— ICODE —AND PROTECTION OF CUSTOMER PERSONAL DATA
THE PARTY RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA
“I.CODE”: The company known as IKKS RETAIL, a simplified joint stock company with share capital of €36,037,000, registered office at 8/10, rue Barbette, 75003 Paris, France, registered in the Paris Trade and Companies Register under number 479 960 965, with intra-community VAT number FR66479960965.
The Data Controller shall be IKKS Retail, a simplified joint stock company with share capital of €36 037 000, Registered office: 8-10 rue Barbette - 75003 Paris, RCS Paris n°479 960 965.
TYPE OF PERSONAL DATA COLLECTED BY IKKS
I.CODE may collect the following personal data from the Customer (the Internet user) using the online sales site by means of forms or from the in-store Customer by means of collection coupons available in the shop, including the Customer’s title, name, e-mail address, postal address, landline or mobile telephone numbers, date of birth.
The Customer using the online sales site shall equally be able to register different delivery addresses or credit card details (type and number of card, expiry date), in order to facilitate subsequent payments. These voluntary records of payment card data shall be made in line the PCI DSS data security standard and shall not be accessible to I.CODE employees. They shall only be used by the organisations in charge of securing and carrying out online payments.
Additionally, I.CODE shall use data on how users browse the site in “anonymised” fashion to offer Products that match their search on the site.
Finally, I.CODE shall collect the interactions of the Customer/user with the Brand that shall be needed to make its various requests and queries to the Brand: shopping cart, placing orders, requests to Customer Service, clothing/shoe sizes.
All personal data collected by I.CODE shall come from the Customer/user and from an active approach on his/her part.
ULTIMATE GOALS OF PROCESSING YOUR PERSONAL DATA
The personal data collected from the Customer and the Internet user shall be processed by I.CODE for the purpose of fulfilling orders and sales contracts, and for certain purposes based on the consent of the persons concerned, or the pursuit of I.CODE’s legitimate interests, such as ensuring a good browsing and shopping experience, and understanding Customers’ needs and expectations in order to meet them.
More specifically, personal data shall be collected from the Customer and the Internet user for the following purposes:
- - Creating and managing the Customer’s account, executing the sale, managing the Customer’s complaints and after-sales service, responding to the Customer’s or prospect’s queries;
- - Commercial canvassing, carrying out customer loyalty activities and satisfaction surveys, as well as sending newsletters, drawing up commercial statistics, organising lawful competitions;
- - For geolocation purposes, when consulting the Site, and provided the Customer is based in Mainland France, I.CODE may request the Customer to authorise it to geolocate the shop near the Customers location, by activating the location function on his/her mobile device and/or tablet, if the Customer so wishes. With the Customer’s prior consent, this data shall be used to estimate the Customer’s location in order to find the nearest shop, thereby optimising Product delivery conditions.
PERSONAL DATA RETENTION PERIOD BY I.CODE
I.CODE may retain your personal data for a period of three years from the date of collection or last contact with you if you are a prospect and not a customer, and five years from the end of your business relationship with I.CODE if you are a customer (last purchase, contact or expression of interest), unless you exercise your right to delete or retain certain data for a longer period as permitted or required by law or regulation.
Indeed, as regards personal data on the sale and needed to comply with legal and regulatory obligations (statute of limitations or filing time limits), they shall be kept pursuant to the legal periods (ten years maximum) on an archive database specifically provided for this purpose.
RECIPIENTS OF PERSONAL DATA COLLECTED
The Customer’s personal data may be sent to the following recipients:
- - I.CODE Group affiliates or franchises;
- - Public authorities and organisation in case of a legal or regulatory requirement.
- - Companies engaged in processing data on behalf of I.CODE, such as the latter’s subcontractors and service providers (courier companies, communication companies, agencies, profile development companies, etc.).
TRANSFER OF PERSONAL DATA
I.CODE shall keep the collected personal data within the European Union.
SHARING ON SOCIAL MEDIA/NETWORKS
Links are provided on the I.CODE e-commerce website to allow for sharing of products via social media, namely Facebook, Twitter and Pinterest. The user is hereby notified that the content published on these social media can be seen by all users, and that extra care shall be required when providing personal data on these sites or applications. In no circumstances whatsoever shall I.CODE be responsible for any damage caused by third parties as a result of publication of their personal data by users.
YOUR PERSONAL DATA PROTECTION BY I.CODE
I.CODE and its partners shall employ data security techniques, such as access control procedures, virtual private networks, firewalls or cryptographic systems. The aim is to ensure data confidentiality, integrity and authenticity, as well as restrict both the data collected and access to such data to the rightful recipients, in order to guarantee the confidentiality thereof.
The I.CODE website uses the SSL (Secure Socket Layer) encryption security system, which encrypts information in order to protect all data on payment means as effectively as possible. Credit card data shall be secured by complying with PCI DSS security standards.
RIGHTS OF PERSONS WHOSE PERSONAL DATA IS COLLECTED BY I.CODE
The personal data collected by I.CODE shall be governed by the General Data Protection Regulation (EU) 2016/679 and the amended French Data Protection Act (Law No. 78-17 Informatique et Libertés) of 6 January 1978.
Accordingly, the Customer or Internet user shall have the right to access, rectify, delete, limit and “port” (transfer) his/her data. The Customer may also retract his/her consent at any time or exercise his/her right to object to the processing of his/her personal data. He/she may exercise his/her rights by sending a letter to the following address:
Protection des données personnelles
I.CODE - Service Communication
94 rue Choletaise, Saint-Macaire-en-Mauges 49450 SEVREMOINE
Or an e-mail to the address : email@example.com
To access, modify or cancel his/her personal data, the user can also click on “MY ACCOUNT” from I.CODE.FR.
For your information, collection and processing of your personal data had been reported to the CNIL (French Data Protection Authority) under the number 1008675.
For any further information or complaint, you may contact the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés) (cf. www.cnil.fr for further information)
- - Improve the personalised service designed for Customers
- - Measure the Site’s audience, establish traffic statistics (number of visits, pages viewed, aborted order process, etc.) in order to monitor and improve service quality
- - Tailor the Site layout to the display preferences of the terminal
- - Memorise information entered in forms, to manage and secure access to reserved and personal spaces such as the Customer’s account and shopping cart
- - Provide the Site user with content, including advertising, in relation to his/her interests and personalise offers.
When visiting the Site for the first time, the Internet user shall be informed of the presence of such cookies. The reading or release of certain cookies may require the Internet user’s consent.
The Internet user may decline to use them, particularly by configuring their equipment. He/she may also delete the cookies in their equipment settings.
In case cookies are declined, I.CODE shall not guarantee the use of all the Site functions.
Cookies shall have a limited lifespan of 13 months after they are initially released in the Internet user’s terminal equipment.