Privacy Policy and protection of personal data at Aureto
We attach great importance to the confidentiality and
protection of the personal data we process.
As the controller of your personal data, we do our
utmost to protect your privacy and the data you provide us with, especially
when you visit our website or purchase one of our products or a gift voucher.
Our Privacy Policy and the protection of personal data
are part of this approach.
When you read this document, you will learn in
particular how we collect your personal data, what types of data are collected,
what purposes they are used for, with whom we share these data and what
measures are taken to protect them.
By using this website and/or our products and
services, you consent to the processing of your personal data as described in
this Privacy Policy.
We may change our Privacy Policy and how we protect
personal data. Any changes will take effect as soon as they are published on
our website, so please check each time you visit our website to ensure you are
aware of the latest version.
I - Why do we collect personal data?
We collect and use your personal data with the aim of
improving and further developing our products and services, providing you with
optimum customer service and making it easier for you to navigate our website.
We collect your personal data for legitimate reasons
and with your consent.
We use your personal data for the following purposes:
1. After the conclusion of a contract or the
fulfilment of contractual obligations
We collect your personal data to identify you, to
provide you with a service or to fulfil and manage your orders.
Collecting your personal data enables us to provide
you with data relating to your purchases, issue invoices and maintain our
customer relationship.
2. Due to our legitimate interest in collecting your
personal data
We have a legitimate interest in collecting your
personal data in order to communicate with you and answer your questions.
We also use personal data to monitor our users' accounts
and to ensure the security of our customers, in particular by monitoring for
fraud and evaluating suspicious, potentially illegal activities or activities
that do not comply with our Terms of Service and/or Terms of Use. Such
processing is justified by our legitimate interest in ensuring the security of
our products and services.
3. With your consent
If you have given us your consent, we may send you
promotional messages and other data that may be of interest to you. This
includes any competitions and other promotional activities. You can ask us not
to send you promotional material or similar data at any time.
4. To comply with legal requirements
We process your personal data to comply with our legal
obligations.
We reserve the right to anonymise and use the personal
data collected.
We will retain your billing information and other data
collected about you for as long as is necessary for accounting purposes or to
comply with any other legal obligations to which we are subject.
We may process your personal data for purposes other
than those stated here, but only if they are compatible with the original
purpose for which the data were collected. To do this, we make sure that:
* The connection between the purposes, context and
nature of the personal data is suitable for further processing
* Further processing does not harm your interests
* That there is adequate backup for the processing
that has taken place
II - What types of data do we collect and how do we
collect them?
The term "data" refers to any personal data that are capable
of identifying you as an individual and that you provide in the course of your
interactions with us.
We may collect information about you on a number of
occasions, namely:
1. The data you provide us with
We collect socio-professional information about you
that you may provide us with, such as your last name, first name, e-mail
address, home and business addresses and telephone number, when you make a
purchase through our online shopping system or directly in-store, or in the
various interactions you may have with us, including but not limited to registration
for our e-newsletter, when you contact us, when you enter an online competition
or promotional activity, or when you use any feature on our website.
Furthermore, whenever you make a purchase, we (or our
financial service providers) collect personal data in connection with that
purchase as this is necessary to process your request. The data collected
include payment data and in particular your credit/debit card number, although this
is only held for the duration of the transaction.
2. The data we collect automatically
When you browse our website, we collect data to track
the business relationship with you: Type of wine purchased, product purchased,
quantity, amount, regularity, as well as any other relevant data about your
purchases, history of your purchases, correspondence and/or telephone
conversations with our team, etc.
We also collect data about the type of device you use
when you browse our website (your device's unique identifier, your device's IP
address, your operating system, the browser you use, your usage, diagnostic and
location data from or about your computers, the type of device from which you
access our products and services). Where these data are available, we may use
your GPS coordinates, IP address and other technologies to determine the
approximate location of your device with the aim of improving our products and
services and providing you with a better experience as a user of our services.
This includes changes automatically stored by cookies and similar tools used by
us or our third party providers.
3. Data from our partners
We collect data from our trusted partners where we
have confirmation that they have legitimate reasons to share these data with
us. Either you have provided them with these data directly or they have
collected the data about you for other legally valid reasons.
4. Publicly accessible data
We may collect data about you that are publicly
available.
We deliberately do not collect sensitive data, such as
in particular racial or ethnic origin, political opinions, religious and philosophical
beliefs or health details.
III - How long do we store the data for?
We will retain your personal data only for as long as
is necessary for the purposes set out in this Privacy Policy or as required by
applicable law.
The retention periods are dependent on the purposes of
the processing carried out by Aureto and take into account, in particular, applicable
legal provisions that stipulate a specific retention period for certain
categories of data, any applicable limitation periods and the recommendations
of the CNIL (Commission Nationale de l'Informatique et des Libertés = National
Commission for Informatics and Liberties) with regard to certain categories of
data processing.
However, after expiry of the above periods and from
your request for erasure, your personal data may be subject to interim
archiving in order to comply with our legal, accounting and tax obligations
and/or any limitation periods associated with our relationship.
IV - Where are your personal data stored?
We may use the services of various third party
providers to assist us in providing services in connection with our website.
Our providers may be located inside or outside the European Economic Area ("EEA").
Where applicable, the transfer of your personal data will be in accordance with
applicable law.
Our vendors have limited access to your personal data to
perform the tasks they undertake on our behalf. They are contractually
obligated to protect these data and only use them for the purposes for which they
were submitted and in accordance with this Privacy Policy. Before we share your
personal data with third parties, we take the necessary measures to ensure that
these third parties offer an adequate level of data protection.
V - With whom do we share personal data?
We undertake not to sell or share your contact details
with third parties for their own business activities.
We may temporarily and securely transfer certain
personal data necessary for the operation, support and maintenance of our
website to third parties, in particular to ensure the dispatch of e-mails you
wish to receive and/or to perform tasks necessary for the preparation and
dispatch of your order.
If you do not want us to share your personal data with
these companies, please contact our customer service department at the
following address: "Service Clients - Aureto - Hameau de la Coquillade - 84400
GARGAS - France" or by e-mail: info@aureto.fr.
We may also be required to disclose personal
information when its disclosure is necessary as part of a judicial proceeding,
court order, summons, warrant or legal process, or as required by law to
protect human life; to maintain the safety of our products; to protect our
rights and those of our customers, and as part of a mandatory investigation and
to the strict extent of what is required under applicable laws.
VI - How do we protect your personal data?
We take appropriate technical and organisational
measures in accordance with applicable laws to protect your personal data
against accidental or unlawful destruction, loss or alteration and against unauthorised
disclosure or access.
We constantly update our security measures to keep
pace with advances and developments in technology. For card purchases, we work
with payment service providers that adhere to the PCP protocol and help us verify
directly with your bank that the card authorises you to make purchases, in
compliance with personal data protection standards. Our payment service
providers process your card data in accordance with the PCI DSS international
security standards developed by the credit card companies VISA, MasterCard,
Diners, American Express and JCB, and all other payment methods. This means
that your card data are processed with a very high standard of security. When
you pay by card, we reserve the right to carry out an identity check. You can
also help keep your data safe by taking the following security measures:
* Change your password regularly and use a combination
of letters and numbers
* Make sure you use a secure internet browser
VII - What about cookies and other technologies?
A "cookie" is a connection record that designates a
text file which may be stored, subject to your acceptance, in a specific area
of your terminal's hard drive when you visit the website. A cookie file enables
its sender to identify the terminal in which it is stored for the duration of
the cookie's validity or storage, and is therefore considered to be personal
data.
We (and third parties acting on our behalf) use
cookies and similar technologies to process your personal data when you visit
our website.
They are used to register you, deliver advertising
targeted to your preferences, combat fraud, analyse the performance of our
products and fulfil other legitimate purposes, such as learning about which
pages of our website are visited most frequently, as well as user activity and the
length of time users spend on our website. These technical tools also allow us
to evaluate the effectiveness of our marketing and thus the attractiveness of
our products and services to our customers.
As with most websites of the same type, certain data are
automatically recorded via a protocol. These data include protocol addresses
(IP addresses), the type of browser used, the Internet provider, referring and
final pages, the operating system, date and time.
Cookies do not store any data provided by users during
an online booking or when registering a customer account. Cookies identify your
browser (rather than you) and may not be sufficient in themselves to reveal
your identity.
You can set your browser to block these cookies,
although it is specified that this may affect your ability to perform certain
operations, use certain functions and access certain content on our website.
In addition to the cookies used among other things to
identify browsing history and provide statistical tools, there are also the
technologies of our partners, which are subject to their own personal data
protection policies. We will inform you about the purpose of the cookies we are
aware of and the options you have to make a choice regarding these cookies.
VIII - What rights do you have and in particular what
legal remedies?
* Right to data: This allows you to know whether your
personal data are being processed; which data are being collected, where they come
from, why they are being processed and by whom.
* Right of access: You have the right to access the
data that have been collected about you. This includes your right to request
and receive a copy of your personal data that have been collected.
* Right to rectification: You have the right to
request the rectification or erasure of your personal data if they are
inaccurate or incomplete.
* Right to erasure: In certain circumstances, you can
request that your personal data are erased from our archives.
* Right to the restriction of processing: You have the
right to restrict the processing of your personal data.
* Right to object to processing: In certain cases you
have the right to object to the processing of your personal data, e.g. in the
case of direct marketing.
* Right to object to automated processing: You have
the right to object to automated processing, including profiling. You can
exercise this right if the use of profiling produces legal effects which
significantly affect you.
* Right to data portability: You have the right to
receive your personal data in a machine-readable format or, if feasible, by
direct transfer from one processor to another.
* Right to withdraw your consent: You have the right
to withdraw your consent to the processing of your personal data.
* Right to issue instructions about what should happen
to your personal data after your death: You have the right to give us
directives at any time about how the personal data we process about you should
be managed after your death.
* Right to lodge a complaint with the supervisory
authority: You can lodge any complaint with the competent supervisory
authority, i.e. the CNIL, at any time.
All requests will be processed as quickly as possible
and in accordance with applicable laws.
Please note that if you request the erasure of your
data, we may archive your data for the period permitted by applicable law in
order to comply with our legal obligations or if we believe it is necessary to
prevent possible fraud or other types of misuse, as well as for legitimate
purposes such as analysis of non-personal data, debt collection or enforcement
of our/your rights in the event of a complaint or legal appeal.
IX - What about third-party websites and services?
Our websites, products and services may contain links
or provide you with the ability to access third-party websites, products and
services. We are not responsible for the privacy practices applied by these
third parties or for the data or content of their products and services. This
Privacy Policy applies only to data collected by us via browsing and operations
related to our products and services.
X - What about data on minors?
Our products and services are aimed exclusively at
adults. Therefore, we do not intentionally collect, use or disclose any data
from minors. If we learn that we have collected personal information from a
minor, we will take the necessary steps to delete the data as soon as possible.
If you learn that a minor has provided us with his or her personal data, please
inform us immediately.
XI - Your rights in relation to the processing of your
personal data
You have the right of access and right to rectification,
request for erasure, restriction or withdrawal of your consent to the
processing of your personal data, the right to oppose profiling and the right
to data portability at any time. To exercise these rights, please contact our
Data Protection Officer at the following e-mail address: info@aureto.fr or at
the following postal address: SARL Cave Aureto - Hameau de la Coquillade - 84400 GARGAS -
France.