Personal Data Protection Policy

This data protection policy guarantees you a positive and trusted experience.

This policy is just as important for us because it allows us to reach your expectations in a way that reflects your wishes.

For us, ICAPE Group, it is essential to ensure the confidentiality and respect of your personal data.

In order for you to securely browse our website www.icape-group.com in its web and mobile version or our online stores www.icapeshop.com and www.cipemshop.com (hereinafter referred to as "ICAPE Group Websites") we, as data controller, are transparent in the way we process and use your data in order to bring new services on a daily basis while respecting your rights.


We protect your privacy by ensuring the protection, confidentiality, non-alteration, availability and security of the Data you entrust to us across our channels of communication.

We take all necessary measures to:

(i) provide you with clear and transparent information about how your Data will be processed, (ii) put in place all the necessary technical and organizational measures to protect your Data from disclosure, loss, alteration or access by an unauthorized third party, (iii) retain your Data only as long as necessary for the purpose of the specified processing, and (iv) offer you at any time the opportunity to access and modify your Data that we process directly through your personal accounts on all ICAPE Group Websites.

To achieve these objectives, we implement the appropriate technical and organizational measures to ensure that the processing complies with applicable data protection law.

In this respect, ICAPE Group hereby undertakes to respect the essential principles of the general European regulation and the French law on the protection of personal data, informing you (i) of the existence and the methods of data processing that it implements (paragraph 3), (ii) your rights with respect to your Data and by implementing the transactions that the exercise of those rights entails (paragraphs 6 and 10), (iii) the existence of transfers to a third country and transfers to recipients (paragraphs 4 and 8), (iv) the retention period of the data collected (paragraph 5) and data security measures (paragraph 9).

  1. WHO ARE YOU?

We often refer to ‘you’ in this Privacy Policy.

This Privacy Policy applies to you if you are (i) a customer of ICAPE GROUP, i.e. a person who placed an order through the ICAPE Group Websites, (ii) a prospect of ICAPE Group, that is to say, a person who has created a customer account but has not yet ordered any products or services and (iii) visitor to ICAPE Group websites, i.e. a  person surfing the ICAPE Group websites without having created a customer account or placed an order.

  1. WHO ARE WE?

ICAPE Group edits and controls the ICAPE Group websites and, as such, processes your Data as a process manager.

  1. WHY DO WE PROCESS YOUR DATA?
    3.1. When do we collect your personal data?

We may collect your Data when (i) you visit the ICAPE Group websites that use cookies, (ii) you create an account on the ICAPE Group websites, (iii) you purchase our products or services, (iv) you adhere to our newsletters (emails, text messages).

We process your Data in order to (i) offer you the most fluid and relevant browsing experience possible on ICAPE Group websites, (ii) process your orders, (iii) offer you multiple payments, (iv) manage your customer reviews and (v) recover payments and fight fraud.

3.2. 1st Process: Navigating ICAPE Group Websites

We process your Data to enable you to browse the ICAPE Group websites.
The legal basis of this data process is your consent.


3.3. 2nd Process: Processing your orders

We process your Data to process your orders.

This data process has sub-finalities (i) customer relationship management (CRM), (ii) customer relationship management via social networks, (iii) the management of marketing actions / commercial prospecting related to the use of the ICAPE Group Website; (iv) the management of transportation and deliveries resulting from sales; and (v) the management of the payment of orders.

The execution of the contract between you and us is the legal basis of this process.

Regarding the management of product recall, the legal basis of processing is the legal obligation of ICAPE Group.

Regarding the marketing / commercial prospecting actions, the legal basis of the processing is, depending on the case, your consent or our legitimate interest.

Regarding the implementation of the "Flash" payment, the legal basis of the process is your consent.


3.4. 3rd Process: Installment payment

We process your Data to offer payment in x times to certain customers and for certain eligible orders.

The execution of the contract between you and us is the legal basis of this data process.

However, the processing of your Bank Data is based on your consent.


3.5. 4th Process: Customer Reviews Management

We process your Data to offer you the possibility to write reviews on ICAPE Group websites and share them with the customer community.

Your consent or the legitimate interest of ICAPE Group is the legal basis of this data process.


3.6. Traitement n°5 : Collection of payments and fight against fraud

We process your Data to recover outstanding payments and to fight against fraud.

This process has for sub-finalities (i) the security of payments, (ii) the detection and prevention of fraud and (iii) the management of recovery of unpaid debts.

The execution of the contract between you and us and the legitimate interest of ICAPE Group, as data controller, are the legal basis for this processing.


4. WHO ARE THE RECIPIENTS OF YOUR DATA?

Different ICAPE Group internal departments may have access to your Data.

We do not share your Data with third parties (outside the internal services of ICAPE Group in connection with the data processes) except in the following specific circumstances:
Regarding the processing of your orders, we transmit your Data to some providers specialized in (i) banking transactions (e.g. banks, payment service providers), (ii) customer relationship management (e.g. customer service), delivery of products (e.g. carriers) and (iii) computer development.


5. HOW LONG DO WE KEEP YOUR DATA?

Your Data is collected by ICAPE Group for the time necessary to perform the data processes referred to in paragraph 3 of this document.

The main categories of Data collected by ICAPE Group are retained for the following durations:

For prospects, the Data is kept in current archives (i.e. commonly accessible by the relevant services of ICAPE Group) for 3 years from the last contact of the prospect. No intermediate archiving (concerning data that still has an administrative interest for the services concerned, such as in the case of litigation, and whose retention periods are set by the applicable rules of prescription) is not realized for these Data.

For orders, the Data is kept in current archives for 5 years from the end of the use of the orders of the customer, and in intermediate archives for 5 years from the end of the conservation in current archives.

For customers, the Data is kept in current archives for 5 years from the end of the commercial relationship, and in intermediate archives for 5 years from the end of the conservation in current archives.

For the Payment Card Data, the Data is kept in current archives during the validity period of the payment card plus one day. No intermediate archiving is performed for these Data.

We also describe the cookie expiration periods in paragraph 7 of the Privacy Policy.


6. HOW TO EXERCISE YOUR RIGHTS?


6.1. You have the right to request access and rectification of your Data.


6.2. You have the right to request the limitation of the processing of your Data.

It is important to note that this right applies only if (i) you dispute the accuracy of your Data for the duration that allows us to verify the accuracy of your Data, (ii) you consider that we are illegally processing your Data. and that you require a limitation of their use rather than an erasure, (iii) we no longer need your Data with regard to the purposes referred to in paragraph 3 but that these are still necessary for the recognition, the exercise or defending your rights in court, (iv) if you exercise your right of objection during the verification period as to whether the legitimate grounds we are pursuing prevail over your own.


6.3. You have the right to request the deletion and erasure of your Data.


In the event of a request for the deletion of your Data, ICAPE Group will nevertheless be able to keep it in the form of intermediate archiving, for the time necessary to fulfill its legal, accounting and tax obligations.


6.4. You are entitled to ask to exercise your right of opposition vis-à-vis the treatments used for commercial prospecting purposes.

If you are concerned by ICAPE Group’s emailing campaigns, you can also modify or unsubscribe newsletters (i) by clicking on the hypertext link "Unsubscribe" present in each newsletter.


6.5. You have the right to formulate specific and general post-mortem guidelines for the storage, erasure and disclosure of your Data.

In the absence of any will instructions, your heirs may contact ICAPE Group in order to (i) access the data processing allowing "the organization and settlement of the estate of the deceased" and / or (ii) to proceed with the closure of your Account on the Websites and / or oppose further processing of your Data.

In any case, you have the possibility to indicate to us, at any time, that you do not wish, in the event of death, that your Data be communicated to a third party.


6.6. You have the right to exercise your right to portability.


6.7. You have the right to withdraw your consent to the processing based on this legal basis.

Please note that the withdrawal of your consent will not affect the lawfulness of the data processes performed prior to withdrawal.


6.8. You can, at any time, file a complaint or an appeal with the competent supervisory authority (in France: the CNIL: www.cnil.fr)

In general, to exercise your rights, please send your request (indicating your e-mail address, last name, first name, postal address and a copy of your identity document) to the RGPD service of ICAPE Group by email at RGPD@icape- group.com and / or by mail addressed to ICAPE Group, Delegate for the protection of personal data, 33 avenue du General Leclerc, 92260 Fontenay aux Roses, France.


We will send you a response within one (1) month maximum of the date of receipt of your request.


7. COOKIES

This section is dedicated to our cookie management policy on our website www.icape-group.com.


It allows you to know more about the origin and use of browsing information processed during your visit on our website and your rights.


7.1. What are Cookies?

When visiting a website, a website editor, such as ICAPE Group, can be allowed to deliver a page tailored to you, or the page itself can contain some script, text files aware of the data in the cookie and so is able to carry information, saved on your devices (computer, smartphone, tablet) from one visit to the website to the next.

Only the issuer of a cookie may read or modify the information contained in this cookie.


Below you will find information about cookies that may be placed on your device when you visit the pages of the www.icape-group.com website, either by ICAPE Group or by third parties, as well as the means allowing you to delete / refuse the registration of these cookies on your terminal.


7.2. What are Cookies for on www.icape-group.com?


There are several categories of cookies, some are issued directly by ICAPE Group and its providers, others may be issued by third parties.


7.2.1. Cookies issued by ICAPE Group and its providers

Different cookies may be placed on your device when you browse our website:


7.2.1.1. "Essential" cookies


These cookies are essential to navigate our site, especially for the proper execution of the order process.

Their deletion can cause difficulties of navigation on our websites as well as the impossibility of ordering.

These cookies are also needed to track the activity of ICAPE Group.

These cookies may be installed on your terminal by ICAPE Group or its service providers.


7.2.1.2. "Analytical and Personalization" Cookies


These cookies are not essential for the navigation on our site but can allow you, for example: to facilitate your researches, to optimize your buying experience, and for us: to better target your expectations, to improve our offers, or to optimize the operation of our website.



7.2.2. Cookies issued by third-party companies

The issue and use of cookies by third parties on our website, are subject to the privacy policies of these third parties. These cookies are not essential for navigation on our website.



7.3. Manage cookies deposited on your device

The registration of a cookie in your terminal is subject to your will.

Thanks to the Ghostery tool or to the settings of your browser, you can, at any time, simply and for free, choose whether to accept the recording of cookies on your device.


7.3.2. The choices that are offered by your browser software (Internet Explorer, Firefox, Google Chrome, etc.).

You may configure your browser software as you wish, so that cookies are (i) accepted and stored in your device or, conversely, (ii) to be refused.

If your browser software is set to accept the recording of cookies in your device, cookies embedded in the pages and contents you have viewed will be systematically stored in your device.

You can set up your browser software so that (i) the acceptance or refusal of cookies is offered to you punctually, before a cookie is likely to be registered, (ii) systematically refuse the registration of cookies in your terminal.


Caution: Any setting that you can undertake on your browser regarding the acceptance or refusal of cookies may change your Internet browsing and your conditions of access to certain services that require the use of these cookies.

If you choose to refuse the registration of cookies in your terminal or if you delete those already registered there, we disclaim any responsibility for the consequences related to the degraded operation of our services resulting from the impossibility for us to register or consult the cookies necessary for their operation and that you have refused or deleted.


7.3.3. How to exercise your choices according to the browser you use?


The configuration of each browser is different. It is usually described in the help menu of your browser software. We invite you to read it. You will be able to know how to modify your wishes regarding cookies.

 

8. TRANSFERS OUTSIDE THE EUROPEAN UNION

As a rule, we keep your Data within the European Union.

However, since some of our service providers are located in countries outside the European Union ("Third Countries"), we transfer some of your Data to Third Countries.

This can be the case, for example, for third countries for which the European Commission has not assessed the level of compliance.

In such a case, we make sure that this transfer is carried out in accordance with the applicable regulations and guarantees an adequate level of protection of your privacy and your fundamental rights (in particular by the use of standard clauses of the European Commission).

Upon request to our Data Protection Officer, we can provide you with more information about these transfers.


9. SECURITY MEASURES


We undertake to implement the appropriate technical and organizational measures to ensure a level of security appropriate to the risk to the rights and freedoms of natural persons in the treatment referred to in point 2.

These measures are defined taking into account the state of knowledge, the costs of implementation and the nature, scope, context and purpose of the data process and the identified risks.

In addition, we inform you that we comply with the PCI DSS payment card industry security standard; guarantee of our expertise in terms of security.

10. POLICY REVISION AND UPDATE

This policy will be updated as necessary to meet the requirements of Data Protection regulations. It will be revised at least every three (3) years.

May 23, 2018

 

Validated by the GDPR (General Data Protection Regulation) service of ICAPE Group