Privacy Policy

Version of 02/13/2023

1. Preamble

This privacy policy is addressed to you as an Internet user who accesses the website accessible at the following address: https://the-oversized-hoodie.com (hereinafter “the Site”).

Any processing of personal data is carried out by the company RISE AND SHINE, SASU registered with the RCS of PARIS under number 948 126 495 and whose intra-community VAT number is: FR94948126495, having its registered office at 122 rue Amelot - 75011 PARIS (Hereafter called: “RISE AND SHINE”). RISE AND SHINE can be contacted by e-mail at the following address: contact@the-oversized-hoodie.com

RISE AND SHINE has the status of data controller for the processing operations detailed in this privacy policy.

The processing of your data by a partner is subject to the latter's privacy policy.

2. Type of data collected

    The mandatory or optional nature of the data is specified when they are collected. If this information is incomplete, obsolete or inaccurate, it may be impossible to create an account on the Site.

    RISE AND SHINE may collect and process all or part of the following data:

    Personal data processing category

    Category Description

    Data processed in the context of the use of the Customer's Personal Account on the Site and/or the placing of an order

     

     

    These are personal data collected from Customers when creating and managing a Customer account on the Site and/or placing an order. They may include in particular:

    - Civility, surname, first name,

    - Delivery and billing address, e-mail, telephone number,

    - Order history

    - Messages exchanged

    - Any other information that the Customer wishes to communicate to us as part of the execution of the order

    To respond to requests for information

    These are the personal data provided to make contact via the Site. They include the surname, first name, e-mail, subject and content of the message.

    For sending commercial offers and newsletters

    This is the first name and e-mail address provided to subscribe to a newsletter via the Site.

    For the proper functioning and continuous improvement of the Site

    - These connection and browsing data include the data mentioned in the Cookies Management Charter: https://the-oversized-hoodie.com/pages/charte-cookies

     

    3. Purpose and legal basis of processing

      Your personal data is collected for the following purposes:

      Legal basis

      Purpose

      Use of your data on the basis of the execution of the contract

       

      On the basis of the execution of the contract that binds us, RISE AND SHINE uses your data to:

      - Ensure the creation and management of your personal account

      - Allow you to use the Site

      - Allow you to use our payment system

      - Process your orders

      - Respond to your requests for information

      Use of your data based on your consent

       

      Based on your consent, RISE AND SHINE uses your data to:

      - Send you newsletters

      - Send you commercial offers

      - The purposes mentioned in the Cookies Management Charter: https://the-oversized-hoodie.com/pages/charte-cookies

      Use of your data based on our legitimate interest

       

      On the basis of our legitimate interest, in particular to ensure a better quality of our services, RISE AND SHINE uses your data to:

      - Carry out optional satisfaction surveys on our services in order to improve them

      - Send you information and commercial offers related to our services

      - Make statistics and marketing analyzes, in order to understand your needs

      - Prevent and fight against computer fraud (spamming, hacking, etc.).

      - Respond to your requests for information

      Use of your data to comply with our legal obligations

       

      RISE AND SHINE is likely to process your data for the purposes of proof and in the context of compliance with its legal obligations, for: .

      -payment management

      - management of requests for rights arising from the GDPR and the amended Data Protection Act

       

      4. Duration of retention of personal information

        The retention period for personal data varies according to the purpose of their collection:

        • The data relating to your use of the Site is kept for a period of 5 years after your request to unsubscribe from the Site, in particular for the purposes of proof, it being specified that after a period of inactivity of 3 years, the account may be deleted,
        • The data relating to the management of your contract and your orders are kept for a period of 5 years after each order, in particular for the purposes of proof,

        Data relating to the sending of newsletters and information and commercial offers related to our services (email, telephone) are kept until your request to unsubscribe or delete your personal data or after a maximum period of 3 years. after the last contact from the data subject,

        • The information necessary to comply with legal obligations is kept for the legal retention period.

        For payments by credit card, in accordance with Article L.133-24 of the Monetary and Financial Code, this data may be kept for the purpose of proof in the event of any dispute of the transaction or complaint, in intermediate archives, during a period of thirteen (13) months following the debit date (duration extended to 15 months for deferred debit payment cards).

        The data relating to the PAN and visual cryptogram are not stored and the data relating to the expiry date are deleted when its expiry date is reached.

        Invoices and accounting data issued are kept for ten (10) years from their issue.

        Data relating to the management of legal requests are kept for the entire duration necessary to process the request and then stored in intermediate archiving for the applicable criminal limitation period, namely six years, in intermediate archiving (Art. 8 of the Code of penal procedure).

        5. Recipient of personal data (persons having access to the data)

          We are committed to treating all your personal data confidentially.

          The internal RISE AND SHINE team may have access to your personal data but only in the exercise of their functions and within the framework of the purposes set out in this Policy.

          We do not share your data with third parties, except in the limited cases below:

          • The subcontractors. RISE AND SHINE may use the services of other companies or independent persons who provide certain services on its behalf:
            • Technical service providers,
            • payment service,
            • delivery service,

          These service providers may have access to the personal information necessary for the performance of their services but are not authorized to use it for other purposes.

          • Transfer of businesses or activities. As part of the development of its activities, RISE AND SHINE may sell all or part of its assets or acquire other companies, businesses, subsidiaries or branches of activity. On the occasion of such transactions, the personal data processed by the company are generally part of the transferred assets but remain subject to any pre-existing confidentiality policy, unless otherwise agreed by the persons concerned.
          • Authorized administrative and judicial authorities. In order to comply with its legal obligations, RISE AND SHINE may transfer your personal data to authorized administrative and judicial authorities.
          • With your agreement. Unless RISE AND SHINE were required to comply with a legal obligation, RISE AND SHINE will notify you if its information were to be transmitted to a third party, it being specified that you have the possibility of not giving your consent to such transmission.
          6. Transfer of data outside the EU

            In view of the nature of its activity, and subject to informing the Internet user beforehand, RISE ADN SHINE may be required to transfer your personal data outside the European Union.

            In this case, RISE AND SHINE will inform you of the measures taken to control this transfer and to ensure compliance with it.

            We store your personal data through the SHOPIFY hosting service. SHOPIFY's privacy policy can be accessed here: https://help.shopify.com/fr/manual/your-account/privacy

            7. Exclusion of sensitive data

              RISE AND SHINE does not collect any sensitive data about you.

              These sensitive data concern the processing of personal data which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purposes of uniquely identify a natural person, data concerning health or data concerning sex life or sexual orientation.

              8. Minors

                The Site was not designed for use by minors (under 18). Under no circumstances do we authorize the use of our services by minors under the age of 18. We do not knowingly collect personal data from minors. If a parent becomes aware that their child has provided us with Personal Information (or if a guardian becomes aware that the child in their care has provided us with Personal Information), he or she should contact us by email. .

                9. Your rights regarding access to your personal data

                  In accordance with article 13 of Regulation (EU) 2016/679 of April 27, 2016 and article 32 of law 78-17 of January 6, 1978, you are informed that you have the following rights:

                  • Permission to access

                  This is your right to obtain confirmation whether or not your data is being processed, and if so, to access that data.

                  • Right of rectification

                  This is your right to obtain, as soon as possible, that your inaccurate data be rectified, and that your incomplete data be completed.

                  • Right to deletion/erasure

                  This is your right to obtain, as soon as possible, the erasure of your data, subject to our legal retention obligations and our legitimate interest in retaining this information.

                  • Right of limitation

                  This is your right to obtain the limitation of processing when you oppose it, when you dispute the accuracy of your data, when you believe that their processing is unlawful, or when you need it for the observation, l exercising or defending your legal rights.

                  • Right of opposition

                  This is your right to object at any time to the processing of your data by RISE AND SHINE, except in the case of legitimate reasons for RISE AND SHINE. You can also object to processing for commercial prospecting purposes.

                  • Right to portability

                  This is your right to receive your data in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another data controller without our hindrance.

                  • Right not to be the subject of a decision based on automated processing

                  You have the right not to be the subject of a decision based exclusively on automated processing which produces legal effects concerning or affects you, except where this decision is necessary for the conclusion or performance of a contract, or is legally permitted.

                  • Complaints

                  You have the right to lodge a complaint with the National Commission for Computing and Liberties (CNIL): https://www.cnil.fr/fr/plaintes

                  • Guidelines in the event of death

                  You have the right to give instructions for the fate of your personal data in the event of death.

                  • How to exercise your rights

                  You can send any request to RISE AND SHINE:

                  In accordance with article 17 of Regulation (EU) 2016/679 of April 27, 2016, the exercise of these rights must not deprive RISE AND SHINE of its right of conservation in order to comply with its legal obligations and for probative purposes. .

                  10. Your rights to oppose commercial offers

                    10.1 – Commercial proposals by e-mail or SMS:

                    On the forms you fill out, you are expressly asked for your consent to receive offers from us and, as the case may be, from our partners.

                    However, your express prior consent is not required when you are already a RISE AND SHINE Customer and the purpose of our solicitation is to offer you products or services similar to those we already provide to you.

                    In any case, you always have the possibility of opposing the receipt of these solicitations by carrying out the following actions:

                    • For e-mail, by clicking on the unsubscribe link provided in each e-mail, by going to your online account or by contacting us by e-mail.
                    • For the sms, by sending a STOP SMS to the number indicated in it or by contacting us by e-mail.

                    10.2– Commercial proposals by telephone:

                    If you do not wish to receive commercial proposals on your personal telephone number (if this has been communicated to us), you can oppose:

                    • By contacting us by e-mail.
                    • By registering free of charge on the “Bloctel” cold calling opposition list at the following address: https://www.bloctel.gouv.fr/ in accordance with Articles L223-1 and L223-2 of the Consumer Code.

                    Any professional reserves the right to canvass a consumer registered on the list of opposition to canvassing when it comes to solicitations occurring within the framework of the execution of a contract in progress and having a relationship with the object said contract, including when it comes to offering the consumer products or services relating to or complementary to the subject of the current contract or likely to improve its performance or quality.

                    11. Links to other websites or third-party services

                      In the event that the Site refers to third-party websites or services, in particular through the use of links, we assume no responsibility with regard to these third-party websites and services. We therefore invite you to consult their conditions as well as their privacy policy.

                      12. Details on social networks

                        When browsing the Site, Internet users have the possibility of clicking on links or icons referring to the social networks of RISE AND SHINE.

                        Social networks improve the user-friendliness of the Site and help promote it through sharing.

                        When Internet users use these buttons, RISE AND SHINE may have access to personal information that Internet users have indicated as public and accessible from their profiles on these social networks.

                        However RISE AND SHINE does not create or use any database of these social networks and does not use any data relating to the privacy of Internet users in this way.

                        In order to limit third-party access to personal data appearing on social networks, Internet users can configure their profile and/or the visibility of their publications via the dedicated spaces on the social networks concerned in order to control their accessibility and hearing.

                        13. Security of personal data

                          RISE AND SHINE has put in place physical and electronic security measures as well as backup procedures in relation to the collection, storage and communication of your personal data and in particular:

                          • Securing access to our premises and our IT platforms
                          • Raising awareness of the confidentiality requirements of our employees who have access to your personal data
                          • Secure access, sharing and transfer of data,
                          • The high level of data protection requirements when selecting our subcontractors and, as the case may be, from our partners.
                          14. Modification of the Policy

                            This Policy may be modified, supplemented or updated in order to comply with any legal, regulatory, jurisprudential or technical developments. However, your personal data will always be processed in accordance with the Policy in force at the time of their collection, if a mandatory legal provision were to provide otherwise.