Privacy policy

This privacy policy informs users of this website about how their personal data is collected and processed, in accordance with Law No. 78-17 of January 6, 1978, as amended, and Regulation No. 2016-679 of April 27, 2016.

ARTICLE 1. DEFINITIONS

In the context of this policy, words beginning with a capital letter have the following definitions:

  • Data Controller: The Data Controller is the legal entity (company, municipality, etc.) or natural person who determines the purposes and means of processing, i.e., the objective and the way to achieve it.
  • The Data Controller of personal data is VIRIGINE VONCKEN, a Sole Proprietorship with Limited Liability with a capital of 1,000 euros, whose registered office is located at 21 Rue de Lutèce in BRY-SUR-MARNE 94 360, registered with the Trade and Companies Register of Créteil under number 901 215 616, represented by Madame Virginie VONCKEN as manager.
  • Site: Website of the Data Controller, accessible at www.virginievoncken.fr.
  • Services: All services offered by the Data Controller.
  • User: Any person browsing the Data Controller's website.
  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  • Personal Data: Any information relating to an identified or identifiable natural person. This may include: name, age, email address or postal address, location, etc. (Non-exhaustive list).
  • Processing of Personal Data: Processing of personal data is an operation or set of operations performed on personal data, regardless of the method used (collection, recording, organization, storage, adaptation, modification, retrieval, consultation, use, disclosure by transmission or dissemination, or any other form of provision, comparison).

ARTICLE 2. PROCESSING OF PERSONAL DATA

BROWSING THE SITE

When browsing the Site, the Data Controller may automatically collect technical data about your equipment, actions, and browsing patterns, including through cookies. Please refer to the cookie policy below for more details regarding the purpose of data processing, retention periods, and your rights.

CONTACT FORM

When you submit an inquiry via the contact form, the Data Controller collects your name and email address, as well as any information you may provide in your message. We advise against providing any sensitive information in your message.

The legal basis for processing is the legitimate interest of the Data Controller.

The data provided in the context of a contact request are kept for three (3) years from the closure of the request. If the contact leads to the conclusion of a contract, the data is kept for the duration of the contract and for the periods required to fulfill legal and regulatory obligations.

SUBSCRIPTION TO THE NEWSLETTER

When you subscribe to the email newsletter, you consent to receiving promotional and advertising information by email. You provide your email address for this purpose.

The legal basis for this processing is consent. You can withdraw your consent at any time by clicking the unsubscribe link in each email.

The Data Controller may send you commercial communications by email related to services similar to those already provided. The legal basis for this processing is the legitimate interest of the Data Controller. You can choose at any time not to receive these communications by clicking the unsubscribe link in each email.

Your email address is kept until you unsubscribe or for three (3) years from the last contact between you and the Data Controller (e.g., clicking on an item in an email). Before deleting your address from the database, the Data Controller may contact you to ask if you wish to maintain your subscription to the newsletter.

PROCESSING OF ORDERS AND PRE-ORDERS

When placing an order, you provide personal data necessary for the processing of your order (invoice management, delivery and payment, tracking, customer reviews, and after-sales service): name, first name; postal address; email address; phone number for delivery.

This information is intended only for the Data Controller, who may transmit it to partners, including logistical partners (e.g., carriers), solely for the purpose of order processing.

The legal basis for this data processing is the performance of the contract concluded when placing the online order.

The following retention periods apply to personal data collected for orders on the site:

  • Pending, failed, or canceled orders: six (6) months;
  • Completed orders: two (2) years in active storage, then 3 years in intermediate archiving;
  • Invoices: 10 years in intermediate archiving.

CREATION OF CUSTOMER ACCOUNT

The personal data collected when creating a customer account are: name, first name, email address. The password chosen by the user is encrypted.

The legal basis for this processing is the performance of contractual or pre-contractual measures.

Customer account data is kept for two (2) years after your last login to your customer account. Beyond this period, before permanently deleting your data, the Data Controller will send you an email to offer to keep your customer account or delete it.

CUSTOMER REVIEWS

When you submit a review of a product, after purchasing it, the Data Controller collects your name and email address, as well as any information you may provide in your message. We advise against providing any sensitive information in your message.

The legal basis for processing is consent.

The data provided in the context of a customer review are kept for three (3) years from the submission of the review on the site.

ARTICLE 3. DATA RECIPIENTS

The Data Controller may share your data with the following categories of recipients:

  • Authorized internal staff for their missions and functions;
  • Payment service providers, identity verification, and bank details, delivery, newsletter sending;
  • Subcontractor providers for the exercise of their activity. The Data Controller requires all third-party providers to respect the security of personal data and to process it in compliance with the law, only for specific purposes in accordance with the Data Controller's instructions and never for their own purposes;
  • Advisors subject to professional secrecy (legal, accounting, banking, insurance);
  • Third parties at the request of a public or administrative authority or to comply with legal or procedural requirements, or to defend its interests in court.

ARTICLE 4. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION

The Data Controller may share your data with providers located outside the European Economic Area (EEA).

In these circumstances, the Data Controller ensures that your data is transferred to countries whose level of personal data protection has been deemed adequate by the European Commission or, if not, that appropriate safeguards are taken to ensure secure transfer of your data, such as signing standard contractual clauses approved by the European Commission with the data recipient party.

ARTICLE 5. DATA SECURITY

The Data Controller implements appropriate technical and organizational measures to prevent the disclosure, alteration, or unauthorized access to data by third parties.

When you provide information about your credit card during payment, SSL encryption technology secures your transactions.

ARTICLE 6. RIGHTS AND EXERCISE METHODS

YOUR RIGHTS

  • Right to access data (Article 15 of the GDPR): Users can obtain confirmation that their data is being processed, and if so, access their data and information about the circumstances of the processing.
  • Right to rectification of data (Article 16 of the GDPR): Users can obtain from the Data Controller the rectification of their data when it is inaccurate or incomplete, without undue delay.
  • Right to restriction of processing (Article 18 of the GDPR): Users can obtain from the Data Controller the restriction of processing of their data (freezing data without using it, but without deleting it).
  • Right to object to processing (Article 21 of the GDPR): Users can object at any time to processing of their data by the Data Controller, unless the latter has compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the user.
  • Right to withdraw consent at any time (e.g., unsubscribe from the newsletter).
  • Right to data portability (Article 20 of the GDPR): Users can receive the data that the Data Controller processes automatically and that have been provided based on a contract or their consent.
  • Right to provide directives regarding the fate of data after death.

EXERCISE METHODS OF RIGHTS

You can exercise your rights by submitting a request:

  • By email to the following address: contact@virginievoncken.paris
  • By mail: Virginie VONCKEN EURL, 21 Rue de Lutèce, 94 360 BRY-SUR-MARNE.

Your request will be processed within one month from its receipt. In case of doubt about your identity, we reserve the right to request proof of identity from you. The copy of the proof of identity will be kept for one year. Other data relating to the processing of your request (title, name, first names, nature of the request, response provided) will be kept for 3 years.

The Data Controller undertakes to respect your instructions regarding the retention, erasure, and communication of your personal data after your death. In the absence of your instructions, the Data Controller will comply with the requests of heirs as set out in the applicable provisions of the Data Protection Act.

If you believe that your personal data or your requests for the exercise of rights regarding your personal data are not being processed in accordance with the legal provisions by the Data Controller, you have the right to lodge a complaint with the CNIL (French Data Protection Authority), at the following address: CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07.

ARTICLE 7. UPDATES

This policy may be updated at any time, particularly in the event of implementation of new data processing, in compliance with legal and/or regulatory provisions and/or any recommendations from the CNIL. We therefore invite you to consult the latest version of this page before browsing.

ARTICLE 8. COOKIE MANAGEMENT POLICY

The Data Controller uses cookies. A "cookie" is a small text file that contains information specific to the user of the Site. It is stored on the hard drive of the user and can only be read by the server that provided it.

For example, cookies help us remember your username for your next visit, understand your interactions with our content, and improve them based on the information collected.

Some cookies are essential for the operation of the site. Other cookies are optional. Their deposit on your browsing terminal requires your consent.

You can set your browser to block all cookies, but blocking essential cookies may impair the proper functioning of the site.

Updated: February 2024

@virginievoncken
Blossoms body and heart

Discover on Instagram @virginievoncken, the sustainable French brand. Follow our latest creations, showcasing our local excellence craftsmanship and ecological commitments!