CONFIDENTIALITY

CONFIDENTIALITY

Responsible service and service provider

Renaisa SAS
privacy@renaisa.com
12 rue de Chantilly
75009 Paris

The protection of your personal data is very important to us. That is why we would like to inform you in this privacy policy about the data we collect and for what purpose. If you have any further questions about the handling of your personal data, please contact our data protection officer.

Due to the constant evolution of technology, changes in our services, regulations and other reasons, we may have to adapt our privacy policy. We therefore reserve the right to modify this privacy policy at any time and invite you to regularly check the current version.


Data Protection Officer

The Data Protection Officer of the controller is

Julia Anès
privacy@renaisa.com


1 BASIC INFORMATION ON DATA MANAGEMENT

1.1 Scope of processing of personal data

As a matter of principle, we collect and use personal data of our users only insofar as this is necessary for the provision of a functioning website, the provision of our content and services and the fulfilment of our business purpose. The personal data of our users is only collected and collated on a regular basis with the prior consent of these users. Exceptions to the above are cases where it is not possible to obtain prior consent for effective reasons and where legal regulations permit the processing of data.

1.2 Purposes and legal basis for processing personal data

We process personal data only in order to fulfil contractual obligations or to safeguard our legitimate interests. Our legitimate interests are based on the fulfilment of our company's purpose.

Insofar as we obtain the consent of the data subject for the processing of his/her personal data, the processing of personal data is legally based on Article 6 paragraph 1 S.1 lit. a of the European General Data Protection Regulation (GDPR).

The processing of personal data necessary for the performance of a contract, where the data subject is a party to the contract, has as its legal basis Article 6 para. 1 S.1 lit. b of the GDPR. This clause also applies to processing operations necessary for the execution of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation imposed on our company, the legal basis for this is Article 6 paragraph 1 S.1 lit. c of the GDPR.

If the processing of personal data is necessary for the vital interests of the data subject or another natural person, the processing is legally based on Article 6 para. 1 S. 1 lit. d of the GDPR.

If the processing is necessary for the protection of a legitimate interest of our enterprise or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, the processing is based on Article 6 para. 1 S. 1 lit. f of the GDPR.

1.3 Categories of recipients and personal data, origin of personal data; transfer of data

We share personal data with our business partners and service providers for the purpose of fulfilling our business purpose. We usually use the contact details of our customers and business partners for the purpose of fulfilling the purpose of our business. We usually obtain personal data directly from the data subject or, in exceptional cases, from third parties with the consent of the data subject.

Unless otherwise stated in the following sections, your data will not be passed on to third parties unless we are obliged to do so by law or the sharing of data is necessary for the execution of the contract or you have given your explicit prior consent to the sharing of your data. External service providers and partner companies, such as online payment solution providers or the delivery carrier, will only obtain your data to the extent that they need it to process your order. In these cases, however, the scope of the data transferred is limited to the minimum required. Insofar as our service providers have access to your personal data, we ensure that they comply with the provisions of the data protection legislation. Please also note the data protection rules of these service providers. While the service provider is responsible for the content of its services, we nevertheless check, within reasonable limits, that these services comply with the legal requirements.

 

1.4 Transfer to third countries

As a matter of principle, we do not share personal data with recipients in third countries (i.e. outside the European Union). In the event of data sharing with recipients in a third country, we ensure that, in addition to the necessary consent for sharing, the recipient in the third country offers an adequate level of data protection (or is exempted according to Article 49 paragraph 1 of the GDPR).

1.5 Data security

We have implemented extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly audited and upgraded in line with technical developments.

1.6 Data deletion and retention period

The personal data of the data subject shall be erased or blocked as soon as the purpose of the storage is no longer fulfilled. Personal data may also be recorded where the European or national legislator so provides in regulations under European law, laws and other provisions to which the controller is subject. They are blocked or deleted after the expiry of a retention period stipulated by the above-mentioned standards, unless the data must be retained for a longer period of time in order to conclude or execute a contract.

 

2 GENERAL DATA COLLECTION WHEN VISITING OUR WEBSITE

When you simply visit the website for information purposes - that is, you do not register or transmit information in any way - we only collect the personal data that your browser transfers to our server.

Within the framework of the balancing of interests according to Article 6 paragraph 1 S.1 lit. f of the GDPR, we have taken into account and balanced our interest in providing you with our service with your interest in the data protection compliant processing of your personal data. As the following data is necessary for the provision of our service, in order to be able to offer you our website and to ensure its stability and security, in particular to protect you against misuse, we have come to the conclusion that this data - in order to ensure data security according to the current state of the art - can be processed with due regard to your interest in data protection-compliant processing.

 

Description and scope of data collection

Each time you visit our website, our system automatically records data and information about the computer system of the computer used to visit the website.

The data collected for this purpose are the following:

  1. information about the type of browser and version used
  2. operating system and user interface
  3. the user's internet service provider
  4. user's IP address
  5. access status/status code http
  6. date and time of access
  7. time difference from Greenwich Mean Time
  8. content of the requirement (concrete website)
  9. volume of data transferred
  10. websites from which the user's system accesses our website
  11. websites accessed by the user's system from our website
  12. mobile devices: manufacturer and type designation of smartphone, tablet or other mobile device
  13. Low Level Tracer

The data is also saved in the log files of our system. This data is not stored with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of data and logfiles is Article 6 paragraph 1 S.1 lit. f of the GDPR.

 

Purpose of data processing

The temporary recording of the IP address by the system is necessary to enable the website to be displayed on the user's computer. The user's IP address must therefore be stored for the duration of the session.

The log files are used to ensure that the website functions properly. We also use the data to optimise the website and to ensure the security of our IT systems. In particular, it helps us to adapt our website and other IT systems to the browsers, operating systems and devices used.

The data is not evaluated for marketing purposes in this respect.

These purposes also represent our legitimate interest in the processing of data according to Article 6 paragraph 1 S.1 lit. f of the GDPR.

 

Shelf life

The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the event that the data was stored for the purpose of making the website available, it is deleted when the current session ends.

In the event that these data are saved in log files, they are deleted within seven days. It is possible to save data outside the previously defined framework. In this case, the IP addresses of the users are deleted or transformed in such a way that it is no longer possible to associate them with the customer accessing the site.

Possibility of opposition and elimination

The recording of data for the purpose of providing the website and the storage of data in log files is absolutely necessary for the operation of the website. The user therefore has no opportunity to object to this.

3 REGISTRATION

We offer users the opportunity to register on our website by providing certain personal data. The data is entered in the fields provided, transmitted to us and stored. This data is not shared with any third parties. The following data is collected as part of the registration process:

  • civility
  • first name
  • name
  • E-Mail
  • password
  • address
  • telephone number
  • country
  • relay point (if available)

The data recorded at the time of registration is as follows:

  1. user's IP address
  2. date and time of recording
  3. client number
  4. Entity-ID
  5. E-Mail Hash

As part of the registration process, the user is asked to consent to the processing of this data. Once you have registered, you have personal, password-protected access to view and manage the data you have entered. Although registration is free, it may also be a prerequisite for access to our services.

In this case, your data will be shared with our email service provider Emarsys to enable us to send you an email to confirm your registration.

 

Legal basis for data processing

The legal basis for the processing of data, in the case of consent, is Article 6 paragraph 1 S.1 lit. a of the GDPR.

If the registration serves the execution of a contract, to which the user is a party, or the implementation of pre-contractual measures, Article 6 paragraph 1 S.1 lit. b of the GDPR constitutes an additional legal basis for data processing.

Purpose of data processing

The user must register in order to access certain content and services and in particular to make full use of the online shop on our website.

The registration of the user is also necessary for the execution of a contract with the user or for the implementation of pre-contractual measures. The registration relates in particular to the use of our online shop.

Shelf life

Data are deleted as soon as they are no longer required for the purposes for which they were collected.

This includes data collected during the registration process when registration on our website is cancelled or changed.

Insofar as the data collected during the registration process is necessary for the performance of a contract or for the implementation of pre-contractual measures, it is only deleted once it is no longer necessary for the performance of the contract. Even after the contract has been concluded, it may still be necessary to retain the personal data of the contractual partner in order to fulfil contractual or legal obligations.

Personal data is stored for fraud prevention purposes.

The deletion periods for fraud prevention purposes are 6 months, and 6 months in the case of proven fraud attempts.

Possibility of opposition and elimination

As a user, you can cancel your registration at any time. You can have your stored data changed at any time.

You can request that your data be deleted or amended by sending an e-mail to privacy@renaisa.com.

If the data are necessary for the performance of a contract or for the implementation of pre-contractual measures, their premature deletion is only possible if there is no contractual or legal obligation to do so.

 

4 CONTACT

On our website you will find a contact form which you can use to contact us electronically. If a user uses this form, the data entered in the fields provided will be transmitted to us and stored by us. This data is as follows:

list of data to be entered in the fields provided:

  1. first and last name
  2. e-mail address
  3. object
  4. message

No data is recorded at the time the message is sent.

It is also possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail is stored.

The data concerned is not shared with any third party. The data is used exclusively for the purpose of processing the conversation.

 

Legal basis for data processing

The legal basis for the processing of data, in case of consent, is Art. 6 paragraph 1 S.1 lit. a of the GDPR.

The legal basis for the processing of data transmitted in the context of sending an e-mail is Article 6 para. 1 S.1 lit. f of the GDPR. If the purpose of contacting us by e-mail is to conclude a contract, the processing of data is also based on Article 6 paragraph 1 S.1 lit. b of the GDPR.

 

Purpose of data processing

The personal data entered in the fields provided for this purpose are processed exclusively for the purpose of managing the contact. There is also a legitimate interest in processing the data in the case of contact by e-mail.

Other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our IT systems.

 

Shelf life

The data is deleted as soon as it is no longer required for the purpose for which it was collected. Personal data entered in the fields provided for this purpose in the contact form and those sent by e-mail are deleted once the conversation with the user has ended. The conversation is terminated when it can be concluded that the situation in question has been definitively clarified.

The personal data collected in addition during the sending process will be deleted within seven days at the latest.

 

Possibility of opposition and elimination

The user may withdraw his consent to the processing of personal data at any time. If the user contacts us by e-mail, he/she can object to the storage of his/her personal data at any time. In such a case, it is no longer possible to continue the conversation.

You may withdraw your consent or object to the storage of your personal data by sending an e-mail to privacy@renaisa.com.

All personal data stored in the context of the contact will be deleted.

 

5 YOUR ORDER ON OUR ONLINE SHOP

If you wish to place an order in our online shop, you must enter your personal data in order to conclude the relevant contract, which we need to process your order. Mandatory fields for the execution of contracts are specifically marked, other information is optional. We process the data you provide to us in order to process your order. For this purpose we may share your payment details with the payment provider of your choice. In addition, we share your contact details with selected logistics and transport service providers for the purpose of processing the shipment.

The legal basis for this is Article 6 paragraph 1 S.1 lit b. of the GDPR.

You are also free to create a user account allowing us to save your data for future purchases. This registration is governed by Article 3 of this Privacy Policy.

In addition, we may process the data you provide to inform you about other products in our range that may be of interest to you, or to send you e-mails with technical information.

Tax and trade regulations require us to keep your contact, payment and order data for ten years. However, after [two years] we will restrict processing, which means that your data will only be used for the sole purpose of fulfilling our legal obligation.

You can object to the use of your data for advertising or data analysis purposes at any time. Please send your objection to privacy@renaisa.com.

In order to prevent unauthorised access to your personal data, in particular financial data, the order procedure is encrypted using a hybrid protocol called "Secure Socket Layer" (SSL), which allows for the secure transfer of data.

6 OUR PAYMENT PROVIDERS

We offer different payment options, such as payment by credit card or payment by PayPal.

For this purpose, payment data may be transferred to payment service providers with whom we work. The legal basis for the transfer is Art. 6, paragraph 1, sentence 1, points b and f of the GDPR.

You can find more details about the processing of your personal data by payment service providers in their privacy policies:

Below is a list of our payment providers:

Payment provider

Methods of payment

Adyen N.V.
Simon Carmiggeltstraat 6-50, 1011 DJ,
NiederlandePrivacy
 Policy
:
https://www.adyen.com/policies-and-disclaimer/privacy-policy.

Credit
CardiDealEPSWeChat
PayAliPay

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal 2449
LuxembourgPrivacy
 Policy
:
https://www.paypal.com/us/webapps/mpp/ua/privacy-full

PayPal

7 PRIORITY COOKIES

Cookies of this nature are placed on your computer by the website used by the user. Only that website is then allowed to read the information from these cookies.

 

7.1 Cookies used

We use cookies to make our website more user-friendly. Some elements of our website require that the browser used to access the site can be identified even after a page change.

The data stored and transmitted in the cookies for this purpose are as follows:

List of recorded data: This may include :

  1. choice of language
  2. items in your basket
  3. login information

On our website we also use cookies to analyse the user's browsing behaviour.

The data transmitted in this way are as follows:

List of data collected. This may include :

  1. search terms entered
  2. frequency of page views
  3. use of website features
  4. device and browser information
  5. products and categories viewed
  6. consultation of the wishlist and the basket and addition of new products
  7. number of products in the basket
  8. origin of visitors to the site
  9. truncated IP address
  10. E-Mail Hash

The user data collected in this way is pseudonymised by technical measures. It is therefore no longer possible to associate the data with the user accessing the site.

When accessing our website, the user is informed of the use of cookies for analysis purposes. In this case, we also refer the user to this privacy policy.

 

Legal basis for data processing

The processing of personal data in connection with the use of cookies is based on Article 6 paragraph 1 S.1 lit. f of the GDPR.

 

Purpose of data processing

The use of cookies required for technical reasons is intended to simplify the use of the websites for users. Some functions of our website cannot be offered to you without the use of cookies. It is necessary in this respect that the browser can be identified even after a change of page.

The functions for which we need cookies are the following:

  • basket
  • protection against attacks on the website
  • saving session settings

User data collected by means of cookies required for technical reasons is not used to create user profiles.

The purpose of using analysis cookies is to improve the quality of our website and its contents. Analysis cookies enable us to find out more about how the website is used and thus to continuously optimise our offer. In addition, we can ensure quality assurance and continuously improve your user experience.

These purposes also represent our legitimate interest in the processing of personal data according to Article 6 paragraph 1 S.1 lit. f of the GDPR.

 

Duration of retention, possibility of objection and disposal

Cookies are stored on the user's computer and transmitted by the user to our site. As a user, you thus retain full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing your settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If you deactivate cookies for our website, you may not be able to fully use all the functions of the website.

Our website uses temporary cookies. These are automatically deleted when you close your browser. These are usually called session cookies. These cookies store a session ID so that different requests from your browser can be associated with the common session. This allows your computer to be recognised when you return to our website. These cookies are deleted when you log out or close your browser.

Our website also uses so-called persistent cookies. These are automatically deleted after a specified period of time, which varies depending on the cookie. You can also delete the cookies at any time.

Our website also uses Flash Cookies. The Flash Cookies used are not stored by your browser, but by your Flash plugin. We also use HTML5 storage objects, which are placed on your device. These objects store the necessary data independently of the browser you use and do not have an automatic expiry date. If you do not want Flash cookies to be processed, you will need to install a corresponding add-on or add-on module, e.g. "Better Privacy" for Mozilla Firefox (https://addons.mozilla.org/fr/firefox/addon/betterprivacy/) or the Adobe Flash cookie for Google Chrome. You can also partially prevent the use of Flash Cookies by changing the settings of your Flash Player. You can prevent the use of HTML5 storage objects by activating the private browsing mode of your browser. We also recommend that you regularly delete your cookies and browsing history manually.

8 THIRD-PARTY COOKIES

Third-party cookies are placed on your computer by organisations that are not the operator of the website the user is using. These cookies are used for example by marketing agencies.

 

8.1 Google Tracker

We use the following technology from Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, part of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").

8.1.1 Google AdWords & Conversion Tracking

In order to promote our services, we run Google Adwords ads and use Google's Conversion Tracking functionality for personalised, interest-based and location-based online advertising. The option of anonymising IP addresses is managed by the Google Tag Manager by means of an internal setting, which is not visible in the source of this page. This internal setting is configured to enable the anonymisation of IP addresses required by the German Data Protection Act.

As a result of user searches, ads are placed on websites in the Google advertising network. We have the ability to combine our ads with certain search terms. Cookies allow us to display ads on our website based on a user's previous visits.

Google places a cookie on the user's computer when the user clicks on an ad. Further information on the cookie technology used can be found in the information provided by Google on website statistics and in the data protection regulations.

This technology enables both Google and us as a customer to be informed that a user has clicked on an advertisement and has been redirected to our websites. The information obtained in this way is used exclusively for statistical evaluation purposes in order to optimise the ads. We do not obtain any personally identifiable information about visitors. The statistics provided by Google include the total number of users who clicked on one of our ads and whether they were redirected to one of the pages with a conversion tag on our website. These statistics allow us to track which particular search terms often resulted in clicks on our ad and which ads led the user to contact us using the contact form.

If you do not wish to do so, you can prevent the storage of cookies required for these technologies, for example by setting your browser accordingly. Your visit to our site will not be included in the user statistics.

You can prevent participation in this monitoring procedure in several ways:

  1. a) by configuring your browser accordingly, in particular, refusing third-party cookies means that you will not receive advertisements from third-party providers;
  2. b) by disabling conversion tracking cookies by setting your browser to block cookies from the "www.googleadservices.com" domain, https://www.google.fr/settings/ads, although this setting is removed when you delete your cookies;
  3. c) by deactivating the interest-based ads of suppliers within the framework of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices, although this setting is deleted when you delete your cookies;
  4. d) by permanently disabling it in your Firefox, Internet Explorer or Google Chrome browser under the link http://www.google.com/settings/ads/plugin. Please note that you may not be able to take full advantage of all the features of this website.

The legal basis for the processing of your data is Article 6 paragraph 1 S. 1 lit. f of the GDPR. Our legitimate interest lies in the findings from the evaluation of statistics on user behaviour and the effectiveness of our advertisements. This serves us to continuously improve our online offer and web presence.

Further information on data protection at Google can be found at http://www.google.com/intl/fr/policies/privacy and https://services.google.com/sitestats/fr.html. We also refer you to the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google is subject to the obligations of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. However, we and Google will continue to be informed about how many users access this site and when. If you do not wish to be included in these statistics, you can do so for your browser by means of additional programs (e.g. with the Ghostery add-on).

8.1.2 Google AdWords & Google Analytics Remarketing Lists for Search Ads (RLSA)

Renaisa uses Google AdWords and Google Analytics Remarketing Lists for Search Ads (RLSA). This means that users who access the renaisa.co.uk website are identified by means of a Google Tag. Their behaviour is recorded. They remain on the list for a standard period of 30 days and a maximum of 540 days.

The information generated by a cookie about your use of this website such as

  • type/version of your browser,
  • operating system used,
  • the Referrer-URL (previously viewed page),
  • host name of the computer used (IP address),
  • time of the server request

Behavioural patterns, such as the length of time spent on the site, purchases made or cancelled, and direct interruptions to visits (bounces), are used to adapt the advertising on the Google search results pages.

In exceptional cases involving the transfer of personal data to the United States, Google has committed to the EU-US Privacy Shield available here.

The legal basis for the data processing is Article 6 paragraph 1 S.1 lit. f of the GDPR. Our legitimate interest lies in the analysis of the impact of our advertising and the consequent continuous improvement of our advertising effectiveness.

 If you wish to object to the use of the data, please click here.

 

8.1.3 Google Shopping reviews

Renaisa uses Google Shopping Reviews, which allow customers to write a review on renaisa.co.uk after placing an order. The reviews will be visible to potential customers.

If the customer agrees, the following data will be collected:

Order ID
numberEmail address
(...)
Delivery
countryEstimated delivery
time (...)

For those exceptional cases in which personal data is transferred to the United States, Google complies with the EU-US Privacy Shield.

The legal basis for the data processing is Article 6, paragraph 1, S.1, lit. f of the GDPR.

Our legitimate interest lies in your consent to participate in the survey. This data must be collected so that Google Shopping Opinion, the third party we have commissioned, can provide an independent survey if you have consented to the delivery of your order.

Your data will be kept for a period of 12 months.

8.1.4 Google Customer Match

Renaisa uses Google Customer Match to create and serve personalised ads.
Our renaisa.co.uk website uses cookies/ad identifiers for promotional purposes. This allows us to serve our ads to visitors interested in our products on partner sites, apps and emails. Retargeting technologies use advertising identifiers and display ads based on your browsing history. To opt out of these interest-based contextualised ads, please visit: http://www.networkadvertising.org/choices/http://www.youronlinechoices.com/Nous
may share information such as technical identifiers from your registration information on the renaisa.co.uk website or in our CRM with trusted advertising partners. This allows us to link your devices and environments to provide you with a unified user experience regardless of the devices or environments you use. For more details on this feature, you can consult the privacy policy of the mentioned platforms or the explanations below.
The processing of personal data with the help of marketing cookies falls within the scope of justified uses as presented in Article 6 paragraph 1, subparagraph 1a of the GDPR.
If you no longer wish to be subjected to personalised advertisements, you can unsubscribe from Google ads here.

8.1.5 Google reCAPTCHA

On this website we use reCAPTCHA technology from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This technology is primarily used to differentiate between normal input by a natural person and abusive input via an automated device. The service involves the transmission of the IP address and any other data required by Google for the operation of the reCAPTCHA to Google. This data processing is carried out in accordance with Article 6-1.f of the GDPR, as our legitimate interest is to establish individual responsibility on the Internet and to prevent abuse and spam. Within the framework of the use of the Google reCAPTCHA service, personal data may also be transferred to the servers of Google LLC in the USA.

More information about Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy

8.2 Microsoft Bing Tracker

We use the following technology from Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399, USA):

8.2.1 Bing Conversion Tracking

In addition, we use the Bing Ads conversion tracking tool. To do this, a Bing Ads cookie is placed on your computer as soon as you arrive at our website via a Bing search ad. The Bing Conversion Tracking tool consists of frequency-based steering of search engine advertising campaigns on Bing, which means that searches that most often result in purchases result in more ads being displayed, while less relevant searches result in fewer ads being displayed.

The data collected are as follows:

  • type/version of your browser,
  • operating system used,
  • host name of the computer used (IP address),
  • time of the server request

If you do not want it anymore, you can unsubscribe from the service at any time here https://account.microsoft.com/privacy/ad-settings. For more information on data protection in connection with Bing Ads Conversion, please visit https://privacy.microsoft.com/fr-fr/privacystatement.

For exceptional cases involving the transfer of personal data to the United States, Microsoft has committed to the EU-US Privacy Shield available here.

The legal basis for the data processing is Article 6 paragraph 1 S. 1 lit. f of the GDPR. We use the Bing Conversion Tracking tool to optimise our search engine campaigns on Bing and to improve our advertising effectiveness. These purposes also represent our legitimate interest within the meaning of Article 6 paragraph 1 S.1 lit. f of the GDPR.

8.2.2 Bing Ads Remarketing Lists for Search Ads (RLSA)

We also use Microsoft Bing Ads Remarketing Lists for Search Ads. Users accessing our website are identified by means of a general website tag and an optional event snippet. Their behaviour is recorded The behavioural patterns that are observed, such as the length of time spent on the site, purchases made or cancelled, and direct visit interruptions (Bounces), enable us to adapt our advertising on the Bing search results pages. This means that users who are most interested in our website see more ads at the top of the pages, while visitors who are less interested in our website see fewer or no ads in the search engine. For more information about data protection in connection with Bing Ads Remarketing Lists for Search Ads, please visit https://advertise.bingads.microsoft.com/fr-fr/ressources/politiques/politiques-relatives-a-la-securite-et-a-la-protection-de-la-vie-privee-de-lutilisateur.

The personal data recorded by means of cookies are the following:

  • type/version of your browser,
  • operating system used,
  • host name of the computer used (IP address),
  • time of the server request

For exceptional cases involving the transfer of personal data to the United States, Microsoft has committed to the EU-US Privacy Shield available here.

The legal basis for the data processing is Article 6 paragraph 1 S.1 lit. f of the GDPR. Our legitimate interest lies in the conclusions of the evaluation of statistics on user behaviour and the effectiveness of our advertisements. This serves us to continuously improve our online offer and web presence.

If you do not want it anymore, you can unsubscribe from the service at any time here https://account.microsoft.com/privacy/ad-settings . For more information on Bing Ads Conversion's data protection policy, please visit https://privacy.microsoft.com/fr-fr/privacystatement

 

8.3 Facebook Custom Audiences

(1) This website uses the Facebook Custom Audiences with Pixel feature ("Facebook Pixel") and the Server Side Conversion API ("API") of Facebook Ireland Ltd. ("Facebook"). This allows website users to see ads based on their interests ("Facebook Ads") when they visit the Facebook social network or other Facebook-related applications and websites. This allows us to show you ads that interest you in order to make our website more interesting to you.

(2) Your browser automatically establishes a direct connection to the Facebook server via the included Facebook Pixel. Using the API, web events from your browser are transmitted directly to Facebook via a connection to the server. These events are used for the extended comparison of the integrated Facebook Pixel. The data transmitted via the Facebook Pixel and the API is used for performance measurement, reporting and ad optimisation. If you are registered for a Facebook service, Facebook may attribute the visit to the website to your account.

We have no influence on the scope and further use of the data collected by Facebook and therefore inform you according to our level of knowledge.

Even if you are not registered with Facebook or logged in, the provider may detect and record your IP address and other identifying features.

(3) The legal basis for the processing of personal data using marketing cookies is Article 6(1)(1)(a) of the GDPR.

(4) Using the Facebook Pixel and API, Facebook is able to identify visitors to our online offering as a target group ("Custom Audiences") for the display of ads ("Facebook Ads"). Accordingly, we use the Facebook Pixel and API to display the Facebook Ads we serve only to those Facebook users who have also expressed an interest in our online offering or who have certain characteristics (such as interests in certain topics or products determined on the basis of websites visited), which we pass on to Facebook ("Custom Audiences"). By using the Facebook Pixel and API, we also want to ensure that our Facebook Ads are relevant to users' potential interests and are not intrusive. By using the Facebook Pixel and API, we can also understand the effectiveness of Facebook ads for statistical and market research purposes, by seeing whether users were redirected to our website after clicking on a Facebook ad and interacted with our products ("Conversion"). These purposes also fall under our legitimate interest within the meaning of Art. 6(1)(1)(f) of the GDPR.

(5) In the event that Facebook transfers data to the United States, Facebook is certified under the Privacy Shield agreement and thus guarantees a level of data protection comparable to European law (Art. 44 et seq. GDPR). (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

(6) Third party information: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Board of Directors: Gareth Lambe, Shane Crehan; registered with the Companies Registration Office of the Republic of Ireland; company number 462932.

You can find more information about Facebook's data processing at https://www.facebook.com/about/privacy. You can find more information about Facebook ads here: https://www.facebook.com/about/ads/

(7) You may opt out of the collection with the Facebook Pixel and API and the use of your data to display Facebook ads by using the opt-out option listed below. To define the types of ads that are shown to you on Facebook, you can go to the page set up by Facebook and follow the instructions for usage-based advertising settings: https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu. The settings are platform-independent, meaning that they are adopted for all devices such as desktops or mobile devices.

Note: If you use the unsubscribe option, an "Opt-Out" cookie will be stored on your device. If you delete the cookies in that browser, you will have to make your selection again. In addition, the unsubscribe only applies in the browser you are using and only in our web domain where the box has been unchecked.

9 COOKIES

We use cookies to improve our website and thus make it as user-friendly as possible, but also for advertising purposes. Cookies are small text files that are placed on your computer when you access our website to enable us to recognise your browser on your next visit. Cookies store information such as the language you have set, the length of your visit to our website or the data you have entered. This avoids having to re-enter all the required information each time you use the site. These cookies also enable us to recognise your preferences and to adjust our website to your interests.

Most browsers automatically accept cookies. If you wish to prevent cookies from being saved, you can select "Do not accept cookies" in your browser settings. For more information on how cookies work, please refer to the instructions provided by your browser developer. You can delete the cookies on your computer at any time. Please note that without cookies, you may not be able to take full advantage of all the features of our website.

10 SPECIAL TOOLS

In addition to the above-mentioned cookies, we use other tools for the purpose of usage analysis, offer optimisation, market analysis and advertising optimisation. The above provisions do not apply to these tools. For each of these special functions, we will inform you of the extent of the data collection, the legal basis, the purposes of the data collection and the options available to you to prevent the use of these tools etc.

 

10.1 Tools for marketing purposes

We use cookies for marketing purposes to provide our users with advertisements targeted to their interests. We also use cookies to limit the frequency with which an ad is displayed and to measure the effectiveness of our advertising activities. This information may also be shared with third parties, such as advertising networks.

  

10.1.1 Google Analytics & Conversion Tracking

This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). The use of this service is based on Article 6 paragraph 1 S. 1 lit. f. of the GDPR. Google Analytics uses so-called "cookies", text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by a cookie about your use of this website such as

  • type/version of your browser,
  • operating system used,
  • the Referrer-URL (previously viewed page),
  • host name of the computer used (IP address),
  • time of the server request

are generally transferred to a Google server in the USA and stored there. The IP address transmitted by your browser within the framework of Google Analytics is not linked to any other data held by Google. In addition, we have added the code "anonymizeIP" to Google Analytics on this website. This enables us to ensure that your IP address is masked so that all data collected is anonymous. Only in exceptional cases may your full IP address be transmitted to a Google server in the USA and truncated there.

In exceptional cases involving the transfer of personal data to the United States, Google is committed to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

Google will use this information on behalf of the website operator for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website and internet usage. This is a representation of our legitimate interest within the meaning of Article 6 paragraph 1 S. 1 lit. f. of the GDPR.

You can prevent cookies from being saved by configuring your browser, but please note that you may not be able to take full advantage of all the features of this website.

In addition, you can prevent the data generated by the cookie about your use of the website (including your IP address) from being shared with Google and processed by Google by downloading the browser plug-in from the following link and installing it on your device: An "opt-out cookie" is placed on your computer which prevents your data from being stored when you visit this website. This opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to obtain this opt-out cookie again.

In addition, this website uses Google Analytics to perform a cross-device analysis of the visitor flow with the same user ID. In your customer account, you can deactivate this multi-device analysis of your usage under "My data", "Personal data".

Terms of use: http://www.google.com/analytics/terms/fr.html, data protection overview: http://www.google.com/intl/fr/analytics/learn/privacy.html, privacy policy: http://www.google.fr/intl/fr/policies/privacy.

 

10.2 Tracking pixel

A tracking pixel (also known as a 1x1 Pixel, Tracking Pixel or Pixel Tag) is a 1x1 scale graphic that is loaded when you access our website. This tracking pixel allows us and our partners to collect statistical data for marketing and web analysis purposes. We are able to use this data for various purposes using the corresponding analysis tools. The following section describes the various marketing tools in detail. These tools cannot be traced back to the individual user.

 

10.3 Monitoring systems

We use various tracking systems on our website which sometimes collect data from you. The following section provides you with information about the service providers of these systems, the purpose of their use, whether and what data is collected, how you can object to this, and links to the privacy policies of the operators concerned.

 

11 SURVEYS

11.1 Customer satisfaction survey

We constantly conduct satisfaction surveys to optimise the quality of our products and services. You can voluntarily participate in these surveys if you are selected, either by clicking on the link we will send you by e-mail or directly on our website. To conduct these satisfaction surveys, we use SurveyGizmo LLC, a US-based service provider. If you participate, the following data will be provided to SurveyGizmo LLC:

  • E-mail address
  • Hash print of your email address
  • Language, like French (fr-fr)

SurveyGizmo LLC stores the following data:

  • E-mail address
  • IP address
  • Hash print of your email address
  • Results of the survey
  • Response ID
  • Language, like French (fr-fr)
  • Country of the participant

SurveyGizmo LLC keeps the data for 6 months. A transfer of data to the USA takes place. The protection obligations imposed by Article 44 et seq. of the GDPR are guaranteed through the European Standard Contractual Clauses.

This information is used in accordance with article 6-1.f of the RGPD for the purpose of optimising our products and services.

 

11.2 Trustpilot

You have the opportunity to rate our company and your purchase via Trustpilot, Inc, 245 5th Avenue, 4th floor, New York, NY 10016, USA ("Trustpilot"). These ratings are voluntary and the results will be published on https://www.trustpilot.com/ under the pseudonym of your choice. If you rate us, we thank you in advance for your feedback - every review helps us improve our services. By submitting a review of our company, you agree that we may publish this review on Trustpilot and on our sites. Trustpilot's own terms and conditions and data privacy policy apply (see http://legal.trustpilot.de/end-user-privacy-terms and http://legal.trustpilot.de/end-user-privacy-terms). As part of your voluntary participation on Trustpilot, we pass on your email address, first and last name and customer number to the site.

12 AFFILIATED NETWORKS

We also work with affiliate networks such as Commission Junction / Zanox / etc.

An affiliate network is a service provider in the online advertising sector and acts as an intermediary between advertisers (renaisa.co.uk) and publishers (website operators). These publishers can establish a partnership with renaisa.co.uk via the affiliate network and thus take part in special promotions. Publishers integrate advertising material/promotional codes/hyperlinks from renaisa.co.uk into the content of their website, thus guiding customers to our online shop through editorial content, for example.

As soon as the user places an order on renaisa.fr, the publisher receives a corresponding commission. The only information shared with these networks is the data necessary to conclude the sale such as the order ID, the product ID and the price of the products purchased. No personal data is collected or transmitted.

13 SHARING BOOKMARKS

On our website you will find so-called Social Bookmarks (e.g. from Facebook, Twitter and Xing) embedded in our pages. These Social Bookmarks are Internet bookmarks that allow users of this service to glean links and notifications. These bookmarks are integrated into our website as simple links to the corresponding services. When you click on the embedded graphic, you are redirected to the site of the respective provider, which means that only then is your user information transferred to the respective provider. For information on the handling of your personal data when using these web pages, please refer to the provider's data protection regulations.

14 SOCIAL SHARING FUNCTIONS

This website uses the following social network sharing function:

  • Facebook (Operator: Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA)
  • Twitter (operator: Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
  • Pinterest (Operator: Pinterest Inc. 635 High Street, Palo Alto,CA, 94301, USA)

Data processing on renaisa.co.uk's social networking pages (renaisa.co.uk's Facebook, Twitter and Pinterest) is not carried out according to the terms of renaisa.co.uk's privacy policy, but according to the privacy regulations of each of the social networking companies. When you click on the icon of a social network on the page of one of our products, you will be redirected from the renaisa.co.uk site to the site of the social network. Your personal data will then be collected according to the privacy policy of each platform. In this case, the privacy policy of renaisa.co.uk is no longer applicable. You can find the different privacy policies of each platform by clicking on the following links:

Facebook
Twitter
Pinterest
LinkedIn

 

15 USING VERIFF

In order to combat credit card fraud, we occasionally share information with Veriff (Veriff OÜ, registered company number 12932944, located at Niine 11, 10414 Tallinn, Estonia). For this purpose, the customer may choose to use Veriff for identification.

The following personal data are collected and processed:

  • the user's personal information (such as name, gender, personal identification code, date of birth, legal responsibility, nationality, citizenship, but also data history that may have been stored with us from previous interactions over the period of our terms)
  • details of the document provided (such as name of document, country of issue, number, expiry date, security information)
  • facial recognition data (such as photos, videos and sound recordings, photos taken by you or from the document provided, and video and sound recordings of the verification process)
  • contact details (such as postal address, email address, telephone numbers, IP address)
  • technical data (from your terminal), including, but not limited to, information about the date and time you use the services, your IP address and domain name, your hardware and software configuration, and your geographical location (e.g. city, country);

The lawfulness of Veriff's processing of personal data is based on Article 6 (1) paragraph 1 a) of the GDPR. If a customer is invited to use Veriff, this is only possible with their prior consent.

Personal data is transferred to Tallinn, Estonia. There is no transfer of data to other countries. Veriff does not provide precise information on how long this data is stored. More information on Veriff's privacy policy can be found at: https://www.veriff.com/privacy-policy

16 DATA SHARING

Your personal data is not transferred to third parties for any purpose other than those listed here.

We share your personal data with third parties only when :

  • you have expressly agreed to this,
  • the sharing of this data is necessary for the establishment, exercise or safeguarding of rights and there is no reason to believe that you have a legitimate overriding interest in your data not being shared,
  • where the sharing of data is imposed by a legal obligation, and
  • if permitted by law and necessary for the performance of the contract with you.

When data is to be transferred to a country outside the European Union, the high level of data protection specific to Europe cannot be guaranteed. It may happen that a transfer is not covered by a decision of the European Commission on adequacy within the meaning of Article 45 paragraph 1, 3 of the GDPR. This means that the European Commission has not yet made a positive determination that the level of data protection in the country concerned is equal to the level of data protection in the European Union under the GDPR, and that we have therefore developed the appropriate safeguards mentioned above.

Possible risks, which cannot be completely excluded in the context of a data transfer, are in particular

  • your personal data may be processed for purposes other than those for which it was collected.
  • It is also possible that you will not be able to assert or exercise your rights under data protection law on a permanent basis, such as your right of access, rectification, deletion or data portability.
  • Furthermore, your data may very likely not be processed correctly and the level of protection of personal data will not fully meet the requirements of the GDPR in terms of both quantity and quality.

17 INFORMATION ON THE RIGHTS OF THE PERSONS CONCERNED

17.1 Rights of data subjects

If your personal data are processed, you are considered the data subject under the GDPR and have the following rights vis-à-vis the controller:

 

17.2 Right of access

You can request confirmation from the controller that we are processing your personal data.

If this is the case, you can demand that the person responsible be given access to the following information:

  1. the purposes of the processing of personal data ;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients with whom your data has been or will be shared;
  4. the period for which your personal data will be kept, if no concrete indication of this is possible, the criteria for determining the period of retention;
  5. the existence of a right to rectification or erasure of your personal data, a right to have the controller restrict processing or a right to object to such processing;
  6. the existence of a complaint to a supervisory authority;
  7. all available information on the origin of the data, where personal data are not obtained from the data subject;
  8. the existence of an automated individual decision, including profiling according to Article 22 paragraph 1 and 4 of the GDPR and - at least in these cases - evidence of the logic involved and the intended scope and impact of such processing on the data subject.

You are entitled to demand to know whether your personal data is being transferred to a third country or to an international organisation. In this context, you can demand to be notified of the appropriate safeguards according to Article 46 of the GDPR in connection with the transfer of the data.

 

17.3 Right of rectification

You may, under the following conditions, request that the processing of your personal data be restricted:

  1. where you challenge the accuracy of your personal data for a period of time that gives the controller the opportunity to verify the accuracy of the personal data;
  2. the processing is found to be unlawful and you refuse to have your personal data erased and instead request that their use be restricted;
  3. the controller no longer needs the personal data for the purpose of processing, but you need it for the purpose of establishing, exercising or safeguarding rights that you have, or
  4. if you have objected to the processing in accordance with Article 21 paragraph 1 of the GDPR and it has not yet been established that the legitimate reasons of the controller prevail over your own reasons.

If the processing of your personal data has been restricted, the data - apart from registration - may only be processed with your consent or for the purpose of establishing, exercising or safeguarding your rights or for the purpose of protecting the rights of another natural or legal person or on important public interest grounds of the European Union or a Member State.

If the processing has been restricted according to the above requirements, the controller will inform you before the restriction is lifted.

 

17.4 Right to erasure

  1. a) Duty of erasure

You can demand that the person responsible for the data immediately deletes your personal data. The person responsible is obliged to delete this data immediately if one of the following reasons is established:

  1. Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent to the processing in accordance with Article 6 paragraph 1a S.1 lit. a or Article 9 paragraph 2 lita of the GDPR, and there is no other legal basis for the processing.
  3. You object to the processing according to Article 21 paragraph 1 of the GDPR and there are no compelling legitimate reasons for the processing or you object to the processing according to Article 21 paragraph 2 of the GDPR.
  4. Your personal data has been processed unlawfully.
  5. The deletion of your personal data is necessary for the fulfilment of a legal obligation in accordance with Community law or the law of the Member States to which the controller is subject.
  6. Your personal data have been collected in connection with the services offered by the information company in accordance with Article 8 paragraph 1 of the GDPR
  7. b) Information to third parties

If the data controller has made your personal data public and is obliged to delete them in accordance with Article 17 paragraph 1 of the GDPR, he shall take appropriate measures - also of a technical nature - taking into account the technology available and the costs of implementation, in order to inform the data controllers who process the personal data that you, as the data subject, have demanded that they delete all links to these personal data or copies and reproductions of these personal data.

  1. c) Exceptions

You cannot exercise your right to erasure where processing is necessary

  1. the exercise of freedom of expression and information ;
  2. the performance of a legal obligation requiring the processing under European Union or Member State law to which the controller is subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the field of public health according to Article 9 paragraph 2 lit. h and i as well as Article 9 paragraph 3 of the GDPR;
  4. for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of the GDPR, insofar as the right referred to in point a) makes it impossible or seriously compromises the achievement of the objectives of this processing, or
  5. for the establishment, exercise or safeguarding of rights.

 

17.5 Right to information

If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, the latter is obliged to notify all recipients with whom it has shared your personal data of the rectification or erasure of the data or restriction of processing, unless this proves impossible or would require a disproportionate effort.

You have the right to be informed of these recipients.

 

17.6 Right to data portability

You have the right to receive your personal data, which you have provided to the controller, in a structured, common and machine-readable format. You also have the right to pass on this data to another controller without the controller, to whom the personal data was provided, interfering with the process, provided that

  1. the processing is based on consent in accordance with Article 6 paragraph 1 S.1 lit. a of the GDPR or Article 9 paragraph 2 lit. a of the GDPR or on a contract in accordance with Article 6 paragraph 1 S.1 lit. b of the GDPR and
  2. processing is carried out using automated processes.

In application of this right, you also have the right to have your personal data transmitted directly from one controller to another, subject to technical feasibility. This operation must not infringe on the rights and freedoms of others.

The right to data portability shall not apply in the case of processing of personal data carried out in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

17.7 Right of objection

You have the right to object at any time to the processing of your personal data on the basis of Article 6 paragraph 1S.1 lit. e or f of the GDPR for reasons relating to your particular situation; this also applies in the case of profiling based on these rules.

The controller shall no longer process your personal data unless it can show compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or safeguarding of legitimate rights.

If your personal data are processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for such advertising purposes; this also applies in the case of profiling, insofar as this is associated with direct advertising.

If you object to the processing for direct advertising purposes, your personal data will no longer be processed for these purposes.

In the context of the use of information society services, you have the possibility - without prejudice to Directive 2002/58/EC - of exercising your right to object by means of automated processes using technical specifications.

 

17.8 Right to revoke the data protection declaration of consent

You have the right to revoke your declaration of consent to data protection at any time. The revocation of your consent does not affect the lawfulness of the processing operations carried out on the basis of this consent until the consent is revoked.

 

17.9 Automated individual decision including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or which significantly affects you in a similar way This clause does not apply where the decision

  1. is necessary for the conclusion or performance of a contract between you and the controller,
  2. is permitted under Union law or the law of the Member State to which the controller is subject and which also provides for appropriate measures to safeguard your rights, freedoms and legitimate interests.
  3. is based on your explicit consent.

However, such decisions do not have to be based on special categories of personal data according to Article 9 paragraph 1 of the GDPR, insofar as Article 9 paragraph 2 lit. a or g of the GDPR applies and adequate measures to protect rights, freedoms and legitimate interests have been taken.

With regard to the cases mentioned in (1) and (3), the controller shall take reasonable steps to safeguard your rights, freedoms and legitimate interests, including at least the right to have a person on the side of the controller intervene, the right to make his or her own views known and the right to challenge the decision.

 

17.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you are normally resident, work or where the breach is alleged to have occurred, if you consider that the processing of personal data concerning you constitutes a breach of the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

18 RIGHT IN THE CASE OF DATA PROCESSING FOR THE PURPOSE OF DIRECT ADVERTISING

Pursuant to Article 21 paragraph 2 of the GDPR, you have the right to object to the processing of your personal data at any time. If you object to the processing for direct advertising purposes, your personal data will no longer be processed for these purposes. It should be noted that such withdrawal of consent is not retroactive. Any processing operations carried out before the withdrawal of your consent are not affected.

19 REFERENCE TO THE RIGHT TO OBJECT REGARDING THE BALANCE OF INTERESTS

Insofar as we base the processing of your personal data on a balance of interests, you may object to the processing. If you make use of this right of objection, we ask you to state the reasons why your personal data should not be processed as we have described. In the event of a justified objection, we will check the situation and suspend or adjust the processing of the data or explain our compelling legitimate reasons to you.

20 LINKS TO OTHER WEBSITES

Our websites may contain links to websites of other operators. Please note that this privacy policy applies exclusively to renaisa.co.uk websites. We have no influence or control over whether other operators comply with the applicable data protection provisions.

21 CHANGES TO THE PRIVACY POLICY

We reserve the right to modify or amend this privacy policy at any time, taking into account the applicable data protection regulations.