Privacy Policy and Cookies

PRIVACY POLICY

The company LYL SAS is committed to protecting personal data processed within the framework of its online sales commercial activity.

For full transparency, the company LYL SAS has defined this Data Protection Policy so that any customer, as a natural person, can at any time become aware of the commitments made and the practices applied to their personal data.

The company LYL SAS commits to processing all collected data in compliance with the applicable data protection laws (Law No. 78-17 of January 6, 1978 as amended and the European General Data Protection Regulation 2016/679 of April 27, 2016 on data protection, these two texts hereinafter referred to as the "Regulation").

1- GLOSSARY

Personal data processing is an operation or a set of organized operations performed on personal data (collection, structuring, storage, modification, communication...).

Personal data is information that allows identifying a human being (natural person), directly (for example their first/last name), or indirectly (for example their phone number, contract number, username).

The data subject is the one who can be identified by the data used in the context of personal data processing.

The data controller is the one who decides how the processing of personal data will be implemented, in particular by determining what the data will be used for and which tools will be implemented to process it.

The subcontractor is the one who performs operations on the data on behalf of the data controller, signs a contract with the data controller who entrusts certain tasks to them and ensures that they have the technical and organizational guarantees allowing them to process the personal data entrusted to them in accordance with the regulations.

The recipient is the one who receives authorized communication of personal data.

The company LYL SAS is responsible for the processing of personal data related to sales made on its site www.rosyneclub.com, within the meaning of law no. 78-17 of January 6, 1978, as amended, relating to data processing, files, and freedoms regarding the collection and processing of personal data (known as the "Data Protection Act") and the General Data Protection Regulation of April 27, 2017 (known as "GDPR"), all referred to as the "Regulation".

Personal data is processed for the following main objectives:

• Taking into account orders placed on the site www.rosyneclub.com
• Provision of technological services (websites) and marketing (newsletter)
• Management of logistics services (orders, supplies, assortments, delivery)

Our subcontractors are required to process the personal data of the clients of the company LYL SAS as far as they are concerned, and in particular:

• Logistics management (order and delivery management, stock management)

2- OUR KEY COMMITMENTS

The company LYL SAS, as data controller, respects the following principles:

• Personal data is used only for explicit, legitimate, and determined purposes (objectives) related to the business activities of the data controller.
• Only strictly necessary personal data is collected and processed.
• Data is not retained beyond the necessary duration for the operations for which it was collected, taking into account the nature of the operations, or those provided by the CNIL’s decision-making practice or by the Regulation.
• The company LYL SAS does not communicate or transfer personal data related to client members to third parties, but only to authorized recipients within the strict framework of the purposes defined beforehand.
• The company LYL SAS entrusts personal data to subcontractor service providers chosen based on appropriate technical and organizational guarantees, in order to ensure the protection of the data entrusted to them under the instructions of the company LYL SAS.
• Clients are informed beforehand and regularly, in a clear and transparent manner, notably about the purpose of using their data, the optional or mandatory nature of their responses in forms, the rights they have regarding data protection and the methods for effectively exercising these rights, and the recipients.
• Whenever the Regulation requires it, explicit, informed, active, and unambiguous consent from the client(s) is obtained for the processing of their personal data.
• Appropriate security measures, on the logical, technical, organizational, and legal levels, have been defined based on a risk analysis of the various personal data processing operations concerned, and are implemented by the company LYL SAS and its subcontractors engaged by contract, to ensure the protection of personal data.

• The company LYL SAS and its subcontractors are committed to monitoring any possible and exceptional data breach and to taking all protection and corrective measures following a breach by informing the CNIL and, if applicable, the data subjects.

3- THE DATA PROTECTION OFFICER, THE DPO

The company LYL SAS appoints a data protection officer to ensure compliance with the Regulation and the rules described in this Data Protection Policy.

The data protection officer notably ensures:

• to establish and keep up to date a register of personal data processing operations implemented within the company,
• to ensure compliance of practices with the regulations and their developments,
• to raise awareness among all teams about the requirements and best practices regarding the protection of personal data,
• for the effective exercise of the rights of the data subjects.

The data protection officer can be reached by email at: info@rosyne-club.fr

4-  DATA COLLECTION

The company LYL SAS collects the personal data of the data subjects in the following manner:

• As part of any order placed on the site www.rosyneclub.com, and information completed on this occasion,
• As part of the various exchanges taking place with the company LYL SAS (mailings, letters, messaging…),
• As part of the technological services made available to clients (newsletters, online forms…),
• As part of the logistics services made available to clients.

5- DATA COLLECTED

As part of its activity, the company LYL SAS collects data belonging to the following categories of personal data:

• Identity,
• Contact data (email, phone, address)
• Connection data (IP address, logs, etc.)
• Location data (movements, GPS data, GSM, etc.)
• Bank information (type of credit card, banking information useful for order payment)

6- USE OF DATA

The company LYL SAS uses personal data for the following main purposes:

• Taking into account orders placed on the site www.rosyneclub.com
• Provision of technological services (websites) and marketing (newsletter)
• Management of logistics services (orders, supplies, assortments, delivery)

Our subcontractors are required to process the personal data of the clients of the company LYL SAS as far as they are concerned, and in particular:

• Logistics management (order and delivery management, stock management)

7- DATA RECIPIENTS

On a case-by-case basis for the processing described in the article "Use of data" above, the company LYL SAS determines the recipients of the data according to their tasks and their authorizations to receive the data in compliance with the determined purposes.

Depending on the case, these recipients may be:

• The subcontractors called upon by the company LYL SAS for any technical or logistical operation as part of the implementation of appropriate technical and organizational measures, particularly in terms of confidentiality and security.

8- DATA RETENTION PERIOD

The company LYL SAS has established precise rules regarding the retention period of personal data of data subjects, in order to limit retention to a strictly necessary duration.

At the end of the period thus set, and depending on the case, personal data is subject, in compliance with the applicable Regulation, to one of these measures:

• Deletion,
• Irreversible anonymization,
• Archiving.

9- DATA SECURITY

Data security concerns the measures taken to protect data from the following events:

• destruction,
• loss,
• alteration,
• unauthorized disclosure of personal data transmitted, stored, or processed,
• unauthorized access to such data, whether accidental or unlawful

To ensure the security of personal data, the company LYL SAS and its subcontractors implement appropriate technical and organizational measures taking into account the state of knowledge, costs, nature, scope, context, and purposes of processing to guarantee a level of security adapted to the risks.

10- DATA RIGHTS

Each data subject has the following rights:

• right of access / access their data: the data subject may request directly from the company LYL SAS if it holds information about them, and request to be provided with the list of data,
• right to rectification / request their correction: the data subject may request the correction of inaccurate information concerning them. The right to rectification complements the right of access.
• right to be forgotten / request deletion of their data: the data subject may request the deletion of information concerning them, for a reason provided by the Regulation.
• right to restriction / request the restriction of the processing of their data: the data subject may obtain the restriction of the processing of their data, for a reason provided by the Regulation.
• right to data portability / request the portability of their data: the data subject may request to receive the data they provided to the company LYL SAS, or request that the company LYL SAS transmit it to another data controller for a reason provided by the Regulation,

The data subject may also object, for legitimate reasons, to the processing, dissemination, transmission, storage or hosting of their data.

For more information on the meaning of the rights; the CNIL has created a dedicated section for understanding rights which can be consulted here: https://www.cnil.fr/fr/comprendre-vos-droits

To exercise rights, the data subject can contact the data protection officer of the company LYL SAS by email at info@rosyneclub.fr and by mail at the postal address 909 Avenue des Platanes - 34970 LATTES. To facilitate the process, the company LYL SAS invites each data subject, when sending a request to exercise their rights, to:

• Indicate which right(s) they wish to exercise,
• Clearly state their last name / first name / contact details to which they wish to receive responses,
• Attach a copy of an identity document.

11- CONSENT OF THE DATA SUBJECTS

All personal data processing is carried out by the company LYL SAS in compliance with the consent of the data subjects, and in some cases provided for by the Regulation, explicit consent, also called express consent, of the person is required.

Whenever explicit consent from the person is required by the Regulation, it is obtained beforehand by the company LYL SAS and the data subject may withdraw their consent at any time by contacting the above-mentioned contacts.

12- COMPLAINTS TO THE CNIL

Each data subject has the right to file a complaint with a data protection supervisory authority.

In France, this authority is the CNIL, here are its contact details:

• Website: https://www.cnil.fr/
• Phone: 01 53 73 22 22
• Mailing address: 3, place Fontenoy TSA 80715, 75334 PARIS Cedex 07

13- OUR COOKIE POLICY

• We are the company LYL SAS.  For your information, our company is registered with the Montpellier RCS under number 904 680 766 and our headquarters is located at 909 Avenue des platanes, 34970 LATTES. We are the owner and operator of the website www.rosyneclub.com and associated properties, which use cookies. We use cookies for many reasons, for example to operate our Website, which allows us to distinguish you from other users of the Websites in order to offer you a more personalized experience. This Cookie Policy describes the following: what cookies are; our use of cookies; how you can manage the cookies used on the Websites; privacy; additional information; and changes made to this Cookie Policy.
• What are cookies?
• Cookies are small text files placed on devices that visit our Websites. The cookie "remembers" the computer or other electronic device during subsequent visits to the Websites and some cookies may collect personal data about you. You can find more general information about cookies at: www.allaboutcookies.org.
• Our use of cookies
• We want you to understand the different types of cookies used on our Websites. We use various types of cookies and other tracking technologies for the following purposes.
• a. Strictly necessary cookies: these are cookies strictly necessary for the operation of our Websites, for example cookies that authenticate users and allow us to offer certain features such as account registration.
• b. Performance cookies: these cookies collect information about the pages or screens you visit, and other performance metrics. This helps us improve how our Websites work, for example, by ensuring users can easily find what they are looking for.
• c. Functional cookies: these cookies remember your choices to improve your experience, for example, by remembering your username, language, and the region you are in. The purpose of these cookies is to provide you with a more personalized experience so that you do not have to reset your preferences each time you visit our Websites.
• d. Targeting and advertising cookies: these cookies are often placed by retargeting and advertising partners to track your browsing habits in order to later present targeted ads on other Websites and applications. We use this information to make our Websites and the advertising displayed on them more relevant to your interests. We may also share this information with third parties for this purpose. allbirds.eu/pages/cookies
• Please note that third parties (including, for example, advertising networks and external service providers such as web traffic analysis services) may also use cookies, over which we have no control. These cookies may be analytical/performance cookies or targeting cookies.
• How to manage cookies on our Websites

• Most browsers allow you to disable them if you wish. If you disable cookies, you may find that you have a less personalized experience on our Websites and that some parts of our Websites do not work at all or do not work properly.
• Each browser is configured differently. To disable cookies via your browser settings, you must follow the instructions provided by your browser publisher. As of the date of this Cookie Policy, these instructions are available for commonly used browsers via the following links:
• If you use Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
• If you use Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
• If you use Safari: https://support.apple.com/kb/ph21447?locale=en_US
• If you use Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• If you use Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
• If you use different devices, make sure to configure the corresponding browser settings according to your preferences.
• If you wish to opt out of being tracked by Google Analytics on all websites, you can do so here: https://tools.google.com/dlpage/gaoptout.
• Except for essential cookies, our session cookie will expire after the browsing session.

14- CHANGES TO THE GENERAL DATA PROTECTION POLICY

The data protection policy is subject to change. In the event of changes to the elements mentioned in the privacy policy, the company LYL SAS commits to modifying it and informing the concerned individuals prior to implementing changes that could affect personal data.

The company LYL SAS will strive to indicate what impacts these changes will entail.

15- QUESTIONS AND COMMENTS: CONTACT US

If you have any questions, comments, or concerns regarding this policy, contact our data protection officer, reachable by email: info@rosyneclub.fr or by mail: SAS LYL - Rosyne Club, 909 Avenue des platanes, 34970 LATTES