Privacy Policy. Privacy policy.
1 - Parties to this Act
Between the undersigned: 1° The Simplified Joint Stock Company FEED. with a capital of 22,812.62 Euros, registered with the Paris Trade and Companies Registry under number 821 239 878, whose registered office is located at 231 rue Saint Honoré 75001 Paris, and whose VAT number is FR59821239878. Hereinafter referred to as the "Data Controller", on the one hand, And 2° Any natural person browsing on the website of the Data Controller; Hereinafter referred to as the "Data Subject", On the other hand, the following has been explained and agreed upon:
2 - Purpose
This Privacy Policy applies, without restriction or reservation, between the Data Subject and the Data Controller. Its purpose is to provide information concerning the way in which the Data Controller collects and processes certain personal data relating to the Data Subject, in accordance with the legislation in force and in particular European Regulation n°2016/679 and Law n°78-17 (hereinafter referred to as the "Legislation"), in relation to the use of the website www.feed.co (hereinafter referred to as the "Site") by the Data Subject. This Privacy Policy is an integral part of the General Terms and Conditions of Sale of the Data Controller.
3 - Definitions
Supervisory Authority means the Commission Nationale de l'Informatique et des Libertés (CNIL), the independent French public authority for regulating Data protection;
Consent means any free, specific, informed and unambiguous expression of will by which the Data Subject accepts, by a declaration or by a clear positive act, that Data concerning him/her may be processed by the Data Controller.
Cookie means a file that makes it possible to trace the path of the Data Subject on the Site.
Recipient means any natural or legal person, public authority, service or other body that receives communication of Data, whether or not it is a Third Party. However, public authorities that are likely to receive communication of the Data, in particular in the context of a fact-finding mission, are not considered as Recipients within the meaning of this definition.
Data means any information relating to the Data Subject.
File means any structured set of Data accessible according to determined criteria, whether this set is centralised, decentralised or distributed in a functional or geographical manner.
Legislation means any law and regulation relating to Data protection, and in particular European Regulation n°2016/679 and Law n°78-17.
Browsing means the consultation, knowledge, order and/or purchase of Products on the Site by the Person concerned.
Person concerned means any natural person who browses the Site, as soon as he/she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to his/her physical, physiological, genetic, psychological, economic, cultural or social identity.
Products designates the products offered for sale on the Site by the Data Controller to the Person concerned.
Pseudonymisation designates the processing of Data in such a way that they can no longer be attributed to the Person concerned without having recourse to additional information.
DataController designates the simplified joint stock company FEED. with a capital of 22,812.62 Euros, registered with the Paris Trade and Companies Register under number 821 239 878, whose registered office is located at 231 rue Saint Honoré 75001 Paris, and having VAT number FR59821239878, which alone or jointly with others, determines the purposes and means of the Processing.
Website designates the infrastructure developed by the Data Controller according to the computer formats that can be used on the Internet, including data of various kinds, in particular texts, sounds, still or animated images, videos, databases, intended to be consulted by the Person concerned to find out about, reserve, order and/or purchase Products (www.feed.co).
Subcontractor designates any natural or legal person, public authority, service or other body other than the Data Controller who processes the Data on behalf of the Data Controller.
Third parties designates any natural or legal person, public authority, service or other body other than the Data Controller, the Subcontractor and the persons who, under the direct authority of the Data Controller or the Subcontractor, are authorised to process the Data, in particular tour operators, travel agencies and reservation systems.
Processing means any operation or set of operations, whether or not carried out using automated processes and applied to the Data or sets of Data, such as limitation, erasure or destruction.
4 - Principles relating to treatment
In accordance with the Legislation, the Data Controller undertakes to comply with the following principles for each Treatment:
Lawfulness;
Loyalty;
Transparency;
Purpose limitation; Data minimization; Accuracy;
Limitation of storage; Integrity;
Confidentiality; Responsibility.
5 - Processed data
In the context of Navigation, the Data Controller is required to collect and process a certain number of Data, and in particular :
Personal information (surname, first name, gender, postal address, email address, telephone number, date of birth, age, date of registration and unsubscription to the customer account and to the newsletter of the Data Controller, messages exchanged with the Data Controller, telephone conversations with the customer service of the Data Controller)
Banking information (means of payment, credit card number)
Information about your order (product ordered, delivery address, delivery tracking number, order price)
Technical information (browsing behavior on the Site, IP address, products added to the shopping cart, collection of consent).
6 - Context of the processing
The Data may be collected and processed by the Processing Manager on various occasions, including:
Purchase of Products on the Site
Contact with the Processing Manager Newsletter registration
Creation of a sponsorship link
Creation of a customer account
Navigation on the Site.
7 - Treatment details
Purpose of the Treatment |
Data concerned |
Legal basis of the Processing |
Data Retention Period |
Management of product purchases and deliveries |
First name, last name, email address, postal address, telephone number, delivery address, order placed, delivery tracking number, date of registration and unsubscription, means of payment, credit card number |
Contract, legal obligation and legitimate interest of the Data Controller to establish, exercise and defend his rights in legal proceedings |
10 years from the purchase of the Product EXCEPT 15 months from the purchase of the product for the bank data (immediately for the visual cryptogram) |
Creation and management of customer accounts |
First name, last name, email address, postal address, telephone number, date of creation of the customer account, date of deletion of the customer account, collection of consent |
Consent of the Data Subject to create a customer account following the purchase of a product by the Data Subject |
3 years from the last connection of the Person concerned to his/her customer account OR immediately after the deletion of his/her customer account |
Commercial relations management and prospecting |
First name, last name, email address, mailing address, telephone number, purchase history, consent form |
legitimate interest of the Data Controller in promoting its Products |
3 years from the last contact by the Person concerned or from the end of the business relationship |
Newsletter management |
Email address, last name, first name, telephone number, consent form, |
Consent of the Person concerned |
To unsubscribe |
Securing and improving the Site |
IP address, Browsing data |
Legitimate interest of the Data Controller in improving the Site and managing the Site, securing and administering the Site, preventing fraud and malicious acts. |
13 months |
Complaints management Site statistics and personalized advertising |
First name, last name, email address, postal address, telephone number, IP address, navigational data, collection of consent |
Consent of the Person concerned and his Products and customer service. |
3 years from last contact |
Sponsorship |
E-mail address, first and last name, consent form |
Consent of the Person concerned |
3 years after the application for a sponsorship relationship |
The Data Controller reserves the right to anonymise the Data being processed before deleting it, in which case the anonymised data may be processed for statistical purposes.
8 - Recipients of the data
As a matter of principle, the Controller is the sole Recipient of the Data. However, the Data Controller may transfer the Data to Recipients, in particular in the context of the management of purchases of Products by the Data Subject, and/or to any public authority that may request it, in particular in the context of a fact-finding mission. The following Recipients may process your data, as Subcontractors, on behalf of the Data Controller:
FACEBOOK FRANCE SARLU with a capital of €4,950,000 RCS Paris 630 085 802 Head office: 6 rue Menars, 75002 Paris
GOOGLE FRANCE SARLU au capital de 7 500€ RCS Paris 443 061 841 Head office: 8 rue de Londres, 75009 Paris
CRITEO SA with capital of €1,677,273 RCS Paris 484 786 249 Registered office: 32 rue Blanche, 75009 Paris
OUTBRAIN UK LIMITED Foreign company registered with the RCS RCS Paris 534,895,727
AWIN SAS SASU with capital of €58,050 RCS Paris 432 845 964 Registered office: 8 rue Saint Fiacre, 75002 Paris
TWITTER FRANCE SAS SASU with capital of 37,000€ RCS Paris 789 305 596 Head office: 10 rue de la Paix, 75002 Paris
DIDUENJOY SAS with capital of €1,000 RCS Paris 801 901 273 Registered office: 42 rue Jean Baptiste Pigalle, 75009 Paris
DATABILITY SOLUTIONS PVT LTD Incorporated company in the USA Head office: 2035 Sunset Lake Road Suite B2, Newark New Jersey 19702 USA
TRADEDOUBLER SARLU with capital of €7,622.45 RCS Nanterre 431 573 716 Head office: 8 rue Barthélémy d'Anjou, 92100 Boulogne Billancourt, France
SHIPUP SAS au capital de 1 258€ RCS Nanterre 822 856 068 Head office: 47 rue Marcel Dassault, 92100 Boulogne Billancourt, France
ALPHA DIRECT SERVICES SASU with capital of €22,912,625 RCS Beauvais 533 296 240 Head office: rue Hyppolite Bayard, 60000 Beauvais
THE POST OFFICE SA au capital de 3 800 000 000€ RCS Paris 356 000 000 Head office: 9 rue du Colonel Pierra Avia, 75015 Paris
ANAFORE PTE LTD. Private limited company 10 Anson Road, #26-04, International Plaza, Singapore 07990, SINGAPORE Tel. 65 9179 1176
ZENDESK UK LTD Foreign company not registered with the RCS Head office: 30 Eastbourne terrace, London UK
METAPHORA LLC Foreign company not registered with the RCS Head office: 347 Fifth Ave. Suite 1402, New York, NY, 10016
STRIPE FRANCE SARLU au capital de 1 000€ RCS Paris 807 572 011 Head office : 10 Boulevard Haussmann, 75009 Paris
SNAP GROUP SAS SASU au capital de 100€ RCS Paris 820 920 056 Head office: 16 rue de la Rochefoucauld, 75009 Paris
PERFMAKER SAS au capital de 30 000€ RCS Paris 833 952 831 Head office: 24 Boulevard St Denis, 75010 Paris
WORLD RELAY SASU with capital of €500,400 RCS Lille 385 218 631 Head office: 5 Avenue Antoine Pinay, 59510 Hem, France
CYBOT A/S Danish Company DK34624607 Havnegade 39, 1058 Copenhagen, Denmark
KLAVIYO, INC. Incorporated company in the USA: 125 Summer St, Floor 6 Boston, MA 02111 United States
PUSHOWL. Creatorbox Softwares Private Limited, a company incorporated: #811, 10th A Main, Suite No. 909, 1st Floor, Indiranagar, Bangalore, Karnataka, India, 560038
REFILL, INC. Incorporated company in the USA: 3030 Nebraska Avenue, Los Angeles California US 90404
SHOPIFY INTERNATIONAL LIMITED. Attn: Data Protection Officer. c/o Intertrust Ireland: 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland
JUDGE.ME Ltd, C/O Buckworths 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB
USEDROP Creative Bot, Inc, 5224 Cheryl Avenue, Glendale, CA91214.
WAX 86 rue Voltaire, Montreuil, 93100.
TWILIO IRELAND LIMITED, a company registered in the Republic of Ireland, whose registered address is 70 Sir John Rogerson's Quay, Dublin 2, D02 R296, Ireland
HEXASMS LINK Mobility Registered with the RCS of Nanterre, SAS with capital of €1,572,960.
KILIBA, registered with the Registre du Commerce et des Sociétés de Nanterre under number 846 615 131, with the following intracommunity VAT number : FR07841615131 and headquartered at 127 Rue d'Aguesseau, Boulogne-Billancourt (92100), France.
This list of the Data Controller's Subcontractors may change at any time. The Data Controller undertakes to require its Subcontractors to provide sufficient guarantees as to the implementation of appropriate technical and organisational measures to ensure that the Processing complies with legal and regulatory requirements and guarantees the protection of the rights of the Data Subject, in particular in the event of transfer of the Data outside the European Union. Furthermore, the Data Controller may communicate to any Recipient or Third Party the Data that are subject to Processing when a legal obligation to do so exists or when the Data Controller considers in good faith that this is necessary to :
To enforce any contract to which the Data Subject is a party To safeguard the vital interests of any natural person To carry out a mission of public interest.
In case of purchase of the Data Controller by a Third Party, the Data Controller reserves the right to share the Data with the purchasing Third Party subject to the respect of this Privacy Policy by the Third Party.
9 - Rights of the data subject over the data
The Data Subject has a number of rights regarding the Data that he or she may assert, except for applicable legislative or regulatory exceptions, by making a request to the data controller at the following address:
Feed - 231 rue Saint Honoré 75001 Paris - contact@feed.co
The data controller will accompany the Data Subject in the exercise of his/her rights to the Data. In case of reasonable doubt as to the identity of the Data Subject requesting the exercise of his/her rights to the Data, the data controller may request that a copy of an official identity document be attached to the request. Requests will be processed as soon as possible and at the latest in accordance with the deadlines established by the Legislation.
Within the framework of a direct mailing, the person concerned can register on the Robinson list, and the contact information will be included in the file of opposition to advertising canvassing by addressed mail. To join the Robinson List, simply access its official website and register or contact directly the UFMD, Union Française du Marketing Direct - Service Liste Robinson - 1 rue François Vidal, CS30238, 33506 LIBOURNE CEDEX.
9.1 - Right of access
The Data Subject has the right to obtain from the Controller confirmation as to whether or not Data are being processed and, if so, access to such Data, as well as the following information:
The purposes of the processing
The categories of Data
The Recipients or categories of Recipients to whom the Data has been or will be communicated, in particular Recipients that are established in third countries or international organizations
Where possible, the duration of the Data's retention or, where this is not possible, the criteria used to determine this duration
The existence of the right to request from the Data Controller the rectification or deletion of Data, or a restriction on the processing of the Data, or the right to object to such processing The right to lodge a complaint to a supervisory authority
Where the Data are not obtained from the Data Subject, any available information as to their source
The existence of automated decision making, including profiling, and, at least in such cases, useful information concerning the underlying logic, as well as the importance and intended consequences of such processing for the Data Subject.
The Data Controller provides a copy of the Data undergoing Processing and reserves the right, in consideration of the provision of such copy, to pay a reasonable fee based on administrative costs for any additional copy requested by the Data Subject.
9.2 - Right of deletion and rectification
The Data Subject has the right to obtain from the Data Controller the rectification and/or erasure of inaccurate or obsolete Data as soon as possible, unless a contrary situation prevents the exercise of this right, and in particular:
The exercise of the right to freedom of expression and information
The fulfilment of a legal obligation
The public interest in the field of public health, archives, scientific, historical or statistical research
The establishment, exercise or defence of rights in court.
If Feed. is not the owner of and responsible for the processing of the data, in particular if it is an advertiser for a mailing, the person concerned may register on the Robinson list, and the contact details will be included in the file of opposition to advertising by addressed mail. To subscribe to the Robinson List, simply access its official website and register or contact directly the UFMD, Union Française du Marketing Direct - Service Liste Robinson - 1 rue François Vidal, CS30238, 33506 LIBOURNE CEDEX.
9.3 - Right of opposition
The data subject has the right to object at any time, for reasons relating to his or her particular situation, to Data Processing based on the performance of a task carried out in the public interest or the necessity of the legitimate interest of the Controller.
The Controller then undertakes not to process the Data, unless he or she demonstrates that there are legitimate and compelling reasons for the Processing which prevail over the interests and rights and freedoms of the Data subject, or for the establishment, exercise or defence of legal claims.Furthermore, the Data Subject has the right to object at any time to the Processing of Data carried out for canvassing purposes by the Controller, insofar as the Data Subject is connected to such canvassing.
Finally, when Data are processed for scientific or historical research or statistical purposes, the Data Subject has the right to object, for reasons relating to his or her particular situation, to the Processing of Data, unless the Processing is necessary for the performance of a task carried out in the public interest.
9.4 - Right to limitation
The Data Subject has the right to obtain from the Data Controller the limitation of the Data Processing when :
The accuracy of the Personal Data is contested by the Data Subject, for a period of time allowing the Controller to verify the accuracy of the Data The processing is unlawful and the Data Subject opposes their erasure and instead demands the limitation of their use
The Controller no longer needs the Data for the purposes of the Processing but they are still necessary for the Data Subject to establish, exercise or defend legal rights
The Data Subject has opposed the Processing in accordance with Article 9.3, during the verification as to whether the legitimate grounds pursued by the Controller prevail over those of the Data Subject.
The Data Subject who has obtained the limitation of the Data Processing is informed by the Controller before the limitation of the Processing is lifted.
9.5 - Right to data portability
The Data Subject shall have the right to receive the Data that he/she has provided to the Controller, in a structured, commonly used and machine-readable format, and shall have the right to transmit such Data to another Controller without the Controller's interference, when:
The Processing is based on the Data Subject's Consent or on the performance of a contract to which the Data Subject is party;
The Processing is carried out using automated processes.
The Data Subject, when exercising his/her right to Data portability, has the right to obtain that the Data be transmitted directly from the Data Controller to another data controller, where technically possible.
9.6 - Right to lodge a complaint with the supervisory authority
The data subject has the right to lodge a complaint with the Supervisory Authority if he or she considers that the Data Controller is processing data unlawfully.
9.7 - Right to define guidelines on the fate of data
The Data Subject has the right to define directives on the fate of the Data after his death with the Data Controller who will use all his technical means to enforce this will.
10 - Data security
The Data Controller takes the appropriate technical and organisational measures to protect the Data against destruction, loss, alteration, misuse and unauthorised access, modification or disclosure, whether these actions are voluntary or accidental.
The purpose of these technical and organisational measures is to ensure the confidentiality, integrity, availability and resilience of the Site and of the information systems where the Files are stored.
In order to secure Personal Navigation, the Site is SSL (Secure Socket Layer) encrypted.
11 - Modification of the privacy policy
The Data Controller reserves the right to modify this Privacy Policy from time to time, in particular the list of Recipients set out in Article 8.
In the event of a substantial modification to this Privacy Policy, the Data Subject will be personally informed of the new Privacy Policy.
The Data Subject is invited to regularly consult this Privacy Policy to be aware of any changes to it.
The Data Subject may send any questions about this Privacy Policy to the Data Controller at the following address: contact@feed.co.
12 - Nullity of the privacy policy
If any provision of this Privacy Policy is invalid under any applicable law or final judicial decision, it shall be deemed to be unwritten and shall not invalidate the entire Privacy Policy or affect the validity of any of its other provisions.
13 - Cookie management
When browsing the Site, the Person concerned is led to consent to the installation of Cookies on his/her computer terminal.
In general, Cookies record information relating to the browsing of computers on the Site (the pages consulted, the date and time of consultation, etc.), information that can be read during subsequent visits of the Person concerned on the Site with transmission of the Data to the Data Controller. The installation of these Cookies requires the consent of the Person concerned.
Some Cookies are essential for the proper functioning of the Site and do not require the consent of the Person concerned before their installation, they are called Functional Cookies.
In accordance with Article 7. of this Privacy Policy, Cookies are automatically deleted within thirteen (13) months from their installation if the Person concerned does not renew his consent before the expiry of this period.
The Person concerned may refuse to give his/her consent to the installation of non-functional Cookies, revoke his/her consent and/or set the Cookies at any time by using the Cookies manager of the Data Controller below or by configuring his/her browser himself/herself as follows:
For Mozilla Firefox:
Choose the "tool" menu then "Options"
Click on the "privacy" icon
Locate the "cookie" menu and select the options that suit you
For Microsoft Internet Explorer 6.0:
Choose the "Tools" menu (or "Tools"), then "Internet Options" (or "Internet Options"). Click on the "Confidentiality" (or "Privacy") tab
Select the desired level with the cursor.
For Microsoft Internet Explorer 5:
Choose the "Tools" (or "Tools") menu, then "Internet Options" (or "Internet Options"). Click on the " Confidentiality " tab
Customize the level " using the cursor
For Netscape 6.X and 7. X:
Choose the menu " Edition"> "Preferences " Confidentiality and Security
Cookies
For Opera 6.0 and above:
Choose the menu " File"> "Preferences " Privacy.