Concerned about the protection of your privacy, Hello Broc is committed to ensuring the best level of protection of your personal data.
As part of its activities, Hello Broc provides its customers with an e-commerce service accessible from the website www.hellobroc.com.
To deliver its service, Hello Broc collects personal data on individuals. Data collection takes place on the website.
The purpose of this section is to provide you with complete information on the use made by Hello Broc of the personal data of its customers.
Hello Broc, as Data Controller, undertakes to comply with the provisions of Regulation (EU) No. 2016/679 of April 27, 2016 relating to the protection of personal data.
In the forms for collecting personal data on the site or in paper format, the Customer is notably informed of the compulsory nature or not of the collection of data.
1. WHO COLLECTS PERSONAL DATA?
1.1. Hello Broc: Data controller
In general, the company that collects personal data and implements data processing is:
SMPCD, Limited Liability Company with capital of 10,000 Euros, registered with the Toulouse Trade and Companies Register under number 900 704 131, whose registered office is located at 5 impasse Colombette bureau 3 31300 Toulouse.
1.2. Other data controllers
However, during your visit to the website, other companies may collect personal data about you. These companies may publish cookies, tracers or tags mentioned in point 12 hereof.
2. WHAT ARE THE PURPOSES OF COLLECTING YOUR PERSONAL DATA AND WHAT ARE OUR REASONS?
2.1 LEGAL BASIS FOR PROCESSING
User privacy is protected by regulation. Under data protection regulations, Hello Broc is only allowed to use its users' personal data if it has a valid legal basis. Hello Broc must ensure that it has one or more of the following legal bases:
the performance of a contract (for example to process and fulfill an order for goods or to open and manage a Hello Broc account), or;
the performance of a legal obligation (e.g. keeping invoices), or;
when it is in the legitimate interest of Hello Broc, or;
When the user has given his consent.
A "legitimate interest" of Hello Broc must not go against the rights and freedoms of users. Examples of legitimate interests mentioned in the GDPR include fraud prevention, direct marketing and data sharing within a group of companies.
The applicable legal bases for each data processing are specified in the table below.
2.2 HELLO BROC DATA PROCESSING
The Hello Broc company is required to collect and record personal data of its customers to carry out the following processing:
Why do we use your personal data? |
|
What are our reasons? |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For processing requiring the collection of consent, the person concerned has the option of withdrawing their consent by sending a request by email to contact@hellobroc.com
Fraud prevention and fraud risk assessment operations have been authorized by the CNIL as explained in point 8.3.
The operations of connecting people with deafness problems are based on the express consent of the person concerned. The person concerned has the option of withdrawing their consent by sending a request by email to contact@hellobroc.com
3. ORIGIN OF THE DATA COLLECTED BY HELLO BROC
Hello Broc collects data directly from its customers when using its websites (account creation, browsing, contacting customer service, etc.), its mobile applications, its stores or the marketplaces on which it is present.
In some cases, Hello Broc may also collect data from third-party partners in order to update the information it has.
4. TO WHOM ARE YOUR DATA TRANSMITTED?
Your data is transmitted to Hello Broc partners who may process the data on their behalf (these are recipients) or only on behalf and according to the instructions of Hello Broc (these are subcontractors).
4.1. Hello Broc Data Recipients
The recipients of the data are:
financing and credit institutions
The police authorities in the context of legal requisitions concerning the fight against fraud
Customs services in case of delivery abroad
Commercial partners and marketing and advertising agencies:
The categories of partners allowing Hello Broc to display its commercial offers are:
Affiliate marketing companies
Social networks (Facebook; Pinterest)
Marketing and advertising agencies (Google Ads)
4.2. Hello Broc subcontractors
Hello Broc also uses subcontractors for the following operations:
secure payment on sites and mobile applications
the fight against fraud and the recovery of unpaid bills
Personalization of the content of sites and mobile applications
Carrying out technical maintenance and development operations for the website, internal applications and the Hello Broc information system.
Collection of customer reviews
Sending commercial prospecting emails and mobile notifications
5. WHAT ARE MY DATA RIGHTS
5.1. What are my rights ?
Pursuant to Articles 14 to 22 of Regulation 2016/679 of April 27, 2016, any natural person using the service has the right to exercise the following rights:
Access rights
A right of rectification,
A right of opposition and erasure to the processing of his data
A right to oppose profiling
A right to restriction of processing,
A right to data portability
Finally, when Hello Broc detects a personal data breach likely to create a high risk for your rights and freedoms, you will be informed of this breach as soon as possible.
5.2. How to exercise them?
These rights can be exercised with the Sarl SMPCD which collected the personal data as follows:
By post, by writing to us at the following address:
Hello Broc - 5 impasse Colombette bureau 3, 31000 Toulouse, indicating your surname, first name, address, email and if possible customer reference in order to speed up the consideration of your request.
Electronically by sending your request to contact@hellobroc.com
The request must be accompanied by proof of identity.
Hello Broc sends a response within 1 month after the exercise of the right. In certain cases, related to the complexity of the request or the number of requests, this period may be extended by 2 months.
5.3. What are the consequences of exercising the right to oppose profiling?
In the event of the exercise of a right of opposition to marketing profiling, the user is informed that he will continue to receive commercial solicitations but these will be less relevant and will no longer be targeted according to his centers of interest. the person.
5.4. What to do next ?
In the event of no response or an unsatisfactory response, the data subject has the option of contacting the supervisory authority of his country of residence:
In France, the CNIL: https://www.cnil.fr/
In the UK, the ICO: https://ico.org.uk/
In Spain, the AEPD: http://www.agpd.es/portalwebAGPD/index-idfr-idphp.php
In Portugal, the CNPD: https://www.cnpd.pt/index.asp
In Belgium, the CPVP: https://www.privacycommission.be/fr
In Switzerland, PFPDT: https://www.edoeb.admin.ch/edoeb/de/home.html
6. WHAT HAPPENS TO MY DATA AFTER MY DEATH?
The User can formulate directives relating to the conservation, erasure and communication of his data because
acts personal after his death in accordance with article 40-1 of law 78-17 of January 6, 1978. These directives may be general or specific.
The User can formulate his advance directives by email to contact@hellobroc.com
7. ARE MY DATA SENT OUTSIDE THE EU?
You are informed that personal data concerning you may be transmitted for the purposes of the purposes defined above to companies located in countries outside the European Union and not offering an adequate level of protection with regard to the Protection of personal data.
Prior to the transfer outside the European Union, and in accordance with the regulations in force, Hello Broc implements all the procedures required to obtain the guarantees necessary to secure such transfers.
Transfers outside the European Union may be carried out in particular within the framework of the following activities:
Activity
Data destination country
Supervision of data transfer
Use of data on social networks
UNITED STATES
Standard contractual clauses
Browsing tracking
UNITED STATES
Standard contractual clauses
Customer relationship activities
Morocco
Madagascar
Ivory Coast
BCR standard contractual clauses
Technical outsourcing and maintenance services
UNITED STATES
Standard contractual clauses
For more information on the framework for cross-border flows, you can contact the data protection officer.
8. HOW LONG ARE MY DATA RETAINED?
Hello Broc has determined specific rules regarding the retention period of Users' personal data.
8.1. General rules concerning the management of the commercial relationship:
To calculate the most relevant retention period, Hello Broc distinguishes between:
people called "prospects" and who have never made a purchase from Hello Broc and its partners
people called "customers" who have made at least 1 purchase (including purchases on the Marketplace)
Customer and prospect data are kept for a period of 3 years.
Regarding prospects, the starting point of the retention period is the creation of the account
Regarding customers, the starting point of the retention period is their last purchase from Hello Broc. The retention period for a customer's data will be different depending on whether or not the latter joins a loyalty program.
8.2. Specific rules concerning certain data processing:
For certain types of processing, data retention is subject to specific retention periods.
Here are some examples:
The recordings of telephone conversations with the customer relations department are kept for a period of 3 months.
The instructions concerning the fight against fraud are kept for 3 years.
Invoices related to purchases are kept for 10 years.
8.3. Specific rules concerning bank details:
In order to avoid having to re-enter your bank details for future orders, you can choose, by ticking the acceptance box provided for this purpose, that your bank cards are associated with your online account. They are registered with OGONE or MONEXT in a secure manner. You can consult the list of your saved cards (in hidden mode), but also delete all or part of its content, in the “Means of payment” section of the “My purchases” section of “My Account”. In this case, your deleted cards will no longer appear in your online account or in future orders.
In order to be able to debit the account during invoicing or to credit it following a return, the payment service provider keeps the bank details associated with the authorization number, the time necessary to carry out the transaction (payments after dispatch of the goods) and the handling of any complaints (returns, disputes).
If you have chosen to register your bank cards, these are automatically deactivated when the validity date of the card expires.
9. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA?
9.1. General rules
As data controller, Sarl SMPCD takes all necessary precautions to preserve the security and confidentiality of the data and in particular to prevent it from being distorted, damaged, or from unauthorized third parties having access to it.
Hello Broc has deployed a robust security system to ensure the utmost security of the data collected and to detect data breaches. This includes physical security of the buildings housing our systems, computer system security to prevent external access to your data, and having secure copies of your data.
When it uses subcontractors, Hello Broc ensures compliance with
these rules related to data protection.
9.2. Rules applicable to bank details and bank card
To ensure payment security, Hello Broc uses the services of PCI-DSS certified service providers. This standard is an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and thus to secure the protection of card and transaction data.
When you place an order by credit card payment at Hello Broc, our order taking system connects in real time with the payment system which collects your data and carries out various checks to prevent abuse and fraud. The data is stored on the payment provider's servers and is never transmitted to Hello Broc's servers. The payment provider requests authorization from the bank and sends us a transaction number which allows operations up to the amount of the authorization.
10. WHAT SHOULD YOU KNOW ABOUT DATA COLLECTED BY SOCIAL NETWORKS?
Hello Broc offers you the use of social networks to improve the commercial relationship (eg Facebook messenger), share content (eg the “share” buttons on Facebook, Instagram or Twitter), offer you targeted advertising offers on these networks ( ex: Facebook Custom Audience or Pinterest) or allow you simplified authentication by means of a social connect (ex: Facebook connect).
The use of social networks to interact with Hello Broc is likely to lead to exchanges of data between Hello Broc and these social networks.
For example, if you are connected to the Facebook social network on your computer and you consult a page of the Hello Broc site, Facebook is likely to collect this information. Similarly, if you click on the "pin" button on a page of the Hello Broc site, Pinterest will collect this information.
Hello Broc invites you to consult the personal data management policies of the various social networks to find out about the personal data that may be transmitted by them.
11. IS DATA ON MINORS UNDER THE AGE OF 16 COLLECTED?
In accordance with the general conditions of sale, it is necessary to be 16 years old to create an account on the Hello Broc site and make purchases.
When creating an account, the user has the option of communicating the data of his children. The user is likely to transmit to Hello Broc data concerning minors under the age of 16. He makes sure to be the holder of parental authority and expressly agrees to transmit this data of minors to Hello Broc.
12. WILL I RECEIVE COMMERCIAL SOLICITATIONS?
12.1. Principles applicable to Hello Broc
Hello Broc uses your contact details to send you targeted advertising, in particular by email, post, sms, notification on smartphone or internet browser, on social networks or third-party websites.
In this context, Sarl SMPCD undertakes to respect the rules applicable to each prospecting channel.
12.2. Prospecting by email and sms
Hello Broc complies with the rules enacted by Directive 2002/58/EC of July 12, 2002, which provides for the express prior collection of the User's consent for the sending of commercial prospecting by electronic means (e-mail or SMS).
Thus, when creating your account on the site, you are expressly asked for your consent:
to receive offers from Hello Broc by email
to receive offers from Hello Broc partners to whom your details would be sent
to receive offers from Hello Broc by sms
Hello Broc will not send you personalized solicitations by email or sms if you have not consented to them.
There is an exception in the event that the User, without having given his prior consent, may however be canvassed when he is already a customer of Sarl SMPCD and the purpose of the prospecting is to offer products or similar services.
In any case, the User has the possibility of opposing the receipt of these requests by carrying out the following actions:
When creating the account, tick “no” the boxes related to prospecting;
For email, by clicking on the unsubscribe link provided in each email or by going to your account in the newsletter section;
For the sms, by sending a stop SMS to the number indicated in it or by going to his Hello Broc account in the newsletter section;
By logging into their Hello Broc account and accessing the communication preferences allowing them to manage their subscriptions;
By contacting customer service by email at contact@hellobroc.com.
12.3. Email Retargeting
After browsing our site, you receive an Email while
you have not given your email address to Hello Broc. How is it possible ?
Hello Broc uses the services of companies whose role is to identify Internet users who have already visited our website and to send them personalized e-mails.
These companies use cookies to distinguish users and then to personalize the advertisements they receive based on their browsing history.
Who collected my email address?
This processing involves partners who have already collected your email address, as well as your consent to authorize the sending of advertising.
You can object to this type of processing by refusing advertising cookies on the Hello Broc site and on third-party sites.
12.4. Display of personalized digital advertisements
A visitor to the Hello Broc site is likely to see advertisements for Hello Broc products on third-party sites or social networks.
If you do not wish to be subject to this type of processing, you should refuse cookies and advertising tags on the Hello Broc site and on third-party sites.
You can object to this type of processing by clicking here.
12.5. Notifications on mobile applications and web browsers
During the first visit to the Hello Broc site or when opening the Hello Broc mobile application on your smartphone, you must give authorization to receive mobile or "Push" notifications.
12.6. Business prospecting by phone
Hello Broc has the possibility of contacting you by telephone to offer you offers on products or services. Your telephone details may also be passed on to partners of Hello Broc (list of partners in 3.1 of this policy). If you do not wish to be solicited, you have the possibility of registering on the list of opposition to canvassing accessible on the site www.bloctel.gouv.fr or of exercising your right of opposition with Hello Broc in writing to info@hellobroc.com.
12.7. Commercial prospecting by post
Hello Broc or its partners can send you requests by post. You can object to this at any time by exercising your right to object in accordance with point 4 of this data protection policy.
13. DOES HELLO BROC USE COOKIES, TAGS AND TRACKS?
When using our Service, information relating to the navigation of your terminal (computer, tablet, smartphone, etc.) may be saved in "Cookies" files stored on your terminal, subject to the choices that you have expressed regarding Cookies and that you can modify at any time.
13.1. WHAT IS A COOKIE ?
The term cookie encompasses several technologies making it possible to operate a navigation follow-up or a behavioral analysis of the Internet user. These technologies are multiple and constantly evolving. In particular, there are cookies, tags, pixels, Javascript code.
The cookie is a small text file saved by the browser of your computer, tablet or smartphone and which makes it possible to store user data in order to facilitate navigation and allow certain functionalities.
There are two types of cookies:
first party cookies, deposited by Hello Broc for the purposes of navigation and operation of the site;
third party cookies deposited by third party partner companies in order to identify your areas of interest and to send you personalized offers. These third party cookies are directly managed by the companies that publish them and which must also comply with data protection regulations.
The cookie is saved on your computer when you consult the Hello Broc website or when you consult an email from Hello Broc.
13.2. WHY ARE COOKIES, TAGS AND TRACKS USED?
The Cookies that Hello Broc issues on the site allow:
- to establish statistics and volumes of frequentation and use of the various elements composing our services. As such, we use audience measurement cookies.
- to adapt the presentation of our Site according to the terminal used;
- to adapt the presentation of our Site according to the affinities of each user;
- to memorize information relating to a form that you have completed on our Site (registration or access to your account, subscribed service, content of an order basket, etc.);
- to allow you to access reserved and personal areas of our Site, such as your account, using identifiers;
- to implement security measures, for example when you are asked to log in to your account again after a certain period of time;
- share information with advertisers on other websites to offer you ads
advertising campaigns that are relevant and in line with your centers of interest. As such, we use advertising cookies;
- share information on social networks. As such, we use cookies to share on these networks;
- to have statistics of deliverability, opening and reading of newsletters sent by email.
13.3. HOW TO SET THE DEPOSIT OF COOKIES, TAGS AND TRACKS?
In accordance with Directive 2002/58/EC of July 12, 2002, Sarl SMPCD obtains your prior consent to the deposit of advertising cookies, audience measurement and sharing on social networks.
You can choose at any time to express and modify your wishes in terms of cookies, by the means described below.
13.3.1 Configuring your navigation software
You can configure your browser software so that cookies are saved in your terminal or, on the contrary, that they are rejected, either systematically or according to their issuer. You can also configure your browser software so that the acceptance or refusal of cookies is offered to you from time to time, before a cookie is likely to be saved in your terminal.
13.3.2. Setting up your smartphone's operating system
You have the possibility to control the deposit of Cookies on your smartphone in the rules of the operating system.
13.3.3. Setting cookies with a tool offered by Hello Broc
In order to comply with the regulations, Hello Broc uses a tool allowing the Internet user to configure the deposit of cookies when connecting to the site www.hellobroc.com
To access the list of deposited cookies and configure their deposit click here
13.3.4. External link allowing to manage the deposit of cookies
You also have the option of opposing the deposit of cookies by accessing the website http://www.youronlinechoices.com/fr/controler-ses-cookies/.
You can also oppose the deposit of the cookies listed below directly on their website:
Criteo: Criteo helps brands, e-commerce sites and advertisers promote their products and services online through personalized campaigns and/or offers, which provide their audiences with the most relevant content. You see the advertisements most likely to interest you on the websites, mobile applications and other platforms of our partners. To oppose it, click here.
RTB House: RTB House develops online advertising solutions for clients worldwide. The technology relies on retargeting and real-time bidding (RTB) models to deliver personalized ads to you in real time. You can oppose it by clicking here
LIVERAMP: LiveRamp technology enables advertisers to display relevant offers on the websites and/or mobile applications you visit. In order to improve the advertising targeting of advertisers, LiveRamp operates a reconciliation and an analysis of the data. These services are based on the deposit of cookies on your browser or on the use of your mobile advertising identifier. LiveRamp also collects your irreversibly encrypted and hashed email address which allows the creation of a technical key associated with your cookies and/or mobile advertising identifiers. Other technical information may be automatically collected (such as IP address, operating system or browser type). These cookies do not track your browsing. You can easily oppose it at any time by clicking here
14. HOW TO CONTACT THE DATA PROTECTION OFFICER?
The Data Protection Officer is responsible for ensuring compliance with the regulations and rules described in this document.
In particular, it ensures that a register of personal data processing implemented in the company is established and that it complies with the regulations and their developments.
It ensures the awareness of the teams and responds to users wishing to exercise their rights concerning the personal data collected by Hello Broc.
You can contact the Data Protection Officer at info@hellobroc.com
To find out more about your rights, go to the website of your supervisory authority:
In France, the CNIL: https://www.cnil.fr/
In the UK, the ICO: https://ico.org.uk/
In Spain, the AEPD: http://www.agpd.es/portalwebAGPD/index-idfr-idphp.php
In Portugal, the CNPD: https://www.cnpd.pt/index.asp
In Belgium, the CPVP: https://www.privacycommission.be/fr
In Switzerland, PFPDT: https://www.edoeb.admin.ch/edoeb/de/home.html