PRIVACY POLICY

This version of the Policy is dated 23/09/2018.

SUBJECT

This Policy is established by EXPENDO ORGANISATION, based at 1 rue Maryse Bastié, 18110 Pigny, with company number: 798 334 553 (hereinafter the ‘data controller’).

The aim of this Policy is to inform visitors to the website hosted at https://boutique.elysee.fr/ (hereinafter the ‘website’) of the way in which their data will be collected and processed by the data controller.

This Policy has been established to reflect the data controller’s commitment to acting transparently and in compliance with national regulations and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter the ‘General Data Protection Regulation’).

The data controller is particularly concerned by its users’ privacy and is committed to taking the reasonable required precautions to protect collected personal data against loss, theft, disclosure or unauthorised use.

‘Personal data’ is defined as all personal data that concerns the user, i.e. all information that may identify them directly or indirectly as a natural person.

If the user wishes to react to one of the practices described below, they may contact the data controller at the postal address or email address provided in the ‘contact details’ section of this Policy. 

.

WHAT KIND OF DATA DO WE COLLECT? 

What kind of data do we collect?

The data controller collects and processes the following personal data in accordance with terms and principles described below:

- domain (automatically detected by the data controller’s server), including dynamic IP address;
- email address, if revealed by the user, perhaps by sending messages or queries on the website, communicating with the data controller via email, taking part in discussion forums, accessing the restricted part of the website by logging in, etc.;
- all information regarding the pages the user has visited on the website;
- any information the user has provided voluntarily, e.g. via surveys and/or registration on the website, or by accessing the restricted part of the website by logging in.

The data controller may also need to collect non-personal data. This data is deemed non-personal data as it cannot identify an individual directly or indirectly. This data may be used for any purpose, e.g. to improve the website, the products or the services offered or for advertising purposes by the data controller.

Should non-personal data be combined with personal data so that the concerned individuals may be identified, this data will be processed as personal data, until it can no longer be used to identify individuals.

.

COLLECTION METHODS 

The data controller collects personal data through the following means:

- Web form (registration, contact, etc.)
- Contact through email
- Newsletter

.

PURPOSES OF PROCESSING 

Personal data is only collected and processed for the purposes mentioned below:

- to manage and monitor the execution of the services offered;
- to send and track orders and invoices;
- to send promotional information on the data controller’s products and services;
- to send promotional materials;
- to respond to the user’s queries;
- to gather statistics;
- to improve the quality of the website and/or the services offered by the data controller;
- to send information on the data controller’s new products and/or services;
- to carry out direct marketing activities;
- to get a better understanding of the user’s interests.

The data controller may need to carry out processing activities that have not yet been provided for in this Policy. In this case, they will contact the user before reusing their personal data to inform them of the changes and to offer them the opportunity, if applicable, to oppose this reuse.

.

LEGITIMATE INTEREST 

Some of the processing carried out by the data processor is founded on the legal basis of the data controller’s legitimate interest. This legitimate interest is proportionate to the respect of the user’s rights and freedoms. If the user would like to be informed of the details of the purposes founded on the legal basis of legitimate interest, they should contact the data controller (see ‘contact details’ section).

.

RETENTION PERIOD 

Generally, the data controller only keeps personal data for the period deemed reasonably necessary for the purposes established and in accordance with legal and regulatory requirements.

The customer’s personal data will be retained for a maximum of 10 years after the end of the contractual relationship between the customer and the data controller.

After this retention period, the data controller must ensure that the personal data has been made unavailable and inaccessible.

.

APPLICATION OF RIGHTS

The data controller reserves the right to verify the user’s identity in order to apply the rights detailed below.

This request for extra information will be made within a month of the user’s request.

.

ACCESS TO DATA AND COPIES

The user may obtain a written communication or copy of the personal data collected that concerns them free of charge.

The data controller may request payment of the reasonable fees based on administrative costs for any extra copy requested by the user.
When the user makes this request electronically, the information will be provided in a commonly used electronic format, unless the user requests otherwise.

Unless an exception is provided for by the General Data Protection Regulation, the copy of the data will be sent to the user within a month of the request being received.

RIGHT TO RECTIFICATION

The user may request the rectification of their personal data if it is inaccurate, incomplete or irrelevant, or completion of their personal data if it is incomplete. This will be carried out as soon as possible and within a month at the latest.

Unless an exception is provided for by the General Data Protection Regulation, any request to apply the right to rectification will be processed within a month of when it is submitted.

.

RIGHT TO OBJECT TO DATA PROCESSING

At any time and for reasons relating to their particular situation, the user may freely object to the processing of their personal data, when:

the processing is required for the execution of a public interest activity or to exercise the public authority vested in the data controller;
the processing is required due to the legitimate interest pursued by the data controller or a third party, unless the interests, freedoms and fundamental rights of the concerned party prevail and require the personal data to be protected (especially when the concerned party is a child).

The data controller may refuse to apply the user’s right to object if they can prove the existence of a pressing, legitimate reason that justifies the processing and prevails over the user’s interests, rights and freedoms, or if they need to record, exercise or defend a legal claim. In the case of a dispute, the user may make an appeal in accordance with the ‘Claims and complaints’ section of this Policy.

The user may also object to the processing of their personal data, at any time, without justification and free of charge, when this data is collected for direct marketing purposes (including profiling).

When personal data is processed for scientific or historical research purposes or for statistical purposes in accordance with the General Data Protection Regulation, the user may object to the processing of personal data concerning them for reasons relating to their particular situation, unless the processing is required for the execution of a public interest activity.

Unless an exception is provided for by the General Data Protection Regulation, the data controller is required to respond to the user’s request as soon as possible and within a month of the request and to provide reasons if they do not plan to follow up on the request.

.

RIGHT TO RESTRICT PROCESSING

The user may restrict the processing of their personal data in the following cases:

- when the user contests the accuracy of some data, only for the period in which the data controller is in control of the data;
- when the processing is illegal and the user would prefer to restrict the processing than to have their data erased;
- when, although the data is no longer needed for the processing purposes, the user needs it to record, exercise or defend a legal claim;
- for the time necessary for the legitimacy of an objection request from the user to be examined. In other words: the time the data controller requires to weigh up their own legitimate interests against those of the user.

The data controller will inform the user when the processing restriction has been lifted.

.

RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN)

The user may have their personal data erased for any of the following reasons:
- the data is no longer necessary for the processing purposes;
- the user has revoked their consent to their data being processed and there is no other legal basis to the processing;
- the user objects to the processing and there is no pressing reason for the processing and/or the user exercises their specific right to object to direct marketing (including profiling);
- the personal data has been processed illegally;
- the personal data must be erased to comply with a legal obligation (according to European Union law or the member state’s law to which the data controller is subject);
- the personal data was collected within the framework of providing information society services aimed at children.

However, data shall not be erased in the following cases:

- when the processing is necessary for exercising the right to freedom of expression or freedom of information;
- when the processing is necessary to comply with a legal obligation that necessitates processing provided for by European Union law or the member state’s law to which the data controller is subject, or for the execution of a public interest activity or to exercise the public authority vested in the data controller;
- when the processing is necessary for public interest reasons relating to public health;
- when the processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, provided always that the right to erasure may seriously compromise the achievement of the processing aims in question or render it entirely impossible;
- when the processing is needed to record, exercise or defend a legal claim.

Unless an exception is provided for by the General Data Protection Regulation, the data controller is required to respond to the user’s request as soon as possible and within a month of the request and to provide reasons if they do not plan to follow up on the request.

.

RIGHT TO DATA PORTABILITY

At any time and free of charge, the user may request to receive their personal data in a structured, widely used and machine-readable format, especially with a view to passing it on to another data controller, when:

- the data processing is carried out through automated procedures; and when
- the processing is based on the user’s consent or on a contract entered into by the user and the data controller.

In the same conditions and under the same terms, the user has the right to have the data controller pass on their personal data directly to another data controller, as far as this is technically possible.

The right to data portability does not apply to processing required for the execution of a public interest activity or to exercise the public authority vested in the data controller.

.

RECIPIENTS OF DATA AND TRANSFER TO THIRD PARTIES

The recipients of the collected and processed data are – other than the data controller, the data controller’s employees and other subcontractors – the data controller’s carefully selected commercial partners, based in Belgium or elsewhere in the European Union, who collaborate with the data controller within the framework of selling products or providing services.

Should the data be passed on to third parties for direct marketing or market research purposes, the user will be informed of this beforehand, so that they can choose whether or not to accept the transfer of their data to third parties.

When this transfer is based on user consent, the user may revoke their consent to this specific purpose at any time.

The data controller will respect the legal and regulatory provisions in force and will always ensure that their partners, employees, subcontractors and other third parties with access to this personal data respect this Policy.

The data controller will disclose the user’s personal data if a law, a legal procedure or an order from a public authority makes this disclosure necessary.

The data controller will not transfer personal data outside of the European Union.

.

SECURITY

The data controller has implemented the appropriate technical and organisational measures to guarantee the security of the processing of the collected data in terms of the risks presented by the processing and the nature of the data to be protected, at a level that is adapted to the risk itself. The data controller will analyse the state of knowledge, the implementation costs and the nature, reach, context and purposes of the processing, as well as the risks posed to users’ rights and liberties.

The data controller will always use the encryption technologies recognised as the industrial standard within the IT sector when they receive or transfer data on their website.

The data controller has implemented the appropriate security measures to protect the data and prevent the loss, misuse or alteration of information received on the website.

Should the personal data controlled by the data controller be compromised, the data controller will act swiftly to identify the cause of the breach and implement the appropriate solutions.

The data controller will inform the user of this incident, if the law so requires.

.

CLAIMS AND COMPLAINTS

If the user wishes to react to one of the practices described in this Policy, they may contact the data controller directly.

The user may also lodge a complaint with their national data protection authority, the details of which are provided on the official European Commission website: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

The user may also file a complaint with the national competent court.

Data protection officer

The data controller’s data protection officer is DPO 101.

The data protection officer’s details are as follows: 66 avenue des champs elysées, vosdroits@dpo101.fr.

Contact details

For any questions or claims regarding this Policy, the user may contact the data controller:

Via email: contact@boutique.elysee.fr.
By post: Expendo Organisation - Boutique de la Présidence de la République - 1 Rue Maryse Bastié, 18110 Pigny, France. 

.

MODIFICATION

The data controller reserves the right to modify the provisions of this Policy at any time. The modifications will be published directly on the data controller’s website.

.

APPLICABLE LAW AND COMPETENT COURT

This Policy is governed by the national law of the data controller’s main headquarters.

Any dispute arising from the interpretation or execution of this Policy will be submitted to the jurisdiction of this national law.


COOKIES POLICY

SUBJECT

This Policy is established by EXPENDO ORGANISATION, the company that publishes the website https://boutique.elysee.fr/  (hereinafter the ‘website’), with registered office at 1 rue Maryse Bastié 18110 Pigny and company number: Company number: 798 334 553.

EXPENDO ORGANISATION (hereinafter ‘we’, ‘us’, ‘our) strives to offer you the best possible service and hopes to preserve your trust in our company by informing you of our cookie use and storage policy.

.

WHAT IS A COOKIE?

A cookie is a small text file issued by the server of the website you are visiting and left on your computer’s or your mobile device’s hard drive.


Each cookie contains a unique code that allows the issuer to recognise the device concerned (your computer or mobile device) every time you visit the website.


The cookie identifies your device’s browser but never you personally. Furthermore, the website’s server can only read the cookies it placed on your device, and does not have access to any other information on your computer or mobile device.


Cookies may either be placed by the server of the website you are visiting (first-party cookies) or by partners with which the website collaborates (third-party cookies).

COOKIE LIFETIME

Some cookies expire when you close your browser (session cookies), while others remain on your device for longer, sometimes until you delete them manually (permanent cookies).


Generally, cookies have a limited lifetime. The most common lifetime is 30 days, while the maximum is 13 months starting from the day the cookie is left on your device.

.

GENERAL PURPOSE OF COOKIES

The main aim is to ensure a more efficient, quicker browsing experience (for example, the cookie will remember the language you choose, will identify you when you access your account, etc.). Cookies memorise your preferences and thus accelerate and facilitate your access to the website.
They also help us to understand how you browse our website.
Furthermore, they can make the content of a website or the advertising displayed on the website more relevant to you. The website thus adapts to your personal tastes and needs.

.

COOKIE MANAGEMENT

To place certain cookies on your device, we need your prior explicit consent. We obtain your consent through the banner on the website’s home page.

Furthermore, most browsers use cookies. You can also delete these cookies or prevent their installation at any time free of charge, by adjusting the settings of your browser software. Each browser is configured differently. Each procedure is described in your browser’s help menu. To find out how to configure your browser, use the following links:

Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Chrome: https://support.google.com/chrome/answer/95647?hl=en
Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

Even if you do not agree to the use of cookies, you will still be able to access our website. However, some functionalities will be limited or even impossible.

.

TYPES OF COOKIES

a. Technical cookies

These cookies, which only contain your IP address, are essential for you to visit the website.
They are used for:
- allowing you to surf the various pages of the website and use its functionalities;
- allowing you to fill in forms;
- checking your identity when you access your personal data;
- securing access to the website.
These cookies do not require your consent, as they are required for you to access the website.

.

b. Functional cookies


These cookies analyse how our website is running and help it to run smoothly. They make your browsing experience more pleasant and personalised.
They are used to:
- help us personalise our services (language, currency, location, browsing data, etc.);
- remember your choices from previous visits;
- collect information from online forms;
- collect statistics;
- analyse use of the website.
Like technical cookies, these are used to improve your browsing experience and do not require your consent.

.
c. Advertising cookies

These cookies give us indications regarding your browsing habits and allow us to adapt advertising content on our website to your interests.


Based on these cookies, we can analyse the effectiveness of advertising campaigns, especially by identifying the steps you take after clicking on one of these advertising banners. Furthermore, based on location data, we can adapt the advertising displayed to you so that it is relevant to the opportunities around where you are.
These advertising cookies may also be used to send you targeted advertising messages through technologies that pair up data according to the websites you have visited.


The information we collect and share only identify your device.
Your consent is required for these cookies. We ask you for your consent when you visit our website.

.
d. Analytics or performance cookies

These cookies are used to collected information on the way in which you browse our website. They allow us to measure the audience of various sections and content on our website, so that we can improve them.
Thanks to these cookies, we can detect browsing problems and make the website more user-friendly.
This data is amassed together and completely anonymised.
We require your consent for these cookies.
e. Social media cookies

‘Social media’ cookies share the content you wish to share via dedicated buttons that belong to social networks. When you use these buttons, a third-party cookie is installed on your device and, if you are logged in to a social network, this information will be added to your profile.
For these cookies, it is wise to check on each social network how data is collected and used.
These cookies also require your consent.
- Facebook: https://www.facebook.com/policies/cookies/
- Twitter: https://help.twitter.com/en/safety-and-security/twitter-do-not-track
- Google: https://support.google.com/accounts/answer/61416?hl=en
- Instagram: https://help.instagram.com/1896641480634370

.

f. Third-party cookies

These cookies are placed on our website by third parties, then on your device. We have no control over these cookies. To find out more about them, please consult the information provided by these third-party sites on their own cookies.

.

YOUR DATA PROCESSING RIGHTS

Cookies that process personal data are subject to data protection regulations. For this reason, you may exercise certain rights (right of access, right to rectification, right to object, right to withdraw consent, etc.).

Please refer to our Privacy Policy (detailed at the start of the page), which includes details of your rights and the conditions in which they apply.

.

CONTACT

Via email: contact@boutique.elysee.fr.
By post: Expendo Organisation - Boutique de la Présidence de la République - 1 Rue Maryse Bastié, 18110 Pigny, France. 

.

MODIFICATION

We reserve the right to modify the provisions of this Policy at any time. We will publish the modifications directly on our website.

.

APPLICABLE LAW AND COMPETENT COURT

This Policy is governed by the national law of our main headquarters, detailed above.

Any dispute arising from the interpretation or execution of this Policy will be submitted to the jurisdiction of this national law.