Privacy Policy

ARTICLE 1 – PERSONAL INFORMATION COLLECTED

When you make a purchase on our store, as part of our buying and selling process, we collect the personal information you give us such as your name, address, phone number and email address. .

The collection of this data is for the proper processing of your order, and cannot subsequently be subject to processing incompatible with this purpose.

We only collect adequate, relevant and limited data to what is necessary for the purposes of processing and nothing more for the sake of data minimization.

These data are processed with accuracy and in strict compliance with the principles of lawfulness, fairness and transparency.

The retention period of this data will be limited to 36 months in a form allowing the identification of the persons concerned.

When you browse our store, we also automatically receive the Internet Protocol address (IP address) of your computer, which allows us to obtain more details about the browser and operating system you are using.

Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.

ARTICLE 2 – CONSENT

How do you get my consent?

When you provide us with your personal information to complete a transaction, verify your credit card, place an order, schedule a delivery or return a purchase, we assume that you consent to our collecting your information and using it to this end only.

If we ask you to provide us with your personal information for another reason, such as for marketing purposes, we will ask you directly for your express consent, or we will give you the opportunity to refuse.

How can I withdraw my consent?

If after giving us your consent, you change your mind and no longer consent to us contacting you, collecting your information or disclosing it, you may notify us by contacting us at service.client@candysan.com


ARTICLE 3 – DISCLOSURE

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.


ARTICLE 4 – SHOPIFY

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our services and products to you.

Your data is stored in Shopify's data storage system and databases, and in the general Shopify application. Your data is stored on a secure server protected by a firewall.

Payment :

If you make your purchase through a direct payment gateway, then Shopify will store your credit card information. This information is encrypted in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). Information relating to your purchase transaction is kept for as long as necessary to finalize your order. Once your order is finalized, the information relating to the purchase transaction is deleted.

All direct payment gateways are PCI-DSS compliant, managed by the PCI Security Standards Council, which is a joint effort of companies such as Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card data by our store and its service providers.

For more information, please see Shopify's Terms of Service here or Privacy Policy here.


ARTICLE 5 – SERVICES PROVIDED BY THIRD PARTIES

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we are required to provide to them for your purchase transactions.

With respect to these providers, we recommend that you read their privacy policies carefully so that you can understand how they will treat your personal information.

Please keep in mind that some providers may be located or have facilities located in a jurisdiction different from yours or ours. So if you decide to proceed with a transaction that requires the services of a third-party provider, then your information may be governed by the laws of the jurisdiction in which that provider is located or those of the jurisdiction in which its facilities are located.

For example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, the information belonging to you that was used to complete the transaction may be subject to disclosure under the laws of the United States. United States, including the Patriot Act.

Once you leave our store's website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or the Terms of Service. Use of our website.

Connections

You may be required to leave our website by clicking on certain links on our site. We assume no responsibility for the privacy practices exercised by these other sites and recommend that you read their privacy policies carefully.


ARTICLE 6 – SECURITY

Your data is treated with integrity and confidentiality.

To protect your personal data, we take reasonable precautions and follow industry best technical and organizational practices to ensure that it is not lost, misused, accessed, disclosed, altered or destroyed inappropriately.

If you provide us with your credit card information, it will be encrypted using the SSL security protocol and stored with AES-256 type encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

COOKIES

Here is a list of cookies we use. We have listed them here for you to choose whether you want to allow them or not.

_session_id, unique session identifier, allows Shopify to store information about your session (referrer, landing page, etc.).

_shopify_visit, no data held, persists for 30 minutes from the last visit. Used by our website provider's internal statistics tracking system to record the number of visits.

_shopify_uniq, no data held, expires at midnight (depending on visitor location) the following day. Calculates the number of visits to a store per unique customer.

cart, unique identifier, persists for 2 weeks, stores your shopping cart information.

_secure_session_id, unique session identifier

storefront_digest, unique identifier, undefined if the store has a password, it is used to know if the current visitor has access.


ARTICLE 7 – AGE OF CONSENT

By using this site, you represent that you are at least the age of majority in your state or province of residence, and that you have given us your consent to allow any minor in your charge to use this website.


ARTICLE 8 – CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon posting to the website. If we make any changes to the content of this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances we disclose it. there is reason to do so.

If our store is acquired by or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

QUESTIONS AND CONTACT INFORMATION

If you wish to access, correct, amend or delete any personal information we have about you, lodge a complaint, or simply wish to have more information, contact our Data Protection Officer at service. customer@candysan.com.


In the event of a problem with this data, you can lodge an appeal with the CNIL (3 place de Fontenoy, 75007 PARIS) as part of your right of opposition. You also have the option of contacting the CNIL without contacting us first.