1. Definition and nature of personal data
As a result of your use of the website www.twicpics.com (hereinafter referred to as the "Website"), we may require you to provide us with your personal data, so that you have the possibility to use the services provided through the Website.
The word "personal data" means any data that enables a person to be identified, which includes your family name, first name, email address, telephone numbers, date of birth, data relating to your transactions on the Website, detail of your orders and subscriptions, bank card number, as well as any other information about you that you choose to provide us with.
In this regard, we inform you that we collect and process your personal data in compliance with the French law N° 78-17 dated 6th January 1978 on Information Technology, Data Files and Civil Liberties (hereinafter referred to as the “French Data Protection Act”), as well as the regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 as from its entry into force, namely 25th May, 2018 (hereinafter referred to as the “GDPR”).
3. Identity of the entity responsible for collecting data
The entity responsible for collecting and processing your personal data is the company TWICPICS, a French Simplified Joint Stock company (“société par actions simplifiée”) registered with the Registry of Trade and Companies of Paris under the number 840 701 767, whose head office is located at 10, rue de Penthièvre – 75008 Paris - FRANCE (hereinafter referred to as "us" or "we").
4. Data Protection Officer (DPO)
We have appointed a data protection officer, who can be contacted at the following address: email@example.com.
5. Collecting personal data
The legal basis of our processing of your personal data is the following:
(i) The legitimate interest resulting from your voluntary provision of your personal data when visiting the Website and/or requiring information on our services, as these data are aimed at enabling us to better answer to your information requests about our Services;
(ii) Your consent to our use of social network cookies, advertising cookies and Google Analytics cookies, as set forth in article “Cookies”;
(iii) Processing is necessary for the performance of the contract to which you are party for purposes of using our services on our Website.
Your personal data is processed to meet one or several of the following requirements:
(i) To manage your access to the services provided through the Website and their use, as well as your authentication when accessing the services;
(ii) To carry out operations necessary for the management of customers with regard to the contracts, orders, deliveries, invoices, fidelity programs, follow-up of the customer relations;
(iii) To constitute a file of registered members, users, customers and prospects;
(iv) To send newsletters, entreaties and promotional advertisements. In case you do not wish so, you have the possibility to opt-out of receiving such communications when your data are collected;
(v) To provide commercial and service use statistics;
(vi) To organize promotional games, sweepstakes or any promotional operation, excluding gambling and online gambling, that are subject to the approval of the Regulatory Authority of Online Games;
(vii) To manage customer’s opinions on products, services or contents;
(viii) To manage unpaid invoices and possible disputes about the use of our products and services;
(ix) To customize our answers to your information requests;
(x) To respect our legal and regulatory requirements.
We inform you, when collecting your personal data, whether some of these data are mandatory or optional. Mandatory data are necessary for the provision of the services. You are free to provide or not these optional data. We will also inform you of the possible consequences of failure to reply.
We also inform you that we may process indirectly your data, where appropriate, from agents who subscribed to our services on your behalf and who has provided us with your personal data.
6. Recipients of the collected data
The only persons who have the right to access to your personal data are our personnel, the services in charge of control (including external auditor) and our subcontractors.
We may also give access to your personal data to government agencies, for the sole purposes of meeting legal requirements, or to representatives of the law, ministerial officers and organizations responsible for the collection of debts.
7. Transfer / sale of personal data
Your personal data will not be exchanged with, transferred or rented to any third party.
Besides, we also inform you that we may share with or disclose to third-parties your data in an anonymized form so that you may not be identified, for statistical purposes (e.g.: number of users, average number of user contacts, percentage of provided cards, number of active users).
8. Personal data storage period
(i) Data concerning current and potential customer management:
Your personal data shall be stored no longer than the time strictly necessary for the management of our commercial relations with you. However, any data which may be required as evidence for the existence of a right or a contract and that must be stored in compliance with a legal obligation shall be so for the period stated by the legislation currently in force.
With regard to possible promotional operations towards customers, their data may be stored for a period of 3 (three) years from the end of the commercial relations with them.
Personal data relating to potential customers may be stored for a period of 3 (three) years from their collection or the last contact from the potential customer.
Beyond that three-year period, we may contact you again to find out if you still wish to receive commercial solicitations.
(ii) Identity documents:
When exercising your right of access or correction, data relating to identity documents may be stored for the time limit provided for in article 9 of the French Criminal Procedure Code, namely one year. When exercising your right to object, these data may be archived for the limitation period provided for in article 8 of the French Criminal Procedure Code, namely 3 (three) years.
(iii) Bank card data:
Financial transactions regarding payment of purchases and fees through the Website are entrusted to Stripe, a payment service provider who is responsible for ensuring their proper application and their security.
For purposes of the services, this payment service provider may be recipient of your personal data concerning your bank card numbers, that this provider collects, processes and stores on our behalf.
We do not have access to these data.
Data concerning your bank cards are stored for the period you are registered on the Website and at least until the end of your subscription.
By checking the checkbox provided on the Website to this end, you expressly consent to this storage.
Data relating to the visual cryptogram or CVV2 on the back of your bank card are not stored.
In any event, these data may be stored as intermediary archives, for evidence purposes in case of possible challenges to the transaction, for the period provided for in article L.133-24 of the French Monetary and Financial Code, namely 13 (thirteen) months from the debit date. This period may be extended to 15 (fifteen) months, in order to take into account a possible use of delayed debit card.
(iv) Management of opt-out systems:
All information taking into account your right to object shall be stored for at least 3 (three) years from the exercise of this right.
The term of storage of the cookies set forth in article “Cookies” is 13 (thirteen) months.
We inform you that we take all necessary precautions, as well as all appropriate organizational and technical measures, to maintain the security, the integrity and the confidentiality of your personal data, including to prevent that they be distorted or damaged and that any unauthorized third-party access to them. We also use secured payment systems consistent with the state of the art and applicable regulations.
We inform you that your personal data are stored, for the term set forth above, on the servers of the company Amazon Web Services, located in Paris in the European Union.
Your personal data shall not be transferred outside the European Union within the use of our services, except for Google Analytics and Intercom, which may transfer your data to the United-States.
Google LLC and Intercom Inc. have joined the Privacy Shield, which has been deemed adequate to enable data transfers under EU law by the European Commission on July 12, 2016 (see the adequacy determination). To learn more about the guarantees that it provides, please visit the Privacy Shield website.
Cookies are often encrypted small lines of text that are stored in your web browser. They are created when a user’s browser is loading one website: this website sends information to the browser which creates a text file. Each time the user is visiting this website, the browser retrieves this file and sends it to the website’s server.
There are various types of cookies which do not have the same purposes:
• Technical cookies are used throughout your browsing, in order to facilitate it and to carry out some of the functions. A technical cookie may be used, for instance, to memorize the answers you provided in a sign-up form or preferences relating to the language or the presentation of an internet site when such options are available.
We use technical cookies
• Social network cookies may be created by social platforms for purposes of enabling web designers to share their website content on said platforms. These cookies may be used by social platforms for purposes of tracking net surfers’ visit on the relevant website, whether they use or not these cookies.
We use social network cookies.
Furthermore, we invite you to check the privacy policies of the social platforms that created these cookies, in order to be acquainted of the purposes for which they use the browsing information they collect through these cookies, as well as of the procedures for exercising your rights with these platforms.
• Advertising cookies can be created not only by the website users are visiting, but also by other websites which provide advertisements, announcements, widgets or any other element on the displayed page. In particular, these cookies enable the use of the retargeting technique which is a marketing model whose purpose is to propose advertisements to the internet user that are adapted specifically for them.
We also use advertising cookies.
• We use Google Analytics, an audience analysis statistics tool that generates a cookie that enables us to measure the number of visits to our Website, the number of page views and visitors' activity on the Website. Your IP address is also collected to determine the city you are connecting from.
To all intents and purposes, you can refuse the installation of cookies in your browser settings. However, this refusal could prevent you from using the services offered on the Website.
12. Access to your personal data
In compliance with the French Data Protection Act and the GDPR, you have the right to access, rectify and delete any information concerning you. You can exercise this right and have the information concerning you through an online access to your file or by contacting us at the:
- Email Address: firstname.lastname@example.org
- Postal Address : 10 rue de Penthièvre, 75008 Paris
Persons the data of which are processed on the basis of our legitimate interest, as specified in article “Collecting personal data”, are reminded that they have the possibility to object to the processing of their personal data at any time. We may however carry on with this processing if there are legitimate reasons for it that should prevail over your rights and freedoms or if it is required in order to establish, exercise or defend our rights before courts.
13. Right to define instructions related to the processing of data after your death
You have the right to define instructions with regard to the storage, the erasure and the communication of your personal data after your death.
These instructions may be general directions, which are focused on all personal data concerning you. In such case, they must be registered with a digital trusted third party who is certified by the French data protection authority (CNIL).
These instructions may also be specific to the data processed by our company. You are then required to provide these instructions to us at the:
- Email Address: email@example.com
- Postal Address: 10 rue de Penthièvre, 75008 Paris
By providing to us these instruction, you hereby expressly consent that they be stored, transmitted and carried out on the terms and conditions set forth herein.
You have the right to appoint in your instructions a person in charge of their execution. After your death, this person shall be entitled to take knowledge of these instructions and to request to us their implementation. Failing to such appointment, your heirs shall be entitled to take knowledge of these instructions and to request to us their implementation.
You may modify or revoke your instructions at any time, by writing to us at the abovementioned contact addresses.
14. Portability of your personal data
You have a right to portability of the personal data you have entrusted to us, understood as the data you have actively and deliberately declared when accessing to and using our services. You are reminded that portability right does not apply on data that were processed on another basis than consent or the execution of a contract between us.
This right may be exercised free of charge, at any time, including when closing your account on the Website, so that you may recover and store your personal data.
In this context, we shall provide your personal data, by any appropriate means, in an open standard, currently used and machine-readable format, in compliance with the state of art.
15. Submission of a complaint before a supervisory authority
16. Restriction of processing
You have the right to obtain restriction of your personal data’s processing where one of the following applies:
- Within the period of verification that we carry out, if you contest the accuracy of your personal data;
- When the processing of these data is unlawful et you request the restriction of this processing, instead of erasing your data;
- When we no longer need your personal data, but you require their maintenance for the exercise of legal claims;
- Within the period of verification of the legitimate interests, if you have objected to the processing of your personal data.
18. Entry into force