CONFIDENTIALITY AND PERSONAL DATA PROTECTION POLICY OF THE TAPILOU WEBSITE
Access to and use of the www.tapilou.com website (hereinafter referred to as the « Site ») may involve your providing a certain amount of personal data (hereinafter referred to as « Personal Data » concerning you. In order to preserve your confidence, We, the TAPILOU company , invite you to read our policy in this area, which describes the data collected, the use made of it, and the rights you have with regard to them.
« Customer » the user who is a customer of the Site.
« Customer Account » the account that you have created as a Customer and user and which is accessible through your Login details.
« Geolocation data » data that identifies your location in a reasonably specific way, for example using latitude and longitude coordinates obtained by GPS, Wi-Fi or mobile triangulation.
« Personal Data » any information relating to an identified or identifiable natural person; is deemed to be an " identifiable natural person " a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to its physical, physiological, genetic, psychological, economic, cultural or social identity.
« Login » refers to your email address and your password.
« Data Protection Act » Law n ° 78-17 of January 6, 1978 relating to data processing, files and freedoms (amended by law n ° 2018-493 of June 20, 2018).
« Product(s) » refers to the play mat for children 100% made in France marketed by the Company on the Site.
« EU Regulation 2016/679 » Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of those data.
« Services » all the features made available to you through the use of the Site.
« Site » the TAPILOU website which is exclusively intended for you as a user and non-professional (private) customer and accessible at the URL www.tapilou.com
« Terminal » the smartphone, tablet or any other equipment having an operating system compatible with the Site and from which you access the Content and Services.
The website www.tapilou.com is published by the company TAPILOU, a simplified joint-stock company with a capital of 1,000 euros registered in the Marseille Trade and Companies Register under number 882 014 095 with registered office at 58, Montée de Saint-Menet, 13011 Marseille - France, represented by Mrs Déborah Goldberg, in her capacity as chairman.
In the course of using the Site, we collect and process a certain amount of Personal Data concerning you.
We are therefore data controllers within the meaning of the Data Protection Act and EU Regulation 2016/679.
3. WHAT PERSONAL DATA DO WE COLLECT ?
We only collect, via the Site, your Personal Data which is strictly necessary for the proper performance of the services offered, namely:
- The creation of a Customer Account;Payment of your orders;
- Delivery of your orders ;
- Archiving your orders and issuing invoices;
- Sending a newsletter;
- Making contact via the contact form.
You agree to communicate complete and accurate information in order to allow the proper performance of the Site Services.
The Personal Data that we collect for the creation of your account are: your surname, your first name, your email address and your password.
This data is collected in order to allow you to create a Customer Account and to have access to the Services.
We collect the data strictly necessary for making payment of your order, namely, depending on the payment method chosen :
- the card number, expiry date and the security code (visual cryptogram) when paying by credit card via the STRIPE payment solution ;
- e- mail address and password of the PAYPAL account in case of payment via your PAYPAL payment solution ;
- the name of the banking, the IBAN and the BIC of the banking establishment in the case of payment in three installments via the ALMA installment payment solution.
IT IS STRONGLY RECOMMENDED THAT YOU READ THE PRIVACY POLICIES OF OUR PAYMENT SOLUTIONS SERVICE PROVIDERS BEFORE PLACING AN ORDER . .
We guarantee to take all the appropriate organisational and technical measures to preserve the security, integrity and confidentiality of your bank details against any unauthorised access, use, misappropriation, communication or modification by using secure payment systems in accordance with the state of the art and applicable regulations. This data is encrypted using a “strong” algorithm.
The Personal Data that we collect for the management of your orders are: your name, your first name, your email address your delivery address, your telephone number, your billing address, and possibly the name and first name of the person to whom you wish to offer a Product or a gift card.
This data is collected in order to allow us to manage your order and deliver the Products to the person concerned.
Through the contact form, we collect data relating to your name, first name, email address as well as the subject and content of the message you wish to send us.
The contact form allows you to contact us in order to find out more about our Products, to comment on them or to ask us general information questions. The data is collected so that we can contact you in order to respond to your message.
The Personal Data that we collect to subscribe to our Newsletter is limited to your email address.
This allows us to send you our Newsletter.
We also collect your geolocation data if you authorise us to receive it by activating access to geolocation data through the settings on your smartphone, tablet or any other equipment having an operating system compatible with the Site.
4. WHY DO WE COLLECT YOUR DATA ?
We collect your data:
- To operate the Site and provide the Services, in particular to authenticate your access to your Customer Account and make payment for your order and deliver the Product(s) to you ;
- To manage our business needs, such as monitoring, analysing and improving the performance and functionality of the Site. For example, we analyse your behavior and conduct surveys on how you use the Site ;
- To protect you and the Site against fraud by verifying your identity, and helping to detect and prevent fraud and abuse of the Site;
- To comply with our obligations and enforce our general conditions of use of the Site as well as to comply with all applicable laws and regulations.
- For the purposes of statistical processing and improving our services. These treatments are completely anonymous, and therefore not covered by the aforementioned Regulation 2016/679.
5. WHAT IS THE JUSTIFICATION OF THIS COLLECTION ?
The data will be collected and processed in a fair and lawful manner, and will be used for the performance of the services offered on the Site.
In the context of the orders you place on the Site, the legal basis for collection and processing is the execution of the sales contract concluded between TAPILOU and the Customer.
With regards to other processing, we only collect your Personal Data to the extent that you have expressly given your consent.
You can withdraw your consent at any time by sending a request to the following contact details :
- By email : : firstname.lastname@example.org.
- Or by post : TAPILOU - 58, Montée de Saint-Menet, Résidence les Jardins d'Hellènes V5, 13011 Marseille - France.
The withdrawal of your consent only applies for the future and does not call into question the lawfulness of the processing carried out prior to the withdrawal of your consent.
6. WOULD YOU LIKE TO RECEIVE OUR NEWSLETTER AND / OR OUR COMMERCIAL OFFERS ?
You can consent or object the use of your email address at the time you provide your data, in order for us to send you our newsletter or commercial offers electronically.
You can object to this canvassing at any time via the link provided for this purpose in all the emails you receive.
7. TO WHOM DO WE COMMUNICATE YOUR DATA ?
TAPILOU is the sole recipient of all the data collected and processed. Only the duly authorised TAPILOU staff will be aware of it.
Our service providers responsible for the delivery of your Products also have access to only the data necessary for the proper performance of their delivery service, namely : your surname, first name, email address , telephone number and your delivery address.
Our payment solutions providers also have access only to the data necessary for the proper performance of their service as specified in Article 3.2 hereof.
Finally, our subcontractor IT service providers may have access to the data during their maintenance operations, but may under no circumstances carry out any other data processing operation, such as a modification or use the data thereof.
Your personal information will never be sold, exchanged, transferred or given to another company for any reason whatsoever, without your consent, other than what is necessary to fulfill a request from you.
No data is transferred outside the European Union or a country that does not ensure a sufficient and appropriate level of data protection in accordance with the European Union regulations on Personal Data.
Anonymised data, however, may be provided to other parties for marketing, advertising or other uses.
8. WHO ARE OUR SUBCONTRACTORS ?
As part of the data processing carried out, we use the company SHOPIFY, a company incorporated under Canadian law, whose premises are located at 151, rue O'Connor - Ottawa, Ontario K2P 2L8 - Canada, which ensures:
- hosting all Personal Data processed on the Site and
- the maintenance of the site.
We guarantee that our subcontractors host the data within the European Union or in a country ensuring a sufficient and appropriate level of data protection and present sufficient guarantees as to the implementation of appropriate technical and organisational measures so that the processing meets the requirements of EU Regulation 2016/679 and the Data Protection Act.
In any case, any subcontracting is carried out in strict compliance with this document. Therefore, we guarantee that our subcontractors in no way exceed the processing methods defined in this document.
The subcontractor may i be authorized to subcontract all or part of its operations subject to strict compliance with the provisions of article 28 of EU Regulation 2016/679 and of this document.
However, as data controllers, we remain your sole point of contact.
9. WHAT ARE YOUR RIGHTS ?
In accordance with the regulations in force, you have the rights over your Personal Data.
To exercise these rights, you must write to us, stating the purpose of your request and provide proof of receipt of your request.
Any enquiries about your rights or request to exercise your rights should be sent to the following contact details :
- by email : email@example.com.
- or by post : TAPILOU - 58, Montée de Saint-Menet, Résidence les Jardins d'Hellènes V5, 13011 Marseille - France.
Any request to exercise your rights must be accompanied by a copy of your identity in order to avoid any fraud and / or unlawful access to your data.
However, certain personal information may be exempt from such requests in certain circumstances, for example if it infringes the rights and freedoms of third parties. If an exception applies, we will let you know when responding to your request.
9.1 Rights of access, opposition, limitation, deletion and rectification of data
In accordance with the regulations in force, you have the right :
- to access any of your Personal Data that we hold about you ;
- to update any of your Personal Data that is outdated or incorrect;
- to restrict the way we process your Personal Data;
- to ask us to provide you with a copy of any of the Personal Data that we hold about you;
- to oppose the use of your Personal Data;
- to oppose the use of your Personal Data for canvassing purposes.
9.2 Right to data portability
You have a right to the portability of your data, which must be returned to you by us in a structured, commonly used and machine-readable format, if you wish.
You can only exercise this right to portability with regard to data that you have actively and consciously declared or that you have generated through your activity, in particular in the context of the use of the contact form, to the exclusion any other data that is calculated, derived or inferred from the data you have provided.
In addition, this right affects only data processed automatically and collected on the basis of your consent or the execution of a contract.
We reserve the right not to comply with your request if the data concerned in your request does not meet the above conditions.
For all data that does not meet the aforementioned criteria, you can only exercise the rights mentioned in the previous clause.
We will not prevent the transmission of the data concerned by the right to portability to another data controller, either through you or directly when technically possible. In the event that the direct transmission of data to another data controller is not technically possible, we will inform you and offer you an alternative solution.
We are not responsible for the processing of the data resulting from the right to portability once you have retrieved it. We are not responsible for the processing carried out by the company that collected your data following a request that you have made in this regard.
9.3 Right to issue advance directives
In accordance with the regulations in force, you can formulate advance directives on the use of your data after your death (for example : conservation, deletion, disclosure).
You can modify or retract your instructions at any time.
9.4 Right to lodge a complaint with the CNIL
You are informed of your right to contact the CNIL in the event of non-compliance with legal and regulatory provisions on our part in the context of the management of your Personal Data.
To do this, you can contact the CNIL at the following link : : https://www.cnil.fr/fr/plaintes
Notwithstanding the above, as data controller, we remain your sole point of contact.
10. HOW LONG DO WE KEEP YOUR DATA ?
10.1 We keep your Personal Data in an identifiable format only for a period strictly necessary for the management of our commercial relationship and for compliance with our legal and / or regulatory obligations.
Insofar as you are a Customer and hold a Customer Account, some of the data collected about you is kept for a period of five (5) years following the year in which the contract between us comes to an end (deletion of the Customer Account) in an intermediate archive, to be able to respond to you in the event of a dispute.
10.2 The data collected from the contact form are kept for the time necessary for us to respond to you and, possibly, for the duration of the successive exchanges that would be established between you and us. We then archive this data for a period not exceeding one (1) year from its collection or from the last message you sent us.
10.3 The banking data collected on the Site as part of the payment for the Products is kept until the last payment deadline. Bank data is then kept in intermediate archives  for thirteen (13) months following the debit date or fifteen (15) months in the case of deferred debit payment cards, and can only be used in the event of a dispute of the transaction by the Customer, at proof, in accordance with article L.133-24 of the Monetary and Financial Code.
10.4 In the event that you have not objected to commercial canvassing, the Personal Data concerning you is kept for a period of three (3) years from their collection or from the last contact from you (for example, a request for documentation or a click on a hypertext link contained in an e-mail constitutes a contact emanating from you. On the other hand, the opening of an e-mail cannot be considered as a contact emanating from you). At the end of this three (3) year period, we can contact you to find out if you wish to continue to receive commercial solicitations. In the absence of a positive and explicit answer from you, the data will be deleted.
10.5 In the event of exercising the right of access or rectification, data relating to identity documents are kept for the period provided for in Article 9 of the Code of Criminal Procedure, i.e. one (1) year.
If the right to object is exercised, data relating to identity documents may be archived during the limitation period provided for in Article 8 of the Code of Criminal Procedure, i.e. three (3) years.
If you exercise right to object to receiving commercial canvassing, the data necessary to take into account the exercise of your right, such as your email address, are kept for three (3) years from the date of 'exercise of your rights and may not be used for any other purpose.
10.6 In addition, we may keep anonymous or irreversibly anonymised data processed for an unlimited period for the purposes of statistical reprocessing. Given the anonymous nature of this data, it is not considered to be personal data within the meaning of EU Regulation 2016/679.
A cookie is a small file, which does not allow your personal identification, but which nevertheless records information relating to the navigation of a Terminal on a website.
These cookies improve access to our website and identify repeat visitors. In addition, our cookies improve your experience by tracking and targeting your interests.
The cookies used on the Site are placed by us or by third parties.
We place cookies on the Site that are strictly essential for browsing the Site, cookies having the exclusive purpose of enabling or facilitating electronic communication and audience measurement cookies, the purpose of which is limited to the measurement of audience of the content viewed in order to allow an evaluation of the content published and the ergonomics of the Site.
Third parties place Google Analytics and Hotiar cookies for the purpose of audience measurement.
We automatically receive and record information from your Terminal and browser, including your IP address, software and hardware, and the page you request.
The collection of the IP address is essential to allow you to communicate on the Internet, but does not provide more precise information than the city, and the IP address is anonymised once the geolocation is made.
The cookies used in addition to the cookies strictly necessary for browsing the Site are used for the following purposes :
- Audience measurement : these cookies are used in particular to establish attendance statistics;
- Social buttons : these cookies allow the content of the Site to be shared on social networks ;
- Tracking and advertising spaces : these cookies make it possible to place promotional content in advertising spaces and to offer targeted advertising according to your areas of interest.
Cookies that are not strictly necessary can be disabled by following the instructions given in the " How to configure cookies ?" section below.
Cookies that are strictly necessary for the provision of a service on the Site expressly requested by you do not require your consent.
On the other hand, cookies that are not strictly necessary for browsing the Site require your consent. As long as you have not given your consent, these cookies cannot be placed or read on your Terminal. You are informed by the appearance of a banner.
You can withdraw your consent to deposit or read certain cookies on your Terminal at any time.
The period of validity of this consent is thirteen (13) months. At the end of this period, your consent will be collected again.
Cookies are kept for a maximum period of thirteen (13) months on your Terminal. Beyond this period, cookies are permanently deleted from said terminals. This period is in no way extended in the event of a new visit to the Site.
The data collected via cookies is not combined with any other data processing.
You have the option of opposing cookies by sending a request to the following address : : firstname.lastname@example.org.
In the event of such a right being exercised, no data concerning you is collected.
You are informed that the refusal to install a cookie may make it impossible to access certain services on the Site.
In order to refuse the installation of cookies that are not essential for browsing the Site, you can configure your internet browser settings as follows :
- in Firefox: “ Firefox / Preferences Privacy " and choose " NeverAccept third-party cookies ". You can also choose to keep cookies only until you close Firefox ;
- in Google Chrome : “ More ” tab . Click on " Settings " then " Advanced settings ". In the " Confidentiality and security " section, click on " Content settings ", then click on " Cookies " and deactivate " Allow sites to save / read cookie data ". You can also choose to activate it ;
- in Safari: “ Safari / Preferences ” tab . Click on " Confidentiality " and choose " Always block " in " Cookies and website data ". At the end of the navigation you can also click on " Delete all website data ". You can also choose to activate the “ do not follow me ” function;
- in Opera : “ Preferences ” tab . Click on " Advanced " then click on " Cookies ". You can choose either to accept all cookies, or to accept only those of the visited site, or to never accept cookies.
Please note, however, that your consent is taken into account using a cookie. Thus, if you delete all the cookies stored in your Terminal through your internet browser, we will be unable to know that you have chosen this option.
Warning : if you systematically refuse the installation of all cookies on your Terminal, including those strictly necessary for browsing, via the " block all cookies " options , your browsing on the Site may be limited, and access to some services may not be possible.
For more information, you can consult the CNIL website via the following link :
Hypertext links :
 Intermediate storage, is the data which still present for the services concerned with an administrative interest (in the event of litigation for example), and whose periods of conservation are fixed by the legal rules of limitation.