Personal data processing policy by EASYPARA
Scope of the present Policy
The purpose of this "Personal data processing policy" (hereinafter referred to as "Policy") is to inform you on processing of personal data by EASY PARA PHARMACIE, S.A.S. registered with the RCS under number 499 531 457, whose registered office is at 47-49-PROMENADE CORNIGLION MOLINIER 47 BD RENE CASSIN 06200 NICE (hereinafter referred to as "EASYPARA").
The Policy pursues two main goals:
- enable you to understand what is personal data processed by EASYPARA and how and why it is processed;
- advise on how you may exercise your rights.
What are main regulations governing your personal data processing ?
A number of European and national regulations govern your personal data processing. Although not exhaustive, the purpose of this list is to inform you on the main regulations applicable and, where appropriate, enable you to access and get acquainted with these regulations.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR"). The aim of this European regulation is to ensure a consistent and high level of protection for individuals and to remove obstacles to the flow of personal data within the European Union. However, it leaves the Member States of the European Union certain room for specifying its rules;
What personal data is processed by EASYPARA?
Personal data categories processed by EASYPARA depend on your situation. The nature of the data collected and processed by EASYPARA is likely to vary depending on whether or not you have already made a purchase with EASYPARA.
The table below shows which data categories are processed by EASYPARA depending on your situation:
At what point is this data collected and processed? ? |
What categories of data are being collected and processed? |
Example of data collected and processed |
When you visit websites and applications published by EASYPARA (e.g : https://www.easypara.com ) within the framework of EASYPARA «Cookies Policy» |
Navigation data |
|
When you create an EASYPARA account
|
Account data |
The data you mention in EASYPARA « registration form» and/or the data taht you decide to add and/or modify at a later time in the varius EASYPARA screens (your account options, orders, etc) is processed by EASYPARA, namely :
When you choose to create an EASYPARA account and/or place an order by being connected to the account of a third service that you already have (GOOGLE, AMAZON, FACEBOOK, etc.), this third service transmits to EASYPARA personal data concerning you. This includes in particular following data:
|
When you make a purchase with EASYPARA
|
Purchase data |
|
When you make an online purchase with EASYPARA |
Payment Data
|
|
When you make a request to EASYPARA customer service and/or EASYPARA customer service contacts you as part of processing a purchase made with EASYPARA.
|
Customer Service Data
|
|
When you use one of EASYPARA websites and applications as a logged-in user
|
Activity data |
|
When you read an e-mail sent to you by EASYPARA |
Activity data |
|
When you use one of the websites and applications published by EASYPARA as a logged-in user |
Review & Survey Data |
|
For what purposes is my personal data processed by EASYPARA? On what legal grounds?
When your personal data is processed by EASYPARA, it may be processed, depending on your situation, for several purposes and compliant to different legal bases. To understand what a legal basis is, please read the provisions of Article 6 of the "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data".
Please consult the table below to know the purposes for which your personal data may be processed by EASYPARA depending on your situation.
For what purposes is my data processed? |
What does this purpose consist of? |
What is the legal basis for this processing? |
Managing of EASYPARA user accounts |
EASYPARA processes your Account Data to enable you to benefit from the services on its website and application (creation of product "wish lists", etc.) and to place orders.
For this purpose, EASYPARA may occasionally send you service messages by e-mail related to the use of your EASYPARA account. You may delete your EASYPARA account at any time by making a deletion request using the relevant page.
|
Processing is carried out based on EASYPARA legitimate interests for the customers who have not placed an order with EASYPARA.
Processing is carried out on the basis of contractual measures performance for the customers who have placed an order via their EASYPARA account. |
Processing of orders, delivery, payments, service performance or goods’ supply |
EASYPARA processes your Account Data, your Purchase Data and your Payment Data in order to manage and deliver your order. |
Processing is carried out on the basis of contractual measures performance (the act of purchase that you performed with EASYPARA). |
Management and implementation of the various guarantees applicable to sales (commercial guarantee, legal guarantee of conformity and guarantee against hidden defects)
|
EASYPARA processes your Account Data, your Purchase Data |
The management and implementation of the legal guarantees of conformity and hidden defects are carried out on the basis of the regulatory obligations incumbent on EASYPARA (in particular by virtue of articles L217-3 to L217-17 of the French Consumer Code and article 1641 of the French Civil Code). The management and implementation of EASYPARA's commercial guarantees are carried out on the basis of the execution of contractual measures for customers who have placed an order via their EASYPARA account. |
Manage complaints and requests sent to EASYPARA customer service |
Depending on the nature of your request, Customer Service Data, Account Data, Purchase Data and Payment Data may be used by EASYPARA to provide you with a satisfactory response and to enable you to make full use of its services.
|
Processing is carried out on the basis of the legitimate interests of EASYPARA for the customers who have not placed an order with EASYPARA.
Processing is carried out on the basis of contractual measures performance for the customers who have placed an order with EASYPARA. |
Communicating generic commercial information to EASYPARA users |
Your Account Data is used by EASYPARA to send you email communications on its products and services. |
The legal basis for this processing is dependant on your status:
|
Communicate personalized commercial information to EASYPARA users
|
Based on a combination of your Browsing Data, Account Data, Activity Data and Purchase Data, the advertisements displayed to you on the EASYPARA website and application and/or on third-party platforms, as well as the commercial communications sent directly to you by EASYPARA (e.g. by e-mail) are customized according to your presumed preferences.
In order to determine which types of products are likely to be of interest to you, EASYPARA analyses and predicts your personal preferences. This operation is described as "profiling" by the RGPD.
|
EASYPARA's legitimate interests in offering customized commercial content based on preferences of its current and potential customers. |
Carrying out satisfaction surveys, customer studies and opinion polls
|
EASYPARA processes your Review and Survey Data in order to understand its users and customers’ preferences and to identify ways of improving its products and services.
Review and Survey Data may be matched with your Account Data and Purchase Data to help EASYPARA analyze your explicit answers related to your activity on the EASYPARA websites and applications.
|
EASYPARA's legitimate interests in offering customized commercial content based on preferences of its current and potential customers. |
Processing user and customer reviews on products, services or content. |
EASYPARA processes Review and Survey Data and your Account Data to enable you to give your opinion on the products marketed and services provided by EASYPARA.
|
EASYPARA's legitimate interests in offering customized commercial content based on preferences of its current and potential customers. |
Evaluate the audience for the EASYPARA website and application in order to meet various needs (performance measurement, detection of browsing problems, technical performance optimisation or ergonomics, estimation of server power required, analysis of content consulted, etc.).
|
Your Browsing Data is processed for this purpose when you use the EASYPARA website and application and you have accepted cookies and other similar devices. |
Your data is processed on the basis of your prior consent. You can object to the deposit and/or use of these cookies by visiting our Cookies Policy. |
In addition to the aforementioned purposes, additional personal data may be collected and processed by EASYPARA and/or by third parties by means of cookies and other tracers. To understand how these technologies are used and what their effects are, please consult our Cookies Policy.
How long is your personal data processed by EASYPARA kept?
EASYPARA has determined and implemented measures to ensure that your personal data is processed for no longer than is necessary for the purposes for which it is processed.
At the end of these periods, EASYPARA purges and/or anonymises the personal data processed, with no proactive action required on the part of individuals concerned.
The table below lists the retention periods for personal data determined and implemented by EASYPARA depending on the situation in question:
Individuals concerned by the purging measure |
Personal data concerned by the purging measure |
Period after which personal data is purged |
EASYPARA website and application user owning an EASYPARA account:
|
All the data relevant to the user (Account Data, Activity Data, etc.)
Once the purge has been carried out, users will no longer be able to access their EASYPARA account.
|
30 days after the account creation. |
EASYPARA website and application user owning an EASYPARA accoun :
|
All the data relevant to the user (Account Data, Activity Data, etc.)
Once the purge has been carried out, users will no longer be able to access their EASYPARA account.
|
As long as the user is considered active by EASYPARA. A user is considered inactive if :
|
User of EASYPARA websites and applications owning an EASYPARA account :
|
All the data relevant to the user (Account Data, Activity Data, Purchase Data etc.) with the exception of data required by EASYPARA to comply with its regulatory obligations in accounting and tax matters (See below).
Once the purge has been carried out, users will no longer be able to access their EASYPARA account. |
As long as the user is considered active by EASYPARA. A user is considered inactive if :
|
EASYPARA Customers |
All data strictly necessary to enable EASYPARA to comply with its accounting and tax obligations, in particular, invoices for goods sold, including Account Data and Purchase Data.
|
10 years from the date of issue (example: 10 years from the date of an invoice issue). |
EASYPARA customers who have paid by credit card |
Bank card number used for payment and its expiry date |
The bank details used for payment are kept until the reception of the goods ordered, plus the withdrawal period.
By way of derogation, the card number and validity date are deleted after a period of 13 months, following the debit date, or 15 months for the deferred debit cards, for the purposes of processing transaction related disputes and complaints. |
Individuals who have made a request to EASYPARA Customer Service
|
All data necessary to address the request of the person concerned, i.e. Customer Service Data and, where applicable, Account Data, Purchase Data and Payment Data.
|
1 year after the request is closed. |
EASYPARA website and application visitors who are not logged into an EASYPARA account
|
|
13 months from the date of data collection. |
In the context of certain exceptional situations, your data may be kept for longer than these periods (non-exhaustive list: in case of a dispute, when ordinary and extraordinary means of appeal are no longer possible against the decision made; for the purposes of complying with certain legal obligations incumbent on EASYPARA; at the request of a legal authority, etc.).
Who are your personal data recipients?
Recipients acting as separate data controllers
EASYPARA attaches a great importance to not disclosing your personal data to third parties. This is why the transmission of your data to third parties, acting in their capacity of data controllers, is strictly limited to the following situations:
- When you place an order with EASYPARA, your Account Data and your Purchase Data, which are strictly necessary to manage your order delivery, are transmitted to the carrier you have selected.
- When you place an order with EASYPARA and you choose to pay via PAYPAL, AMAZON PAY or SCALAPAY, your Account Data and your Purchase Data, which are strictly necessary for the management of your payment, are transmitted to the payment service provider that you have selected.
- When EASYPARA whises to communicate personalised commercial information to you via third-party platforms (for exemple, displaying an advertisment promoting EASYPARA products or services on a third-party site not owned by EASYPARA), your Browsing Data, Account Data, and Purchase Data are transmitted to EASYPARA's advertising partners.
Finally, and in accordance with the rules to which all entities established in France are subject, some of your data may be accessible to authorized third parties or public bodies in order to comply with any law or regulation in force, to which EASYPARA is obliged to respond (judicial or administrative request, etc.).
Recipients acting as subcontractors
In order to ensure the proper functioning of its website and application, EASYPARA relies on specialized service providers. Within this framework, your personal data is also processed by these specialized service providers (legally qualified as EASYPARA "subcontractors”), acting solely on the instructions of EASYPARA.
These subcontractors do not determine the essential purposes and means of your personal data processing: they process your personal data solely on behalf of EASYPARA. The main types of subcontractors used by EASYPARA are as follows: :
- Data hosts ;
- Outsourcing and IT security companies ;
- Software publishers;
- Routing service providers (these service providers enable EASYPARA to send you e-mails) ;
- Etc.
In order to protect your personal data, EASYPARA only uses subcontractors who offer robust guarantees of security and compliance. A legal document systematically governs the relationship between EASYPARA and its subcontractors.
Where your personal data is processed ?
Wherever possible, your personal data is hosted and processed within the European Union. EASYPARA carries out all its activities from France.
However, some of the sub-contractors used by EASYPARA may transfer personal data outside the European Union subject to implementation of relevant guarantees (in particular, signing of standard contractual clauses adopted by a supervisory authority or the European Commission) and/or by virtue of an adequacy decision by the European Commission to a country ensuring an adequate level of protection.
In such cases, we take particular care to ensure that these transfers are made in compliance with the applicable regulations and to subcontractors who undertake to deploy solid measures to protect your personal data.
What rights do I have over my personal data and how may I exercise them?
Under the current regulations, you have the following rights with regard to your personal data :
- Right of access to your personal data (right to obtain confirmation from EASYPARA as to whether or not personal data related to you is processed by us, information concerning the processing carried out and access to said personal data);
- Right to rectify any of your personal data that proves to be inaccurate;
- Right to erase your personal data. This right is subject to certain conditions detailed in the article 17 of the RGPD ;
- Right to restrict the use of your personal data. This right is subject to certain conditions detailed in the Privacy Policy. article 18 of the RGPD ;
- Right to your personal data portability (right to receive personal data related to you and/or the one you have provided to EASYPARA in a structured, commonly used and machine-readable format). This right is subject to certain requirements detailed in article 20 of the RGPD ;
- Right to object to the processing carried out. This right is subject to certain requirements detailed in the article 21 of the RGPD ;
- Right to define the fate of your data after your death and to choose whether or not EASYPARA communicates your data to a third party that you have previously designated.
Ultimately, you have the right to file a complaint to the competent institution in your country or directly to the European Union. Please contact EASYPARA prior to filing a complaint so that we may respond to your requests and expectations.
Exercise your rights addressing EASYPARA's DPO
To exercise your rights, you can make a request:
- by e-mail to the following address: donneespersonnelles@easyparapharmacie.com ; or
- by post to the following address : EASYPARA - Data Protection Officer - Protection des données personnelles - 47 Boulevard René Cassin - 06200 Nice - FRANCE.
You are also informed, in accordance with Article 13-1, b) of the RGPD, that an external entity Mon DPO externe has been appointed as Data Protection Officer ("DPO") by the French Data Protection Agency (CNIL), on behalf of EASYPARA company. You may contact the DPO directly using the contact form provided on its website.
Exercising your rights directly from your EASYPARA account
As an EASYPARA user, you also have the option of exercising some of your rights directly, and independently, from your EASYPARA account. In particular, you may :
- Configure which e-mails you wish or do not wish to receive from EASYPARA ; and
- Request the deletion of your EASYPARA account.