As a preliminary point, the terms used herein with an initial capital letter have the same meaning as in the General Conditions of Sale, except where one of these terms is expressly defined differently in this Personal Data Protection Policy.
1. Collection of personal data
Certain personal data may be collected when the Customer uses the Site. In particular, the following data are collected:
– Account opening: when the Customer’s account is created, his/her surname, first name, e-mail address and date of birth.
– Login: when the Customer connects to the Site, the Customer records, in particular, their surname, first name, login data, use, location and payment data.
– Account: the use of the services provided on the Site allows the creation of an account, which may include an address and telephone number.
– Payment: as part of the payment for products and services offered on the Site, the Site records financial data relating to the Customer’s bank account or credit card.
– Comments: as part of their purchases, the Customer can leave feedback on a particular wine tasted. This data is retained.
– Cookies: Cookies are used, as part of the use of the site. The user has the option to disable cookies from the settings of their browser. Any information collected indirectly will only be used to track the volume, type and pattern of traffic using this site, to develop its design and layout and for other administrative and planning purposes and more generally to improve the service we offer.
– Other data: data related to the monitoring of the commercial relationship with the Customer and the implementation of loyalty, prospecting and promotional actions are also collected (products ordered, quantity, amount, frequency, delivery and/or billing address(es), as well as any other relevant information on the delivery (tracking number, shipment status, etc.), purchase history, return of products, correspondence and/or telephone exchanges with the Customer and the Seller’s after-sales service, etc.).
2. Use of personal data
The personal data collected from Customers is intended to provide the Site’s services, improve them and maintain a secure environment. In particular, the uses are as follows:
– access and use of the Site by the Customer; – management of the operation and optimisation of the Site; – organisation of the conditions of use of payment services; – verification, identification and authentication of data transmitted by the Customer; – implementation of Customer support; – personalisation of services by displaying advertisements according to the Client’s browsing history, according to their preferences; – prevention and detection of fraud, malware (malicious software) and management of security incidents; – management of any disputes with Clients; – sending of commercial and advertising information, according to the Client’s preferences.
Châteaux Prestige monitors all personal data to ensure that there is no data that is not strictly necessary for the pursued purposes.
3. Sharing of personal data with third parties
The personal data collected may be shared with third-party companies in the following cases:
– when the Customer uses payment services, for the implementation of these services, the Site is in relation with third party banking and financial companies with which it has concluded contracts; – when the Customer publishes, in the free comment section of the Site, information accessible to the public; – when the Customer authorises the website of a third party to access their data; – when the Site uses the services of external service providers to provide Customer support, advertising and payment services, in particular PayPal, PayPlug and Ceres (these service providers have limited access to the user’s data, in the context of the performance of these services, and have a contractual obligation to use them in accordance with the provisions of the applicable regulations on the protection of personal data); – if required by law, the Site may transmit data in order to follow up claims made against the Site and to comply with administrative and legal procedures; – if the Site is involved in a merger, acquisition, asset disposal or receivership procedure, it may be required to dispose of or share all or part of its assets, including personal data. In this case, users would be informed before personal data are transferred to a third party.
Châteaux Prestige implements appropriate technical, organisational and physical security measures in order to protect the personal data processed against damage, loss, misappropriation, intrusion, disclosure, alteration or destruction or unauthorised access to such data, whether accidental or unlawful.
4. Security and confidentiality
The Site implements organisational, technical, software and physical measures in terms of digital security to protect personal data against alteration, destruction and unauthorised access. However, it should be noted that the Internet is not a completely secure environment and the Site cannot guarantee the security of the transmission or storage of information on the Internet.
5. Implementation of user rights
In application of the rules applicable to personal data, users have the following rights:
– they can update or delete their data by logging in to their account and configuring their account settings; – they can delete their account by writing to the following e-mail address: firstname.lastname@example.org. It should be noted that information shared with other Customers, such as the publication of wine reviews, may remain visible to the public on the Site, even after deletion of their account; – they may exercise their right of access, to know their personal data, by writing to the following e-mail address: email@example.com (in this case, before the implementation of this right, Châteaux Prestige may request proof of the user’s identity in order to verify its accuracy); – if the personal data held by the Site is inaccurate, they may request that the information be updated, by writing to the following e-mail address: firstname.lastname@example.org; – users may request the deletion of their personal data, in accordance with applicable data protection laws, by writing to the following e-mail address: email@example.com.
– You may exercise your right to object to processing operations used for commercial prospecting purposes. If you are concerned by email marketing, you can also modify or unsubscribe from the Newsletter by clicking on the hypertext link ‘Unsubscribe’ present in each newsletter.
To exercise these rights or for any other question on data processing within the framework of this arrangement, the Customer may contact firstname.lastname@example.org. The Customer may also consult the cnil.fr website for more information on their rights.
6. Amendments to the Personal Data Protection Policy