Privacy policy.

PREAMBLE:

    When you browse our website at https://hello-hossy.com/ (hereinafter, the "Website"), we may be required to process some of your personal information, in particular:

    • The data we have collected;
      and/or
    • The data provided by you.

    By using the Website, you accept and agree to be bound by the present Privacy Policy.

    The present Privacy Policy may be updated at any time.

    The most recent update will appear on this page with the date of the update. We therefore recommend visiting this page regularly.

    ARTICLE 1 — DEFINITIONS:

      "Personal Data:" any data relating to an identified or identifiable person.

      "Data Protection and Civil Liberties Act:" French law no. 78-17 of January 6, 1978, relating to information technology, files, and liberties.

      "General Data Protection Regulation" or "GDPR:" EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, which came into force in France on May 25, 2018.

      "Data Controller:" a natural or legal person, public authority, service, or other body which, alone or with others, determines the means and purposes of the processing.

      "Website" or "Site:" the website accessible via https://hello-hossy.com/.

      "User:" any person who uses the Site.

      ARTICLE 2 — GENERAL INFORMATION:

        The HYONA Group, a simplified corporation with a share capital of 1,965 euros, registered with the DAX Trade and Companies Register under the number 823 918 388, and headquartered at 110, Avenue de Pascouaou, 40150 Soorts-Hossegor, France (hereinafter, "Hello Hossy®"), is the owner of the Website as well as the Data Controller.

        Contact:

        As the Data Controller, Hello Hossy® (hereinafter referred to as "we," "us," or "our") collects and processes the personal data of its users (hereinafter referred to as "you" or "your") in the context of the use of the Website.

        When using the Website, you may be asked to provide us with Personal Data, in particular when creating an account or ordering our products.

        If, after having granted your consent, you change your mind and no longer consent to the use of your Personal Data, you may notify us via email: hello@hello-hossy.com or regular mail: Hello Hossy®, 110 Avenue de Pascouaou, 40150 Soorts-Hossegor, France, of your decision.

        We may also collect certain information regarding your browsing behavior on the Website, as per the conditions described in Article 4 "Cookies and other trackers" below.

        Such processing is carried out in accordance with the provisions of French Law No. 78-17 of January 6, 1978, on data processing, data files, and civil liberties (hereinafter, "Data Protection and Civil Liberties Act") and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, "General Data Protection Regulation" or "GDPR").

        ARTICLE 3 – DATA COLLECTED, PURPOSES, AND LEGAL BASES:

        We collect the following categories of data, as per the purposes and legal bases indicated below:

        3.1 Data collected when Users browse the Website

        When you browse the Website, we collect the information regarding your identity (title, last name, first name, address, email address, etc.) that you agree to share with us when you complete a form on the Site, when you create a customer account, when you place an order, or when you contact us directly. Your consent is the legal basis for this processing.

        The information that you provide in the contact form is only used by us to contact you. Your consent is the legal basis for this processing.

        We also collect data relating to volumes and sorting for technical and marketing purposes. The performance of the contract is the legal basis for this processing.

        You may also opt to receive exclusive content such as newsletters, promotions, etc. We collect your email address for this purpose. Your consent is the legal basis for this processing.

        Provided you have granted your express consent by checking the box on the data collection form or any other document (in particular, contractual) involving the collection and processing of your data, we shall use your data to send you information on our products and services. Your consent is the legal basis for this processing.

        In addition, we reserve the right to collect and publish generic information regarding the profiles of visitors to our Site, albeit (by using a suitable anonymization method) without indicating nominative data such as the names and addresses of said visitors. Our legitimate interest is the legal basis for this processing.

        We may also collect statistical data to better understand how visitors use the Site (frequency of visits to the various pages on the Site, sales statistics, origin of visitors to the Site, etc.). Our legitimate interest is the legal basis for this processing.

        Visitor profile data is stored and only used internally.

        3.2. Data collected when creating a customer account

        Type of data collected

        Purposes

        Legal bases

        Email address

        Creating and managing an account on the Site.

        Performance of the contract.

        Commercial prospecting. You may object to this processing at any time, in particular each time you receive a prospecting email. 

        Consent.

        Password

        Creating and managing an account on the Site.

        Performance of the contract.

        First and last name

        Creating and managing an account on the Site.

        Performance of the contract.

        Commercial prospecting.

        Legitimate interest.

        Please also note that any information you send to us by regular mail or email (including attachments) may contain personal data.

        3.3. Data collected during the order process

        Type of data collected

        Purposes

        Legal bases

        Email address

        Creating and managing an account on the Site.

        Performance of the contract.

        Commercial prospecting (if you are already a Customer and the prospecting concerns products or services similar to those that you already purchased).

        Legitimate interest.

        Commercial prospecting and customer loyalty. You may object to this processing at any time, in particular each time you receive a prospecting email.

         

        Consent.

         

        Password

        Creating and managing an account on the Site.

        Performance of the contract.

        First and last name

        Order management and customer relations.

        Performance of the contract.

        Home delivery or delivery to a pickup point.

        Performance of the contract.

        Commercial prospecting and customer loyalty.

        Consent.

        Phone number

        Home delivery or delivery to a pickup point.

         

        Performance of the contract.

         

         

        Commercial prospecting and customer loyalty. You may object to this processing by registering on the Do Not Call Registry.

         

        Consent.

         

        Delivery information (mailing address)

         

        Home delivery.

        Performance of the contract.

        Billing information (email address, mailing address, payment method, login details for Shopify Pay, Apple Pay, PayPal, Meta Pay, or Google Pay)

        Invoicing, billing management.

        Performance of the contract.

        Bookkeeping.

        Compliance with legal obligations.

        ARTICLE 4 — COOKIES AND OTHER TRACKERS:

          4.1. Cookies collected

          When you visit our website, cookies or other trackers may be stored on your computer, cell phone, or tablet. Cookies allow us to offer you a better browsing experience and to improve your experience on the Site.

          As you browse the Website, cookies are stored on your device in accordance with the choices you made via the cookie banner found on each page of our Site.

          Type of cookies

          Purposes

          Legal bases

          Technical or functional cookies

          Allow Users to benefit from specific services (requested by the User), or for the sole purpose of allowing for communication over an electronic communications network.

          No consent required.
          Performance of the contract.

          Audience measurement cookies

          Analyze our Site's page view statistics and optimize the experience of our Users.

          Consent of the User.

          Marketing

          Create User profiles for advertising purposes, or track Users across a single website or multiple websites (for similar marketing purposes).

          Consent of the User.

           

          Social media cookies (third-party cookies)

           

          Manage external social networks and control the interaction of Users with social widgets on a web page.

          Consent of the User.

           

          4.2. Configuring cookies

          With the exception of cookies used to ensure the proper functioning of the Site, the use of cookies and other non-functional trackers is subject to the User's express consent.

          On the cookies banner, you can refuse all cookies by clicking on "Refuse all," or select "Manage your preferences" to configure the cookies you wish to allow.

          You can also restrict the use of cookies in your browser settings and manage cookies using your browser's help menu. We have compiled a (non-exhaustive) list for some of the most popular browsers:

          Please note that our Site may not function properly if you disable all cookies. If you delete cookies from your browser, you will be asked to provide your consent again when you visit the Website.

          ARTICLE 5 — RECIPIENT OF PERSONAL DATA:

            Our teams use all the collected data to provide you with the best possible experience on the Site.

            Some of your data may be shared with our service providers, albeit only within the scope of their respective responsibilities.

            • Technical service providers that host and maintain the Site;
            • Payment service providers required for the payment of your Order;
            • Technical and logistics service providers required for the shipping and delivery of your Order.

            In this context, certain recipients of your data may transfer said data outside the European Union.

            ARTICLE 6 — DATA RETENTION PERIODS:

              The retention periods for Personal Data vary depending on the purpose(s) for which the data was collected. Your Personal Data will only be kept for as long as is necessary for the purposes for which it was collected.

              However, some Personal Data collected for legal or administrative reasons will be kept for longer than is necessary to achieve the purposes for which it was collected.

              Type of processing

              Retention periods

              Personal account with Hello Hossy®

              Your Personal Data and account will be deleted:

              • if you decide to delete your online account;
                or
              • after two (2) years of inactivity.

              Order management

              Data retained for the amount of time required to manage the commercial relationship.

              Data relating to bank cards used for payment

              For more information, please see the websites of our service providers: https://www.shopify.com/fr/shop-pay.

              Billing data

              10 years from the end of the financial year to which it applies (Art. L.123-22 of the French Commercial Code).

              Management of our customer and prospect database

              3 years from your last order or contact with us OR until your consent is revoked.

              Customer relationship management (questions sent to customer service by email)

              The amount of time that is required to process your request.
              Recorded telephone conversations with our customer service are kept for no more than 6 months, except in rare cases (e.g., for investigative, legal, or fraud-related purposes).

              Cookies and other trackers not subject to consent

              Retention periods defined in accordance with applicable regulations, but not exceeding 13 months.

              Cookies and other trackers subject to consent

              6 months after their collection.

              Statistics (traffic measurement and analysis)

              Stored for no more than 13 months.


              Even if you delete your account, some of your Personal Data may be retained to meet a legal obligation or prepare for a potential dispute. This data will be kept in accordance with the limits of the respective prescriptive period.

              ARTICLE 7 — YOUR RIGHTS:

              As per the GDPR, you have the right to exercise the following rights:

              • Right of access: you have the right to obtain confirmation as to whether your Personal Data is being processed by Hello Hossy®, and if it is, to access said data;
              • Right to rectification: you have the right to ask that we rectify your Personal Data if it is inaccurate or incomplete. If you have a customer account, you can modify or update your data in the section on Personal Data. You must ensure that your data is accurate and up to date. Similarly, you agree to inform us of any changes or modifications to this data. Please note that in general, you should only ever provide your own Personal Data and not that of a third party. Users of the Website are solely responsible for any damage or loss caused as a result of providing inaccurate or incomplete information in our data collection forms;
              • Right to erasure (or the "right to be forgotten"): you have the right to request that we erase your Personal Data if one of the grounds set out in Article 17-1 of the GDPR applies:
                • Your Personal Data is no longer required for the purposes for which it was collected;
                • You have revoked your consent, and we have no other legal basis for continuing to process your Personal Data;
                • You have legitimately exercised your right to object;
                • The processing of your data is unlawful;
                • Your Personal Data must be deleted to comply with a legal obligation.
                  You can also delete your account via your customer space;
              • Right to restriction of processing: you can request that we restrict the processing of your data if one of the conditions set out in Article 18-1 of the GDPR is met:
                • You contest the accuracy of your Personal Data, in which case we will restrict the processing for a period of time that allows us to verify said accuracy;
                • The processing is unlawful, and instead of requesting that we delete your data, you wish for its use to be restricted;
                • We no longer need your data, but you still need it to establish, exercise, or defend your legal claims;
                • You have objected to processing pending the verification as to whether the legitimate grounds of Hello Hossy® override your own;
              • Right to object: you may, at any time, object to the processing of your Personal Data per the terms of Article 21 of the GDPR: Hello Hossy® will no longer process your data, unless it can demonstrate compelling legitimate grounds for the processing which override your rights, interests, and freedoms, or for the establishment, exercise, or defense of legal claims;
              • Right to data portability: if the processing of your Personal Data is based on your consent or the performance of the contract, and if the processing is carried out by automated means, then you have the right to receive your data in a structured, commonly used, and machine-readable format, in order that you may transfer said data to another controller, provided such a transfer is technically possible;
              • Right to specify what happens to your data after your death.

              If you wish to exercise any of your rights, you may contact us using one of the addresses below, providing proof of your identity to ensure your rights are not exercised by a third party without your knowledge:

              Your request will be processed no later than:

              • 1 month for a simple request;
              • 3 months for a complex request. In this case, we will inform you of the 3-month deadline and the reasons for the delay within one month of receiving your request.

              Exercising your rights is free of charge, except in the case of manifestly unfounded or excessive requests, in particular due to the repetitive nature of the latter. Hello Hossy® may demand a reasonable fee or refuse to answer such requests.

              If you have any complaints about how Hello Hossy® handles your request, feel free to contact the French National Data Protection Commission (CNIL — 3 Place de Fontenoy — TSA 80715 — 75 334 PARIS CEDEX 07) or online (https://www.cnil.fr).

              ARTICLE 8 — DATA SECURITY:

              We implement all the necessary technical and organizational measures to ensure an adequate level of security and thereby protect your Personal Data against loss, destruction, alteration, disclosure, unauthorized access, or any other form of unlawful processing.

              Payment information is encrypted using the SSL security protocol and stored with AES-256 encryption.

              However, since the Internet is open to everyone and not always secure, Hello Hossy® cannot guarantee that stored or sent Personal Data will be totally secure. Everyone plays a part in ensuring the security of Personal Data. We therefore recommend that you refrain from sharing your account login information, and that you always log out of your account after use. In addition, you are responsible for ensuring that your personal computer network is secure when you visit the Website.

              While browsing, you may click on a hypertext link on the Site and therefore leave the Website. You are solely responsible for any risks associated with external websites that are accessed via the Website. We therefore recommend that you carefully read the privacy policies for each of these sites.

               ARTICLE 9 — DATA OF MINORS UNDER 15

              The Site is not intended for minors. However, minors can access the Site as the Site does not contain content forbidden to persons under the age of 18.

              We do not knowingly collect information from minors under the age of 15 without the consent of their parent or guardian. Should such data be collected without our knowledge, the minor's legal representative can contact us by email (hello@hello-hossy.com) to rectify, modify, or delete this information.

              ARTICLE 10 — CHANGES TO THE PRESENT PRIVACY POLICY

              The present Privacy Policy may be modified at any time to take into account changes in standards relating to the protection of Personal Data, as well as changes made by Hello Hossy® with regard to the processing of Personal Data.

              Last update: July 2024