Privacy and Cookie Policy

Last updated : 27/08/2021

1001bees.COM is a website belonging to the Limited Liability Company VIVALIRIS registered under number 0772690221 in the BCE (Banque-Carrefour des Entreprises) Register (hereinafter referred to as the « Data Controller »). 1001bees.COM is greatly concerned with the confidentiality of your personal data as Users who visit and browse our Online Store. This is why we, the online store 1001bees.COM, strive to respect your rights as set out in the General Data Protection Regulation 2017/679 (RGPD) and the ePrivacy directives of the European Parliament and of the Council, as well as law n°78-17 of January 6, 1978, known as the "Loi informatique et libertés", amended by law n°2018-493 of June 20, 2018, relating to the protection of personal data.

Article 1 – Definitions

§1. « Personal data » or « personal information »: any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific elements characteristic of his or her physical, physiological, genetic, psychic, economic, cultural or social identity;

§2. «processing», any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

§3. «data controller», the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

§4. «processor», a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

§5. « recipient » a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities 4.5.2016 L 119/33 Official Journal of the European Union EN which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

§5. «consent» of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

§6. «personal data breach», a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

§7. « cookie », a cookie is a text file automatically saved in any User's browser when visiting a website. This text file may contain personal data and/or information relating to the User's browsing.

Article 2 – Purpose

This Privacy Policy and Cookie Policy (hereinafter the « Policy ») aims to define the terms of collection, storage, processing and deletion of personal data (hereinafter « personal data ») of any natural person (hereinafter the « User ») who, in the context of a strictly personal or domestic activity, uses or simply browses this Online Store.

The Data Controller assures the User that it implements all necessary means to ensure compliance with the provisions of the General Data Protection Regulation 2017/679 of the European Parliament and of the Council dated April 14, 2016, by ensuring compliance with retention periods, the necessity of collecting the aforementioned personal data, and the confidentiality of the collected personal data (hereinafter the « Regulation » or the « RGPD »).

Article 3 – User Consent

This Policy must be read and accepted by any User visiting the Online Store. By clicking on the box stating « read and accepted » referring to this Policy upon arrival at the Online Store, the User acknowledges having read and given their free, informed, and unambiguous consent to the processing of their personal data.

The User may, at any time, without justification or prejudice, withdraw their consent to this Privacy and Cookie Policy. The User may exercise their right to withdraw consent to this Policy by notifying the Data Controller at the following email address: contact@1001bees.com.

This withdrawal of consent will take effect when the Data Controller receives notification of the User's withdrawal of consent.

Article 4 – Collected Data

As part of visiting and using the Online Store, certain personal data of Users may be collected by 1001bees.COM, as Data Controller or by one or more processors acting on behalf of the Data Controller.

§1 – Means of Collection

The User's personal data are collected by the following means:

• When the User communicates them

Either by (1) filling in the billing and delivery address form; (2) by filling in payment information, (3) by filling in the contact form; or (4) by filling in the newsletter subscription form.

• By automated collection

When the User browses the Online Store, the Data Controller automatically records certain information related to the User's preferences and use of the Online Store. Cookies are notably used when the User browses the Online Store to automatically collect this information.

§2 – Type of Data Collected

The personal data that may be collected are:

- the User's email address

- the User's delivery and/or billing address

- The User's first name, last name, and phone number

- The User's payment information

- The User's order history on the Online Store

- The User's browsing preferences on the Online Store

§3 – Data Recipients

The recipients of personal data are:

- the Data Controller

- the Data Controller's internal employees acting on its behalf

- the Data Controller's processor in charge of hosting the Online Store's domain

- any legally or administratively authorized person (e.g., judicial authorities)

Article 5 – Data Processing

§1 – Legal Bases for Processing

The processing of Users' personal data via the Online Store must necessarily be justified by one of the conditions provided for in Article 6 §1 of the Regulation. In accordance with the Regulation, Users' personal data will only be processed if one of the following conditions is met:

• The User has given their consent: the data subject has consented to the processing of their personal data for one or more specific purposes;

• Contract performance requires it: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

• Compliance with law requires it: processing is necessary for compliance with a legal obligation to which the controller is subject;

• Legitimate interest justifies it: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

§2 – Purposes of Processing and Data Retention Period

In accordance with Article 13 of the Regulation, the reason and the duration of storage and processing of personal data must be justified by a valid purpose, in addition to one of the legal bases cited above.

Article 6 – Data Protection Officer

In accordance with the provisions of the Regulation, a data protection officer (hereinafter « DPO ») is appointed by the Data Controller. The DPO is responsible for ensuring compliance with the Regulation in the context of any processing or retention of personal data. The appointed DPO, Vinciane Derulle, can be reached at the following email address: contact@1001bees.com

Article 7 – Means of Data Protection

In accordance with Article 5 and Article 32 of the Regulation, the Data Controller has an obligation to guarantee the security of Users' personal data that it stores and processes.

The Data Controller ensures the maintenance of a register containing all collected User personal data. The Data Controller affirms that it implements all necessary security measures to protect the Users' personal data contained in this register and to prevent any personal data breach of the User.

To do this, the Data Controller assures Users that it has undertaken a study of the risks associated with the storage and processing of Users' personal data in order to implement adequate security measures as follows:

- By enabling the pseudonymisation and encryption of User's personal data;

- By implementing means to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;

- By implementing means to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

- By ensuring a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

The Data Controller assures Users that the data it stores and processes are stored within the European Union, in a Member State subject to the Regulation.

In the event of a User's personal data breach, the Data Controller undertakes to notify the competent supervisory authority of this breach within 72 hours in accordance with Articles 33 and 34 of the Regulation.

Article 8 – Cookies

§1 – Purpose of Cookie Use

As explained above, a cookie is a text file automatically saved in any User's browser when visiting a website. This text file may contain personal data and/or information relating to the User's browsing.

The cookies used on the Online Store have the sole objective of improving your browsing experience as a User. The cookies used facilitate your browsing by memorizing some of your personal data when you access and browse the Online Store. Three types of cookies are used on the Online Store, their purpose varying according to their type:

• Functional cookies: these cookies allow the memorization of your data entered during authentications or searches performed on the store

• Advertising cookies: these cookies allow the identification of Users' consumption habits, searches, and preferences in order to offer them advertising content related to their personal preferences.

• Security cookies: these cookies ensure the security of Users' personal data by guaranteeing the encryption of data contained in other cookies.

§2 – Cookies Used, Lifespan, and Function

Each cookie used on the Online Store is identifiable by a name. Each cookie has a lifespan, meaning a duration after which it disappears and ceases to be active, forgetting any personal data it stored. Each cookie also has a function, meaning a utility that justifies its implementation on the Online Store.

Here is the list of cookies used on the Online Store with their name, lifespan, and function:

§3 – Manage Cookies: Activation and Deactivation

It is possible for the User to manage Cookies at any time on the browser they use. The User can activate or deactivate them at any time. The means of managing cookies depend on each browser. To facilitate the management of User cookies, below is an explanatory guide to managing cookies on the main browsers used by Users:

• Google chrome : https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=fr

• Safari : https://support.apple.com/fr-fr/guide/safari/sfri11471/mac

• Mozilla Firefox : https://support.mozilla.org/fr/kb/bloquer-cookies-firefox-focus-android

• Internet explorer : https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies

Article 9 – User Rights

The User has the right to request from the Data Controller access to their personal data, rectification or erasure of these, or a restriction of processing relating to the data subject, or the right to object to processing and the right to data portability.

The User has the right to withdraw their consent to the processing of their personal data at any time. This withdrawal of consent will take effect when the Data Controller receives notification of the User's withdrawal of consent.

The User has the right to lodge a complaint with the National Commission for Information Technology and Freedoms (CNIL) via the contact form available on the following website: https://www.cnil.fr/fr; or with the Directorate General for Competition, Consumer Affairs and Fraud Prevention via the contact form available at https://www.economie.gouv.fr/dgccrf.

The User can also exercise their rights previously stated concerning this Policy by notifying the Data Controller at the following email address: contact@1001bees.com.

MERCASAFE© User License : MS 1001-178999