We attach great importance to the confidentiality and
protection of the personal data we process.
As the controller of your personal data, we do our utmost to protect your privacy and the data you provide us with, especially when you visit our website or purchase one of our products or a gift voucher.
When you read this document, you will learn in particular how we collect your personal data, what types of data are collected, what purposes they are used for, with whom we share these data and what measures are taken to protect them.
I - Why do we collect personal data?
We collect and use your personal data with the aim of improving and further developing our products and services, providing you with optimum customer service and making it easier for you to navigate our website.
We collect your personal data for legitimate reasons and with your consent.
We use your personal data for the following purposes:
1. After the conclusion of a contract or the fulfilment of contractual obligations
We collect your personal data to identify you, to provide you with a service or to fulfil and manage your orders.
Collecting your personal data enables us to provide you with data relating to your purchases, issue invoices and maintain our customer relationship.
2. Due to our legitimate interest in collecting your personal data
We have a legitimate interest in collecting your personal data in order to communicate with you and answer your questions.
3. With your consent
If you have given us your consent, we may send you promotional messages and other data that may be of interest to you. This includes any competitions and other promotional activities. You can ask us not to send you promotional material or similar data at any time.
4. To comply with legal requirements
We process your personal data to comply with our legal obligations.
We reserve the right to anonymise and use the personal data collected.
We will retain your billing information and other data collected about you for as long as is necessary for accounting purposes or to comply with any other legal obligations to which we are subject.
We may process your personal data for purposes other than those stated here, but only if they are compatible with the original purpose for which the data were collected. To do this, we make sure that:
* The connection between the purposes, context and nature of the personal data is suitable for further processing
* Further processing does not harm your interests
* That there is adequate backup for the processing that has taken place
II - What types of data do we collect and how do we collect them?
The term "data" refers to any personal data that are capable of identifying you as an individual and that you provide in the course of your interactions with us.
We may collect information about you on a number of occasions, namely:
1. The data you provide us with
We collect socio-professional information about you that you may provide us with, such as your last name, first name, e-mail address, home and business addresses and telephone number, when you make a purchase through our online shopping system or directly in-store, or in the various interactions you may have with us, including but not limited to registration for our e-newsletter, when you contact us, when you enter an online competition or promotional activity, or when you use any feature on our website.
Furthermore, whenever you make a purchase, we (or our financial service providers) collect personal data in connection with that purchase as this is necessary to process your request. The data collected include payment data and in particular your credit/debit card number, although this is only held for the duration of the transaction.
2. The data we collect automatically
When you browse our website, we collect data to track the business relationship with you: Type of wine purchased, product purchased, quantity, amount, regularity, as well as any other relevant data about your purchases, history of your purchases, correspondence and/or telephone conversations with our team, etc.
We also collect data about the type of device you use when you browse our website (your device's unique identifier, your device's IP address, your operating system, the browser you use, your usage, diagnostic and location data from or about your computers, the type of device from which you access our products and services). Where these data are available, we may use your GPS coordinates, IP address and other technologies to determine the approximate location of your device with the aim of improving our products and services and providing you with a better experience as a user of our services. This includes changes automatically stored by cookies and similar tools used by us or our third party providers.
3. Data from our partners
We collect data from our trusted partners where we have confirmation that they have legitimate reasons to share these data with us. Either you have provided them with these data directly or they have collected the data about you for other legally valid reasons.
4. Publicly accessible data
We may collect data about you that are publicly available.
We deliberately do not collect sensitive data, such as in particular racial or ethnic origin, political opinions, religious and philosophical beliefs or health details.
III - How long do we store the data for?
The retention periods are dependent on the purposes of the processing carried out by Aureto and take into account, in particular, applicable legal provisions that stipulate a specific retention period for certain categories of data, any applicable limitation periods and the recommendations of the CNIL (Commission Nationale de l'Informatique et des Libertés = National Commission for Informatics and Liberties) with regard to certain categories of data processing.
However, after expiry of the above periods and from your request for erasure, your personal data may be subject to interim archiving in order to comply with our legal, accounting and tax obligations and/or any limitation periods associated with our relationship.
IV - Where are your personal data stored?
We may use the services of various third party providers to assist us in providing services in connection with our website. Our providers may be located inside or outside the European Economic Area ("EEA"). Where applicable, the transfer of your personal data will be in accordance with applicable law.
V - With whom do we share personal data?
We undertake not to sell or share your contact details with third parties for their own business activities.
We may temporarily and securely transfer certain personal data necessary for the operation, support and maintenance of our website to third parties, in particular to ensure the dispatch of e-mails you wish to receive and/or to perform tasks necessary for the preparation and dispatch of your order.
If you do not want us to share your personal data with these companies, please contact our customer service department at the following address: "Service Clients - Aureto - Hameau de la Coquillade - 84400 GARGAS - France" or by e-mail: email@example.com.
We may also be required to disclose personal information when its disclosure is necessary as part of a judicial proceeding, court order, summons, warrant or legal process, or as required by law to protect human life; to maintain the safety of our products; to protect our rights and those of our customers, and as part of a mandatory investigation and to the strict extent of what is required under applicable laws.
VI - How do we protect your personal data?
We take appropriate technical and organisational measures in accordance with applicable laws to protect your personal data against accidental or unlawful destruction, loss or alteration and against unauthorised disclosure or access.
We constantly update our security measures to keep pace with advances and developments in technology. For card purchases, we work with payment service providers that adhere to the PCP protocol and help us verify directly with your bank that the card authorises you to make purchases, in compliance with personal data protection standards. Our payment service providers process your card data in accordance with the PCI DSS international security standards developed by the credit card companies VISA, MasterCard, Diners, American Express and JCB, and all other payment methods. This means that your card data are processed with a very high standard of security. When you pay by card, we reserve the right to carry out an identity check. You can also help keep your data safe by taking the following security measures:
* Change your password regularly and use a combination of letters and numbers
* Make sure you use a secure internet browser
VII - What about cookies and other technologies?
A "cookie" is a connection record that designates a text file which may be stored, subject to your acceptance, in a specific area of your terminal's hard drive when you visit the website. A cookie file enables its sender to identify the terminal in which it is stored for the duration of the cookie's validity or storage, and is therefore considered to be personal data.
They are used to register you, deliver advertising targeted to your preferences, combat fraud, analyse the performance of our products and fulfil other legitimate purposes, such as learning about which pages of our website are visited most frequently, as well as user activity and the length of time users spend on our website. These technical tools also allow us to evaluate the effectiveness of our marketing and thus the attractiveness of our products and services to our customers.
As with most websites of the same type, certain data are automatically recorded via a protocol. These data include protocol addresses (IP addresses), the type of browser used, the Internet provider, referring and final pages, the operating system, date and time.
Cookies do not store any data provided by users during an online booking or when registering a customer account. Cookies identify your browser (rather than you) and may not be sufficient in themselves to reveal your identity.
You can set your browser to block these cookies, although it is specified that this may affect your ability to perform certain operations, use certain functions and access certain content on our website.
In addition to the cookies used among other things to identify browsing history and provide statistical tools, there are also the technologies of our partners, which are subject to their own personal data protection policies. We will inform you about the purpose of the cookies we are aware of and the options you have to make a choice regarding these cookies.
VIII - What rights do you have and in particular what legal remedies?
* Right to data: This allows you to know whether your personal data are being processed; which data are being collected, where they come from, why they are being processed and by whom.
* Right of access: You have the right to access the data that have been collected about you. This includes your right to request and receive a copy of your personal data that have been collected.
* Right to rectification: You have the right to request the rectification or erasure of your personal data if they are inaccurate or incomplete.
* Right to erasure: In certain circumstances, you can request that your personal data are erased from our archives.
* Right to the restriction of processing: You have the right to restrict the processing of your personal data.
* Right to object to processing: In certain cases you have the right to object to the processing of your personal data, e.g. in the case of direct marketing.
* Right to object to automated processing: You have the right to object to automated processing, including profiling. You can exercise this right if the use of profiling produces legal effects which significantly affect you.
* Right to data portability: You have the right to receive your personal data in a machine-readable format or, if feasible, by direct transfer from one processor to another.
* Right to withdraw your consent: You have the right to withdraw your consent to the processing of your personal data.
* Right to issue instructions about what should happen to your personal data after your death: You have the right to give us directives at any time about how the personal data we process about you should be managed after your death.
* Right to lodge a complaint with the supervisory authority: You can lodge any complaint with the competent supervisory authority, i.e. the CNIL, at any time.
All requests will be processed as quickly as possible and in accordance with applicable laws.
Please note that if you request the erasure of your data, we may archive your data for the period permitted by applicable law in order to comply with our legal obligations or if we believe it is necessary to prevent possible fraud or other types of misuse, as well as for legitimate purposes such as analysis of non-personal data, debt collection or enforcement of our/your rights in the event of a complaint or legal appeal.
IX - What about third-party websites and services?
X - What about data on minors?
Our products and services are aimed exclusively at adults. Therefore, we do not intentionally collect, use or disclose any data from minors. If we learn that we have collected personal information from a minor, we will take the necessary steps to delete the data as soon as possible. If you learn that a minor has provided us with his or her personal data, please inform us immediately.
XI - Your rights in relation to the processing of your personal data
You have the right of access and right to rectification, request for erasure, restriction or withdrawal of your consent to the processing of your personal data, the right to oppose profiling and the right to data portability at any time. To exercise these rights, please contact our Data Protection Officer at the following e-mail address: firstname.lastname@example.org or at the following postal address: Aureto - Hameau de la Coquillade - 84400 GARGAS - France.