QUAI DES CELESTINS, a simplified joint-stock company with capital of €9,050, registered with the Paris Trade and Companies Register under number 522 306 265, having its registered office at 207 rue du Faubourg Saint-Martin, 75010 Paris (hereinafter the "Company" or "QUAI DES CELESTINS"), represented by Mrs Fleur PHELIPEAU as President, collects and processes personal data concerning the Company's customers, users of the Company's website (hereinafter after the “Site”) and the users of the services (hereinafter the “Services”, as defined in the General Conditions of Sale accessible at the following link: https://dlabparis.com/pages/conditions-generales-de- sale , hereinafter the “GTC”), hereinafter collectively referred to as the “Users” or “You” or “Customers”.

The Company is concerned about the protection of the privacy and personal data of Users. Thus, it ensures that it adopts and complies with a personal data processing policy in accordance with the regulations in force and in particular with the General Data Protection Regulation n° 2016/679 of April 27, 2016 (the “GDPR”). and the Data Protection Act of 1978 as amended.

Thus, this policy relating to the confidentiality and protection of personal data (the "Policy") aims to set out the terms and conditions for the processing of personal data by the Company concerning Users.

The Company reserves the right to modify the Policy at any time and undertakes to inform Users of these changes via a notification when using the Services.

1. The controller

The Company is responsible for the processing of personal data collected and processed under the conditions of this Policy applicable to Users.

You can contact the Company using the contact details provided in article 8 “Contact” of this Policy.

The controller is the person, in this case the Company, who determines the methods and purposes of the processing of personal data. As its name suggests, it assumes responsibility for the processing of personal data that it implements and it is the User's main contact for asserting its rights under the processing.

2. Sources and categories of personal data


2.1. Source and collection of personal data

The Company collects Users' personal data as part of the use of the Services. In particular, the Company collects and processes the personal data of Users when:

  • order taking;
  • the provision of Services;
  • invoicing and payment of orders, as well as preliminary checks on credit cards;
  • the creation of the User profile on the Site (hereinafter the “Profile”);
  • navigation on the Site (in particular by cookies); and or
  • statistical and commercial analysis of data;
  • sending mass or targeted informative emails;
  • the sending of emails relating to the follow-up of orders and the creation of finished products

The Company also processes all personal data communicated spontaneously and voluntarily, in particular when Users contact the Company.

2.2. Categories of personal data

The Company collects and processes the following categories of personal data:

  • Information needed for ordering:
    • Personal data: last name, first name, telephone number and email address of the customer (if a natural person) or of the main contact within the customer company.
  • Information necessary for any exchanges with You:
    • Personal data: last name, first name, telephone number and email address of the customer (if a natural person) or of the main contact within the customer company.
  • Information necessary for invoicing and payment of orders:
    • Personal data: last name, first name, telephone number and email address of the customer (if a natural person) or of the main contact within the customer company, as well as the billing postal address. We do not keep bank details in the event of payment by credit card.
  • Information required for the creation of the Profile:
    • Personal data: email address, telephone number, username, password
  • Information collected when using the "Contact" form:
    • Personal data: surname, first name, email address, as well as any other information that You would spontaneously communicate to us in your message.
    • Company data: distribution sector, country/city of sale
  • Information about the type of device used, IP address, browser type and language.
  • Information collected by cookies installed on our Site previously accepted or refused, such as in particular the pages consulted.

2.3. The mandatory nature of the provision of data

Certain information may be mandatory for the implementation of the Services. When ordering, creating the Profile or using the "Contact" form, the mandatory data is indicated on our forms by an asterisk or by the explicit mention "Mandatory Information". If you fail to provide the mandatory data, we will not be able to implement the Services concerned.

2.4. Data Accuracy

The Company makes its best efforts to maintain accurate and complete personal data. To ensure that we have up-to-date information, You can inform us of any change in your contact details or any other data, by contacting the Company using the contact details mentioned in article 8 "Contact" below, or by putting regularly update your Profile.

2.5. Location of personal data

The personal data collected on our Site and for which the Company is responsible are hosted in France on the servers of the Site which is hosted by the Company Shopify.

More details concerning the guarantees taken for data transfers outside the European Economic Area are given in Article 6.


3. Purposes and legal bases of processing

Personal data is processed by the Company for the following purposes:
As part of the execution of the T&Cs or pre-contractual measures for the provision of the Services:
  • Execution of Services to Users, as defined in our T&Cs, delivery of ordered products.
  • Manage the relationship with Users
    • Creation of a Profile;
    • Management of the acceptance of the T&Cs and this Policy;
    • Communication with Users; And
    • Management of any complaints.
Within the framework of our legitimate interest, in respect of your rights:
  • Establish statistics on the use of the Services and on the behavior of Users;
  • Sending newsletters;
  • Company Service Proposals; And
  • Provision, maintenance and improvement of our Services and Website.

In addition, processing in the context of the legitimate interest also makes it possible to:

  • Manage collection;
  • Detect, investigate, prevent, or take action regarding illegal activities, abuse, suspected fraud, or situations involving potential threats to the security or rights of any person or entity and to act upon it evidence in the event of litigation;
  • Investigate, prevent and prevent breaches of our T&Cs and this Policy; And
  • Protect and defend our rights and interests, including our intellectual property rights, before the competent courts or jurisdictions.

The Company also seeks to enable the training of its employees and the performance of compliance and security audits.

Finally, the data is collected to meet legal obligations:

  • Satisfy the legal and regulatory obligations to which the Company is subject, such as the tax declaration relating to transactions and the retention of invoices,
  • Train our teams, under the legal obligations to which the Company is subject as an employer,
  • Manage User requests regarding their personal data rights.

4. Communication of personal data

Personal data, collected and processed, may be transmitted:

  • To the authorized persons of the departments concerned within the Company;
  • In the event of a claim, theft or other violation of the T&Cs or the law, personal data could be transmitted to our insurance company and/or our brokerage company, which is required to maintain the confidentiality of the data transmitted and, where appropriate, to the police and justice services.
  • To administrative and judicial authorities and more generally to public bodies in the context of compliance with our legal obligations or to enable us to defend our rights and interests,
  • As needed, to our legal advisers and lawyers,
  • If we sell or transfer our business or part of it and your personal data relates to that part sold or transferred, or if we merge with another business, we will share your personal data with the new owner of the business. or our merger partner, respectively.

5. Security of personal data

The Company implements organizational, technical, software and physical security measures to protect personal data against loss, unauthorized access, disclosure or alteration.

6. Data retention

The Company keeps your personal data for the time necessary to fulfill the purposes pursued, if necessary increased by the legal periods of archiving, retention of certain data and prescription. At the end of the processing, the personal data will either be deleted or anonymized by the Company.

The retention period depends on the type of personal data and the purpose. The retention period is determined in particular according to the following criteria:

  • The closure of the Profile;
  • The regularity of your use of the Services;
  • The existence of legal or contractual obligations requiring us to retain the data;
  • The existence of a retention period specially defined by the applicable regulations; And
  • The type of personal data and in particular their sensitivity (for example your banking information).

In this context, the Company retains the following retention periods:

  • The data concerning your Profile is kept as long as the account is active and, at the latest, after three years following the last transaction.
  • Once your account is closed, your data will be deleted or anonymized by the Company, unless this data must be kept for accounting purposes, in the context of legal obligations, dispute resolution, collection or prevention of fraud. .
  • In the event of a dispute relating to a transaction, we keep the data relating to the said transaction for the applicable limitation periods.


For more information concerning the retention period of your personal data, we invite You to contact us using the contact details indicated in article 8 “Contact” below.

7. User Rights

Users are informed that they have, under the conditions of the GDPR and the laws applicable in France, a right of access, rectification, erasure and portability of their personal data, as well as a right to limitation and opposition to the processing of this data.

Users also have the right to organize the fate of their personal data in the event of death, as well as the right to lodge a complaint with the CNIL, whose website is accessible at the following address http://www .cnil.fr and the head office is located at 3 Place de Fontenoy, 75007 Paris.

For processing based on his consent, the User may withdraw it at any time, without affecting the lawfulness of the processing prior to this withdrawal.

The User may exercise, free of charge, his rights with the Company at the contact details indicated in article 8 “Contact” below, except in the event of manifestly excessive demand, in which case charges may be applied.

In addition to the information below, the Company invites the User to consult the CNIL website:

  • Right of access : the User has the right to obtain from the Company confirmation that his personal data is or is not being processed and, when they are, access to said data as well as information relating to the purposes of the processing (art. 15 of Regulation 2016/679 on the protection of personal data (“GDPR”)). Manifestly unfounded, excessive or repeated requests may not receive a response or incur charges.
  • Right of rectification : the User has the right to obtain from the Company, as soon as possible, the rectification of his personal data that he deems inaccurate (art. 16 of the GDPR).
  • Right to erasure : the User has the right to obtain from the Company the erasure of his personal data, under the conditions provided for in Article 17 of the GDPR.
  • Right to portability : the User has the right to receive, or request the sending to a third party, of the personal data concerning him that he has provided to the Company, in a structured, commonly used and machine-readable format. (Art. 20 GDPR).
  • Right to limitation of processing : the User may obtain from the Company the limitation of the processing of his personal data under the conditions of article 18 of the GDPR.
  • Right to withdraw consent : Users have the right to withdraw their consent to the processing of your data if such processing is based on consent. The withdrawal of this consent does not affect the lawfulness of the processing based on the consent given before its withdrawal.
  • Right of opposition : the User has the right to oppose at any time, for reasons relating to his particular situation, to the processing of his personal data, when this is based on the legitimate interest and in the conditions of Article 21 of the GDPR.
  • Right to organize the fate of his personal data in the event of death : the User may define general or specific directives relating to the storage, erasure and communication of his personal data after his death (Law 78 -17 of 6 January 1978 amended, art. 40, II).
  • Right to lodge a complaint with a supervisory authority : without prejudice to any other administrative or judicial remedy, the User has the right to lodge a complaint with a supervisory authority if he considers that the processing of personal data concerning him constitutes a violation of the regulations applicable to personal data (art. 77 of the GDPR).

8.Contact

For more information on the processing of your personal data or to exercise your rights, You can contact us at the following coordinates:

QUAI DES CELESTINS / D-LAB
207 rue du Faubourg Saint-Martin
75010 Paris

Email: contact@dlabparis.com
Telephone: 01 84 80 44 20