CONFIDENTIALITY OF DATA
Updated on May 22, 2018

CAVEANDCOCONUT SAS respects your privacy and is committed to protecting your personal data.

1. Preamble



This privacy policy explains how CAVEANDCOCONUT SAS uses your personal data when you visit our site, interact with us and purchase our goods and services.

You will also find a description of your right to privacy and how the law protects you.

It is important that you read this Privacy Policy and any other privacy policies we provide to you so that you are aware of why we use your data and how we do it.

If you have any questions or wish to exercise your right to privacy, please follow the instructions in this privacy policy, contact us by email at the following address: donnespersonnelles@caveandcoconut.com

2. What personal data we collect



Personal data, or personal information, means any information about an individual who can be used to identify it. This does not include information where the identity is hidden (anonymous data).

We collect a variety of information about our customers and visitors to the caveandcoconut.com website. This personal data is divided into different categories:

-The Identity Data includes the title, first name, last name, username or similar identifier, as well as an encrypted version of your password.

-The Contact Data includes the billing address, delivery address, email address and phone numbers.

-Transaction Data includes details of your payments and refunds, and the products and services you purchased from us.

-The Profile Data includes your username and password, your purchases or orders, your preferences, your returns and answers to surveys.

-Technical Data includes your IP address, login details, browser type and version, your time zone and location, browser plug-in types and versions, your system and operating platform , and other technologies on the devices you use to access this website.

- Usage Data includes information about how you use our website, products and services.

-Tracking Data includes information that we or others collect about you from cookies and similar tracking technologies, such as web beacons, pixel tags, or mobile identifiers.

-Marketing and Communication Data includes your preferences regarding the receipt or not of advertising on our part, and your preferences in terms of communication.

However, if we combine Aggregated Data with your personal data, so that they may identify you directly or indirectly, we will treat that combined data as personal data that will be used in accordance with this privacy policy.

We do not collect Special Categories of Personal Data (this includes details about your race or ethnicity, your religious or philosophical beliefs, your sex life, your sexual orientation, your political opinions, your trade union membership, information about your health, genetic or biometric data). We also do not collect information about criminal offenses or convictions.

Remember that if you choose not to share personal data with us or refuse certain contact authorizations, we may not be able to provide the requested products and services.

3. How do we collect your personal data?



You can provide us with your Identity Data, your Contact Data and your Financial Data by completing our forms or by contacting us by post, telephone, e-mail, chat or social network.

This includes the personal data that you give when you:

- sign up to receive the newsletter;

- ask questions or ask to receive information;

- create an account on our website;

- order our products or services;

- request that advertisements be sent to you;

- contact us on social networks;

- participate in a contest, promotion or survey;

- contact customer service; or

- leave comments or evaluations of our products or services.

While you interact with us, including on caveandcoconut.com, we may automatically collect Technical Data about your equipment, your actions and your browsing habits.

We may receive personal data about you from different types of third parties, including:

Financial Data, Contact Data and Transaction Data from Payment Service Providers and Fraud Prevention Services;

4. How do we use your personal data



We will only use your personal data in accordance with the law. Generally, they will be used in the following cases:

In order to execute the contract that we have or will sign with you when buying a good or a service.

During an anti-fraud test. When necessary for our legitimate interests (or those of a third party) and your fundamental interests and rights do not exceed them.

If we need to meet legal obligations such as for the keeping of our sales records.

5. What are the legal grounds for the processing of your personal data ?



-Finality: To register as a new customer

Data Type: Identity, Contact

Legal basis for data processing: Execution of a contract

-Finality: In order to process and deliver your order, including, payment management, fees as well as collect money from the goods or services sold.

Data Type: Identity, Contact, Financial, Transaction, Marketing and Communication

Legal basis for data processing: Execution of a contract. Necessary for our legitimate interests (including recovering debts due to us).

-Finality: To manage our relationship which includes, the notification of our terms of sale or our privacy policy or ask explicit to leave a comment or participate in a survey.

Data Type: Identity, Contact, Profile, Marketing and Communication.

Legal basis for data processing: Execution of a contract.

Necessary to meet a legal obligation.

-Finality: In order to send you direct marketing communications

Data Type: Identity, Contact, Profile, Usage, Marketing and Communication, Technical.

Legal basis for data processing: For most direct marketing communications, we will ask for your consent.

However, there are some situations where it is in our legitimate interest to use your personal data as well

-Finality: To allow you to participate in a draw, contest or poll

Data Type: Identity, Contact, Profile, Usage.

Legal basis for data processing: Execution of a contract. Necessary for our legitimate interests in Marketing and Communication.

-Finality: To administer and protect our company and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and data hosting).

Data Type: Identity, Contact, Technical.

Legal basis for data processing: Necessary for our legitimate interests (for the conduct of our business, provision of IT administrative documents, for network security, to prevent fraud and in case of a reorganization of work or a restructuring exercise). Necessary to meet a legal obligation.

-Finality: In order to use data analysis to improve our website, our products or services, our marketing plan, the relationship with our customers and their experiences.

Data Type: Technical, Usage

Legal basis for data processing: Necessary for our legitimate interests (to define the types of customers who use our products or services, keep our site up-to-date and relevant, increase our business and inform about our marketing strategy )

-Finality: To prevent and detect unlawful acts

Data Type: Identity, Contact, Financial, Transaction, Technical.

Legal basis for data processing: Necessary for our legitimate interests (to protect our business and our customers by taking charge of fraud and suspicious transaction monitoring)

Necessary to fulfill a legal or contractual obligation and share personal data in accordance with the application of the law.

-Finality: In order to resolve claims or disputes on your part or ours

Type of data: Any relevant category of data, depending on the nature of the claim or claim.

Legal basis for data processing: Necessary to present or dispute a claim.

6. You can set your preferences for advertising, marketing and communication



Go to your account and set your preferences for

e-mails, as for receiving the newsletter;

sms, to receive discount codes;

advertising by mail, such as promotions

phone calls to give you relevant information for you or your business.

Attention, sometimes we buy advertising spaces in the real world or on websites and social networks. If you see CAVEANDCOCONUT SAS ads on websites and social networks, they do not target you personally, we just reserved the space.

7. How do we use cookies?



We do not use cookies to collect personal data or to follow you. We only use cookies for session management and do not contain any personal data.

8. In which cases do we disclose your personal data



We may share your personal information with the parties listed below for the purposes set out in this Privacy Policy or as permitted by law.

Your personal data may be shared with the following categories of third parties:

suppliers and service providers (such as technology providers, payment processing and fraud prevention providers, postal and courier services);

professional auditors and advisers such as bankers, lawyers, accountants and insurers; and

the government, the regulators and the police.

Your personal data is shared with the following specific third parties:

1and1: The site and your Personal Data are hosted in Europe at 1and1.fr

Neoreports: The Paris-based company is in charge of building and maintaining the website

LaPoste Colissimo: We work with LaPoste to deliver your orders.

Stuart: We work with Stuart to deliver to Paris.

9. Payment Information



CAVEANDCOCONUT SAS uses BNP Paribas' Mercanet third-party payment processing services to make payments for products and services on the site. All online payments will be made in accordance with the Payment Card Industry Data Security Standard. Your credit card information is sent directly from your browser to these payment processing services. CAVEANDCOCONUT SAS never sees your credit card number. This means that the payment form is displayed either on another site or in a box on the payment page.

10. Will we transfer your personal data internationally



We do not intend to transfer and process your personal data internationally.

11. How do we ensure data security



Establishment of security.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, modified, disclosed or accessed without authorization.

People with access to your information are restricted.

In addition, access to your personal data is restricted to employees, agents, contractors and other third parties on a need-to-know basis. They will treat your personal data in accordance with the law and are subject to the obligation of confidentiality.

We have procedures in place to deal with any alleged violation of personal data. You and any competent regulator will be notified of such violation when required by law.

12. How is the protection of your data handled when there are links to third-party sites?



Our site refers to our Instagram and Facebook accounts for example.

We do not control these third party sites and are not responsible for their privacy statements. When you leave our site, we advise you to read the privacy policy of each site you visit.

13. How long do we keep the data



Your personal data will only be kept for the time necessary to implement what they were collected for. This includes legal, accounting or reporting requirements.

In order to determine the appropriate period of retention of your personal data, we take into account the quantity, nature and sensitivity of such data, the potential risk of harm caused by unauthorized use or disclosure, the purpose of their processing and the possibility of achieving this goal by other means, and the applicable legal requirements.

In accordance with the law, for tax purposes, we must keep basic information about our customers (including Contact Data, Identity Data, Financial Data and Transaction Data) six years, to count from the moment they stop being our customers.

We also promise that you can return at any time later to reorder the products or services you previously ordered from us. So, except if you delete this information, we keep it to keep that promise.

In some cases, you may ask us to delete your data. See Your legal rights below for more information.

In some cases, we anonymize your personal data (so that they are no longer associated) for statistical or research purposes, in which case we may use them indefinitely, without further notice.

14. What are your rights



If you reside in the European Union, you have the following rights regarding your personal data, in accordance with data protection legislation:

The right to be informed: we have the obligation to inform you of how we use your personal data;

The right of access: you can make a request for access to your data and receive a copy of the personal data that we hold;

The right of rectification: you have the right to ask us to rectify your personal data because incomplete or inaccurate;

The right to erasure, or right to be forgotten: you can ask us to delete personal data that we have about you except if there is a legal reason that requires us to keep them;

The right to limit processing: you have the right in some cases to ask us to suspend the processing of personal data;

The right to portability of data: you have the right to request a copy of your personal data in a common format such as a csv file;

The right of opposition: you can oppose the processing of your personal data (for example, by prohibiting us from processing your data for direct marketing purposes);

Automated Automated Decision and Profiling Fees: You have the right to ask us to be transparent about any profiling we do or any automated decision.

The exercise of these rights is subject to certain rules. If you are interested, you will find more information on this subject on the CNIL website (https://www.cnil.fr/)

Contact us if you wish to exercise one of the rights by email to personalaccess@caveandcoconut.com or by mail to Personal Data CAVEANDCOCONUT SAS. 1, Pasteur Street. 75011. Paris.

No fees will be charged for the exercise of your rights. However, we may charge you a reasonable fee if your request is unfounded, repetitive or excessive, in which case we may also refuse to respond to your request.

We may ask you to prove your identity in order to ensure the exercise of your rights. This is a security measure to ensure that this personal data is not delivered to a person not authorized to receive it. We may also contact you to obtain more information about your request.

We try to answer all legitimate requests within a month. This period of one month can be exceeded in case your request is particularly complex or if you have made several. In this case, we will notify you and keep you informed.

We have appointed a Manager of Confidential Information to oversee matters regarding this Privacy Policy. If you have any questions about this Privacy Policy or if you want to exercise your legal rights, please contact the Information Manager at the following address: donnespersonnelles@caveandcoconut.com.

You have the right at any time to complain to the CNIL (https://www.cnil.fr), the supervisory authority for data protection issues in France. However, we would like to have a chance to respond to your concerns before you contact the CNIL. Please contact us first.

15. How to contact us about the privacy policy



If you have any questions regarding this privacy policy or to exercise any of your rights, please contact us by e-mail at: donneespersonnelles@caveandcoconut.com or by mail addressed to: Personal Data, CAVEANDCOCONUT SAS, 1 rue Pastor. 75011. Paris.

16. Updating your data and preferences



In order not to miss anything, please update your personal data and choose your advertising, marketing and communication preferences. To update your preferences for managing personal data, click here .