IZIPIZI may amend this Policy at at any time. We therefore recommend you regularly check back on it. In the event of substantial changes being made to the Policy in relation to your rights, IZIPIZI will draw your attention to these as soon as reasonably possible.
1. Who processes your data?
The company IZIPIZI, a “SAS” [simplified joint-stock company] with registered capital of €50,000 and head offices at 19 Rue de Calais 75009 Paris. We offer manufacturing services for spectacles that you can buy online at the website accessible at the address <izipizi.com> and in store.
During use of these services, IZIPIZI may, as the data controller, process personal data relating to visitors to the website, as well as customers and prospective customers for the service (“Personal Data”).
2. Which data do we process?
IZIPIZI collects personal data in the following ways:
• directly from you:
◦ when a customer account is created, we save all the information required to place an order, namely your full name, email address, postal address and telephone number;
◦ when signing up for our newsletter;
◦ when you use our contact form: data provided in the form (email address and any personal data you choose to include in the free text field);
◦ when you use our website: data that can be used to identify and authenticate you (connection logs, IP address), data related to purchases, your browsing behaviour on the site, times and dates of visits to the site, localization data.
◦ through social networks such as Facebook, Instagram and Twitter: data are liable to be exchanged between IZIPIZI and social networks when, for example, you visit the website and are simultaneously logged into these social networks on your device. These exchanges can be prevented by logging out of social media before visiting the IZIPIZI website;
◦ through cookies and trackers. To find out more, please contact us at firstname.lastname@example.org for further information on our cookies policy.
3. Why do we process your data?
IZIPIZI uses your data:
• when this is necessary to fulfil our contract with you or for the execution of pre-contractual measures taken at your request, notably when:
◦ creating your customer account;
◦ managing your orders, for their tracking and invoicing;
◦ sending product availability notifications;
◦ managing communications and exchanges, notably in the event of disputes;
◦ managing electronic newsletters and commercial offers;
◦ monitoring your satisfaction;
◦ managing any requests to exercise your rights applicable within the framework of the GDPR.
• When this is necessary to enable us to fulfil our legal and regulatory obligations, notably when:
◦ managing the risks related to fraudulent use of your data. IZIPIZI takes every precaution we deem useful to ensure the security of your data and our information systems, and to defend our interests. These measures may, where necessary, lead to suspension of your online account;
◦ managing any disputes, notably linked to the recovery of any sums owed to us and when managing payment incidents;
◦ fulfilling our legal obligations or complying with applicable legislation, such as government requests (such as fiscal administration).
• When we have a legitimate interest, to promote and improve our services, for operations related to sales prospecting or for the completion of studies, with respect for your rights, and, notably:
◦ when you visit our website, we record your visits in order to show advertising when you browse other websites. Neither the advertising agencies nor the third party sites displaying our advertising have access to your personal data. If you no longer wish to see our advertising, you can delete the cookies from your web browser: https://www.comment-supprimer.com/les-cookies/
◦ to improve our services and the relevance of our offers, we use software and services operated by third-party providers that enable us to better understand our business. To this end, we provide these programs with access to data in our customer database, your browsing history on our website, and information on the products ordered.
• When you have given your permission. In this case, you can retract your permission at any time, without this having any retroactive effect. This is notably the case for our weekly newsletter, which you can unsubscribe from at any time by clicking on the link “me désabonner” (unsubscribe) at the bottom of the newsletter or directly from the website in your customer account in the section “mon compte/vos données personnelles” (my account/your personal data). This will have immediate effect.
4. Who has access to your data?
Your data are accessible to authorized IZIPIZI staff.
Your order information is sent to the various service providers involved in ensuring your order reaches you, namely our logistician who prepares the package and the shipping company who delivers it to your address.
They are in no way permitted to use your data for any purpose other than the processing of your order and must delete this data from their information systems once the order has been processed. These service providers store the data in data centers in Europe.
If, however, you opt for delivery outside Europe, your data and postal address will need to be sent to the logistics department of the shipping company that will deliver your order in this country.
We also use a French service provider for our newsletters which is ISO-27001 certified. To this end, they guarantee that data is stored in maximum security.
Our service provide Diduenjoy receives your email address, full name, and order reference number for the sole purpose of sending you a satisfaction survey to assess your purchasing experience on the IZIPIZI website.
Our service provider Antadis has access to your personal data as part of its tasks to develop and maintain our website.
5. How long are your data stored?
Your personal data are stored for as long as required for the purposes outlined above, plus the legal limitation period.
Your account data (registration) are therefore stored for the duration of your membership. They can then be stored for three years following your last contact, notably to enable us to send you commercial offers.
Your personal data may be stored for a longer period in response to specific legal obligations or in respect of applicable legal provisions. For example, data can be stored for:
• ten years for accounting purposes;
• Throughout the duration of a dispute until all avenues of appeal have been exhausted.
6. What security measures are in place to protect your data?
In accordance with the GDPR and the applicable legislation, IZIPIZI has put in place appropriate technical, physical, and organizational measures to ensure the security and confidentiality of Personal Data and to prevent these from being distorted, damaged, or accessed by unauthorized third parties.
Additionally, IZIPIZI chooses its sub-contractors and service providers carefully, and the latter must provide guarantees in terms of quality, security, reliability, and resources that enable implementation of these security measures.
7. Do your data leave the European Union?
The servers for the IZIPIZI website are hosted exclusively by OVH, in France, in data centers in the north of France. These servers contain our databases required for operating the <izipizi.com> website and information on customer accounts.
Some of our statistics tools operate in the United States. All data handled for statistics purposes outside of Europe are nonetheless fully anonymized.
8. What rights do you have over your data?
In accordance with data protection regulations, you have rights at any time, without incurring any costs, to access, rectify, and erase your Personal Data, subject to the rights and liberties of third parties and the obligations incumbent upon IZIPIZI. You also have the right to set out directions relating to the use of your data after your death.
Note that you can amend most of your Personal Data yourself in your customer space.
For access rights, we may also request payment of reasonable fees based on administrative costs for any additional copies of data than those you will be sent.
In certain cases, you also have the right to limit processing of your Personal Data and to its portability. You can also ask to exercise your right to oppose the processing of your personal data, for reasons related to your personal circumstances, when processing is based on the legitimate interest of the data controller, including profiling. In the event that this right to opposition is exercised, IZIPIZI will cease processing unless there exist legitimate, pressing reasons for the processing that prevail over the interests, rights, and liberties of the person in question or for the reporting, exercising, or defence of a legal right. You can also at any time oppose all processing related to prospecting activities (including profiling linked to such prospecting activities) and withdraw your consent when this is the legal basis for processing (the withdrawal of consent will have no consequence on the legality of the processing completed before withdrawal of consent).
9. How can you exercise your rights?
Please do not hesitate to contact us if you have any questions or wish to exercise your rights by emailing email@example.com, providing details of your request.