DATA PROTECTION POLICY     

Policy updated as of November 10, 2022

The purpose of this personal data protection policy for the INTEMPORAL PARIS site is to inform users of the site and the online services offered of their rights and obligations relating to the collection of their data.

This protection policy also answers legitimate questions that users of our services may have to ask when using the site.

It is thus recalled that, in particular, the Data Protection Act, as well as European Regulation 2016/679 of April 27, 2016 (GDPR), which entered into force on May 25, 2018, provide for a specific system in terms of supervision and protection Personal Data.

In this context, this policy aims to provide clear, complete and true information on the means and methods used by the INTEMPORAL PARIS site in order to protect the data of its users and respect their rights.

In order for you to benefit from our services in complete security and in complete confidence, this policy presents in a single document clear, simple and sincere information concerning the processing of Personal Data carried out by INTEMPORAL PARIS.

Indeed, as part of our activities, we are required to collect, process and store a certain amount of Data concerning visitors to the Site.

The purpose of this Personal Data protection policy is to inform Users of their rights, as well as the means used by the Service Provider, owner of the site, to guarantee the security of your Data as well as compliance with the requirements laws and regulations in this regard.

This Personal Data protection policy falls within this framework.

This Policy is supplemented by:

  • Our legal notices;
  • The T&Cs of the Site;
  • The Customer T&Cs;

By benefiting from the Online Services provided by the Service Provider, Users undertake to respect and be bound by this Policy.

DEFINITIONS

  • Announcement : Publication on the Site, by which a Seller offers a Product for sale;
  • Client : Refers to a User of the site who has benefited or is benefiting from the Services;
  • General Conditions of Use (CGU) : The General Conditions of Use are made available on the Site. They define and delimit the conditions of use for any person who accesses and uses the Site;
  • General Conditions of Sale (CGV) : Refers to the General Conditions of Sale of the Site;
  • Account : Refers to an access system requiring a personal identifier and password allowing the Customer to purchase the Products offered for sale by the Seller;
  • Data(s) : Any element (information, text, photographs, messages, etc.) collected by the User and implemented by him within the Site and the Services through its use;

  • Personal data(s) : Under the terms of Article 4.1 of the GDPR, means any information relating to an identified or identifiable natural person; is deemed to be an "identifiable natural person" a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity;

  • Functionality(ies) : Each element implemented, accessible and usable within the different Services;
  • Day : Refers to a calendar day in France;
  • INTEMPORAL PARIS : Refers to the Site;
  • Data Protection Act : Refers to Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms accessible on the Internet at the following address: https://www.legifrance.gouv.fr/affichTexte .do?cidTexte=JORFTEXT000000886460
  • Means of Access : Methods and/or function by which the User can access one or more Services in order to use them for his own needs;
  • Operator : Company that operates various electronic telecommunications networks necessary to access and use the Services;
  • Policy : Refers to this policy on the Protection of Personal Data;
  • Provider : Means Mrs Fiona CALIANDRO, located 43 rue Denis Lavogade 94360 Bry-Sur-Marne, registered with the RCS of Créteil under number 912 843 026 and owner of the INTEMPORAL PARIS Site;
  • Product : Refers to fashion Products (clothing, accessories, leather goods, shoes, etc.) offered for sale by Sellers, through the Site;
  • Data Controller : Under the terms of Article 4.7 of the GDPR, means the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing ; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller may be designated or the specific criteria applicable to his designation may be provided for by the law of the Union or by the law of a Member State;
  • GDPR : Refers to Regulation (EU) 2016/679 of the European Parliament
    and of the Council of 27 April 2016 accessible online at the following address: https://eur-lex.europa.eu/legal-content/FR/TXT/PDF/?uri=CELEX:32016R0679&from=FR
  • Services : All the services made available to the User by the INTEMPORAL PARIS Owner Service Provider and accessible via the Means of Access;
  • Site : Refers to the website allowing Users to have access to the Services, namely: fiona@intemporal.paris
  • Processor : Means, under the terms of Article 4.8 of the GDPR, the natural or legal person, public authority, service or other body which processes personal data on behalf of the Data Controller;
  • Processing(s) : Refers to any operation or set of operations carried out or not using automated processes and applied to data or sets of personal data, such as the collection, recording, organization , structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation , erasure or destruction;
  • Third parties: Refers to natural or legal persons who have not accepted these T&Cs, who are not bound by common ownership or control with INTEMPORAL PARIS or other individuals unrelated to INTEMPORAL PARIS and/or the User ;
  • User : Refers to any natural or legal person accessing the Site;
  • Seller : Designates a professional or an individual using the Site to sell luxury and second-hand products, through the Site.

 

  1. WHO COLLECTS YOUR DATA (IDENTIFICATION OF THE PROCESSING RESPONSIBLE)?

The Personal Data Processing Manager is Mrs. Fiona CALIANDRO, who can be contacted:

  • By post: 43 Rue Denis Lavogade 94360 Bry-Sur-Marne
  • By email: fiona@intemporal.paris

Thus, the Service Provider, through its representative, alone determines the means as well as the purpose of the collection of Personal Data Processing necessary for the use of the Services by the User, as well as other necessary Data. the establishment of the contractual relationship, its monitoring and improvement.

 

  1. WHAT ARE THE ACTIVITIES OF INTEMPORAL PARIS AND THE SERVICES OFFERED?

The Service Provider operates a Site called INTEMPORAL PARIS accessible via the Internet allowing the online sale of second-hand luxury Products.

In this regard, this platform is a marketplace (marketplace) allowing Customers to buy, directly online and at affordable prices, second-hand Luxury Products validated and then put online by the Service Provider.

For more information, we invite you to consult the TOS of the INTEMPORAL PARIS Site.

All of these elements are designated in the context of this Policy by the term “ Services ”.

In order to be able to offer you the Services most suited to your expectations, it is necessary for us to collect and process a certain amount of Personal Data.

 

  1. WHEN ARE PERSONAL DATA COLLECTED?

On the Site, Personal Data is collected by the Service Provider:

  • During visits to our Site (connection details);
  • When filling in one or more forms on the Site;
  • When creating and managing an online Account;
  • When browsing the Site;
  • When placing an order;
  • During exchanges between a User and the Service Provider;
  • On the occasion of a report made by a User;
  • When clicking on hypertext links to our social networks;
  • During our exchanges and your actions on our social network pages;
  • When monitoring the relationship between the Service Provider and its Users.

 

  1. BY WHICH INTERMEDIATE ARE PERSONAL DATA COLLECTED BY THE SERVICE PROVIDER?

Personal Data is collected by the Service Provider on the internet, through:

  • From the INTEMPORAL PARIS Website;
  • Direct contacts (telephone, email, etc.) between the User and the Service Provider;

The Service Provider is jointly responsible for processing the pages present on the social networks listed below:

  • Instagram: https://www.instagram.com/intemporal_paris/
  • LinkedIn: https://www.linkedin.com/company/intemporal-paris/?viewAsMember=true



For any difficulty when using the pages listed above, the User may contact the operator in question, or contact the Service Provider.

 

  1. FOR WHAT PURPOSES DOES THE PROVIDER COLLECT PERSONAL DATA?

The Service Provider collects your Personal Data for the following purposes:

  • Provision of the Services as described above;
  • Lead management;
  • Establishment and monitoring of the contractual relationship;
  • Validation and follow-up of the order and delivery, if applicable;
  • Management of requests for rights of access, rectification, portability (if applicable) and opposition;
  • Statistical analysis.



The collection of Data is strictly limited to the achievement and monitoring of the purposes mentioned above.

 

  1. WHAT ARE THE LEGAL BASES FOR COLLECTING PERSONAL DATA

Article 6 of the GDPR states that processing is only lawful if at least one of the following conditions is met:

(a) the data subject has consented to the processing of his or her personal data for one or more specific purposes;

  1. b) the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the latter's request;
  2. c) the processing is necessary for compliance with a legal obligation to which the controller is subject;
  3. d) processing is necessary to protect the vital interests of the data subject or of another natural person;
  4. e) processing is necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller;
  5. f) the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular when the data subject is a child.

Point f) of the first paragraph does not apply to processing carried out by public authorities in the performance of their tasks. »

In this regard, the Service Provider recalls that the Processing carried out is based on:

The necessity relating to the execution of the pre-contractual and contractual relationship;

The legitimate interest of the Data Controller;

In any case, we make sure not to disregard your interest or your fundamental rights and freedoms by allowing you, at any time, to object to all or part of the processing operations described in this Personal Data Protection Policy.

The details of your rights regarding the Personal Data collected by the Service Provider are defined below.

In this context, in the event of opposition, we will inform you of the consequences of this opposition on the performance of the service requested.

 

  1. WHAT DATA IS COLLECTED BY THE PROVIDER?

As part of our Services, we collect and process the following Personal Data:

Collection based on the establishment of a contractual or pre-contractual relationship:

  • Contact details: surname, first name, email address, telephone number;



Collection based on legitimate interest:

  • Data related to the use of equipment provided through the Site;
  • Data related to reports;
  • Data related to orders;
  • Data related to social networks;
  • Data related to exchanges between Users and the Service Provider;
  • Tracking and marketing data: IP address, Connection data (dates, number of connections);


Collection based on your consent

  • Use of cookies other than technical cookies and those remaining strictly necessary for the delivery of a Service expressly requested by the User or the Third Party. This consent can be withdrawn or modified at any time through the tool provided on the Site;
  • Email address in the context of commercial prospecting;
  • Transmission of Contact Data to the Service Provider's partners as part of a joint action.

 

  1. HOW DOES THE PROVIDER ENSURE THE SECURITY OF MY DATA?

With regard to the Data processed, the Service Provider attaches fundamental importance to the security and confidentiality of the Data that you are required to communicate to us.

This Policy results in the Selection of Subcontractors and partners who meet the standards laid down by the regulations in force.

In addition, each employee of the Service Provider undertakes to comply with a strict security and confidentiality policy.

In summary, the Service Provider implements legal and organizational elements to ensure the best possible protection with regard to the type and purposes of the Personal Data collected in order to protect said Data against alteration, accidental or unlawful loss. , unauthorized use, disclosure or access.

In this regard, the Service Provider attaches fundamental importance to:

  • Raising employee awareness of confidentiality requirements;
  • The submission of its Subcontractors to respect their confidentiality obligations;
  • Securing access to its premises and IT platforms;
  • Securing access, sharing and transfer of Data;
  • The implementation of a general IT security policy;
  • The rigorous selection of partners and service providers according to their compliance with the GDPR in particular as well as with other regulatory obligations applicable in France.

 

8.1 DATA STORAGE

Personal Data is stored on servers benefiting from appropriate security and located in Europe and benefiting from adequate security standards with regard to the Data processed.

8.2 OBLIGATION OF CONFIDENTIALITY  

All of the Service Provider's employees are subject to a strict obligation of confidentiality and are made aware of compliance with the provisions of the regulations on the protection of Personal Data.

Furthermore, all of the Subcontractors selected by the Service Provider have affirmed that they have complied with their obligations in this regard and are subject to an obligation of confidentiality.

 

8.3 LOGIN IDENTIFIERS

Any access to the Account requires the communication of an email address and a personal password.

The password is strictly personal and must under no circumstances be communicated to a third party.

We also remind you that the Service Provider or any of our partners will never ask you for access to your personal password.

In the event that you receive a request relating to a password renewal even though you had not requested it, we invite you to ignore this request and contact the Service Provider as soon as possible. In this context, you may be asked for proof of identity.

In case of loss of password, the User may request the renewal of his password through the procedure present on the Site.

8.4 CONCERNING ONLINE PAYMENT DATA

When processing an order in order to benefit from the Services, the Subcontractor service providers mandated by the Service Provider (such as the payment service provider, the carrier, the logistics service provider, etc.) receive exclusively the data necessary for the performance of their own service.

The Data thus transmitted can be used by our service providers only for the execution of the missions entrusted to them by the Service Provider.

The Service Provider only collects Personal Data concerning your contact details, an e-mail address and the means of payment used.

 

  1. FOR HOW LONG CAN MY DATA BE RETAINED BY THE SERVICE PROVIDER?

You will find below a list of the main retention periods applied by the Service Provider.

In principle, the Service Provider deletes the Data collected at the end of the contractual relationship, namely as soon as the User closes his Account, if necessary.

In the event of inactivity of the User's Account (absence of connection to the Site, etc.) for a continuous period of 24 months, the Data collected will be securely deleted. Prior to this deletion, the Service Provider may be required to seek the User's consent in order to continue to benefit from his Account, which would imply the retention of the Data by the Service Provider.

In the absence of a positive response from the User, the Data will be automatically deleted in a definitive and secure manner, with the exception of certain Statistical Data which will be anonymized and may be used to improve the user experience of the Service provider.

It is specified that in the event of deletion of the Account, all of the Data present will be deleted, with the exception of Personal Data that may be retained by the Service Provider on the basis of the legal obligation and with regard to the applicable standards. to the treatment in question.

At the end of the aforementioned storage periods, the Service Provider will delete all of the Personal Data in a definitive and secure manner. On request, the User may also receive a copy of the Data collected by the Service Provider until the deletion of his Account.

Printed on paper, Personal Data will be securely destroyed, including by cross-shredding or burning the paper documents or otherwise and, if saved in electronic form, will be destroyed.

The Service Provider also reserves the right to keep strictly anonymized Statistical Data for a period longer than the periods mentioned above for the purposes of research and scientific publication exclusively.

 

  1. DOES THE PROVIDER COLLECT “SENSITIVE” DATA AND/OR DATA RELATING TO CHILDREN?

It is recalled that “Sensitive” Data is defined as follows by the GDPR:

Information concerning racial or ethnic origin, political, philosophical or religious opinions, trade union membership, health or sex life. In principle, sensitive data can only be collected and used with the explicit consent of individuals . »

In this regard, the Service Provider specifies that it is not in principle required to collect Sensitive Data transmitted by the User during the provision of Services.

With regard to Personal Data relating to minors, it is also recalled that Recital No. 38 of the GPDR provides that:

Children deserve specific protection with regard to their Personal Data because they may be less aware of the risks, consequences and safeguards involved and of their rights related to the processing of Personal Data. This specific protection should, in particular, apply to the use of Personal Data relating to children for marketing purposes or to create personality or user profiles and to the collection of Personal Data relating to children when using services offered directly to a child. The consent of the holder of parental responsibility should not be necessary in the context of preventive or counseling services offered directly to a child. »

It is thus recalled that article 7-1 of the Data Protection Act sets the age limit for the use of Personal Data at 15 years.

In this respect, it is recalled that the creation of an Account is reserved for adults. In this context, the Service Provider is not intended to collect Personal Data from minors under the age of 15.

 

  1. WHAT ARE THE OBLIGATIONS OF USERS?

As a preliminary point, the User must make sure to use recognized and up-to-date Internet access programs, including the various additional modules allowing access to the Services.

The User undertakes to provide the Service Provider with accurate and up-to-date information concerning him directly.

In this regard, each User undertakes, when transmitting Data on the Site or directly, to comply with the Service Provider's General Conditions of Use.

Finally, the User undertakes not to communicate (by e-mail for example) information not expressly requested by the Service Provider and necessary for the performance of the Services.

 

  1. OPTIONAL OR MANDATORY NATURE OF THE PERSONAL DATA COLLECTED

Only the Data provided in a form field marked with an asterisk (*) are mandatory in order to benefit from the Service Provider's Services.

All of the additional Data provided by the User is not mandatory and may be transmitted optionally by the User, in order to improve his User experience on the Site and allow the Service Provider to personalize his experience.

 

  1. WILL MY CONTACT DATA BE USED FOR ADVERTISING PURPOSES? WILL I RECEIVE SPAM FROM THE PROVIDER?

The Service Provider does not carry out commercial prospecting by sending emails, without the prior consent of the User concerned.

It is recalled that, in accordance with the applicable regulatory and legal provisions, the Service Provider may only send you marketing offers or commercial offers on condition that you have given your clear, unequivocal and explicit consent to receive such elements.

In this regard, acceptance checkmarks are provided, where applicable, on the Site in order to obtain your consent on this point. It is also possible, at any time, to withdraw this consent in order to no longer be the recipient of such offers.

 

  1. AUTOMATION OF TRANSMISSIONS AND PROCESSING

The Personal Data collected by the Service Provider is not the subject of decisions based exclusively on automation.

Automation of decision-making or processing can be carried out in an ancillary manner, but will always remain under the control of a human person.

 

  1. WHERE ARE THE DATA COLLECTED BY THE PROVIDER PROCESSED?

The Service Provider mainly processes the Data on internal servers located in Europe.

Our Subcontractors are mainly established within the European Economic Area. On a marginal basis and for certain specific Services, the Data collected by the Service Provider could be transmitted to Subcontractors established outside the European Union.

In this situation, the Service Provider ensures that the appropriate guarantees are provided by the Subcontractors in question to regulate any transfer of Personal Data by signing specific contracts ensuring in particular that the rights of Users are maintained.

 

  1. WHO ARE THE RECIPIENTS OF THE DATA COLLECTED?

The Personal Data collected by the Service Provider may be transmitted to the Subcontractors selected by the Service Provider, provided that said Data is necessary for the performance of their duties.

Your Personal Data may also be disclosed to third parties. In this case, the Service Provider will only be able to do so after having requested and obtained your prior and explicit authorization.

Apart from these situations, the Service Provider does not transfer or assign any Data directly or indirectly concerning its Users to Third Parties.

If you wish to have access to the detailed list of our Subcontractors, you can contact the Service Provider directly using a contact form or the contact details indicated in Article 21 of this Data protection policy.

 

  1. WHAT ARE THE RIGHTS OF USERS?

In accordance with the general European regulations in force on data protection, each User has the right to obtain free information concerning the Personal Data collected by the Service Provider.

Your rights and claims include the following:

  • Article 15 GDPR - Right to information on how Personal Data is processed by the Service Provider;
  • Article 16 GDPR - Right to rectification of Personal Data collected by the Service Provider through the Account or by contacting the Service Provider directly;
  • Article 17 GDPR – Right to erasure, this right does not concern all of the Data collected;
  • Article 20 GDPR - Right to data transfer (portability), this right only concerns Data collected on the basis of consent and the establishment of the contractual relationship;
  • Article 21 GDPR - Right to object.



For any request in this context, the User may send his request to the contact details indicated in Article 21.

If necessary, the Service Provider may be required to ask you for certain additional elements (proof of identity, identifier, etc.) in order to ensure your identity in the context of the exercise of your rights.

 

  1. WHAT HAPPENS TO MY DATA IN THE EVENT OF DEATH? WHO WILL HAVE ACCESS TO THE TRANSMITTED DATA?

The Service Provider may be required to have Personal Data relating to a deceased person.

In this case, law no. 2016-1321 of October 7, 2016 establishes the principle that the personal rights of the deceased expire on the death of their holder.

However, the regulations provide for two exceptions in which these rights may be temporarily maintained:

  • The deceased has taken directives aimed at allowing any person, during his lifetime, to organize the conditions for the storage, erasure and communication of his personal data after his death;
  • In the absence of instructions or mentions to the contrary from the deceased, it is provided that the heirs may "to the extent necessary" exercise the rights relating to:
    • the organization and settlement of the estate of the deceased. As such, the heirs can access the processing of personal data concerning them in order to identify and obtain communication of information useful for the liquidation and distribution of the estate. They can also receive communication of digital goods or data similar to family memories, transmissible to heirs .
  • to the consideration, by the data controllers, of his death. As such, the heirs can have the user accounts of the deceased closed, oppose the continuation of the processing of personal data concerning him or have them updated .

In the event that you would like the Service Provider to collect your instructions regarding the transmission of Personal Data post-mortem, we invite you to contact us at the contact details indicated in Article 21 of this Policy.

 

  1. HOW ARE USERS NOTIFIED OF CHANGES TO THIS DATA PROTECTION POLICY?

The Service Provider may modify this Data Protection Policy at any time.

The Service Provider will inform the Users by any means of the modifications made to this document.

The Service Provider invites Users to regularly read the Data Protection Policy in order to keep themselves fully informed of its provisions.

 

  1. CONTROL AUTHORITY

In the event that you believe that the Service Provider does not comply with its obligations in terms of the protection of Personal Data, you can contact the competent supervisory authority, namely the CNIL ( https://www.cnil .fr/fr/agir or 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07).

 

  1. HOW TO CONTACT THE PROVIDER?

Users may contact the Provider for any questions they may have about this Data Protection Policy at the following addresses:

  • By post: 43 Rue Denis Lavogade 94360 Bry-Sur-Marne
  • By email: fiona@intemporal.paris

In this context, you may be asked for proof of identity before processing your request.