Privacy Policy and Cookies

PRIVACY POLICY

The company LYL SAS is committed to protecting personal data processed within the scope of its online sales business.

For the sake of complete transparency, the company LYL SAS has defined this Data Protection Policy so that any client, as an individual, can at any time be informed of the commitments made and the practices applied to their personal data.

The company LYL SAS commits to processing all collected data in compliance with the applicable data protection texts (Law no. 78-17 of January 6, 1978, as amended, and the European General Regulation 2016/679 of April 27, 2016, on data protection, these two texts hereinafter referred to as the "Regulation").

1- GLOSSARY

Personal data processing is an operation or a set of organized operations performed on personal data (collection, structuring, storage, modification, communication...).

Personal data is information that allows identifying a human being (natural person), directly (for example, their first/last name), or indirectly (for example, their phone number, contract number, or username).

The data subject is the one who can be identified by the data used in the context of personal data processing.

The data controller is the one who decides how the processing of personal data will be implemented, notably by determining what the data will be used for and which tools will be used to process it.

The subcontractor is the one who performs operations on the data on behalf of the data controller; they sign a contract with the data controller who entrusts them with certain tasks and ensures that they have the technical and organizational guarantees allowing them to process the personal data entrusted to them in accordance with the regulation.

The recipient is the one who receives authorized communication of personal data.

The company LYL SAS is responsible for the processing of personal data related to sales made on its site www.rosyneclub.com, within the meaning of law no. 78-17 of January 6, 1978, as amended, relating to data processing, files and freedoms regarding the collection and processing of personal data (known as the "Data Protection Act") and the General Data Protection Regulation of April 27, 2017 (known as "GDPR"), collectively referred to as the "Regulation".

Personal data is processed for the following main purposes:

• Processing of orders placed on the site www.rosyneclub.com
• Provision of technological services (websites) and marketing (newsletter)
• Management of logistics services (orders, supplies, assortments, delivery)

Our subcontractors are required to process the personal data of the clients of the company LYL SAS concerning them, notably:

• Logistics management (order and delivery management, stock management)

2- OUR KEY COMMITMENTS

The company LYL SAS, as the data controller, respects the following principles:

• Personal data is used only for explicit, legitimate, and determined purposes (objectives) related to the business activities of the data controller.
• Only strictly necessary personal data is collected and processed.
• Data is not retained beyond the time necessary for the operations for which it was collected, taking into account the nature of the operations, or those provided for by the CNIL's decision-making practice or by the Regulation.
• The company LYL SAS does not disclose or transfer personal data relating to client members to third parties, but only to authorized recipients within the strict framework of the purposes defined beforehand.
• The company LYL SAS entrusts personal data to subcontractor service providers chosen based on appropriate technical and organizational guarantees, to ensure the protection of the data entrusted to them under the instructions of the company LYL SAS.
• Clients are informed beforehand and regularly, in a clear and transparent manner, notably about the purpose of using their data, the optional or mandatory nature of their responses in forms, the rights they have regarding data protection and how to effectively exercise these rights, and the recipients.
• Whenever the Regulation requires it, explicit, informed, active, and unambiguous consent of the client(s) is obtained for the processing of their personal data.
• Appropriate security measures, on logical, technical, organizational, and legal levels, have been defined based on a risk analysis of the various personal data processing operations concerned, and are implemented by the company LYL SAS and its subcontractors engaged by contract, to ensure the protection of personal data.

• The company LYL SAS and its subcontractors are committed to monitoring any possible and exceptional data breaches and to taking all protective and corrective measures following a breach by informing the CNIL and, if applicable, the data subjects.

3- THE DATA PROTECTION OFFICER, THE DPO

The company LYL SAS appoints a data protection officer to ensure compliance with the Regulation and the rules described within this Data Protection Policy.

The data protection officer notably ensures:

• to establish and keep up to date a register of personal data processing operations implemented within the company,
• to ensure compliance of practices with the regulations and their developments,
• to raise awareness among all teams about the requirements and best practices regarding the protection of personal data,
• to the effective exercise of the rights of the data subjects.

The data protection officer can be reached by email at the address: info@rosyne-club.fr

4-  DATA COLLECTION

The company LYL SAS collects the personal data of the data subjects in the following manner:

• As part of any order placed on the site www.rosyneclub.com, and information completed on this occasion,
• As part of the various exchanges taking place with the company LYL SAS (mailings, letters, messaging …),
• As part of the technological services made available to clients (newsletters, online forms…),
• As part of the logistics services made available to clients.

5- DATA COLLECTED

As part of its activity, the company LYL SAS collects data belonging to the following categories of personal data:

• Identity,
• Contact data (email, phone, address)
• Connection data (IP address, logs, etc.)
• Location data (movements, GPS data, GSM, etc.)
• Bank information (type of credit card, banking information useful for order payment)

6- DATA USAGE

The company LYL SAS uses personal data for the following main purposes:

• Processing of orders placed on the site www.rosyneclub.com
• Provision of technological services (websites) and marketing (newsletter)
• Management of logistics services (orders, supplies, assortments, delivery)

Our subcontractors are required to process the personal data of the clients of the company LYL SAS concerning them, notably:

• Logistics management (order and delivery management, stock management)

7- DATA RECIPIENTS

On a case-by-case basis for the processing described in the article "The use of data" above, the company LYL SAS determines the recipients of the data based on their tasks and their authorizations to receive the data in compliance with the determined purposes.

Depending on the case, these recipients may be:

• The subcontractors called upon by the company LYL SAS for any technical or logistical operation as part of the implementation of appropriate technical and organizational measures, particularly in terms of confidentiality and security.

8- DATA RETENTION PERIOD

The company LYL SAS has established precise rules regarding the retention period of personal data of data subjects, in order to limit retention to a strictly necessary duration.

At the end of the period thus set, and depending on the case, personal data shall be subject, in compliance with the applicable Regulation, to one of the following measures:

• Deletion,
• Irreversible anonymization,
• Archiving.

9- DATA SECURITY

Data security concerns the measures taken to protect data from the following events:

• destruction,
• loss,
• alteration,
• unauthorized disclosure of personal data transmitted, stored, or processed,
• unauthorized access to such data, whether accidental or unlawful

To ensure the security of personal data, the company LYL SAS and its subcontractors implement appropriate technical and organizational measures considering the state of knowledge, costs, nature, scope, context, and purposes of the processing to guarantee a level of security adapted to the risks.

10- DATA RIGHTS

Each data subject has the following rights:

• right of access / access their data: the data subject may directly request LYL SAS if it holds information about them, and request that the list of data be communicated to them,
• right to rectification / request their correction: the data subject may request the correction of inaccurate information concerning them. The right to rectification complements the right of access.
• right to be forgotten / request the deletion of their data: the data subject may request the deletion of information concerning them, for a reason provided by the Regulation.
• right to restriction / request the restriction of the processing of their data: the data subject may obtain the restriction of the processing of their data, for a reason provided by the Regulation.
• right to data portability / request the portability of their data: the data subject may request to receive the data they provided to the company LYL SAS, or request that LYL SAS transmit it to another data controller for a reason provided by the Regulation,

The data subject may also object, for legitimate reasons, to the processing, dissemination, transmission, storage or hosting of data concerning them.

For more information on the meaning of the rights; the CNIL has created a dedicated section for understanding rights which can be consulted here: https://www.cnil.fr/fr/comprendre-vos-droits

To exercise the rights, the data subject may contact the data protection officer of the company LYL SAS by email at the address info@rosyneclub.fr and by mail to the postal address 852 Avenue Villeneuve d'Angoulême – 34070 Montpellier.

To facilitate the procedures, the company LYL SAS invites each data subject, when sending a request to exercise rights, to:

• Indicate which right(s) they wish to exercise,
• Clearly state their last name / first name / contact details to which they wish to receive responses,
• Attach a copy of an identity document.

11- CONSENT OF THE DATA SUBJECTS

All processing of personal data is carried out by the company LYL SAS in compliance with the consent of the data subjects, and in some cases provided for by the Regulation, the explicit, also called express, consent of the person is required.

Whenever explicit consent of the person is required by the Regulation, it is obtained beforehand by the company LYL SAS and the data subject may withdraw their consent at any time by contacting the above contacts.

12- COMPLAINTS TO THE CNIL

Each data subject has the right to file a complaint with a data protection supervisory authority.

In France, this authority is the CNIL, here are its contact details:

• Website: https://www.cnil.fr/
• Phone: 01 53 73 22 22
• Postal address: 3, place Fontenoy TSA 80715, 75334 PARIS Cedex 07

13- OUR COOKIE POLICY

• We are the company LYL SAS.  For your information, our company is registered with the Montpellier RCS under number 904 680 766 and our head office is located at 81 rue de la libération – 34130 LANSARGUES. We are the owner and operator of the website www.rosyneclub.com and associated goods, which use cookies. We use cookies for many reasons, for example to operate our Website, which allows us to distinguish you from other users of the Websites in order to provide you with a more personalized experience. This Cookie Policy describes the following: what cookies are; our use of cookies; how you can manage cookies used on the Websites; privacy; additional information; and changes to this Cookie Policy.
• What are cookies?
• Cookies are small text files placed on devices that visit our Websites. The cookie "remembers" the computer or other electronic device during subsequent visits to the Websites and some cookies may collect personal data about you. You can find more general information about cookies at: www.allaboutcookies.org.
• Our use of cookies
• We want you to understand the different types of cookies used on our Websites. We use various types of cookies and other tracking technologies for the following purposes.
• a. Strictly necessary cookies: these are cookies strictly necessary for the operation of our Websites, for example cookies that authenticate users and allow us to offer certain features such as account registration.
• b. Performance cookies: these cookies collect information about the pages or screens you visit, and other performance metrics. This helps us improve how our Websites function, for example, by ensuring users can easily find what they are looking for.
• c. Functionality cookies: these cookies remember your choices to improve your experience, for example, by remembering your username, language, and the region you are in. The purpose of these cookies is to provide you with a more personalized experience so that you do not have to reset your preferences each time you visit our Websites.
• d. Targeting and advertising cookies: these cookies are often placed by retargeting and advertising partners to track your browsing habits in order to later present targeted ads on other Websites and applications. We use this information to make our Websites and the advertising displayed on them more relevant to your interests. We may also share this information with third parties for this purpose. allbirds.eu/pages/cookies
• Please note that third parties (including, for example, advertising networks and external service providers such as web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
• How to manage cookies on our Websites

• Most browsers allow you to disable them if you wish. If you disable cookies, you may find that you have a less personalized experience on our Websites and that some parts of our Websites do not work at all or do not work properly.
• Each browser is configured differently. To disable cookies via your browser settings, you must follow the instructions provided by your browser publisher. As of the date of this Cookie Policy, these instructions are available for commonly used browsers via the following links:
• If you use Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
• If you use Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
• If you use Safari: https://support.apple.com/kb/ph21447?locale=en_US
• If you use Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• If you use Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
• If you use different devices, make sure to configure the corresponding browser settings according to your preferences.
• If you wish to opt out of being tracked by Google Analytics on all websites, you can do so here: https://tools.google.com/dlpage/gaoptout.
• Except for essential cookies, our session cookie will expire after the browsing session.

14- CHANGES TO THE GENERAL DATA PROTECTION POLICY

The data protection policy may evolve. In case of changes to the elements mentioned in the privacy policy, the company LYL SAS commits to modifying it and informing the concerned individuals prior to implementing changes that could impact personal data.

The company LYL SAS will strive to indicate what impacts these changes will entail.

15- QUESTIONS AND COMMENTS: CONTACT US

If you have questions, comments, or concerns regarding this policy, contact our data protection officer, reachable by email: info@rosyneclub.fr or by mail: SAS LYL - Rosyne Club, 852 Avenue de Villeneuve d'Angoulême, 34070 MONTPELLIER.