PROTECTION OF PERSONAL DATA
PRIVACY POLICY AND COOKIES
Effective date: September 1, 2021
We respect your concerns about the protection of your privacy and we attach great importance to the confidentiality of the personal data you transmit to us.
This privacy and cookies policy (hereinafter the “Policy”) describes how we collect, share and use any information provided by you (such as your first name, last name, email address and telephone number) which, used alone or in combination with other information, relates to your status as a User of the Site and constitutes your Personal Data.
This Policy also indicates the type of personal data we collect, the way we process it, the measures to preserve the security of this data as well as the rights any User has to access, rectify or delete this data. We do not collect or process any sensitive data.
The provisions of Regulation (EU) 2016/679, known as “GDPR” and of Law No. 78-17 of January 6, 1978 relating to computing, files and modified freedoms are strictly applied to the processing of personal information (the “Personal Data”) that the User may be required to communicate when browsing the Site.
For the purposes of this Policy, RGOODS, Simplified Joint Stock Company whose head office is located at 197 avenue de la République, 33 200 Bordeaux, acts as controller of your Personal Data, i.e. it determines the purposes and means implemented for the processing of this data.
RGOODS and Surfrider Foundation, a public utility association governed by law 1901 whose head office is located at 33 allée du Moura 64200 Biarritz, act as joint controller of your Personal Data in the case of a donation made on the Site.
- HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect the information that you communicate to us directly or indirectly through our service providers, in particular when you:
- Browse the Site or use the Site’s services.
- Create a personal account on the Site.
- You connect to this personal account on the Site.
- Place and pay for a pre-order or order on the Site.
- Make and pay for a donation on the Site.
- Participate in a competition, promotional offer, satisfaction surveys or polls.
- Request assistance from Customer Service.
- Communicate with us in any way.
The provision of your personal information is voluntary.
2. WHAT PERSONAL DATA DO WE COLLECT?
We may mainly collect the following personal data:
Data relating to your identification.
This data allows us to create your personal account on the Site: your title, your first and last name, your postal address, your email address and your password.
The data necessary to process your order.
This data allows us to create, manage and send your order:
. Data used for your identification: your email, your first and last name, your delivery and billing address, your telephone number.
. Data used to process orders: the products ordered, the number of your order and your invoice.
. Data used for payment: bank card number, expiration date.
The data necessary to process a donation to Surfrider Foundation.
This data allows us to record your donation and send you the tax receipt:
. The data used for your identification: your email, your first and last name, your postal address.
. The data used to process the donation: the amount of the donation.
. Data used for payment: bank card number, expiration date.
Data relating to the continuation of our commercial relationship,
This data allows us to communicate with you: the history of your orders on the Site, your exchanges with our customer service, information relating to your preferences in terms of products and services.
Mandatory data is identified on the Site by an asterisk in our online collection forms. If we fail to answer the mandatory questions and provide Personal Data, we will not be able to provide you with the Products offered or guarantee the optimal quality of your user experience on the Site.
Data relating to your means of payment, such as your bank card number and its expiration date, are directly collected and stored by our payment provider MANGOPAY through a specific secure interface.
We may also collect information about you automatically when you browse the Site, including connection data (such as your operating system, browser or IP address) as well as browsing information linked to your acceptance of cookies.
3. FOR WHAT PURPOSES DO WE COLLECT YOUR PERSONAL DATA?
The collection and processing of your Personal Data meets explicit, legitimate and specific purposes which are as follows:
Execution of the sales contract concluded with the company RGOODS
The use of your personal data is essential for processing the Order subject to the contract, in particular for:
- Managing your Order, processing transactions and invoices as well as managing delivery.
- Managing your personal account if you have created one.
- The provision of customer service accessible by e-mail to contactshop@surfrider.eu.
- Execution of the donation made to Surfrider Foundation
The use of your personal data is essential for processing the donation you make on the Site, in particular for:
- Registering your donation, processing the transaction.
- Issuing a tax receipt sent to your home.
- Managing your donor space.
- The development of the user experience on the Site in our legitimate interest
The use of your personal data allows us to offer a smoother experience and to stay in contact with you, through:
- Sending personalized information by e-mail or any other electronic medium and by displaying targeted advertisements on websites and social networks;
- Improving the customer experience by sending satisfaction surveys;
- The organization of competitions and promotional offers;
- Analyzing your browsing in order to personalize your experience on the Site and on our social networks, in particular based on your purchasing habits and behavior;
- Anonymous and global evaluation of the activity of our Site and other associated third-party platforms.
- Verification, identification and authentication of the personal data you have transmitted to us.
- Prevention and detection of fraud, malware and security incident management.
- Management of possible disputes.
4. HOW LONG IS YOUR PERSONAL DATA KEPT?
Your personal data is kept for a period which does not exceed the period necessary for the purposes for which it is collected, as set out in this Policy. This retention period differs depending on the type of categories of data collected:
DESCRIPTION DES DONNÉES | DURÉE DE CONSERVATION |
Personal data from your personal account Data relating to your use of the Site | Duration of 3 years from your last activity on the Site / the end of our commercial relationship |
Data relating to an order | Duration of 3 years from your last order |
Data enabling proof of a contract (invoice) to be established | Duration of 10 years from the invoice date |
Prospect/customer data (at least 1 purchase) | Duration of 3 years from their collection or the last contact, or the end of the commercial relationship |
Banking data | Duration of 13 months after the payment date |
Statistics for measuring audience and site traffic | Duration of 12 months after use of the Site |
5. WHAT MEASURES ARE TAKEN TO PROTECT MY PERSONAL DATA?
As data controller, the company RGOODS takes all necessary precautions to preserve the security and confidentiality of the data and in particular, to prevent it from being distorted, damaged, or from unauthorized third parties having access to it.
When it uses subcontractors, RGOODS ensures that they comply with the rules relating to data protection.
To ensure payment security, RGOODS uses the services of Mangopay. This service provider is PCI-DSS certified. This standard is an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and thus to secure the protection of card and transaction data.
When you place an order by credit card payment, our order taking system connects in real time with the payment system which collects your data and carries out various checks to avoid abuse and fraud. The data is stored on Mangopay servers and is not transmitted to RGOODS servers at any time. The payment provider requests authorization from the bank and sends us a transaction number which allows transactions up to the amount of the authorization.
6. WHO ARE THE RECIPIENTS OF YOUR DATA?
The data that we process and collect may be transmitted to other recipients who are our partners, who process this data for non-commercial purposes, or to our subcontractors who process this data on our behalf and according to our instructions.
The recipients are:
Transport providers allowing postal delivery of products ordered on the Site.
Service providers in charge of payment transactions.
Third-party service providers that we use in the design and technical monitoring of the Site.
Employees of the RGOODS company responsible for the operation of the Site.
Agencies and service providers who analyze the effectiveness of our advertising and promotional campaigns.
The Communication and Marketing services of Surfrider Foundation as part of charitable prospecting actions.
Any applicable law enforcement agency, regulator, government agency, court, or other third party, when we believe that such disclosure is necessary (i) under applicable laws or regulations, (ii) in order to establish or defend our rights, or (iii) to protect your vital interests or those of any other person.
Our auditors, advisors, legal representatives and similar agents as part of the advisory services they provide to us and under a contractual prohibition from using personal data for other purposes.
Any other person as long as you have given your prior consent to disclosure.
7. HOW TO EXERCISE YOUR RIGHTS RELATED TO YOUR PERSONAL DATA?
In accordance with current regulations, you have the right to access, rectify, delete and oppose the processing of information concerning you.
You can object to the processing of your Personal Data, ask us to limit the processing or request portability of your Personal Data.
Finally, you have the right to consent beforehand to commercial prospecting and the right to object under the conditions of the applicable regulations.
You can exercise these rights by contacting us at the email address donneespersonnelles@rgoods.com or by sending us a letter to RGOODS, Personal Data Department, 197 avenue de la République, 33200 Bordeaux.
We will endeavor to address any concerns you may have regarding the processing of your Personal Data. For any request that you do not consider satisfied, you can lodge a complaint with the competent authority for the protection of personal data. For more information, you can contact the National Commission for Information Technology and Liberties (CNIL).
8. COOKIE USE POLICY
8.1 What is a cookie?
A cookie is a computer file placed on your terminal (computer, smartphone, tablet) when you visit our Site or a third-party site. This file collects and stores information in order to improve your browsing and present you with appropriate content.
8.2 Use of cookies on the Site.
When you browse our Site, we may place different types of cookies on your terminal in order to:
Optimize the display of the Site on your screens
To collect statistical information in order to improve the navigation quality of the Site
To memorize information about you (username, password, etc.)
To ensure better connection security.
8.3 Cookies that we place on third-party sites.
When browsing the Internet, you may be exposed to one of our advertisements. This advertising content may also include cookies in order to recognize the browser of your terminal. During their validity period, these cookies are used to:
The distribution of our advertisements:
. Count views/activations of advertisements displayed on third-party sites/applications
. Identify this advertising content and sites/applications
. Count the number of clicks on each content
. Determine the amounts to be paid to each advertising actor (sites or distribution media, service providers, etc.);
. To collect statistics relating to this advertising content.
Tracking your subsequent journey on sites/applications or other advertising content for which we manage cookies.
Adapting the site to your device – ensuring the correct display of the site to which our advertisements lead.
8.4 Managing cookies from your browser
The recording of a cookie on a terminal is subject to the choice of its user. You can manage these cookies in your browser settings at any time and according to your wishes. Please note that the changes you make may impact your browsing and your access to certain services that require the use of cookies.
You can thus define the systematic or specific acceptance or refusal of cookies before they are installed. Accepting cookies in your browser results in their installation in a dedicated space on your terminal. Only their transmitters will be able to read them.
Cookie management is specific to each browser. To configure your cookie choices, you can refer to the help section of your browser software.
9. POLICY UPDATE
We may periodically update this Privacy Policy as legal, technical or business requirements change.
In this case, we will take appropriate measures to inform you depending on the importance of the changes to occur.
We will seek your consent to any material changes to this Privacy Policy, if required by applicable data protection provisions. You can consult the date of the last update of this Privacy Policy by referring to the date displayed at the header of the latter.