw consent at any time (Article 7(3) of the GDPR);
- The right to define guidelines relating to storing, deleting and sharing personal data after their death (Article 85 of the French Data Protection Act).
All data subjects can, after proving their identity, exercise their rights at any time with our company, using the contact form on the website www.blackfox-shop.com, by emailing firstname.lastname@example.org or by post to: AJS - GDPR, 19 avenue des Pays Bas, ZA du Val de Moine, Saint-Germain-sur-Moine, 49230 SEVREMOINE (France).
Data subjects also have the right to lodge a complaint with the French Data Protection Authority (CNIL) regarding the processing of their personal data (www.cnil.fr/fr/plaintes).
8. Identity of the data controller
The data controller is AJS, a simplified joint-stock company with a share capital of 2,000,000 euros, whose registered office is located at 19 avenue des Pays Bas, ZA du Val de Moine, Saint-Germain-sur-Moine 49230 Sèvremoine (France), registered in the Angers Trade and Companies Register under number 351 962 964.
President: the company B.S.B.H, with Mr Jérôme Subileau as Managing Director
Correspondence address: registered office address above
Phone number: +33 (0) 241 63 35 36
Table for information only relating to retention periods