Privacy policy

ARTICLE 1: PREAMBLE

This confidentiality policy applies to the site: Poderm.

The purpose of this confidentiality policy is to explain to users of the site :

  • The way in which their personal data is collected and processed. Personal data is any data that is likely to identify a user. This includes, in particular, first and last names, age, postal address, e-mail address, user location and IP address;
  • What rights do users have regarding this data?
  • Who is responsible for processing the personal data collected and processed?
  • To whom this data is transmitted;
  • Where applicable, the site's policy on cookies.

This privacy policy supplements the legal notice and the General Terms and Conditions of Use, which users can consult at the following address: https: //www.poderm.com/mentions-legales/

ARTICLE 2: GENERAL PRINCIPLES OF DATA COLLECTION AND PROCESSING

In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of data from users of the site complies with the following principles:

  • Lawfulness, fairness and transparency: data may only be collected and processed with the consent of the user who owns the data. Whenever personal data is collected, the user will be informed that his or her data is being collected and for what purpose;
  • Limited purposes: the collection and processing of data is carried out to meet one or more of the purposes set out in these general conditions of use;
  • Minimisation of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the site are collected;
  • Conservation of data reduced in time: data is kept for a limited period, of which the user is informed. When this information cannot be communicated, the user is informed of the criteria used to determine the retention period;
  • Integrity and confidentiality of the data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.

In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, personal data may only be collected and processed if at least one of the following conditions is met:

  • The user has expressly consented to the processing;
  • The processing is necessary for the proper performance of a contract;
  • The processing complies with a legal obligation;
  • The processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
  • The processing and collection of personal data is necessary for the purposes of the legitimate and private interests pursued by the data controller or by a third party.

ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED WHEN BROWSING THE SITE

A. DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION

The personal data collected on the Poderm site is as follows:

  • data from the subscription form such as your surname, first name, date of birth, contact details, email address, postal address and telephone number;
  • data enabling you to be identified and authenticated (connection logs, IP address), data relating to purchases, places and times of orders and purchases, your browsing path on the site, dates and times of consultation of the site, location data.

This data is collected when the User carries out one of the following operations on the site:

  • When the User buys a product on the site
  • When the User registers on the site as a professional or private individual
  • When the User uses the contact form to send a request.

Furthermore, when a payment is made on the site, proof of the transaction, including the order form and the invoice, will be kept in the site editor's computer systems.

The data controller will keep all the data collected in the site's computer systems under reasonable security conditions for a period of : The data collected concerning you will be kept for the period necessary to achieve the purposes described above, i.e. 3 years from the date of termination of the commercial relationship, i.e. the date of the last contact from the Customer.

  • 6 years for tax documents;
  • 10 years for accounting documents;
  • For the duration of any disputes and until all avenues of appeal have been exhausted.

Data is collected and processed for the following purposes:

  • processing orders and dispatching parcels
  • responding to requests sent via the contact form
  • receiving news and communications by e-mail.

The data processing carried out is based on the following legal grounds:

  • In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, personal data may only be collected and processed if at least one of the following conditions is met:
  • The user has expressly consented to the processing;
  • The processing is necessary for the proper performance of a contract;
  • The processing complies with a legal obligation;
  • The processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
  • The processing and collection of personal data are necessary for the purposes of the legitimate and private interests pursued by the controller or by a third party (in this case, the legitimate interest must be explained).

B. TRANSMISSION OF DATA TO THIRD PARTIES

Personal data collected by the site is not passed on to any third party and is only processed by the site editor.

C. DATA HOSTING

The Poderm site is hosted by : Shopify Inc - 151 rue O'Connor Ottawa, Ontario K2P 2L8 Canada

ARTICLE 4: DATA CONTROLLER

A. THE DATA CONTROLLER

The person responsible for processing personal data is: Maud Falconnet. She can be contacted as follows:

41(0) 22.342.53.39

contact@poderm.com

Rue Baylon 2b, 1227 Carouge

The data controller is responsible for determining the purposes and means of processing personal data.

B. OBLIGATIONS OF THE DATA CONTROLLER

The data controller undertakes to protect the personal data collected, not to pass it on to third parties without the user's knowledge and to comply with the purposes for which the data was collected.

The site has an SSL certificate to guarantee that information and data transfer via the site is secure.

The purpose of an SSL certificate (‘Secure Socket Layer’ Certificate) is to secure the data exchanged between the user and the site.

In addition, the data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this would entail disproportionate formalities, costs and steps for the user.

In the event that the integrity, confidentiality or security of the user's personal data is compromised, the data controller undertakes to inform the user by any means necessary.

ARTICLE 5: USER RIGHTS


In accordance with the regulations concerning the processing of personal data, the user has the rights listed below.

In order for the data controller to comply with the user's request, the user must provide the following information: first and last name, e-mail address and, if relevant, account number, personal space number or subscriber number.

The data controller is obliged to respond to the user within a maximum of 30 (thirty) days.

A. PRESENTATION OF THE USER'S RIGHTS WITH REGARD TO DATA COLLECTION AND PROCESSING

a. Right of access, rectification and deletion

Users may access, update, modify or request the deletion of data concerning them by following the procedure set out below:

The user must send an e-mail to the person responsible for processing personal data, specifying the subject of the request, to the contact e-mail address.

If he/she has one, the user has the right to request the deletion of his/her personal space by following the procedure set out below:

The user must send an e-mail to the data controller specifying his/her personal space number. The request will be processed within 10 working days.

b. Right to data portability

Users have the right to request the portability of their personal data held by the site to another site, by complying with the following procedure:

The user must make a request for the portability of his/her personal data to the data controller, by sending an e-mail to the address provided above.

c. Right to limit and object to data processing

The user has the right to request the limitation of or to object to the processing of his/her data by the site, without the site being able to refuse, unless it can demonstrate the existence of legitimate and overriding reasons, which may prevail over the interests and rights and freedoms of the user.

In order to request the limitation of the processing of his/her data or to formulate an objection to the processing of his/her data, the user must follow the following procedure:

The user must make a request to limit the processing of his/her personal data by e-mail to the data controller.

d. Right not to be subject to a decision based exclusively on an automated process

In accordance with the provisions of Regulation 2016/679, the user has the right not to be subject to a decision based exclusively on an automated process if the decision produces legal effects concerning him or her, or significantly affects him or her in a similar way.

e. Right to determine the fate of data after death

Users are reminded that they can organise what should happen to their collected and processed data if they die, in accordance with Law no. 2016-1321 of 7 October 2016.

f. Right to refer the matter to the competent supervisory authority

In the event that the data controller decides not to respond to the user's request, and the user wishes to challenge this decision, or, if they believe that one of the rights listed above has been infringed, they are entitled to refer the matter to the CNIL (Commission Nationale de l'Informatique et des Libertés, https://www.cnil.fr) or any competent judge.

B. PERSONAL DATA OF MINORS

In accordance with the provisions of Article 8 of European Regulation 2016/679 and the French Data Protection Act, only minors aged 15 or over may consent to the processing of their personal data.

If the user is a minor under the age of 15, the consent of a legal representative will be required in order for personal data to be collected and processed.

The site editor reserves the right to verify by any means that the user is over 15 years of age, or that he/she has obtained the agreement of a legal representative before browsing the site.

ARTICLE 6: USE OF COOKIES

The site may use ‘cookie’ techniques.

A ‘cookie’ is a small file (less than 4 kb), stored by the site on the user's hard disk, containing information relating to the user's browsing habits.

These files enable the site to process statistics and traffic information, facilitate browsing and improve the service for the user's comfort.

For the use of ‘cookie’ files involving the storage and analysis of personal data, the user's consent must be obtained.

The user's consent is considered valid for a maximum period of 6 (six) months. At the end of this period, the site will again request the user's authorisation to save ‘cookie’ files on his/her hard disk.

a. Opposition by the user to the use of cookies by the site

Cookies that are not essential to the operation of the site are only placed on the user's terminal after obtaining the user's consent. This consent is obtained via the Axeptio cookie management platform, which allows users to choose the types of cookies they wish to activate or deactivate.

Withdrawal of consent to cookies:

Users can withdraw their consent or change their cookie preferences at any time by clicking on the dedicated icon (usually located at the bottom of the page) to reopen the Axeptio module. This action allows them to deactivate non-essential cookies previously accepted, or to review their choices in a simple and intuitive manner.

More generally, users are informed that they may refuse to accept cookies by configuring their browser software.

For information, users can find the steps to follow to configure their browser software to prevent cookies from being stored at the following addresses:

  • Chrome: https://support.google.com/accounts/answer/61416?hl=fr
  • Firefox: https://support.mozilla.org/fr/kb/enable-and-disable-cookies-website-preferences
  • Safari: http://www.apple.com/legal/privacy/fr-ww/
  • Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
  • Opera: http://www.opera.com/help/tutorials/security/cookies/

If the user decides to deactivate the ‘cookies’ files, they will be able to continue browsing the site. However, any malfunction of the site caused by this manipulation cannot be considered to be the fault of the site editor.

b. Description of the ‘cookie’ files used by the site

The user's attention is drawn to the fact that these sites have their own confidentiality policies and general conditions of use that may differ from the site. The site editor invites users to consult the confidentiality policies and general conditions of use of these sites.

Axeptio uses cookies to store the visitor's consent and not to ask for it again each time they visit your site. These are purely technical cookies that store only the visitor's anonymised consent data.

Here are the cookies we use:

Cookie name CMP for brands CMP for publishers

axeptio_cookies Contains all information about the visitor's consent, such as the date, their unique anonymous identifier, and whether they have already consented or not Contains all information about the visitor's consent (personalised cookies only, not IAB TCF), such as the date, their unique anonymous identifier, and whether they have already consented or not

axeptio_all_vendors Contains the list of all cookies declared in your Axeptio widget Contains the list of all personalised cookies (excluding IAB TCF) declared in your Axeptio widget

axeptio_authorized_vendors Contains the list of cookies accepted by the visitor Contains the list of personalized cookies accepted by the visitor

_ax_token not submitted for this CMP Anonymous visitor identifier, generated completely randomly and not based on any personal data.


In our CMP for publishers, we store the following elements in the browser's localstorage:

  • _ax_token: the visitor's anonymous identifier (the same as that stored in the cookies)
  • _ax_expiration: the timestamp indicating the expiry date of the consent given.
  • _ax_tcstring: the TCF or tcString of consent, according to the standards defined by the IAB.

These cookies expire after 6 months by default, in accordance with the CNIL. Consent will therefore be requested from the visitor every 6 months.

ARTICLE 7: CONDITIONS FOR MODIFYING THE CONFIDENTIALITY POLICY

This confidentiality policy may be consulted at any time at the following address: https: //www.poderm.com/politique-de-confidentialite/

The site editor reserves the right to modify it in order to ensure its compliance with current legislation.

Consequently, users are invited to consult this privacy policy regularly in order to keep abreast of the latest changes.

The user is hereby informed that this privacy policy was last updated on: 31/10/2024.

ARTICLE 8: ACCEPTANCE BY THE USER OF THE CONFIDENTIALITY POLICY


By browsing the site, the user certifies that he/she has read and understood this privacy policy and accepts its conditions, particularly with regard to the collection and processing of his/her personal data and the use of cookies.