Data protection

OUR PRIVACY AND DATA PROTECTION POLICY

At My Little Day, we are very concerned about protecting the privacy of our users.

It is fundamental for us to ensure complete confidentiality and security of all personal information collected.

The purpose of this section is to explain in complete transparency the processing we do of your personal data and the various information we process.

The company My Little Day, as data controller, undertakes to respect the provisions of law n°78-17 of January 6, 1978 as amended relating to data processing, files and freedoms as well as the regulation (EU ) n°2016/679 of April 27, 2016 effective May 25, 2018.

1 – WHY DO WE COLLECT PERSONAL DATA?

During your visits to our site, when you subscribe to our newsletter, order product(s) or when you interact with us on our social networks, by email or by telephone, we collect data about you.

This data allows My Little Day to know its customers and thus best meet their needs and continuously improve our services.

We can, for example, send you personalized content, little surprises, or this prevents you from seeing the same advertising again and again on social networks.

The most important thing: we only collect your data on behalf of My Little Day, and we undertake not to disclose this information to third-party service providers and subcontractors only if strictly necessary . These third parties are committed to respecting the same level of confidentiality and security as ours.

We will never resell, transfer or assign this data to third parties for commercial purposes without your prior written consent (for example during a partnership for a competition).

2 – WHAT PERSONAL DATA IS COLLECTED AND WHAT IS THEIR PURPOSE?

Personal data includes any information making it possible to directly or indirectly identify a natural person, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or several specific elements specific to one's physical, physiological, genetic, psychological, economic, cultural or social identity.

When you create an account with My Little Day or when you place an order, you will be asked for personal information.

Mandatory information is what we need to communicate with you and deliver your products in the best conditions. This is information necessary for the execution of the contract or the execution of pre-contractual measures.

Other optional information can be provided (birthday of those around you, date of your event, etc.). We collect and process this information exclusively on our behalf and will not communicate it to third parties (except technologies and solutions used for sending emails such as Mailchimp). This data is used to send you personalized content, help you organize your event, or to thank you for your loyalty.

2.1 – Types of data collected:

  • Mandatory customer identification data (last name, first name, address, email, telephone, etc.)

  • Optional data on personal characteristics (age, date of birth, gender, type of celebration, birthdays of loved ones, etc.).

  • Electronic identification data (IP address, cookies, etc.).
  • Data relating to orders (delivery method, delivery and billing address, people to whom purchases must be sent, order history, purchase orders, invoices, etc.)
  • Data relating to after-sales service (complaints, exchanges by email or telephone, etc.)
  • Customer reviews left through our Verified Reviews partner.
  • Data relating to our emailing campaigns (email address, opening, click to our site, etc.).
  • Data relating to traffic on our site (pages viewed, time spent on the page, items viewed, placed in the basket or purchased, exit page, etc.)

Personal data relating to payment by credit card is not recorded by My Little Day.

My Little Day uses a secure SSL (Secure Socket Layer) payment method.

Bank details are encrypted (made unreadable) when transmitted over the network. The encryption is made visible by the appearance of a padlock symbol in the browser.

The transaction is carried out through a payment service provider. Only the latter records the banking information provided in its secure server.

No intermediary collects this data.

2.2 – Usefulness of this data and legal basis:

Purpose of processing

Legal basis(s) of the processing

Management of the customer account, the basket before purchase and orders placed

This processing is necessary for the performance of the contract or for the execution of pre-contractual measures.

Delivery management and order tracking

This processing is necessary for the execution of the contract

Management of customer service, by telephone or email Exchanges between customer service and the customer may be retained

This processing is necessary for the performance of the contract, for the purposes of the legitimate interests that we pursue (improving the quality of our products and services) and/or is based on your consent

Sending targeted offers and advice on different channels: directly on our site, by email, on social networks or any other medium to come

This processing is based on your consent and is necessary for the purposes of the legitimate interests that we pursue (providing you with relevant content)

Collection and management of customer reviews on our products and services

This processing is based on your willingness to share an opinion, and is necessary for the purposes of the legitimate interests that we pursue (improving the quality of our products and services)

Displaying targeted advertisements on social networks

This processing is necessary for the purposes of the legitimate interests that we pursue (providing you with relevant content)

Possibility of personalizing site content according to user preferences

This processing is necessary for the purposes of the legitimate interests that we pursue (providing you with relevant content) and/or is based on your consent.

Sharing content from the site to social networks

This processing is based on your consent and/or is necessary for the purposes of the legitimate interests that we pursue (providing you with relevant content)

Measuring site traffic, performance of on-site and off-site marketing actions

This processing is necessary for the purposes of the legitimate interests that we pursue (measuring and improving our marketing actions and optimizing the presentation and structure of our website)

Setting up targeted competitions

This processing is based on your consent and is necessary for the purposes of the legitimate interests that we pursue (providing you with relevant content)

2.3 – Cookies, what exactly are they?

A cookie is a digest of information transmitted to an Internet server by an Internet user's computer. The goal is to facilitate user navigation or the development of statistics. Cookies allow the server of the visited site or a third-party server (advertising agency, web analytics service) to recognize the visitor's machine (by its IP address) and not the user. This is how, thanks to cookies, it is possible to automatically access a personalized page without identifying yourself.

Cookies therefore allow My Little Day:

- to measure the audience and performance of specific content on our site,
- to adapt our site according to the technology used (support, browser), and the affinities of our users,
- to memorize previously completed information (form, connection, basket, etc.) and facilitate user navigation,
- to allow sharing on social networks.

2.4 – How can I not disclose information relating to cookies and trackers?

In accordance with the GDPR, the data collected through the use of cookies by My Little Day is subject to prior consent.

For each internet browser, it is possible to configure the acceptance or not of cookies on all the sites consulted or by a specific sorting. To find out more, go to the Help menu of your preferred browser.

Here is the list of help pages for the main browsers used by our customers:

- For Chrome: https://support.google.com/chrome/answer/95647?hl=fr&hlrm=en

- For Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies

- For Safari: https://support.apple.com/kb/PH21411?viewlocale=en_US&locale=en_US

- For Firefox: https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences?redirectlocale=fr&redirectslug=Activer+et+d%C3%A9sactiver+les+cookies

3 – WHO HAS ACCESS TO THE DATA COLLECTED BY MY LITTLE DAY?

Most of the data collected is processed internally by the various My Little Day services, in particular the web marketing, communication, after-sales service and accounting services.

They are also communicated to subcontractors with whom we collaborate in order to enable the execution of the contract (payment services and delivery services for example) or improve the quality of our products, services, our marketing actions and presentation. from our website (marketing assistance).

We only communicate to them the personal data essential to the performance of their service, being reminded that our subcontractors are subject to the same obligations as My Little Day regarding the protection of personal data.

Furthermore, we work with external agencies (collection of statistical data, remarketing operations, free and paid referencing of our site, etc.) which have access to certain traffic data. These agencies only collect secondary data through statistical tools (Google Analytics, Facebook Business, AdRoll, etc.).

Secondary data is information on user traffic and journeys on the site. This data in no way allows a specific person to be identified and therefore cannot be traced back to a specific individual.

With your consent, the opinions you provide on our products and services are published on our website and, therefore, accessible to all visitors to our website. Only your first name and the first letter of your last name are visible.

Your personal data is also transmitted when we have a legal obligation to do so or if we believe, in good faith, that this is necessary to:

  • Respond to any claims against My Little Day;
  • Comply with any legal request
  • Enforce any contract concluded with our members;
  • In the event of an emergency involving public health or the physical integrity of a person;
  • As part of inquiries and investigations;
  • In order to guarantee the rights, property and safety of My Little Day, its members and more generally any third party.

Finally, if My Little Day was purchased by a third party, the data in our possession will be transferred to the new owner.

4 – WHAT ARE YOUR RIGHTS REGARDING PERSONAL DATA?

Pursuant to Regulation 2016/679 of April 27, 2016, any natural person may exercise their rights relating to data protection upon simple request, namely:

  • right of access to all data collected,
  • right of rectification and portability of this data,
  • right to object and erase this data (also called “right to be forgotten”).

These rights must be exercised directly with My Little Day:

  • or by post to the address:

My Little Day
Protection of personal data
40, rue de Cléry
75002 Paris

We undertake to respond to any request within 15 days of receipt of the email or postal mail. If the response provided does not seem satisfactory, the holder of the data collected has the option of contacting the CNIL.

5 – HOW LONG IS DATA KEPT BY MY LITTLE DAY?

The personal data collected by My Little Day cannot be kept beyond the period strictly necessary for the purposes for which they are processed, and in compliance with the legal and regulatory provisions in force.

With the exception of certain categories of personal data, the retention period of which may vary depending on the legal or regulatory provisions in force, we process the data that we collect for a period of 3 years from the end of the period. business relationship. Thus, when there is no further interaction with My Little Day for 3 years, this data is no longer used in accordance with the simplified standard NS-048.

Data relating to the management of orders, deliveries, invoicing and customer accounts must be kept for a period of 10 years in accordance with article L. 123-22 paragraph 2 of the commercial code and the simplified standard NS -048.

Concerning the data relating to payment by bank card recorded by our service provider, they may be kept, in intermediate archives, for the purpose of proof in the event of a possible challenge to the transaction, for a period of 13 months in accordance with the article L. 133-24 of the monetary and financial code. This period can be extended to 15 months in order to take into account the possibility of using deferred debit payment cards in accordance with simplified standard NS-048.

Finally, the information stored in your terminal (example: cookies) or any other element used to identify users and allowing their traceability will not be kept beyond a period of 13 months.

6 – WHAT ARE THE SECURITY MEASURES TO PROTECT DATA?

The personal data collected by My Little Day is secure and will never be transmitted to partners who do not guarantee the same level of security as that which we require.

The main measures taken for the security of your data are:

  • The use of encrypted passwords (to which we do not have access) containing at least one uppercase letter, one lowercase letter and one special character.
  • Strict limitation of access to personal data only to people using it in the context of their missions, using a strictly personal identifier and password.
  • The definition of authorization profiles in order to limit user access to only the data strictly necessary for the accomplishment of their missions.
  • Use of secure internal and external servers for data backup.
  • The use of secure payment systems by our partners: Paypal (to find out more: https://www.paypal.com/fr/webapps/mpp/paypal-safety-and-security ) and Stripe (to find out more : https://stripe.com/docs/security/stripe )

NB: The CNIL recommends that users never:

  • Communicate your password to others.
  • Store your passwords in an unencrypted file, on paper or in a place easily accessible by other people.
  • Save your passwords in your browser without a master password.
  • Use passwords that relate to you (name, date of birth, etc.).
  • Use the same password for different accesses.
  • Keep default passwords.
  • Email each other your own passwords. »

7 – WHO TO CONTACT FOR QUESTIONS RELATING TO DATA PROTECTION?

The person responsible for processing the personal data mentioned in this data protection policy is Laia Guardia-Morin, webmarketing manager. Its representative is Dorothée Monestier, President.

They can be contacted at contact@mylittleday.fr , or by post to the address My Little Day - Protection of personal data - 40 rue de Cléry - 75002 PARIS.

We promise to answer all your questions within 15 working days.

For any additional information relating to data protection law, we invite you to visit the website of the CNIL.

8 – REVISION OF THE DATA PROTECTION POLICY

The data protection policy may be subject to updates. To read it, we invite you to consult this document regularly.