In accordance with Regulation (EU) 2016/679 of 27 April 2016 (“GDPR”) and Law no. 78-17 of 6 January 1978 as amended (the French Data Protection Act (Loi Informatique et Libertés)), personal data must be processed in a lawful, fair and transparent manner.
This policy covers the different processing operations carried out by Free Lance within the context of:
your browsing of the website https://www.armistice.fr/en/
your contact and information requests
our direct marketing and loyalty programmes as well as surveys, product testing and promotional activities and sending of newsletters
managing your job applications
creating your customer account
managing your order including processing your order, preparation of invoices
provision of our services
compiling sales statistics
organising competitions, lotteries or any promotions (with the exception of online gambling and games of chance subject to authorisation by ARJEL, the French Online Gambling Regulator)
All terms relating to the protection of personal data used in this policy, in singular or plural form, and identified with a capital letter, should be interpreted in accordance with the General Data Protection Regulation 2016/679 of 27 April 2016 repealing Directive 95/46/EC (“GDPR”).
Personal Data: any information relating to an identified or identifiable natural person (“Data Subject”). The Personal Data processed by ARMISTICE are referred to in Article 6 of this policy.
Data Subject: any identified or identifiable natural person whose Personal Data are processed by the Data Controller. For example, while browsing our website or accessing our services you are a Data Subject.
Processing: any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The purposes for which Personal Data are processed by ARMISTICE are identified in Article 5 of this policy.
Data Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. For example, when you browse our website or access our services, ARMISTICE processes your data as a Data Controller.
Processor: the natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.
Recipient: the natural or legal person, public authority, agency or another body, to which the Personal data are disclosed by us, whether or not a third party external to ARMISTICE.
2. DATA CONTROLLER
The Data Controller of your Personal Data is the company:
Rautureau Apple Shoes
With share capital of €5,297,875
Having its registered office located at 2 Rue des Boutons d’Or 85130 La Gaubretière
Trade and Companies Register 302 640 008 LA ROCHE-SUR-YON
3. COLLECTION OF YOUR PERSONAL DATA
When you browse the website and access our services, ARMISTICE may collect the following information:
When you contact us by telephone, post or e-mail, or via a contact form: we collect all of the Personal Data that you provide to us, such as, but not limited to, your surname, first name, postal or e-mail address, telephone number, etc. as well as any information provided by you within the context of your contact request and, where applicable, the content of the message, as well as any information subsequently provided during your correspondence with ARMISTICE.
When you sign up to our services: we collect all of the Personal Data necessary to create and manage your customer account within the context of performing the contract entered into with us, such as surname, first name, postal address, e-mail address, telephone number, bank account details, etc.
When you submit an unsolicited job application or in response to a job offer: we collect your surname, first name, contact details, as well as all of the Personal Data that you provide to us for recruitment purposes (curriculum vitae, level of education, skills, languages spoken, hobbies, etc.).
When browsing the website: we may collect data such as the browser type and version used, the operating system used by the device accessing our website, the website from which a device accesses our website, the pages of our website accessed via a device that connects to our website, the date and time of access to our website, an internet protocol address (IP address), the internet services provider of the device that connects to our website, as well as other similar data and information used for risk prevention in case of attacks on our IT systems.
When managing your order, ARMISTICE is required to collect data relating to the processing of your order or for the preparation of your invoices. We are therefore required, within this context, to process data such as your surname, first name, e-mail address, postal address, telephone number as well as bank account details.
Within the context of direct marketing, loyalty programmes, surveys, product testing and promotional activities and when organising competitions, lotteries or any promotions, ARMISTICE may collect identity data such as your surname, first name as well as your e-mail address.
When compiling sales statistics, ARMISTICE may collect data relating to your order history, your connection and browsing data and your purchase frequency.
ARMISTICE shall ensure that the Personal Data collected are relevant, adequate, non-excessive and strictly necessary for its activities.
Please note that certain information is required in order to access our services (e.g. when you complete a data collection form, such information is denoted with an asterisk). Where you do not provide us with such information, we will not be able to provide you with the services concerned.
4. PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF YOUR DATA
We may process personal data within the context of services offered by ARMISTICE to fulfil the purposes listed below.
The creation and management of your customer account, as well as the provision of our services. The legal basis for the Processing is the performance of the contract entered into with ARMISTICE.
Management of complaints to and requests for information from our services. The legal basis for the Processing is either the performance of the contract where you have signed up to our services, or our legitimate interest in responding and communicating with you.
Within the context of managing recruitment, the legal basis for such processing is your consent, provided that as a Data Subject, you contact Rautureau Apple Shoes by submitting an unsolicited job application via our website.
The carrying out of operations relating to direct marketing. The legal basis for the Processing is your consent where you are a consumer. You may, in all cases, object to receiving direct marketing from us.
The legal basis for Processing for marketing operations such as competitions and lottery games is the provision of your consent.
Compiling statistics or conducting surveys. These are carried out using anonymised data enabling us to improve our knowledge of our activities and our customers. The legal basis for processing in this context is the legitimate interest of ARMISTICE.
Compliance with our legal obligations, such as combating fraud and, more generally, within the context of management of any criminal activity.
Improving our website and adapting its content to satisfy the needs of users, with your consent.
5. RETENTION PERIOD FOR PERSONAL DATA
ARMISTICE retains your Personal Data for as long as necessary to fulfil the purposes for which they are processed. In addition, the data will be retained for the purposes of fulfilling any legal obligation to retain data or where the data is of administrative value for a period determined in accordance with such value.
By way of example, the following retention periods are applied by ARMISTICE:
All of the personal data collected from internet users, customers of the vendor, shall be retained for the duration of the commercial relationship and for a period of 3 years from the end of the said commercial relationship (e.g. from the date of your last purchase, etc.)
Where you have consented to receiving direct marketing via e-mail, we retain your Personal Data until you object to receiving it via the unsubscribe link or by express request. Your data will, in all cases, be deleted 3 years after the last contact from you.
All of the personal data collected from internet users, potential customers of the vendor, shall be retained for a period of 3 years from either their collection by the Vendor or from the last contact from the internet users (e.g. requesting information about a product, clicking on a hypertext link in an e-mail from the vendor, etc.)
When you contact us via the contact form, by post, e-mail or telephone, we retain your Personal Data for the period necessary to process your request.
When you create an account on the website, your Personal Data are retained for the duration of use of your account and, unless you object, are deleted after 3 years where you do not log in to your account. You may request the removal of your personal account at any time.
When you submit your application for a job offer with ARMISTICE, your Personal Data are retained for the duration necessary to examine your application. Where your application is rejected, your data are deleted after a period of two years after the rejection decision, unless you object. Where you are recruited, your Personal Data are retained for the entire duration of performance of your employment contract.
6. DATA RECIPIENTS
Your Personal Data are only intended for ARMISTICE and may only be accessed by those of our employees authorised to manage them, in accordance with the purposes for which they are collected and within the scope of their respective duties.
Your Personal Data may, on an exceptional basis, be communicated to third parties outside ARMISTICE where we use technical service providers acting on our behalf and in accordance with our instructions (carriers, server host, etc.).
Such service providers are only authorised to process your Personal Data to the extent necessary to provide services on our behalf or to comply with legal requirements.
Your Personal Data are not, under any circumstances, communicated to ARMISTICE commercial partners without your consent.
ARMISTICE may also be required to communicate your Personal Data to third parties where such communication is required by law, regulation or court order, or where such communication is necessary to protect and defend our rights.
7. INTERNATIONAL TRANSFER OF DATA
Within the context of the service contracts concluded by ARMISTICE, the recipients of Personal Data may be located abroad, including outside the European Economic Area (EEA) in countries where the data protection legislation differs from that applicable within the EEA.
Any transfer of data outside the EEA is carried out subject to appropriate guarantees, including contractual, in compliance with applicable data protection regulations.
8. SECURITY MEASURES
ARMISTICE undertakes to protect your Personal Data from any unauthorised loss, destruction, alteration, access or disclosure. ARMISTICE therefore implements appropriate technical and organisational measures, having regard to the nature of the data and the risks to which they are exposed by virtue of the processing, to protect the security and confidentiality of your Personal Data.
These measures may include, but are not limited to, practices such as restricted access to Personal Data by ARMISTICE employees, contractual guarantees where external contractors are used, privacy impact assessments, regular assessments of practices and procedures on ARMISTICE information systems, physical and/or logical security measures (secure access, authentication procedure, backup copies, antivirus software, firewall, etc.).
9. COOKIE MANAGEMENT
A “cookie” is a small file, generally consisting of letters and numbers, sent by the web server to your browser’s cookie folder located on the hard drive of your computer. By visiting the Website, a cookie may be assigned and stored on the hard drive of the internet user’s computer. The Vendor uses different types of cookies to improve interactivity and services on the Website, including, but not limited to:
Cookies that do not require the prior consent of internet users
Certain cookies may be placed or read without requiring the prior consent of the internet user. They are used to facilitate browsing of the Website including by remembering the browsing preferences set during your session and to provide services that you expressly request. They include the following cookies:
technical cookies that enable the internet user to browse the Website and the Website to function in an optimal manner;
identification and authentication cookies that enable internet users to be identified during visits, in order to improve browsing on the Website and personalise the online experience.
Internet users cannot disable such cookies via the Website but via their web browser settings (see “Configuring your web browser” below).
Cookies that require the prior consent of internet users
The Vendor's Website uses:
usage analytics cookies that collect general information about the internet user's access to the website in order to obtain aggregate information for statistical purposes. These cookies improve the quality of the user experience on the Website;
audience measurement to enable the Website to be adapted to the demands of users.
advertising cookies that track the user’s usage of the Website and receive information about the user's search activities on the Website. These cookies enable implementation of targeted advertising for the Vendor’s products relevant to the needs of internet users;
cookies to improve the interactivity of the Website. In this regard, the Vendor uses third party cookies directly placed on its Website by such third parties (including Twitter, Facebook, YouTube, Pinterest);
These types of cookies require the prior consent of the internet user. You can change your selection at any time by clicking the following link: “Delete cookies”.
Configuring your web browser:
With the exception of technical and authentication cookies, internet users can delete or disable cookies in their browser (for further information, click here). Since every browser is different, internet users should check their browser's “help” menu to learn how to modify their cookie preferences.
The Website will behave in the same way and all functionalities will remain available even where internet users reject the placement of cookies on their computer.
The data collected using these cookies are retained by the Vendor for a maximum period of one (1) year.
The Vendor does not sell or transfer this information to third parties. However, in the case of third party cookies (advertising, social media), this information is sent directly to such third parties and the Vendor does not have access. This information is only used for the purposes indicated above.
RIGHTS OF DATA SUBJECTS
In accordance with applicable data protection laws and regulations, you have a right:
OF ACCESS: that is the right to obtain confirmation from ARMISTICE whether or not Personal Data concerning you are being processed and to obtain a copy of such data.
OF RECTIFICATION: that is the right to obtain without undue delay the rectification of inaccurate Personal Data concerning you.
TO ERASURE (RIGHT TO BE FORGOTTEN): that is the right to obtain from ARMISTICE the erasure of Personal Data concerning you without delay where one of the grounds referred to in Article 17 of the GDPR applies.
TO RESTRICTION OF PROCESSING: that is the right to obtain from ARMISTICE that it no longer processes your Personal Data for a fixed period based on the ground relied upon for the restriction such as referred to in Article 18 of the GDPR.
TO DATA PORTABILITY: that is the right to receive the Personal Data concerning you that you have provided to ARMISTICE, in a structured, commonly used and machine-readable format and the right to transmit these data to another Data Controller.
TO OBJECT: that is the right to demand, on grounds relating to your particular situation, that ARMISTICE no longer processes your Personal Data, or without giving any grounds in the case of direct marketing.
NOT TO BE SUBJECT TO AUTOMATED INDIVIDUAL DECISION-MAKING: that is the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
TO WITHDRAW YOUR CONSENT: that is the right to withdraw your consent to the processing of your Personal Data by ARMISTICE, at any time.
You may exercise these rights or submit any queries relating to the management of your Personal Data by ARMISTICE by contacting:
Via e-mail at the following address: dpo@Rautureau-appleshoes.fr
Via post at the following address: Rautureau Apple Shoes - 2 Rue des Boutons d’Or 85130 La Gaubretière
Where there is reasonable doubt regarding the identity of the requesting party, proof of identity may, where necessary, be requested.
You also have the right to submit a complaint to the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés - CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, concerning the manner in which ARMISTICE collects and processes your data.
10. UPDATES TO THIS POLICY
Changes may be made to this policy from time to time. We will notify you of major updates but also recommend that you check the policy on a regular basis.