PREAMBLE :
When browsing our website accessible at https://hello-hossy.com/ (hereinafter referred to as the "Website"), we may be led to process personal data concerning you, and more specifically:
- The data we have collected;
and/or - The data you have provided us with.
By using our Site, you are subject to the current Privacy Policy and indicate that you accept it.
This Privacy Policy may be updated at any time.
The most recent update will appear on this page, indicating the date of the update. We therefore invite you to check it regularly.
ARTICLE 1 - DEFINITIONS :
"Personal Data" or "Personal Data": any data relating to an identified or identifiable person.
"French Data Protection Act": Law no. 78-17 of 6 January 1978 on information technology, data files and civil liberties.
"General Data Protection Regulation" or "GDPR": Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which came into force on 25 May 2018 in France.
"Data Controller": a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing.
"Website" or "Site": website accessible at https://hello-hossy.com/
"User": any person who uses the Website.
ARTICLE 2 – GENERAL INFORMATION :
"The Website Owner and Data Controller for your Personal Data is the company HYONA GROUPE S.A.S, a simplified joint-stock company with a share capital of €1,965, registered with the RCS of DAX under number 823 918 388, with its registered office located at 110, Avenue de Pascouaou, SOORTS-Hossegor (40150) – FRANCE, hereinafter referred to as "HELLO HOSSY® "."
Contact:
- hello@hello-hossy.com ;
- Phone: 09 53 44 04 10 ;
As data controller, Hello Hossy® (hereinafter "We", "Our", "Us") collects and processes the personal data of its Users (hereinafter "You", "Your") in connection with the use of the Website.
Indeed, through our Platform, you may be asked to provide us with Personal Data, in particular when creating an account or ordering our products.
"If, after giving us your consent, you change your mind and no longer consent to the use of your personal data, you can let us know by contacting us by email: hello@hello-hossy.com or by post: HELLO HOSSY®, 110 Avenue de Pascouaou, 40150 Soorts-Hossegor, France."
We may also collect certain information relating to your browsing on our Website, as described in article 4 "Cookies and other trackers" below.
These processing activities are carried out in compliance with the provisions of French Law no. 78-17 of 6 January 1978 on information technology, data files and civil liberties (known as the "French Data Protection Act") and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "General Data Protection Regulation" or "GDPR").
ARTICLE 3 – DATA COLLECTED, PURPOSES AND LEGAL BASES :
We collect the following categories of data, according to the purposes and on the basis of the legal grounds set out below:
3.1 Data collected when browsing the Website
When browsing the Website, we collect information relating to your identity (title, last name, first name, address, email) that you agree to share with us when you complete a form on the website, when you create a customer account, when you place an order or when you contact us directly. The legal basis for this processing is consent.
The data you provide us with when using our contact form is used solely to get back in touch with you. The legal basis for this processing is consent.
We also collect volume and sorting data for technical and marketing purposes. The legal basis for this processing is the performance of a contract.
You can also receive exclusive content (newsletter, promotions, etc.). For this purpose, we collect your email address. The legal basis for this processing is consent.
Subject to your express consent, where you have ticked the relevant box on the data collection form or any other document, including contractual documents, involving the collection and processing of your data, we use your data to send you information about our product and service offerings. The legal basis for this processing is consent.
Furthermore, we reserve the right to compile and publish general information relating to visitor profiles on our Website without, through the use of an appropriate anonymisation process, disclosing any personal data such as visitors' names and addresses. The legal basis for this processing is legitimate interest.
We may also collect statistical information to understand how visitors use the Website (frequency of visits to different pages of the Website, sales statistics and visitor sources, etc.). The legal basis for this processing is legitimate interest.
Visitor profile information is retained and will only be used internally.
3.2. Data collected when creating a customer account
|
Nature of data collected |
Purposes |
Legal bases |
|
Email address |
Creating and managing an account on the Website. |
Performance of contract. |
|
Commercial prospecting. You can object to this use at any time, in particular upon each receipt of a commercial prospecting email. |
Consent. |
|
|
Password |
Creating and managing an account on the Website. |
Performance of contract. |
|
Last Name and First Name |
Creating and managing an account on the Website. |
Performance of contract. |
|
Commercial prospecting. |
Legitimate interest. |
Please also note that all information you send us via letters or emails, including attachments, may contain personal data.
3.3. Data collected when placing an order
|
Nature of data collected |
Purposes |
Legal bases |
|
Email address |
Creating and managing an account on the Website. |
Performance of contract. |
|
Commercial prospecting (if you are already a Customer and the prospecting relates to products or services similar to those already purchased). |
Legitimate interest. |
|
|
Commercial prospecting and customer retention. You can object to this use at any time, in particular upon each receipt of a commercial prospecting email. |
Consent.
|
|
|
Password |
Creating and managing an account on the Website. |
Performance of contract. |
|
Last Name and First Name |
Order management and customer relations. |
Performance of contract. |
|
Arrange home delivery or delivery to a collection point. |
Performance of contract. |
|
|
Commercial prospecting and customer retention. |
Consent. |
|
|
Phone number |
Arrange home delivery or delivery to a collection point. |
Performance of contract.
|
|
Commercial prospecting and customer retention. You can object to this use at any time by registering on the telephone marketing opt-out list.
|
Consent. |
|
|
Delivery information (postal address)
|
Carry out home delivery. |
Performance of contract. |
|
Billing information (email, postal address, payment method, Shopify Pay identifiers, Apple Pay, PayPal, Meta Pay, Google Pay) |
Issuing invoices, managing billing. |
Performance of contract. |
|
Keeping accounts. |
Compliance with legal obligations. |
ARTICLE 4 – COOKIES AND OTHER TRACKERS :
4.1. Cookies collected
When you browse our website, cookie files or trackers may be stored on your computer, mobile device or tablet. Cookies allow us to offer you a better browsing experience and to improve your experience on the Website.
While browsing, cookies are placed on your device according to the choices you have previously made via the cookie management banner present on each page of our Website.
|
Nature of cookies |
Purposes |
Legal bases |
|
Technical or functional cookies |
To enable the use of a specific service explicitly requested by the User, or solely for the purpose of transmitting a communication over an electronic communications network. |
Exempt from consent. |
|
Audience measurement cookies |
Enable analysis of our Site's browsing statistics to optimise our Users' experience. |
User's consent. |
|
Marketing |
Creating User profiles for the purpose of sending advertising, or to track the user across one or more websites for similar marketing purposes. |
User's consent. |
|
Social media sharing cookies (third-party cookies)
|
Manage external social networks and control Users' interactions with social widgets within a web page. |
User's consent. |
4.2. Managing cookies
With the exception of cookies required to ensure the proper functioning of the Website, non-functional cookies and other trackers are subject to the User's express consent.
You can refuse all Cookies by clicking on the "refuse all" link, or select which ones you wish to allow by managing them in the Cookie management module entitled "Manage your preferences".
You can also limit the use of cookies in your browser settings and manage your cookie preferences using your browser's help menu. Here is a non-exhaustive list:
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=fr&hlrm=en ;
- Safari: https://support.apple.com/fr-fr/guide/safari/sfri11471/mac ;
- Firefox: https://support.mozilla.org/fr/kb/protection-renforcee-contre-pistage-firefox-ordinateur? redirectslug=Activer+et+désactiver+les+cookies&redirectlocale=fr ;
- Microsoft Edge: https://support.microsoft.com/fr-fr/windows/supprimer-et-gérer-les-cookies-168dab11-0753-043d-7c16-ede5947fc64d ;
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies ;
- Ecosia: https://info.ecosia.org/cookies.
Please note that our Website may not function correctly if all cookies are disabled. If you delete cookies from your browser, they will once again be subject to your consent when you visit our Website.
ARTICLE 5 – RECIPIENTS OF PERSONAL DATA :
All data provided will be used by our teams to ensure you have the best possible experience on our Website.
Some of your data may be shared with our service providers within the limits of their respective roles.
- Technical service providers involved in the hosting and maintenance of the Website;
- Payment service providers, in connection with the payment of your order ;
- Technical and logistics service providers, in the context of the dispatch and delivery of your order.
In this context, some recipients of your data may carry out transfers outside the European Union.
ARTICLE 6 – DATA RETENTION PERIOD :
The retention period for your personal data varies depending on the purpose for which it was collected. It will be retained for as long as necessary to fulfil the purposes for which it was collected.
However, certain personal data of administrative or legal interest will be retained beyond the period necessary for the fulfilment of the purpose for which it was collected.
|
Nature of processing |
Retention period |
|
Personal HELLO Hossy® account |
Your Personal Data and your account will be deleted:
|
|
Order Management |
Data retained for the duration necessary for managing the commercial relationship. |
|
Data relating to bank cards used for payment |
We refer you to our service providers' websites for more information: https://www.shopify.com/fr/shop-pay. |
|
Billing data |
Retained for 10 years from the close of the financial year to which they relate (art. L.123-22 of the French Commercial Code). |
|
Management of our customer and prospect database |
Retained for a period of 3 years from your last order or your last contact with us OR until you withdraw your consent. |
|
Customer relationship management (questions submitted to customer services by email) |
Retained for the time necessary to process your request. |
|
Cookies and other trackers not subject to consent |
Retained in accordance with applicable regulations for a period not exceeding 13 months. |
|
Cookies and other trackers subject to consent |
6 months from the date of collection. |
|
Statistics (traffic measurement and analysis) |
Retained for a period not exceeding 13 months. |
Some of your Personal Data may be retained, even if you delete your account, due to legal obligations or for prevention purposes in the event of a dispute. This data will be retained within the limits of applicable statute of limitations rules.
ARTICLE 7 – YOUR RIGHTS :
In accordance with the GDPR, you have the right to exercise the following rights:
- Right of access: you can obtain confirmation of whether Personal Data concerning you is being processed or not by Hello Hossy®, and where it is, access said data ;
- Right of rectification: you can ask us to rectify Personal Data concerning you when it is inaccurate or incomplete. If you have a customer account, you can access the section corresponding to your Personal Data in order to modify or update it. You must ensure that this data is true and accurate. Likewise, you agree to notify us of any change or modification to this data. We also remind you that in principle you should only share your own Personal Data and not that of a third party. Any damage or loss caused as a result of providing inaccurate or incomplete information in our data collection forms is the sole responsibility of the User of our Platform ;
- Right to erasure (or "right to be forgotten"): you may ask us to erase Personal Data concerning you if one of the grounds set out in article 17-1 of the GDPR applies:
- Your Personal Data is no longer necessary in relation to the purposes;
- You have withdrawn your consent and there is no other legal basis justifying the continued processing of your Personal Data;
- You have validly exercised your right to object;
- The processing of your data is not lawful;
- Your Personal Data must be erased to comply with a legal obligation.
In addition, you can delete your account via your customer account area ; - Right to restriction of processing: you may restrict the processing of your data when one of the conditions provided for in article 18-1 of the GDPR is met:
- You are contesting the accuracy of your personal data, for a period enabling us to verify its accuracy;
- The processing is unlawful and you request the restriction of its use;
- We no longer need your data, but you still require it to establish, exercise or defend legal claims;
- You have objected to the processing during the verification as to whether the legitimate grounds pursued by Hello Hossy® override your own;
- Right to object: you may object, at any time, to the processing of your Personal Data, pursuant to the terms of article 21 of the GDPR: Hello Hossy® will no longer process your data, unless it can demonstrate the existence of compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims;
- Right to data portability: If the processing of your personal data is based on your consent or the performance of a contract, and if the processing is carried out by automated means, you will have the right to request receipt of the data concerning you in a structured, commonly used and machine-readable format, in order to transfer it to another entity, provided this is technically possible;
- Right to set directives regarding the fate of your data after your death.
To exercise your rights, you can contact us using one of the following addresses, providing proof of your identity to prevent any third party from exercising your rights over your data without your knowledge:
- By email at the following address: hello@hello-hossy.com ;
- By post at the following address: 110 Avenue de Pascouaou, 40510 Soorts-Hossegor, France.
Your request will be processed within the following timeframes:
- Maximum 1 month for a simple request;
- Maximum 3 months for a complex request. In this case, we will inform you of this extension and the reasons for the delay within one month of receiving the request.
"Exercising your rights is free of charge, unless requests are manifestly unfounded or excessive, in particular due to their repetitive nature. HELLO HOSSY® may require payment of reasonable fees or refuse to act on such requests."
For any complaint regarding the handling of your request by Hello Hossy®, you may contact the Commission Nationale de l'Informatique et des Libertés by post (CNIL - 3 Place de Fontenoy – TSA 80715 – 75 334 PARIS CEDEX 07) or online (https://www.cnil.fr).
ARTICLE 8 - DATA SECURITY :
We implement appropriate technical and organisational measures to ensure a level of security suited to protecting your personal data against any destruction, loss, alteration, disclosure, unauthorised access or any other form of unlawful processing.
Payment method information is encrypted using the SSL security protocol and stored with AES-256 encryption.
However, as the Internet is open to all and not fully secure, Hello Hossy® cannot guarantee the complete security of your personal data that is stored or transmitted. Its security also depends on everyone's good practices. Therefore, we recommend in particular that you do not share your account login credentials and that you always log out of your profile after use. In addition, it is your responsibility to ensure that your personal computer network is secured when you access our Platform.
While browsing, you may leave our Website by clicking on a hyperlink on the Website. The risks associated with this use are your responsibility, and we recommend that you carefully read the privacy policies specific to each Website.
ARTICLE 9 - DATA OF MINORS UNDER 15 YEARS OF AGE :
The Website is not aimed at minors. However, access to the Website is not prohibited to them as it does not contain content restricted to those under 18 years of age.
We do not knowingly collect information about minors under the age of 15 without the consent of the holder(s) of parental authority. If such data were to be collected without our knowledge, the minor's legal representative will be able to contact us via the email address hello@hello-hossy.com to rectify, amend or delete this information.
ARTICLE 10 - AMENDMENT OF THIS DATA PROTECTION POLICY :
This Data Protection Policy may be amended at any time to take into account changes in personal data protection standards as well as changes made by Hello Hossy® in the processing of your Personal Data.
Last updated: July 2024
