At DESIGN MARKET, the protection of your personal data is a priority.
When you use www.design-market.eu (hereinafter the "Site"), we may collect personal data about you.
The purpose of this policy is to inform you about how we process this data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR").
1. Who is the data controller?
The data controller is DESIGN MARKET, a simplified joint stock company, registered in the Paris Trade and Companies Register under number 803 323 252 and whose registered office is located at 59 Boulevard Exelmans, 75016 Paris, France (hereinafter "We").
2. What data do we collect?
Personal data is any data that can be used to identify an individual directly or by cross-referencing with other data. We collect data in the following categories:
- Identification data (including your name, first name, email and postal address, telephone number, postcode, date of birth, gender);
- Data relating to your orders (in particular the details of your purchases);
- Connection data (in particular password);
- Economic and financial data (in particular your transactions on the Site); Mandatory data are indicated when you provide us with your data. They are marked with an asterisk and are necessary to provide you with our services.
3. On what legal grounds, for what purposes and for how long do we keep your personal data?
3.1 To manage your access to and use of our services available on our Site
Legal basis: Execution of pre-contractual measures taken at your request and execution of the contract you have signed with Us
Retention period: When you have created an account: your data is retained for the duration of your account. If your account is inactive for 2 years, your personal data will be deleted. In addition, your data may be archived for evidential purposes for a period of 5 years.
3.2 To carry out operations relating to the management of our customers concerning contracts, orders, deliveries, invoices, loyalty programmes and the follow-up of the commercial relationship with our customers
Legal basis: Performance of the contract you have entered into with Us
Retention period: Personal data is kept for the duration of the commercial relationship. In addition, your data (with the exception of your bank details) is archived for evidential purposes for a period of 5 years.
Data relating to your bank card is kept by our payment service provider until receipt of the goods, plus your withdrawal period. The data relating to the visual cryptogram or CVV2, written on your bank card, are not stored. The data relating to your bank cards may be kept in an intermediate archive for a period of thirteen (13) months following the date of debit, for the purpose of proof in the event of a possible dispute about the transaction. This period may be extended to fifteen (15) months in order to take into account the possibility of using deferred debit cards.
3.3 Establishing a file of registered members, users, customers and prospects
Legal basis: Our legitimate interest in developing and promoting our business
Retention period: For customers: data is retained for the duration of the contractual relationship. For prospects: data is kept for a period of 3 years from your last contact.
3.4 To send newsletters, solicitations and promotional messages
Legal basis: For customers: our legitimate interest in building customer loyalty and informing our customers of our latest news. For prospects: your consent
Retention period: The data is kept for 3 years from your last contact with us or until your consent is withdrawn.
3.5 Organising competitions, sweepstakes and promotions
Legal basis: Our legitimate interest in building customer loyalty and offering gifts
Retention period: The data is kept for the duration of the games or promotional operations and may be archived for 5 years for evidential purposes.
3.6 To compile commercial statistics and statistics on the use of our services
Legal basis: Our legitimate interest in analysing the composition of our customer base and improving our services
Retention period: Data is retained for 3 years from your last contact with Us or until your consent is withdrawn.
3.7 Responding to your requests for information
Legal basis: Our legitimate interest in responding to your requests
Retention Period: Data is retained for the time necessary to process your request for information and deleted once the request for information has been processed.
3.8 Complying with legal obligations applicable to our business
Legal basis: To comply with our legal and regulatory obligations
Retention period: For invoices: Invoices are archived for a period of 10 years.
Data relating to your transactions (excluding bank details) is retained for 5 years.
3.9 Managing feedback on our services and content
Legal basis: Our legitimate interest in knowing what our customers think about our services
Retention period: Data is retained for 10 years from your last contact with Us or until your consent is withdrawn.
3.10 To manage outstanding payments and any disputes relating to the use of our services
Legal basis: Our legitimate interest in managing outstanding payments and possible disputes relating to the use of our services
Retention Period: Data is retained for 3 years from your last contact with Us or until your consent is withdrawn.
3.11 Handling requests to exercise rights
Legal basis: Our legitimate interest in responding to your requests and keeping track of them
Retention period: If we ask you for proof of identity: we will only keep it for as long as is necessary to verify your identity. Once verification is complete, the proof is deleted.
If you exercise your right to object to receiving marketing: we keep this information for 3 years.
4. Who are the recipients of your data?
Your personal data will be made available to
(i) Our company's staff; the services in charge of control (notably the auditor)
(ii) Our subcontractors: our hosting provider, our newsletter sending provider, our payment service provider, our service providers;
(iii) Where applicable: public and private bodies, exclusively to meet our legal obligations.
5. Is your data likely to be transferred outside the European Union?
Your data is kept and stored for the duration of the processing on the servers of AWS (Amazon Web Services), whose data servers are located in Ireland.
In the context of the tools we use (see article on recipients concerning our subcontractors), your data may be transferred outside the European Union. The transfer of your data in this context is secured by means of the following tools
- either the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, this country ensures a level of protection deemed sufficient and adequate to the provisions of the GDPR;
- or the data is transferred to a country whose level of data protection has not been recognised as adequate to the RGPD: in this case these transfers are based on appropriate safeguards indicated in article 46 of the RGPD, adapted to each provider, including but not limited to the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or under an approved certification mechanism.
- or the data is transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.
6. What rights do you have over your data?
You have the following rights with respect to your personal data:
- Right to information: this is the very reason why we have drafted this policy. This right is provided for in Articles 13 and 14 of the GDPR.
- Right of access: you have the right to access all your personal data at any time, in accordance with Article 15 of the GDPR.
- Right of rectification: you have the right to rectify your inaccurate, incomplete or outdated personal data at any time in accordance with Article 16 of the GDPR
- Right to limitation: you have the right to obtain the limitation of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
- Right to erasure: you have the right to request that your personal data be erased, and to prohibit any future collection on the grounds set out in Article 17 of the GDPR
- Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of the applicable texts. (Article 77 of the GDPR)
- The right to define directives relating to the conservation, deletion and communication of your personal data after your death, in accordance with Article 40-1 of the French Data Protection Act.
- Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. Such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal.
- Right to portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to require its transfer to the recipient of your choice.
- Right to object: Under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note, however, that we may continue to process your personal data despite your objection on legitimate grounds or for the defence of legal claims.
You can exercise these rights by writing to us using the contact details below. We may ask you to provide additional information or documents to prove your identity.
7. What cookies do we use?
8. Contact point for personal data
Contact email: [email protected]
Contact address: DESIGN MARKET, 59 Boulevard Exelmans, 75016 Paris, France
Effective date: 29/06/2022