COLLECTIF M knows that you care about how your personal data is handled and recognizes the importance of protecting your privacy.
This Privacy and Data Protection Policy (hereinafter the "Policy") explains how COLLECTIF M collects and processes your personal data. It contains information on the type of data we collect, how we process it, for what purposes, so as to make its use most suitable to your needs.
For any type of request - query - remark, or if you want to exercise any of the rights related to the processing of your data, contact us: email@example.com
For the purposes of the Policy, the following terms are defined as follows:
- "Service(s)": all online services, whether or not they are paid for.
- "We" and "Us": refers to any company owned or operated, directly or indirectly, by any company in which COLLECTIF M has an interest and may collect or process your personal data and cookies, and their respective service providers located in France or abroad.
- "You" and "Your": refers to any user of the Services, and who accesses any of the paid or free Services.
This Policy was updated on June 29, 2020
Basic principles - our commitment to privacy
COLLECTIF M undertakes to process personal data in accordance with the regulations applicable to the protection of personal data and privacy, in particular in accordance with Regulation (EU) 2016/679 adopted on 27 April 2016 and relating to the protection of natural persons with regard to the processing of personal data and the free movement of such data, (hereinafter the "Regulation"). We are committed to the following principles:
- You are under no obligation to provide us with any personal data that we request from you. However, some of this data is required to access certain Services. Thus, if you choose not to provide us with such data, you may not have access to some of these Services; we collect and process your data only for the purposes that are described in this Policy or for specific purposes that we have informed you of and/or to which you have consented;
- we adopt the principle of minimizing the collection of personal data: that is, collecting only the personal data necessary for the processing and use envisaged, without collecting data unnecessarily;
- if any personal data we hold is no longer relevant to the processing of personal data by us, and there is no legal obligation to retain it, we will make every effort to delete, destroy or anonymize it.
What personal data do we collect?
We may collect the following categories of personal data directly:
- personal information, such as your last name, first name, age, e-mail address, mailing address and telephone number(s)
- demographic information, such as your gender
- information about your skin type (dry, combination, oily)
- browsing history, such as the pages visited, the date of the visit, the location of the visit, or the IP address
For what purpose do we collect your personal data?
We collect your personal data in order to create and offer you products and services that are relevant to you, to provide you with the best online experience and quality service and navigation. We may also need your personal data to comply with legal obligations or as part of the contractual relationship we have with you. When we collect and use your personal data for the purposes listed below or for any other purpose, we will inform you before or at the time of collection. Where necessary, we will seek your consent to process your personal data. If you have given your consent to process your personal data, you have the right to withdraw that consent at any time. Under no circumstances will the results of the use of our Services (e.g. calculation of stress levels) be communicated to a third party. This information remains completely confidential and anonymous.
When we process your personal data, you are entitled to a number of rights that you can exercise at any time. Below is an overview of these rights and what they mean for you.
The right to access your personal data and the right of rectification
It is important to us that the personal data we hold about you is accurate, up-to-date, complete, relevant and not misleading. To ensure that we meet this commitment, you have the right to access, correct or update your personal data at any time.
The right to portability of your data
You have the right to receive your personal data in a structured, commonly used and machine-readable format if we have processed your personal data on the following basis:
- you have given us your consent to process your personal data for a purpose or purposes that we have previously communicated to you
- we have processed your personal data in order to facilitate a business transaction, such as providing you with the products and/or services you order
The right to request the deletion of your personal data
You have the right to request the deletion of your personal data when:
- your personal data are no longer necessary for the purposes for which we collected them
- you withdraw the consent you previously gave us to process your personal data, provided there is no other legal basis for us to continue processing your personal data
- personal data are not legally processed
- your personal data must be deleted in order to comply with current legislation
If you wish to have your personal data erased, please let us know and we will take reasonable steps to comply with your request in accordance with legal requirements.
If the personal data we collect is no longer required for any purpose and there is no legal obligation for us to retain it, we will make every effort to delete, destroy or anonymize such data.
The right to limit the processing of your data
You have the right to request the restriction of the processing of your personal data when:
- You believe that the personal data we have about you is inaccurate
- Regarding personal data not legally processed, you prefer that we restrict their processing rather than delete them
- We no longer need your personal data for the purposes for which we collected it, but you need the data to establish, exercise or defend legal claims
- You have objected to the processing of your personal data and are waiting to find out whether your interests in relation to this objection prevail over the legitimate reasons pursued by COLLECTIF M
- If you wish to limit our processing of your personal data, please let us know and we will take reasonable steps to comply with your request in accordance with legal requirements.
The right to object to the processing of your personal data
You have the right to object to the processing of your personal data at any time. The right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint directly with a supervisory authority, such as the CNIL, about the way we process your personal data.
How do we protect your personal data?
We recognize the importance of the security of your personal information. We make every effort to protect your personal information from misuse, interference, damage, unauthorized access, alteration or disclosure. We have implemented numerous security measures to help protect your personal data. These include the use of access controls, firewalls, secure servers, and encryption of personal data.
Sharing your personal data
When we share your personal data with others, we ensure that we do so only with organizations that have strong security measures in place for your data and its storage and that comply with privacy laws on terms equivalent to those we follow. Your personal data will not be shared, sold, rented or disclosed for purposes other than those described in the Policy. We may, however, disclose your data for purposes other than those described in the Policy in cases where disclosure is required by law and government authorities.
International transfers of your data
Personal data may be processed outside the European Economic Area (EEA). If this is the case, COLLECTIF M will make every effort to ensure that this international transfer of data has an adequate level of security and guarantees. The safeguards we use to protect international data transfers include:
- model contractual clauses validated by the European Commission. These standard clauses provide a sufficient guarantee that the relevant levels of security required by the regulations on the protection of personal data, and in particular by the Regulation, will be respected (the aforementioned regulation and the Regulation being hereinafter referred to together as the "Regulation")
- through certification mechanisms that attest that third parties located outside the EEA process personal data in a manner consistent with the Regulation. These certifications must be approved by either the European Commission, the competent supervisory authority under the Regulation, or the national accreditation body designated under the Regulation.
Cookies and other technologies
- information about your device's browser and the operating system you are using
- the IP address of the device you are using
- the web pages you visit
- links you click while interacting with our services
Didn't find what you were looking for? Contact us! firstname.lastname@example.org