MANAGEMENT OF PERSONAL DATA
Website users are strongly advised to consult the Policy regularly before viewing and using the Website.
ARTICLE 1 – SCOPE OF APPLICATION
The Policy applies to the Website, excluding any third-party websites and services to which the Website may refer or allow access.
The Website may contain links to other sites over which CROSSCALL has no control. CROSSCALL endeavours to only include links on the Website to other websites that comply with its own rules on personal data and security. However, CROSSCALL cannot be held responsible for the protection of the privacy of information that Website users pass on to other websites. Website users are advised to be cautious and take note of the rules regarding personal data on each website. The personal data that users of the Website choose to provide to third parties or that is collected by third parties is not covered by the Policy.
ARTICLE 2 – PERSONAL DATA CONTROLLER
The personal data related to the Website is collected by CROSSCALL.
CROSSCALL is a public limited company with a Board of Directors and a Supervisory Board, with share capital of 250,880 euros, registered in the Aix-en-Provence Trade and Companies Register under number 518 706 890, with VAT number FR 25 518 706 890 000 and its registered office at 245 RUE PAUL LANGEVIN – ZONE D’ACTIVITES DES MILLES – 13290 AIX EN PROVENCE, represented by Mr Cyril VIDAL in his capacity as Chairman.
ARTICLE 3 – PERSONAL DATA COLLECTED
In the context of Website use, and depending on the service used by the Website user, CROSSCALL may collect and process the name, date of birth, sex, email address, home address/postal address, phone number, phone serial number (IMEI), IP address, geolocation, username, password, login and browsing data, order history, bank details, preferences and interests, products viewed and purchased, delivery problems and complaints.
Whether the data is mandatory or optional is signalled during collection using an asterisk. Refusal to provide mandatory data may result in restricted or no access to the benefits of a feature or service.
CROSSCALL is required to collect this information, particularly when a Website user:creates their account,
- • places an order on the Website,
• browses the Website,
• contacts CROSSCALL customer service (SAV),
• communicates with CROSSCALL (email, chat, etc.).
• completes a web form,
• participates in a contest
ARTICLE 4 – USE OF PERSONAL DATA
The data collected helps CROSSCALL to establish and manage its relationships with Website users and to offer them a personalised experience, in line with their needs and interests.
CROSSCALL may use their personal data to:
carry out a transaction or order,
• create their customer account,
• prevent and detect security threats, fraud or other malicious activity,
• provide information on CROSSCALL products and services,
• provide and improve the services provided by CROSSCALL, especially customer service,
• inform them about new services and benefits,
• send commercial offers and personalised information (newsletters, canvassing, etc.),
• personalise the Website,
• measure the effectiveness of marketing campaigns, advertisements and web pages,
• allow Website users to participate in contests, promotions, sweepstakes or surveys,
• enable the activation and recording of products or services, e.g. saving store products that have been placed in the basket by Website users,
• collect requests for information and complaints from Website users,
• manage job applications,
• manage event registration,
• use social networks to enable content sharing,
• collect and disseminate contributions such as comments, ratings, etc.
Information relating to credit cards is only used during the time required to execute a transaction, unless the Website user requests that it be retained for a later purchase.
ARTICLE 5 – RECIPIENTS OF PERSONAL DATA AND TRANSFERS
5.1 The data collected on the Website is intended for CROSSCALL and its group subsidiaries.
It can nevertheless be sent to or consulted by third-party companies (subcontractors) of which CROSSCALL makes use for the execution of certain services and orders placed via the Website, including:
• the service provider responsible for the operation of the Website,
• the service provider responsible for hosting the Website,
• the service provider responsible for preparing the order and its shipment,
• the service provider responsible for transporting the products ordered or repaired,
• CROSSCALL’s banking institution and/or its payment service provider,
• customer service providers, including repair centres,
• the service provider responsible for sending newsletters.
These service providers are contractually bound to preserve the integrity and confidentiality of the data received on behalf of CROSSCALL, and can only use it in accordance with CROSSCALL’s instructions in order to perform the services they carry out for CROSSCALL, which remains solely responsible for its processing.
5.2 Direct and indirect marketing
Subject to prior consent, CROSSCALL is liable to use the information of which it is in possession regarding the Website user to provide information relating to its products, promotions, special offers, and other information relating to its products or services or that CROSSCALL has decided may be of interest to its Website users.
CROSSCALL may send this information by:
– SMS or MMS and/or any other form of electronic message;
– Post or any other means;
– Promotional banners on third party websites or social networks;
– Internet search engine.
Website users will be asked whether or not they wish this information to be used for direct and indirect marketing purposes, either by CROSSCALL or a third party (including its business partners). CROSSCALL will seek their permission by asking users to tick one or more boxes to provide express consent, specifying the different categories of information or different kinds of marketing activities for which their information can be used.
CROSSCALL will use the information relating to Website users who have given their prior consent for direct and indirect marketing actions, according to their specific selections.
Website users can change their consent or lack of consent or the extent of their previous consent regarding direct and indirect marketing by completing the form available at the following URL: https://crosscall.com/gestion-des-donees-personnelles/ Furthermore, when CROSSCALL sends messages to these Website users regarding direct or indirect marketing actions, it will remind them that they can opt out of these communications.
5.3 Transfer to third parties or outside the European Union
In general, unless otherwise specified in the Policy, CROSSCALL undertakes not to share any personal information with third parties without the express prior consent of the Website user, except in the event that CROSSCALL is obliged to:
• respond to inquiries from the competent authorities;
• comply with regulations or an administrative or judicial decision;
• detect and prevent security threats, fraud or other malicious activities;
• enforce and protect the rights of CROSSCALL and its subsidiaries;
• protect the rights or personal security of CROSSCALL, its employees and third parties.
The personal data collected via the Website is hosted on servers located in France and the United States.
In the event that CROSSCALL is required to communicate Website users’ personal data to a company belonging to the CROSSCALL group or to a third party outside the European Economic Area, CROSSCALL must take advance measures to ensure that said data will enjoy the same level of protection as imposed by the applicable data protection law.
ARTICLE 6 – PROTECTION OF THE PRIVACY OF MINORS
The Website is not intended for minors. Nevertheless, access to the website is not reserved for adults since it does not include any content that is prohibited for under 18s.
The Website does not aim to collect the personal data of minors.
However, if a minor’s information is collected, the legal representative of said minor will have the opportunity to contact CROSSCALL to rectify, modify or delete this information in accordance with Article 6 of the Data Protection Act, pursuant to the provisions of Article 7 below.
ARTICLE 7 – RIGHTS RELATING TO THE PROCESSING OF PERSONAL DATA
7.1 Right of access, modification, rectification and deletion
Website users have the right to access their personal data and, where applicable, the right to request:
– the rectification or erasure of said data;
– the limitation of the processing of said data by CROSSCALL,
– the cessation of the processing of their personal data,
– all information relating to their data.
Notwithstanding the rights referred to above, CROSSCALL will not be required to intervene regarding the data that remains essential for compliance with CROSSCALL’s legal and regulatory obligations.
For this purpose, Website users must contact CROSSCALL by filling out the form available at the following URL: https://crosscall.com/gestion-des-donees-personnelles/ or by sending a letter to its registered office:
245 RUE PAUL LANGEVIN – ZONE D’ACTIVITES DES MILLES
13290 AIX EN PROVENCE
Email : [email protected]
In accordance with current regulations, the request must be signed and accompanied by a photocopy of an identity card bearing the signature of the Website user who is making the request and specify the address to which the response should be sent. A response will then be sent within two months of receipt of the request.
7.2 Right to data portability
Website users also have the right to the portability of the personal data that they have communicated to CROSSCALL while using the Website, allowing them to recover some of the data saved by CROSSCALL in order to store or transfer it from the Website to another website for their own personal use.
To this end, Website users must send a request to CROSSCALL by completing the dedicated form that can be accessed on the Website via the “Management of personal data” tab. Upon receipt of the completed form, CROSSCALL will send the Website user the personal data that concerns them within one month, unless a special three month extension is granted due to the complexity of the Website user’s request.
Website users are hereby informed that only the following personal data is affected by this right to portability:
– data that is actively and knowingly provided by the Website user requesting portability (e.g. postal address, username, etc.);
– data resulting from the use of the Website by said user (e.g. search history, user location data).
Under no circumstances does the right to portability cover all personal data held by CROSSCALL which has undergone deductive analysis based on the data provided by Website users. Such data may, however, be consulted by Website users as part of their request to access their personal information, as referred to under point 7.1.
7.3 Newsletter unsubscription
CROSSCALL offers users who no longer wish to receive the Newsletter the option to unsubscribe by clicking on the link provided for this purpose in the Newsletters, via their account or by contacting CROSSCALL at the following address [email protected], specifying the email address to unsubscribe.
7.4 Opting out of telephone solicitation
If Website users do not wish to receive telephone solicitation, they must communicate their telephone number to CROSSCALL at the following email address: [email protected], or by post to the address mentioned in article 7.1.
The Website users will then receive a receipt specifying the date on which their registration will be effective, with the understanding that this will be a maximum of 30 days after the receipt is issued. The receipt will also indicate the duration of their registration on this opt-out list.
ARTICLE 8 – DATA PROTECTION
CROSSCALL takes the personal data security of users of its Website seriously.
CROSSCALL takes all reasonable and possible measures to protect their personal data. For example:
– it uses encryption to guarantee data confidentiality;
– it uses reliable protection mechanisms to protect data from malicious attacks;
– it has set up access control mechanisms, allowing only authorised personnel to access personal data;
– it ensures that its employees understand the importance of personal data protection via training sessions, in order to raise awareness regarding security and confidentiality, led by the Data Protection Officer (DPO) appointed by CROSSCALL.
CROSSCALL takes all possible and reasonable measures to only collect necessary and relevant personal data of users of its Website.
CROSSCALL only retains personal data for the period necessary for the purposes set out in this Policy, and does not retain personal data beyond this time, unless a longer retention period is required or permitted by law.
CROSSCALL must archive the data in order to meet its legal obligations in this respect.
CROSSCALL makes every effort to protect the personal data of the users of its Website against damage, loss, misappropriation, intrusion, disclosure, alteration or destruction.
In order to prevent any unauthorised access or release, preserve the integrity of data and ensure use that complies with the purpose of data collection, CROSSCALL has implemented a number of appropriate physical and logical security measures.
CROSSCALL employees who, due to the nature of their duties, have access to personal data of users of the Website, undertake to keep said data completely confidential in this regard.
When CROSSCALL sends highly confidential information (bank card number or password, for example) via the internet, it protects it using encryption methods, such as the SSL (Secure Socket Layer) protocol.
However, CROSSCALL cannot eliminate risks relating to the functioning of the internet, and draws the attention of users of the Website to the existence of possible risks relating to a one-off loss of data or a breach of data confidentiality when passing through its network.
ARTICLE 9 – RESPECT FOR PERSONAL DATA
9.1 CNIL declaration:
CROSSCALL protects the personal data of users of the Website in compliance with applicable legislation and specifically The European General Data Protection Regulation (GDPR) no. 2016/679 dated 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data.
Personal data processing carried out within the framework of the Charter was the subject of a declaration made to the French Data Protection Authority (Commission National Informatique et Liberté or CNIL) referenced under no. 2173236 v 0.
9.2 DPO declaration:
Furthermore, CROSSCALL has appointed AESATIS, a French private limited company with share capital of €38,010 and having its registered office at 79 b, Avenue de l’Europe – 13127 Vitrolles, France, registered in the Salon de Provence Trade and Companies Register under no. 501 097 216, represented by Ms Bernadette Leroy, in her capacity as Manager and as Data Protection Officer (DPO), as defined under Article 37 of the GDPR, in order to assist and support the GDPR compliance process.
9.3 User comments and complaints:
9.3.1 Made to CROSSCALL: For any questions, comments or suggestions, Website users can contact CROSSCALL by email at the following address: [email protected]
9.3.2 Made to CNIL: Users of the Website also have a right to submit complaints to the French Data Protection Authority (CNIL), the authority in charge of compliance with obligations in terms of personal data in France, by sending a letter to the following address: 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 7, France.
ARTICLE 10 – COOKIES
Users of the Website are informed that when browsing the Website, cookies are stored on their computer, phone or tablet.
Définition. A cookie is a file containing small amounts information that is stored on the computer or mobile device of Website users when they visit the Website.
Cookies fulfil different functions, such as enabling efficient browsing from page to page, saving their preferences and generally improving their Website experience. Cookies are managed by the internet browser on their computer, phone or tablet.
However, the data collected is limited. It only concerns the number of pages viewed, the city in which the IP address used to connect to the website is located, the frequency and recurrence of site visits, the duration of the visit, the browser, and the operator or type of terminal used to visit the website. Under no circumstances is data such as the first or last name of the user of the Website or the connection postal address collected.
CROSSCALL uses the following cookies:
Strictly necessary cookies
These are cookies that are necessary for the functioning of the Website. They enable users of the Website to use its essential functions, such as accessing secure areas, watching videos, saving their preferences in order to personalise the user interface (for example, their language or region) or keeping a session active. These cookies do not collect information that can identify you. All information collected by these cookies is anonymous.
Accepting these cookies is a necessary condition for using the Website; if users of the Website refuse the cookies, CROSSCALL will not be able to ensure normal browsing on the Website.
These cookies make it possible to use the different functions of the Website and to improve site performance.
These cookies do not collect information that can identify the users of the Website. All of the information collected by these cookies is anonymous, and only used to improve the functionality of the Website.
If users of the Website deactivate these cookies, they may no longer be able to use all or some of these functions.
Users of the Website can find more information on the functionality cookies used by CROSSCALL and why in the table below:
Cookies Google Analytics Social networks Popups
Functions Measuring site traffic Sharing content on social platforms and tracking subscriber browsing on the Website Recording of the time spent on a page
Access and recipients Google, Facebook, Twitter, Google+, etc. CROSSCALL
These enable CROSSCALL to recognise, count the number of users and identify the way in which users move around the Website. This helps CROSSCALL improve the functionality of the website, for example, by ensuring that users of the Website can easily find what they’re looking for. These cookies do not collect information that can identify them. All of the information collected by these cookies is anonymous, and is only used to improve the functionality of the Website.
The Website uses Google Analytics cookies. Information collected by Google Analytics cookies will be sent to and hosted by Google on servers located in the United States, in accordance with their confidentiality policy A presentation of the Google confidentiality policy and information on how this applies to Google Analytics, can be found at https://www.google.fr/intl/fr/policies/privacy/.
These cookies are used to display advertising or show you information in line with your interests, on our site or off our site when browsing online. They are also used to limit the number of times you see an advertisement and help determine the effectiveness of an advertising campaign.
Refusal of advertising cookies has no impact on the use of our website. However, refusing advertising cookies will not prevent advertising from being displayed on our website or online.
This will only result in advertising that does not take your interests or preferences into account.
These cookies are primarily third-party cookies.
They are mainly those of advertising agencies. We cannot provide an exhaustive list thereof.
Cookies Partner tags Redirection
Functions Identification of the user of the Website in order to offer them advertising suited to their interests on third-party websites Redirection of the user towards the third-party distributor selling the product they’re looking for in-store or online
Access and recipients Criteo, Next Performance, Adverline, Facebook Exchange, etc. Zanox
Cookie deactivation, settings, deletion and expiration.
Users of the Website may deactivate or configure cookies by clicking on the “Manage cookies” (“Gestion des cookies“) tab included on the Website for this purpose.
However, if they decided to deactivate cookies through their browser settings, specifically the Website’s functionality cookies (e.g. cookies that make it possible to save their basket or maintain their account connection), it is likely that they will not longer have access to any or certain sections of the Website. Furthermore, deactivating a cookie or a category of cookies does not delete them from their browser, as deletion requires a specific action.
Continued use of the Website constitutes acceptance, and the validity period of user consent is a maximum of thirteen (13) months. If the user of the Website accepts the cookies, they shall remain stored on their computer for five (5) years, unless the user of the Website deletes them from their browser.
Otherwise, the cookies shall expire and will be deactivated at the end of a 13 month period following their initial storage on the Website user’s terminal.
ARTICLE 11 – UPDATES TO THE CHARTER
CROSSCALL reserves the right to update or modify the Charter from time to time. CROSSCALL will publish the modified Charter on the Website or will inform users of the Website, where applicable, via an email notification; users of the Website are advised to regularly check the content of the Charter.