ARTICLE 1 : PREAMBLE
The way in which their personal data is collected and processed. Personal data are all data that can identify a user. This includes the first and last name, age, postal address, email address, location of the user or his IP address;
What are the rights of the users concerning these data?
Who is responsible for the processing of the personal data collected and processed?
To whom this data is transmitted;
Eventually, the policy of the site regarding “cookies” files.
ARTICLE 2: GENERAL PRINCIPLES OF DATA COLLECTION AND PROCESSING
In accordance with the provisions of Article 5 of the European Regulation 2016/679, the collection and processing of data of the users of the site respect the following principles:
Lawfulness, fairness and transparency: data may only be collected and processed with the consent of the user who owns the data. Whenever personal data is collected, the user will be informed that his/her data is being collected and for what purpose it is being collected;
Limited purposes: the collection and processing of data is carried out to meet one or more of the purposes set out in these terms and conditions of use;
Minimization of data collection and processing: only the data necessary for the proper execution of the purposes pursued by the site are collected;
Conservation of data reduced in time: the data is kept for a limited period of time, of which the user is informed. When this information cannot be communicated, the user is informed of the criteria used to determine the duration of conservation;
Integrity and confidentiality of the data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
In order to be lawful, and in accordance with the requirements of Article 6 of the European Regulation 2016/679, the collection and processing of personal data may only take place if it complies with at least one of the conditions listed below:
The user has expressly consented to the processing ;
The processing is necessary for the proper performance of a contract;
The processing is required by law;
The processing is necessary to protect the vital interests of the data subject or another natural person;
Processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
The processing and collection of personal data is necessary for the purposes of the legitimate and private interests pursued by the data controller or by a third party.
ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED IN THE CONTEXT OF NAVIGATION ON THE SITE
A. DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION
The personal data collected on the Cursed Ritual Records website are the following:
- Name and first names
- Postal address
- E-mail address
This data is collected when the user performs one of the following operations on the site:
When placing an order
In addition, when a payment is made on the site, a proof of the transaction including the order form and the invoice will be kept in the computer systems of the site editor.
The person in charge of the treatment will preserve in its data-processing systems of the site and under reasonable conditions of safety the whole of the collected data for a duration of : 5 years.
The collection and processing of data meet the following purposes:
To keep track of transactions and send promotionnal emails.
B. TRANSMISSION OF DATA TO THIRD PARTIES
The personal data collected by the site are not transmitted to any third party, and are only processed by the site editor.
C. DATA HOSTING
The Cursed Ritual Records website is hosted by : OVH, whose headquarters are located at the following address:
2, rue Kellermann, 59100 Roubaix
The host can be contacted at the following phone number: +33 9 72 10 10 07
The data collected and processed by the site are exclusively hosted and processed in France.
ARTICLE 4: DATA CONTROLLER
A. THE DATA CONTROLLER
The person in charge of processing personal data is: Cursed Ritual Records. It can be contacted in the following way: firstname.lastname@example.org
The data controller is responsible for determining the purposes and means of processing personal data.
B. OBLIGATIONS OF THE DATA CONTROLLER
The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user’s knowledge and to respect the purposes for which the data were collected.
The site has an SSL certificate to ensure that the information and data transfer through the site is secure.
An SSL certificate (“Secure Socket Layer” Certificate) is intended to secure the data exchanged between the user and the site.
In addition, the data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this would entail disproportionate formalities, costs and steps for the user.
In the event that the integrity, confidentiality or security of the user’s personal data is compromised, the data controller undertakes to inform the user by any means.
ARTICLE 5: USER’S RIGHTS
In accordance with the regulations concerning the processing of personal data, the user has the rights listed below.
In order for the data controller to comply with the user’s request, the user is required to provide the data controller with his or her first and last name and e-mail address.
The data controller is obliged to respond to the user within a maximum of 30 (thirty) days.
A. PRESENTATION OF THE USER’S RIGHTS REGARDING DATA COLLECTION AND PROCESSING
a. Right of access, rectification and deletion
The user may learn about, update, modify or request the deletion of data concerning him/her, by following the procedure set out below:
Contact us via email@example.com
b. Right to data portability
The user has the right to request the portability of his personal data, held by the site, to another site, by complying with the procedure below:
Contact us via firstname.lastname@example.org
c. Right to limit and oppose the processing of data
The user has the right to request the limitation of or to object to the processing of his/her data by the site, without the site being able to refuse, unless it can be shown that there are legitimate and compelling reasons, which can prevail over the interests and rights and freedoms of the user.
In order to request the limitation of the processing of his/her data or to formulate an objection to the processing of his/her data, the user must follow the following procedure:
Contact us via email@example.com
d. Right not to be subject to a decision based exclusively on an automated process
In accordance with the provisions of Regulation 2016/679, the user has the right not to be subject to a decision based exclusively on an automated process if the decision produces legal effects concerning him/her, or significantly affects him/her in a similar way.
e. Right to determine the fate of data after death
The user is reminded that he/she can organize what should be the fate of his/her collected and processed data if he/she dies, in accordance with Law no. 2016-1321 of 7 October 2016.
f. Right to refer to the competent supervisory authority
In the event that the data controller decides not to respond to the user’s request, and the user wishes to contest this decision, or, if he/she believes that one of the rights listed above is infringed, he/she is entitled to refer the matter to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr) or any competent judge.
ARTICLE 6: USE OF “COOKIES” FILES
The site may use “cookies” techniques.
A “cookie” is a small file (less than 4 kb), stored by the site on the user’s hard drive, containing information about the user’s browsing habits.
These files allow the site to process statistics and information on traffic, to facilitate navigation and to improve the service for the user’s comfort.
For the use of “cookies” files involving the storage and analysis of personal data, the user’s consent is necessarily requested.
This consent of the user is considered valid for a maximum period of 13 (thirteen) months. At the end of this period, the site will again request the user’s permission to save “cookies” files on his or her hard drive.
a. Opposition of the user to the use of “cookies” files by the site
The user is informed that he/she can oppose the recording of these “cookies” files by configuring his/her browser software.
For information, the user can find at the following addresses the steps to follow in order to configure his navigation software to oppose the recording of “cookies” files:
Safari : http://www.apple.com/legal/privacy/fr-ww/
Internet Explorer : https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
Opera : http://www.opera.com/help/tutorials/security/cookies/
In the case where the user decides to deactivate the “cookies” files, he will be able to continue his navigation on the site. However, any dysfunction of the site caused by this manipulation could not be considered as being due to the editor of the site.
b. Description of the “cookies” files used by the site
The site editor draws the attention of the user to the fact that the following cookies are used during his navigation:
basket, recently viewed products
ARTICLE 7 : CONDITIONS OF MODIFICATION OF THE CONFIDENTIALITY POLICY
The site editor reserves the right to modify it in order to guarantee its conformity with the law in force.