1 – Parties to the present act
Between the following parties: 1° The Company ARTEFACTS.ONLINE MAIASAURA, a single shareholder company (SASU) with a capital of 100 Euros, registered in the Bobigny Trade and Companies Register under the number 882 275 282, whose office is located at 93 Avenue de Verdun 93230 Romainville, with the VAT number FR50882275282. Hereinafter referred to as the "Data Manager", on one side, and 2° Any individual browsing the Data Manager's website; Hereinafter referred to as the "Individual Concerned", on the other side, the following has been stated and agreed upon :
2 – Purpose
3 – Definitions
Control Authority designates the Commission Nationale de l'Informatique et des Libertés (CNIL), the French independent public authority for the regulation of Data protection ;
Consent designates any voluntary, specific, informed and unambiguous expression of will by which the Individual Concerned accepts, by declaration or by clear positive action, that Data relating to him or her may be Processed by the Controller.
Cookie designates a file allowing to trace the path of the Individual Concerned on the Site.
Recipient designates any individual or legal entity, public authority, service or other entity that receives communication of the Data, whether or not it is a Third Party. However, public authorities that are likely to receive communication of the Data, in particular within the framework of an investigation, are not considered as Recipients within the meaning of the present definition.
Data designates any information relating to the Individual Concerned.
File designates any structured set of Data accessible according to determined criteria, whether this set is centralized, decentralized or distributed in a functional or geographical manner.
Legislation designates all laws and regulations relating to Data protection, and in particular the European Regulation n°2016/679 and the law n°78-17.
Browsing designates the consultation, knowledge, order and/or purchase of Products on the Site by the Individual Concerned.
Individual Concerned designates any person who browses the Site, when he or she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity.
Products designates the products offered for sale on the Site by the Data Manager to the Individual Concerned.
Pseudonymization designates the processing of Data in such a way that it can no longer be attributed to the Individual Concerned without additional information.
Data Manager designates the single shareholder company ARTEFACTS.ONLINE MAIASAURA, with a capital of 100 Euros, registered in the Trade and Companies Register of Bobigny under the number 882 275 282, whose office is located at 93 Avenue de Verdun 93230 Romainville, and with the VAT number FR50882275282, which alone or jointly with others, determines the purposes and means of the Processing.
Site designates the infrastructure developed by the Data Manager in accordance with the computer formats usable on the Internet, comprising data of various kinds, notably text, sound, still or animated images, videos, and databases, intended to be consulted by the Individual Concerned in order to learn about, reserve, order and/or purchase Products (www.maiasaura.ca).
Subcontractor designates any individual or legal entity, public authority, department or other entity other than the Data Manager that processes Data on behalf of the Data Manager.
Third party designates any individual or legal entity, public authority, agency or other entity other than the Data Manager, the Subcontractor, and those persons who, under the direct authority of the Data Manager or the Subcontractor, are authorized to process the Data, in particular tour operators, travel agencies, and reservation systems.
Processing designates any operation or set of operations, whether or not carried out by automated processes, applied to Data or sets of Data, such as limitation, erasure or destruction.
4 – Principles of processing
In accordance with the Legislation, the Data Manager undertakes to respect the following principles in all Processing :
Limitation of purposes;
Limitation of Conservation;
5 – Processed data
In the context of Browsing, the Data Manager is required to collect and process a certain amount of Data, and in particular:
Personal information (surname, first name, gender, postal address, email address, telephone number, date of birth, age, date of subscription and unsubscription to the customer account and to the Data Manager's newsletter, messages exchanged with the Data Manager, telephone conversations with the Data Manager's customer service)
Banking information (payment method, credit card number)
Order information (product(s) ordered, delivery address, delivery tracking number, order price)
Technical information (browsing behavior on the Site, IP address, products added to the shopping cart, request for consent).
6 – Processing context
Data may be collected and processed by the Data Manager on various occasions, including :
Purchasing Products on the Site
Contacting the Data Manager
Subscribing to the newsletter
Creating a referral link
Creating a customer account
Browsing the Site.
7 – Processing details
Purpose of Processing
Legal basis for processing
Duration of Data Retention
Management of product purchases and deliveries
First name, surname, email address, postal address, telephone number, delivery address, order placed, delivery tracking number, date of subscription and unsubscription, payment method, credit card number
Contract, legal obligation and legitimate interest of the Data Manager to establish, exercise and defend his rights in court
10 years from the purchase of the product EXCEPT 15 months from the purchase of the product for the banking data (the visual cryptogram is immediately deleted)
Creation and management of customer accounts
First name, surname, email address, postal address, telephone number, date of creation of customer account, date of deletion of customer account, consent request
Consent of the Individual concerned, legitimate interest of the Data Manager to create a customer account following the purchase of a product by the Individual concerned
3 years from the last time the Individual concerned logs on to his/her customer account OR immediately upon deletion of his/her customer account
Commercial relationship management and development
First name, surname, email address, mailing address, phone number, purchase history, consent request
Consent of the Individual concerned and legitimate interest of the Data Manager to promote its Products
3 years from the last contact by the Individual concerned or from the end of the commercial relationship
Email address, surname, first name, phone number, consent request
Consent of the Individual concerned
Securing and improving the Site
IP address, Browsing data
Legitimate interest of the Data Manager to improve the Site and to manage the Site, to secure and administer the Site, to prevent fraud and malicious acts.
Complaints management Site statistics and personalized advertising
First name, surname, email address, postal address, telephone number, IP address, browsing data, consent request
Consent of the Individual concerned and its Products and customer service.
3 years from the last contact
Email address, first name and surname, consent request
Consent of the Individual Concerned
3 years after the sponsorship link request
The Data Manager reserves the right to anonymize the Data being Processed before deleting it, and the anonymized data may then be Processed for statistical purposes.
8 – Recipient of the Data
In principle, the Data Manager is the sole Recipient of the Data. However, the Data Manager may transfer the Data to other Recipients, in particular within the framework of the management of the purchases of Products by the Individual Concerned, and/or to any public authority which would request it, in particular within the framework of an investigation. The following Recipients may be required to process your data, as Subcontractors, on behalf of the Data Manager:
FACEBOOK FRANCE SARLU with a capital of 4 950 000 € RCS Paris 630 085 802 Head office: 6 rue Menars, 75002 Paris
GOOGLE FRANCE SARLU with a capital of 7 500€ RCS Paris 443 061 841 Head office: 8 rue de Londres, 75009 Paris
TWITTER FRANCE SASU with a capital of 37 000€ RCS Paris 789 305 596 Head office: 10 rue de la Paix, 75002 Paris
LA POSTE SA with a capital of 3 800 000 000€ RCS Paris 356 000 000 Head office: 9 rue du Colonel Pierra Avia, 75015 Paris
STRIPE FRANCE SARLU with a capital of 1 000€ RCS Paris 807 572 011 Head office: 10 Boulevard Haussmann, 75009 Paris
SNAP GROUP SASU with a capital of 100€ RCS Paris 820 920 056 Head office : 16 rue de la Rochefoucauld, 75009 Paris
KLAVIYO, INC. Incorporated company in the USA : 125 Summer St, Floor 6 Boston, MA 02111 United States
SHOPIFY INTERNATIONAL LIMITED. Attn: Data Protection Officer. c/o Intertrust Ireland: 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland
JUDGE.ME Ltd, C/O Buckworths 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB
This list of the Data Manager's Subcontractors may change at any time. The Data Manager undertakes to require from its Subcontractors sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing meets the legal and regulatory requirements and guarantees the protection of the rights of the Individual concerned, in particular in the event of transfer of the Data outside the European Union. In addition, the Data Manager may disclose to any Recipient or Third Party the Data that is subject to Processing when a legal obligation to do so exists or when the Data Manager considers in good faith that this is necessary to :
Enforce any contract to which the Individual Concerned is made party.
Safeguard the vital interests of any individual.
Carry out a mission of public interest.
9 – Rights of the Individual Concerned on the data
The Individual concerned has a certain number of rights on the Data that he or she can assert, except for applicable legislative or regulatory exceptions, by making a request to the Data Manager at the following address :
MAIASAURA - 93 AVENUE DE VERDUN 93230 ROMAINVILLE - firstname.lastname@example.org
The Data Manager will assist the Individual Concerned in exercising his/her rights to the Data. In case of reasonable doubt as to the identity of the Individual concerned making a request to exercise his/her rights to the Data, the Data Manager may request that a copy of an official identity document be attached to the request. Requests will be processed as soon as possible and at the latest in accordance with the deadlines established by the Legislation.
9.1 – Right to access
The Individual Concerned has the right to obtain from the Data Manager confirmation as to whether or not Data are being processed and, where they are, access to such Data as well as the following information :
The purposes of the processing
The categories of Data
The Recipients or categories of Recipients to whom the Data have been or will be communicated, in particular Recipients who are established in other countries or international organizations.
When possible, the length of time the Data will be retained or, when not possible, the criteria used to determine that length of time.
The existence of the right to request from the Data Manager the rectification or erasure of Data, or a limitation of the processing of Data, or the right to object to such processing.
The right to file a complaint with a Control Authority.
When Data is not collected from the Individual concerned, any available information as to its source
The existence of automated decision-making, including profiling, and, at least in such cases, useful information about the underlying logic and the significance and intended consequences of such processing for the Individual concerned.
The Data Manager shall provide a copy of the Data being Processed and reserves the right, in consideration of the provision of such copy, to the payment of a reasonable fee based on administrative costs for any additional copies requested by the Individual Concerned.
9.2 – Right to erasure and rectification
The Individual Concerned has the right to obtain from the Data Manager the rectification and/or erasure of inaccurate or obsolete Data as soon as possible unless the contrary situation prevents the exercise of this right, and in particular :
Exercising the right to freedom of expression and information.
Compliance with a legal obligation.
The public interest in the field of public health, archives, scientific or historical research or statistics.
The establishment, enforcement or defense of legal claims.
9.3 – Right to object
The Individual concerned has the right to object at any time, on grounds relating to his or her particular situation, to the Processing of Data based on the performance of a task in the public interest or the necessity of the legitimate interest of the Data Manager.
In this case, the Data Manager undertakes not to process the Data any further, unless it can demonstrate compelling legitimate grounds for the Processing that override the interests and rights and freedoms of the Individual concerned, or for the establishment, exercise or defence of legal claims. Furthermore, the Individual Concerned has the right to object at any time to the Processing of Data carried out for the purpose of canvassing by the Data Manager, insofar as the Individual concerned is linked to such canvassing.
Finally, where Data are processed for scientific or historical research or statistical purposes, the Individual Concerned has the right to object, on grounds relating to his or her particular situation, to the processing of the Data, unless the Processing is necessary for the performance of a task in the public interest.
9.4 – Right to limitation
The Individual Concerned has the right to obtain the limitation of Data Processing from the Data Manager when :
The accuracy of the Personal Data is contested by the Individual Concerned, for a period of time that allows the Data Manager to verify the accuracy of the Data.
The Processing is unlawful and the Individual Concerned objects to the erasure of the Data and demands instead the restriction of its use.
The Data Manager no longer needs the Data for the purposes of Processing, but the Data is still necessary for the Individual Concerned to establish, exercise or defend legal claims.
The Individual Concerned has objected to the Processing in accordance with Article 9.3, during the verification of whether the legitimate reasons pursued by the Data Manager prevail over those of the Individual Concerned.
The Individual Concerned who has obtained the Data Processing limitation shall be informed by the Data Manager before the Processing limitation is lifted.
9.5 – Right to data portability
The Individual Concerned has the right to receive the Data he or she has provided to the Data Manager, in a structured, commonly used and machine-readable format, and has the right to transmit such Data to another Data Manager without the Data Manager's interference, where :
The Processing is based on the Consent of the Individual Concerned or on the performance of a contract to which the Individual Concerned is party ;
The Processing is carried out using automated processes.
The Individual Concerned, when exercising his or her right to Data portability, has the right to have the Data transferred directly from the Data Manager to another Data Manager, where technically possible.
9.6 – Right to file a complaint with the Control Authority
The Individual Concerned has the right to lodge a complaint with the Control Authority if he/she considers that he/she has been subjected to unlawful Processing of Data by the Data Manager.
9.7 – Right to define directives on the handling of data
The Individual Concerned has the right to define directives with the Data Manager on the handling of his or her Data after his or her death. The Data Manager will use all technical means to ensure that this wish is respected.
10 – Data security
The Data Manager takes appropriate technical and organizational measures to protect Data against destruction, loss, alteration, misuse and unauthorized access, modification or disclosure, whether such actions are intentional or accidental.
These technical and organizational measures are intended to ensure the confidentiality, integrity, availability and resilience of the Site and the information systems where the Files are stored.
In order to secure the Individual's browsing, the Site is SSL (Secure Socket Layer) encrypted.
13 – Cookie management
When browsing the Site, the Individual Concerned is led to consent to the installation of Cookies on his/her computer terminal.
Generally speaking, Cookies record information relating to the browsing of computers on the Site (the pages consulted, the date and time of the consultation, etc.), information that may be read during the Individual’s subsequent visits to the Site with transmission of the Data to the Data Manager. The installation of these Cookies requires the consent of the Individual Concerned.
Some Cookies are essential to the proper functioning of the Site and do not require the consent of the Individual Concerned before their installation.
The Individual Concerned may refuse to give his/her consent to the installation of non-functional Cookies, withdraw his/her consent and/or set the parameters of the Cookies at any time by using the Data Manager's Cookies manager below or by configuring his browser as follows :
For Mozilla Firefox :
Choose the menu «Firefox» then «Preferences»
Click on the «Privacy & Security» tab
Locate the «Cookie» menu and select the options that suit you
For Microsoft Internet Explorer 6.0 :
Select the «Tools» menu, then «Internet Options». Click on the «Confidentiality» tab
Select the desired level with the cursor.
For Microsoft Internet Explorer 5 :
Choose the «Preferences» or «Tools» menu, then «Internet Options». Click on the «Privacy» tab
Customize the level using the slider
For Netscape 6.X and 7. X :
Choose the menu «Edit» > «Preferences» > «Privacy and Security
» > «Cookie»
For Opera 6.0 and above :
Choose the menu «File» > «Preferences» > «Privacy».