Who are we ?
The address of our website is : https://www.elsiegroup.com
Use of personal data collected
Elsie SA processes personal data.
The way the data is collected and how it is used are detailed here.
The personal data collected varies according to how the services are used. The personal data collected or held is directly sent by the person themselves, or comes from third parties or is collected during activity on the website and while using the services (see paragraph on cookies).
1. Data Protection Officer (DPO)
Any questions about this Policy and requests to exercise the rights of the person concerned are managed by the Data Protection Officer who may be contacted as follows: ELSIE SA – firstname.lastname@example.org
L'Ellipse - Chemin du Vernay, 14A - 1296 Gland -SWITZERLAND
Any request to exercise rights of access, rectification, erasure or restriction on processing must be accompanied by a copy of the applicant’s identity document.
2. Personal data collected
The personal data collected on the company's website is as follows:
• Identity: title, first name, last name, telephone number, email address.
• Data required to perform loyalty and marketing activities: purchase and usage data (pages visited, products viewed, shopping basket, wishlist, etc.).
3. Purpose of personal data collection
• Supply of goods and services (account creation, placing an order, gift card, etc.)
This information is used to fulfil the purposes related to the services requested.
This processing is authorised by the applicable legislation on personal data protection, and in all cases is based on the legal basis of the contract binding the persons concerned and the Company, or on a legitimate interest. Unless otherwise stated, the information referred to above is required to comply with our contractual obligations.
• Sales and marketing
The purpose of using this personal data is to:
- Send messages about products and services, for marketing purposes. These messages may be via email or letter.
- When the data has been collected while supplying a service or following an information request, information may be sent on services that are similar or targeted, according to previous requests, unless the person concerned asks for these marketing messages to stop or chooses not to receive them.
Every time an electronic message is sent for marketing purposes, the recipient has the option to choose not to continue receiving them in the future, by unsubscribing. It is also possible, at any time, to send an email to the following email address: email@example.com to ask for these marketing messages to stop.
Use of the data and information as described above is authorised by the legislation on personal data protection. In most cases, processing of personal data for marketing purposes is based on consent by the person concerned.
Moreover, when the person concerned has agreed directly with the Company’s partners, the Company may receive their personal data. The Company may then use this information to promote its services under the conditions described above.
• Online questionnaire
This information is only used to make contact with the person who has completed the online questionnaire and offer them a meeting with an authorised person from the Company, to produce a personalised, no-commitment quotation and provide follow-up after making contact, or to respond to questions from the user. This contact will be made by telephone and/or email.
Use of this information as described above is authorised by the legislation on personal data protection. Processing of personal data in this case is based on consent of the person concerned.
• Registering for the newsletter and emails
This information is used to send the user the requested information by email.
Use of this information as described above is authorised by the legislation on personal data protection. Processing of
personal data in this case is based on the express consent of the person concerned.
By agreeing to register for the newsletter or emails, users also give their consent for any information recorded during registration (customer database, data related to the order) and usage data (use of the online store) to be used for the purposes of personalising content in the newsletter and/or emails. The customer database contains data obtained during the purchase (address, age, title and identity). The purchase data is information about purchases made, referring to the products purchased and the date of the purchase. The usage data comes from the pages visited (categories or products viewed and functions used such as shopping basket, wishlist, etc.).
Consent may be revoked at any time without this affecting the legality of the processing performed up to that moment. The recipient may unsubscribe by sending an email to email address or via the link enabling them to unsubscribe from the newsletter or email, inserted in each email sent by the company.
Summary of processing purposes:
|Purpose of data processing
|Legal basis for data processing
|Making contact and related correspondence
|On the basis of your consent
|For technical implementation of our services
|On the basis of legitimate interest
|For processing, production and dispatch of your order after a purchase made on the website
|On the basis of legitimate interest
|For processing a request and supplying any additional service
|On the basis of your consent
|For sending our newsletter, subscription service / emails.
|On the basis of your consent
|When you register as a site user and share your opinion
|On the basis of your consent
|To ensure that our website is presented to you in the most efficient and attractive way (for example using anonymised evaluation):
|On the basis of your consent
4. Length of retention of personal data
The personal data is retained to be used for the purposes set out in this Policy. Unless otherwise stated in the preceding paragraphs, the data is retained for as long as the person concerned has a contractual relationship with the Company.
If the contract binding the person concerned to the Company is terminated, such as at the end of the service ordered, and if there is no other reason to continue processing, the information will be kept for the necessary periods in order to comply with the legislation and the statute of limitation in force, in particular the contractual, accounting and tax rules or, where applicable, to process any claim or request related to the services provided.
Customers’ personal data is retained for the period of the contractual relationship, plus 3 years, for the purposes of management and marketing, without prejudice to the retention obligations or statutes of limitation. With regard to prevention of money laundering and funding of terrorism, the data is kept for 5 years following the end of the relationship with the Company.
Finally, the data may be kept for 10 years following termination of the contractual relationship, to comply with tax and accounting obligations.
5. Access to personal data
The personal data collected is intended for the Company’s sales and accounting departments.
The data collected by the Company may be transferred to service providers under a sub-contract, as provided for in Article 28 of the GDPR. The Company’s service providers are strictly bound by the Company's instructions.
These service providers only have the right to use the data to process orders, not for other purposes.
The data collected by the Company may also be transferred to
sub-contractors outside the European Union.
Finally, and on request, the personal data may also be transferred to the people and authorities (legal authorities, public organisations, etc.) whose right of access to personal data is recognised by the law, the regulations or the provisions issued by authorities authorised by the law.
6. Rights over personal data
With regard to processing of your personal data, the GDPR gives you certain rights as a Website user:
- Right of access (Article 15 of the GDPR): You have the right to obtain confirmation that your personal data is being processed; if this is the case, you have a right of information about this personal data and about the information mentioned in detail in Article 15 of the GDPR.
- Right of rectification and right of erasure (“right to be forgotten”) (Articles 16 and 17 of the GDPR): You have the right to obtain, as soon as possible, rectification of your personal data that is inaccurate and you have the right to obtain, where applicable, completion of any incomplete personal data. You also have the right to obtain erasure, as soon as possible, of your personal data when one of the reasons detailed in Article 17 of the GDPR applies, for example when the data is no longer required for the purposes stated.
- Right to restriction of processing (Article 18 of the GDPR): You have the right to restrict processing of your data when one of the items listed at Article 18 of the GDPR applies, for example during any checks, if you object to processing.
- Right to portability of data (Article 20 of the GDPR): In certain cases listed at Article 20 of the GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format, or to have this data transmitted to a third party.
- Right of objection (Article 21 of the GDPR): Where the data is collected on the basis of Article 6, paragraph 1, point f), of the GDPR (data processing for the purposes of legitimate interest), you have the right to object at any time, for reasons relating to your specific situation, to processing of your personal data. In this case, we will no longer process your personal data, unless we can demonstrate that there are legitimate, compelling reasons for processing that prevail over the interests, rights and freedoms of the person concerned, or to record, exercise or defend rights through the courts.
- Right to lodge a claim with a supervisory authority: In accordance with Article 77 of the GDPR, you have the right to lodge a claim with a supervisory authority, if you consider that the processing of your personal data breaches the data protection legislation. The right to lodge a claim may be made with a supervisory authority in the Member State in which you usually reside, your place of work or the place where the breach was committed.
- The right to object to receiving marketing documents in the future, and in certain circumstances, the right to ensure that this information is transferred to the person concerned or is transferred to third parties.
7. Web Analysis [To adapt according to the site options]
By using the reCAPTCHA service, you agree that your data will be processed by Google, in the manner and for the purposes detailed above.
• Google Analytics
This website uses Google Analytics, an online analysis service from Google Inc. (“Google”).
Google Analytics uses a specific cookie format, which is saved on your device and analyses your use of our website. Information on your use of this website generated by this cookie is generally sent to the Google server in the United States and stored at that location.
The Google Analytics service used on this website keeps the saved IP address anonymous (known as “IP masking”). Due to the anonymisation of the IP address on this website, your IP address is shortened by Google in the European Union and the European Economic Area. As an exception, the full IP address may be sent to the Google server in the United States, where it will be shortened. Google requests the certificate under the European Union - United States Privacy Shield agreements (https://www.privacyshield.gov/EU-US-Framework).
Google uses this information on our behalf to analyse your use of this website and produce activity reports on our website and provide additional services relating to use of the website and the Internet. Google may also send this information to third parties under the legislation or if the said third parties process data on behalf of Google. The IP address sent by your search engine as part of Google Analytics is not combined with other Google data.
You can refuse these cookies by adjusting the configurations on your search engine. You can also stop Google saving and processing data about your use of the website generated by the cookie (including your IP address) by downloading and installing the plugin available here https://tools.google.com/dlpage/gaoptout?hl=en.
• Google Maps
This website also uses Google Maps (API), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Google Maps is a web service displaying interactive maps for visualising geographical information. This service is used to show you our geographical location, so that it is easier for you to locate us.
When you access the sub-pages containing Google Maps, the information on your use of our website (such as your IP address) is sent to the Google servers in the United States, where it is stored. This is independent of whether you are logged into a user account supplied by Google or if you do not have a user account. If you are logged into a Google service, your data will be directly linked to your account. If you do not want the data linked to your Google profile, you must log out before activating the icon. Google retains your data (including for users who are not logged in) as user profiles and analyses them. This analysis is performed in accordance with Article 6, paragraph 1, point f) of the GDPR, based on Google’s legitimate interest in sending personalised advertising, carrying out market research and/or designing its website based on needs. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google.
Google LLC, whose head office is located in the United States, is certified under the EU–US Privacy Shield framework (“Privacy Shield”), which guarantees compliance with the level of data protection applicable within the EU.
• Social media plugins
This site uses social media plugins (“plugins”), in particular the “Share” or “Share with friends” function from Facebook, whose website www.facebook.com is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, is responsible for the Facebook.com site in Europe. These plugins are generally marked with the Facebook logo.
Other than Facebook plugins, we also use plugins from Google+ (Provider: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA), “Twitter” (Provider
: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103) and “Pinterest” (Provider
: Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA).
The data will be sent to the social media sites only if you click on the icon for the social media site concerned. In this case, your search engine will launch a connection to the servers of the social media site in question. By clicking on the relevant icon (e.g. “Share” or “Send”), you agree to your search engine connecting to the server of the social media site and sending user data to the operator of the social media site and vice versa. We have no influence on the nature and extent of the data collected by the social media site in this way.
The operator of the social media site records the data collected about you from the user profiles and processes it for advertising purposes, market research or to design websites guided by user preferences. This analysis is performed (also for users who are not connected) to obtain knowledge on advertising requirements and to inform other social media site users of your activity on our website. You have the right to object to the creation of these user profiles by contacting the social media site providing the relevant plugin.
For more information on the objectives and extent of data collection by plugin providers, please refer to the “personal data” pages of these providers, detailed below:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php more information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.co m/about/privacy/your-info-on-other#applications;
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA;
c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
d) Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA); http://about.pinterest.com/privacy/.
Use and transmission of your personal data
We reserve the right to amend it at any time to provide up to date information on how we collect and process data.
Your rights on your data
If you have an account or if you have posted comments on the website, you can ask to receive a file containing all the personal data that we have about you, including the data you have given us. You can also request for your personal data to be deleted. This does not include data stored for administrative, legal or security purposes.
How do we protect your data?
If you send personal data via the forms available on our website or by any other means, such data will inevitably pass through an internal encrypted “Cloud” type network that is made secure by Elsie SA. We can therefore guarantee that your personal data that you entrust to us will be permanently kept. Such data will never be reused, for example, for marketing or other commercial operations, and your data will not be resold.
Procedures implemented in the event of a data leak.
Procedure in progress.
Third party services that send data to us.
None of your data that passes via Elsie SA will be passed on to other third party services. Your data is used for our internal Elsie SA services only.
Automated marketing and/or profiling operations carried out using personal data.
At Elsie SA, we do not reuse your data for marketing purposes. If you entrust us with personal information, we only use it to process your requests related to your file.
Display of information related to sectors subject to specific regulations..
No services concerned for Elsie SA.