Privacy policy

PRIVACY POLICY

www.nunchi-shop.fr

NUNCHI Website type: e-commerce

The purpose of this privacy policy

The purpose of this privacy policy is to inform users of our site about the personal data we will collect as well as the following information, where applicable:

  • The personal data we will collect
  • The use of collected data
  • Who has access to the data collected
  • The rights of site users
  • The site’s cookies policy

This privacy policy works in conjunction with the general terms of use of our site.

Applicable laws

In accordance with the General Data Protection Regulation (GDPR), this privacy policy complies with the following regulations.

Personal data must be:

  • processed in a lawful, fair, and transparent manner in relation to the data subject (lawfulness, fairness, transparency);
  • collected for specified, explicit, and legitimate purposes, and not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes is not considered incompatible with the initial purposes (purpose limitation);
  • adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (data minimization);
  • accurate and, if necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay (accuracy);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1), provided that appropriate technical and organizational measures required by the Regulation are implemented to safeguard the rights and freedoms of the data subject (storage limitation);
  • processed in a way that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (integrity and confidentiality).

Processing is lawful only if, and to the extent that, at least one of the following applies:

  • the data subject has given consent to the processing of their personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, especially where the data subject is a child.

For residents of the state of California, this privacy policy seeks to comply with the California Consumer Privacy Act (CCPA). If there are any inconsistencies between this document and the CCPA, state legislation will apply. If we find any inconsistencies, we will modify our policy to comply with relevant law.

Consent 

Users agree that by using our site, they consent to:

  • the terms outlined in this privacy policy and
  • the collection, use, and storage of data listed in this policy.

Personal data we collect 

Automatically collected data

We do not collect any data automatically on our site. Non-automatically collected data

We may also collect the following data when you perform certain functions on our site:

  • First and last name
  • Email
  • Phone number
  • Residence
  • Payment information

This data may be collected using the following methods: Account registration

Please note that we only collect data that helps us achieve the goal set out in this privacy policy. We will not collect additional data without informing you in advance.

How we use personal data

Personal data collected on our site will only be used for the purposes specified in this policy or indicated on the relevant pages of our site. We will not use your data beyond what we disclose.

The data we collect when the user performs certain functions may be used for the following purposes:

a. Payment

Who we share personal data with

Employees

We may disclose user data to any member of our organization who reasonably needs it to achieve the objectives set out in this policy.

Third parties

We may share user data with the following third parties:

a. Transportation providers

We may share user data with third parties for the following purposes: a. First name, Last name, Home address, Phone number

Third parties will not be able to access user data beyond what is reasonably necessary to achieve the given objective.

Other disclosures

We commit not to sell or share your data with other third parties, except in the following cases:

  • if the law requires it
  • if it is required for any legal proceedings
  • to prove or protect our legal rights
  • to buyers or potential buyers of this company in the event that we seek to sell the company

If you follow hyperlinks from our site to another site, please note that we are not responsible and have no control over their privacy policies and practices.

How long we store personal data 

User data will be retained for a duration of: ten years

We will ensure that users are notified if their data is kept longer than this duration.

How we protect your personal data

Data encryption: Shopify uses secure encryption to protect information transmitted between users and their servers. This ensures that customers' personal data is protected when it is in transit.

PCI DSS certification: Shopify is certified as compliant with PCI DSS (Payment Card Industry Data Security Standard) security standards. This means they meet the required security measures to protect customers' credit card information.

Server security: Shopify maintains security measures to protect the servers and infrastructure used to store customer data. This includes firewalls, intrusion detection systems, and other security measures to prevent unauthorized access.

Restricted access to data: Shopify limits access to customer personal information to employees or third parties who need it to provide specific services. They also have strict policies and procedures in place to ensure data confidentiality.

Finally, all data stored in our system is well secured and is only accessible to our employees. Our employees are bound by strict confidentiality agreements and a breach of this agreement would result in the employee's dismissal.

While we take all reasonable precautions to ensure that our user data is secure and that users are protected, there is always a risk of harm. The Internet as a whole can sometimes be unsafe and so we are unable to guarantee the security of user data beyond what is reasonably practical.

International data transfers

User data may be viewed, processed, or collected in the following countries: Austria, Belgium, Germany, Italy, Luxembourg, Netherlands, Portugal, Spain.

Minors

The GDPR specifies that people under the age of 15 are considered minors for data collection purposes. Minors must have the consent of a legal representative for their data to be collected, processed, and used.

Your rights as a user

Under the GDPR, users have the following rights as data subjects:

  • right of access
  • right to rectification
  • right to erasure
  • right to restrict processing
  • right to data portability
  • right to object

You can find more information about these rights in Chapter 3 (Art 12-23) of the GDPR.

How to change, delete or challenge the data collected

If you wish your information to be deleted or modified in any way, please contact our privacy officer here:

Jana Farhat 46 Avenue Charles de Gaulle, 77630, Barbizon farhat.jana7@gmail.com 06 73 66 59 73

Changes

This privacy policy may be modified occasionally to maintain compliance with the law and to account for any changes to our data collection process. We recommend our users to check our policy from time to time to ensure they are informed of any updates. If necessary, we may inform users by email of changes made to this policy.

Contact

If you have any questions to ask us, do not hesitate to contact us using the following: 06 73 66 59 73 contact@nunchi-shop.fr

46 Avenue Charles de Gaulle, 77630, Barbizon

Effective date: May 20, 2023