Who we are
Our website is www.mill-on-the-floss-samplers.com (“we”) and is owned and run by Michele Moulin White.
Address : Le Meslier, 50150 Sourdeval. Manche. FRANCE
Phone : 06 33 44 04 08
Email : email@example.com
SIRET number : 809892391 00024
We are committed to protecting and respecting your privacy.
We control the ways in which your personal data is collected and the purposes for which it is used by Mill on the Floss Samplers. We are the “controllers” under the UK Data Processing Act 1998, the EU GDPR (General Data Protection Regulation), PCI-DSS and European Data Protection Legislation.
When we collect your private data
- We may collect your personal data from you in the following ways:
- When you make a purchase online from our website www.mill-on-the-floss-samplers.com
- When you subscribe to our email newsletter.
- When you contact us via social media.
- When you participate in sweepstakes and contests, on social media or on our website.
- When you contact us to ask questions, send complaints, etc.
- When you answer a survey we sent you.
- When you write a comment or a review on our products or services.
- When you interact with our website, we may possibly automatically collect technical data about your equipment, your browsing actions, your habits and the website that directed you to mill-on-the-floss-samplers.com.
- When you have given third parties permission to share information they hold about you.
What personal data we collect and why we collect it
The expressions “personal data” or “personal information” relate to information which makes it possible to identify a person. They do not concern data where the identity has been deleted (anonymous data).
We may collect, use, store or transfer different types of personal data about you, which we have grouped below:
- Your identity data, including your first name, surname and civil status.
- Your contact details, such as billing and delivery addresses, email address, phone numbers. In addition, we will collect your username on social media if you interact with us through this channel.
- Your marketing and communication data, including your preferences for receiving our marketing materials from us (including our newsletter) and from our third parties, as well as your communication preferences.
Some information we collect “passively” such as your IP address and browser user agent string (eg. “Chrome” ) when you submit forms on the site, this is used for anti-fraud purposes and to identify and block abusive users of the site ( anti-abuse, eg. form spam ).
If we need to collect personal data for legal reasons, or as part of a contract we have with you and if you do not give us the requested data, we may not be able to perform this contract we have made or are trying to make with you (for example to provide you with items or services). In this case, we may be forced to cancel a product or service that you have with us. We will notify you if this is the case.
How and why do we use your personal data?
We will only use your personal data when the law allows us to do so. Most often, we will use your personal data in the following ways:
- When we need to execute a contract that we are about to conclude or have entered into with you.
- When it is necessary in our legitimate interest (or the interest of a third party) and if your interests and fundamental rights do not override this interest.
- To comply with our legal or regulatory obligations.
- The expression “Execution of a contract” means the processing of your data necessary for the execution of a contract of which you are one of the parties or to take measures at your request before entering into this contract.
- The expression “Compliance with a legal or regulatory obligation” means the processing of your personal data, if we need to comply with a legal or regulatory obligation which is imposed on us.
- In general, we do not content ourselves with consent as a legal reason for the processing of your personal data other than to send you direct marketing communications by e-mail or SMS.
- Here are examples of how we use the information we hold about you:
- To process any orders you may make on our website If we do not collect your personal data during the transaction, we will not be able to process or deliver your order or comply with our legal obligations. For example, your information may need to be disclosed to a third party to provide or deliver the product or service you have ordered and we may possibly keep your information for a reasonable period of time thereafter in order to fulfill our contractual obligations, for example in case of reimbursement, warranty claim, etc.
- To answer your questions, refund requests and complaints. Managing the information you send allows us to respond to you. In addition, we may possibly keep your information in order to use it for any subsequent communication and demonstrate how we communicated with you. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in order to provide you with the best possible service and to understand how to improve our service based on your experience.
- To process payments and avoid fraudulent transactions. We do this on the basis of our legitimate business interests. In addition, this helps us protect our customers from fraud.
- To send you relevant communications by e-mail or by mail in connection with updates, products and services. We will do so on the basis of our legitimate business interests. You can object to this listening by notifying us by e-mail or by post at any time.
- To administer our draws or possible contests in which you may participate.
- To fulfil our contractual or legal obligations to share data with law enforcement.
Who do we share your information with?
Where and how your information is stored
The information you provide to us is stored in the France and as such within the European Economic Area (EEA).
Third party companies such as Paypal and Mailchimp may transfer and store your personal data outside the EEA
Cookies and how we use them
How do we protect your data?
We protect access to all transactional areas of our websites and applications using “https” technology. Our site as well as that of all of our chosen service providers use SSL/TLS enforced/encrypted connections to protect your information during transit over the Internet.
How long do we keep your data?
We will keep your personal data only for the duration corresponding to the objectives indicated in this policy. Different retention periods apply to different types of data, but our maximum retention period for your personal data will be 6 years.
What are your rights concerning your private data?
In certain situations, you have rights, within the framework of data protection laws, concerning your personal data.
You have the right to:
- Request access to your personal data (commonly called “access request from data holders”). This allows you to receive a copy of the personal data we hold about you and to verify that we are processing it in accordance with the law.
- Request correction of the personal data we hold about you. This allows you to correct incomplete or inaccurate data that we hold about you; however we may have to verify the accuracy of the new data you give us.
- Request the erasure of your personal data. This allows you to ask us to delete or withdraw personal data if there is no good reason for us to continue processing it. In addition, you have the right to ask us to delete or withdraw your personal data if you have successfully exercised your right to object to their processing (see below), if we have processed your information unlawfully or if we are obliged to erase your personal data in order to comply with local law. However, please note that we will not always be able to accede to your erasure request for specific legal reasons which will be sent to you, if applicable, at the time of your request.
- Refuse the processing of your personal data if it is a legitimate interest (or the interest of a third party) and if your particular situation leads you to refuse to process it for this reason, because you have the feeling that this treatment infringes on your fundamental rights and freedoms. You also have the right to refuse the processing of your personal data for direct marketing purposes. In some cases, we can demonstrate that we have compelling legitimate reasons to process your information that overrides your rights and freedoms.
- Request the limitation of the processing of your personal data. This clause allows you to ask us to suspend the processing of your personal data in the following circumstances: (a) if you want us to verify the accuracy of the data; (b) if our use of the data is illegal but you do not want us to delete it; (c) if you need us to keep your data even if we no longer need it because you need to verify or exercise your rights or defend yourself against legal proceedings; or (d) if you have objected to our use of your data but we need to check whether we have priority legal reasons for using it.
- Request the transfer of your personal data to an external entity. We will provide you or an external entity of your choice with your personal data in a structured, commonly used and machine-readable format. Note that this right only applies to automated information that you initially authorized us to use or if we have used information to perform a contract with you.
- Withdraw your permission at any time if we need your permission to process your personal data. However, this will not affect the legality of any processing carried out before the withdrawal of your consent. If you withdraw your consent, we may not be able to provide you with certain products or services. If this is the case, we will notify you when you withdraw your consent.
- In cases where we process your personal data on the basis of our legitimate interests, you can ask us to stop doing so for reasons related to your individual situation. We must then accept your request, unless we believe we have a legitimate priority to continue processing your personal data.
- You have the right to request the cessation of the use of your personal data for marketing activities via all or certain channels. We must always comply with your request.
If you wish to exercise any of the above rights, contact us at firstname.lastname@example.org
Please note that if you have made financial transactions with us we are required to keep detailed records of those and will not be able to remove information related to those.