Protection policy of your data
This policy is important for you, who wish to have a positive and confident experience with our services. It is also for us to meet your expectations and take into account your wishes.
En tant que responsable de traitement des Données, nous vous exposons comment nous traitons vos Données, pour vous apporter au quotidien de nouveaux services dans le respect de vos droits.
As Data Processing Manager, we explain how we process your data, to provide you with new services daily while respecting your rights.
We protect your privacy by ensuring the protection, confidentiality, non-alteration, availability, and security of the Data that you entrust to us on all of our communication channels.
To achieve these objectives, we implement the appropriate technical and organizational measures to ensure that the processing complies with the applicable data protection law.
For the proper understanding of this document, we provide you with a glossary in Appendix 1.
1. The processing manager and its DPO
Cdiscount (hereinafter « CSHIELD ») is a public limited company with a capital of € 6,642,912.78, registered in the Bordeaux Trade and Companies Register under number 424 059 822, whose registered office is located at 120-126 quai de Bacalan, 33000 Bordeaux.
The Data Protection Officer (hereinafter the “DPO”) of Cdiscount ensures the compliance of the processing of personal data carried out. You can contact him (i) by email sent to contact@cshield.io or (ii) by postal mail addressed to Cdiscount, Delegate for the protection of personal data, 120-126 quai de Bacalan, 33000 Bordeaux.
2. The processing of your data by Cshield
We process your Data for the purposes set out in the following table (for the correct understanding of the table, we invite you to refer to the glossary in Annex n ° 1) :
| Processing purposes | Sub-purposes | Processing basis |
|
Activities n ° 1 – BALEEN Offer |
Accommodation
|
Legitimate interests pursued by CSHIELD |
|
Bot management |
||
|
Management of overflows and site overloads |
||
|
Installation of security devices (Firewall) |
3. Who are the recipients of your data ?
Different internal services of CSHIELD may have access to your Data. We do not share your Data with third parties (outside internal services working on processing) except in the following specific circumstances.
|
Processing purposes |
Data Recipients |
|
Activities n ° 1 – BALEEN Offer |
|
|
|
4. Is my Data sent outside the EU ?
Your Data may be transmitted for the purposes defined above to companies located in countries outside the European Union and not having an adequate level of protection as regards the protection of personal data.
Before any transfer outside the European Union, CSHIELD makes sure to respect the guarantees necessary to secure such transfers. Transfers outside the European Union can be carried out in particular within the framework of the following activities:
|
Activity (concerned data) |
Country destination of data |
Supervision of data transfer |
|
Use of Cshield commercial website (Google Analytics usage statistics subject to consent) |
USA |
Upon simple request to our Data Protection Officer, we can provide you with more information about these transfers, as well as a copy of the documents authorizing the transfer of Data outside the European Union.
5. How long do we keep your Data ?
Your Data is collected by CSHIELD for the time necessary to carry out the processing referred to in paragraph 2 of this document.
The main categories of Data collected are kept for the following periods:
|
Typology of Treatments |
Shelf life in current archive |
Shelf life in intermediate archive |
|
Treatments relating to Visitors |
30 days | – |
6. How to exercise your rights ?
For requests that reach the DPO of CSHIELD by email or postal mail, please attach your ID to the request.
In case of serious doubts about your identity, additional information relating to your identity may be requested from you according to article 12 of the GDPR.
We will send you a response within one (1) month maximum from the date of receipt of your request. This period may be extended by two (2) additional months, given the complexity and the number of requests.
For the sake of transparency, you will find below a table summarizing your rights according to the different treatments.
For the correct understanding of this table, we provide you with a glossary in appendix 1.
|
Your rights |
The conditions of exercise |
The treatments concerned |
|
Right of access |
– |
All processing of personal data |
|
Right of rectification |
– |
All processing of personal data |
|
Right to limitation |
It is important to note that this right only applies if:
|
Treatments based on: – the execution of the contract – legal obligation – our legitimate interest |
|
Right to erasure |
You have the right to ask an organization to erase personal data concerning you in the following cases:
In the event of a request for the deletion of your Data, CSHIELD may nevertheless keep it in the form of an intermediate archive, for the duration necessary to meet its legal, accounting, and tax obligations. |
Treatments based on:
|
|
Right to object |
– |
Processing based on our legitimate interest. |
|
The right to portability |
– |
Processing based on:
|
|
The right to formulate post-mortem directives |
You have the right to formulate specific and general post-mortem directives concerning the storage, erasure, and communication of your Data. In the absence of any directive, your heirs can contact CSHIELD to:
|
All processing of personal data |
|
The right to complain |
You can, at any time, file a complaint with the competent supervisory authority (in France, the CNIL: www.cnil.fr) |
All processing of personal data |
7. Cookies
This section is dedicated to our cookie management policy on the Site. It allows you to find out more about the origin and use of the navigation information processed when you consult our website and your rights.
7.1. What is a cookie ?
A cookie is a small text file that requests permission to be placed on your computer’s hard drive by the websites you visit. They are widely used to make websites work more efficiently. Some of these cookies are necessary for the operation of the website. Others have the function of identifying you and, depending on your navigation, helping our teams to improve the Site.
A cookie cannot give access to information about you that you do not want to share. A cookie has a lifespan and is deleted by your browser once it has expired. Only the issuer of a cookie may read or modify the information contained in this cookie.
7.2. Purposes and type of cookies
Cookies are used for the following purposes:
|
Cookies necessary for the operation of the service (or “essential”) |
These cookies are mandatory for the provision of offers (for example consolidation of the browsing session) and, as such, exempt from the collection of consent |
|
So-called “audience measurement” cookies |
These cookies are used to measure the audience for the Site or to test different versions to optimize editorial choices based on their respective performance. In some cases, these cookies can be regarded as “essential” necessary for the provision of the service explicitly requested by the user, and thus be exempt from the collection of consent (for example, cookie linked to split testing or A / B Test). |
There are also several different types of cookies. Here are the most widely used:
|
Session cookies |
Session cookies are only stored for the duration of your visit to the Site. |
7.3. Responsabilities related to cookies
-
Cookies from CSHIELD and its subcontractors
CSHIELD is responsible for the issuance and use of cookies by it on the Site. Certain types of Cookies (“essential” or audience measurement in certain cases) are exempt from consent.
7.4. Manage cookie deposit
Under the Directive 2002/58 / EC of July 12, 2002, the company CSHIELD collects your prior consent to the deposit of cookies except for “essential” cookies and certain audience measurement cookies.
You can choose at any time to express and modify your wishes in terms of cookies, by the means described below.
-
Configuration of your browser
The configuration of each navigation software is different. It is generally described in the help menu of your navigation software. We, therefore, invite you to read it. You will thus be able to know how to modify your wishes regarding cookies.
Please note: Any configuration that you may undertake on your browser software regarding the acceptance or refusal of cookies may modify your Internet browsing and your conditions of access to certain services requiring the use of these same cookies. If you choose to refuse the registration of cookies in your terminal or if you delete those which are registered there, we decline all responsibility for the consequences linked to the degraded functioning of our services resulting from the impossibility for us to register or consult the cookies necessary for their operation and that you would have refused or deleted.
-
Configuration of your smartphone
You can control the deposit of Cookies directly from your smartphone:
|
IOS |
|
|
Android |
-
Creation of a list of opposition to the deposit of cookies
To block the collection and use of information about you by advertising companies wishing to offer you advertising based on your interests, you can access the following sites:
-
The NAI unsubscribe platform: http://www.networkadvertising.org/choices/
-
The EDAA unsubscribe platform: http://www.youronlinechoices.com/
-
The DAA unsubscribe platform: http://optout.aboutads.info/?c=2&lang=EN
8. Security measures
We undertake to implement the appropriate technical and organizational measures to guarantee a level of security adapted to the risk incurred for the rights and freedoms of natural persons in the context of the processing referred to in point 2.
These measures are defined taking into account the state of knowledge, the costs of implementation and the nature, scope, context, and purposes of the processing, as well as the risks identified.
********************
This policy will be updated as necessary to meet the requirements of the regulations applicable to Data protection. It will be revised at least every three (3) years.
June 23, 2020
Validated by the DPO of CSHIELD
APPENDIX 1 – GLOSSARY
For the correct understanding of this privacy policy, here are some key concepts:
Cookies : A cookie is a small text file placed on the user’s hard drive by the server of the site visited or by a third-party server, it contains information on the navigation carried out on this site.
Personal data: Any information allowing direct or indirect identification of a natural person (for example your name, your e-mail address, your billing information, telephone number, date of birth).
Right to access: You have the right to ask us for confirmation that personal data concerning you are or are not processed and if necessary access to said data as well as :
-
the reasons why we hold your data;
-
the categories of data we hold;
-
our use of your data;
-
who has access to your data (and their location);
-
where your data may be transferred;
-
the period during which we keep your data;
-
if you have not communicated your data to us directly, how we obtained it;
-
your rights under applicable laws and the possibility of limiting processing;
-
the possibility of lodging a complaint with the competent supervisory authority;
-
if we use your data for any automatic decision-making and how we do it.
Right to erasure: You have the right to request the erasure of personal data concerning you.
Right to limitation: You have the right to ask an organization to temporarily freeze the use of some of your Data, in particular during the examination of your request to exercise another right.
Right to object: You can object at any time to an organization using some of your Data by putting forward reasons relating to your particular situation.
Right to portability: You can request the communication of part of the Data that you have provided to us in a machine-readable format but also the transmission of this Data to a third party of your choice.
Right of rectification: You can request the rectification of inaccurate or incomplete information concerning you (for example an incorrect address).
Purpose: The purpose refers to the main objective pursued during the processing of your Personal Data. Your Personal Data is used for specific, explicit, and legitimate purposes.
Processing basis : To process your Personal Data CSHIELD is based on the following legal bases:
-
The execution of the contract: we process your Personal Data when it is necessary for the execution of the contract concluded with you or for the execution of pre-contractual measures taken at your request.
-
Compliance with a legal obligation: the processing of your Data may be imposed on us by the legislator. For example, the fight against terrorism.
-
Our legitimate interest: the processing of your Data may be necessary for the pursuit of our legitimate interest, in particular ensuring the improvement of the customer experience and allowing our activity to prosper.
Data Subject: This Privacy Policy applies to you if you are:
-
Employees of a CSHIELD client
-
A visitor to the site or application of a CSHIELD client, i.e. the person surfing the site or application of a CSHIELD client
Profiling: Profiling consists of establishing an individualized profile based on an individual’s data to assess this person and predict their behavior..
Data controller: this is the natural or legal person, the public authority, the service, or another body which, alone or jointly with others, determines the purposes and means of the processing. CSHIELD is responsible for the processing referred to in paragraph 2.
Sub-purposes: We inform you here more precisely of all the operations which participate in the same purpose.
Processing: c’est it is any operation or any set of operations carried out or not using automated processes and applied to personal data, such as collection, recording, organization, structuring, conservation, ‘adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, erasure or destruction.
Data transfer: Any communication, copy, or movement of personal data intended to be processed in a country outside the European Union.