ELEPHAS’ Privacy and security policy
The confidentiality and security of the personal data we receive from our customers are at the heart of ELEPHAS’s commitments. In connection with the use of our services and in particular the services available on our website, as a controller, ELEPHAS may collect and process personal data about you.
Our privacy and security policy transparently specifies the type of personal data that we collect and process, how we collect and process it, for what purpose, with whom we are likely to share it as part of the services we provide to you, provide, for how many time we keep them and the rights you have.
All the processing of personal data implemented within the framework of accessible services complies with the local regulations applicable to the protection of personal data, and in particular the provisions of the Data Protection Act of 6 January 1978 as amended and the General Regulations, on Data Protection (EU Regulation 2016/679) or “RGPD”.
In order to ensure the proper application of these rules, ELEPHAS implements the appropriate internal procedures in order to communicate them to its employees and to ensure compliance with these rules within its company.
What are ELEPHAS‘s commitments regarding the protection of personal data?
ELEPHAS undertake to respect the regulations applicable to all the processing of personal data and guarantee a high level of protection of the personal data of their customers, prospects, users of their website, and any other person whom it deals with personal data.
More specifically, ELEPHAS undertake to respect the following principles:
- Your personal data is treated lawfully, fairly and transparently (lawfulness, loyalty, transparency).
- Your personal data is collected for specific, explicit and legitimate purposes, and is not processed in the context incompatible with it (purpose limitation).
- Your personal data is stored adequately, relevantly and is limited to what is necessary at the end of the data.
- Your personal data is accurate, kept up-to-date and all proper measures are taken relating to inaccurate data, which is processed, erased or rectified without delay (accuracy).
ELEPHAS implements organizational measures to ensure a level of security adapted to the support of its processing operations, to meet regulatory requirements and to protect the rights and data of individuals from the design of treatment operations.
Moreover, ELEPHAS contractually imposes the same level of protection of personal data to its subcontractors (suppliers, etc.).
Finally, ELEPHAS commits to respect all principles applicable to the protection of personal data, as well as the rights relating to the retention of personal data.
What personal data may be collected?
The personal data we collect varies according to the purpose of the collection and the service we provide you.
Generally, we may collect directly the following categories of personal data:
- personal data, such as your surname, first name, e-mail address, date of birth, presumed date of birth, your postal address and your telephone number;
- Username used to access your online account. This is necessary because we create a personal account linked to our communities accessible online on our website;
- Exchanges with us, which could include the discussion about customer service / web master bias.
- Demographic information, such as your age, gender, and lifestyle preferences (ex. your favourite products and interests).
- Browsing history, such as pages visited, date of visit, location of visit, or IP address;
- Information about the payment made on our website. Usually the bill in your name, your billing address and your payment details;
- Information about your health;
- Information about people other than you, such as personal data about your family members when you provide us with this information directly;
- Information from your profiles on social networks;
Indirectly, we may also collect personal data about you when you:
- Share the content on social networks, websites or apps with products or responses to our publications and social networks;
- We read or exchange your personal information harvested from other sites(for example, if we place an ad on an Internet site and you click on that ad, we can receive information about yourself and other visitors of the site – in order to measure reach and success of this ad).
What are the data collecting process’ purposes?
In addition to the cases where your consent has been collected (especially to send you personalised offers), the processing of your data for the various purposes mentioned above is necessary, in particular:
- To enable you to benefit from all the services or services for which you have mandated us, available on the ELEPHAS website: order products, process your payments, provide you with your purchase order, answer your requests for information and evaluate and manage your claims;
- To manage your personal account data on Elephas.fr: creation of a user account, e-newsletter, asset management, coupons, loyalty, support and claims, etc.;
- For legitimate interests pursued by ELEPHAS and to better understand and evaluate consumers’ points of interest and desires and the changes that are necessary for them, in order to improve our website, our products/services (develop new services and offers, improve the loyalty program and/or customer service…);
- To be enriched by sharing certain information with privileged business partners in order to improve our knowledge of your interests and allow us to send you offers and other forms of personalised services;
- To process and respond to your inquiries and to contact you to respond to your requests;
- To manage our daily business needs, with your participation in contests, promotional activities and requests;
- To authenticate the identity of people who contact us by phone, electronically or otherwise;
- For internal training or to ensure the quality of our services.
Who is likely to access your personal data?
The data collected on the ELEPHAS website may be transferred to employees of Connected Beauties (mother company of ELEPHAS brand), to third party contractors such as transport providers and to its partners, as part of the fulfilment of all or a part of the benefits referred to above. They are not allowed to sell or disclose to other third parties.
ELEPHAS applies the conditions defined by the legislation in place, in particular the information of the persons concerned by this transfer. In addition, personal data may be disclosed to third parties if we are constrained by law or by a regulatory provision or if such disclosure is necessary in the context of a court application or litigation.
In addition, ELEPHAS only uses suppliers who offer guarantees of security and confidentiality in the processing of data. We remind you that in this context, ELEPHAS asks its suppliers to put in place strict measures of confidentiality and protection of this data.
What is the legal basis for this data?
These treatments are based on Article 6 (f) of the RGPD, ie the legitimate interest of the controller. This legitimate interest consists in providing the services for which you have mandated us. As an exception, some of the processing of our external communications may be based on the provisions of Article 6 (a), namely the consent of the data subject. If necessary, we will collect the necessary agreements when collecting the data concerned.
How long will this data be kept?
ELEPHAS commit to keep your personal data for a period not exceeding the duration of the commercial relationship to be processed. In addition, ELEPHAS will keep your personal data, including retention periods imposed by applicable laws in place.
- Cookies expire thirteen months after their last update;
- Outlook data is revised beyond 3 years without response to a solicitation.
What are your rights regarding to your data?
In step with the applicable regulations on the protection of personal data, you can, at any time, exercise your rights of access, rectification, deletion of data concerning you and your rights of limitation and opposition to the processing and the portability of your personal data.
For certain specific services, these rights can be exercised directly online via your personal account on ELEPHAS(management of your user account, GDPR – personal data, my personal information, order history, etc.). You can access it (you may need to log in to your account first).
You also have the right to object to the processing of your personal data for the purpose of commercial prospecting. When requesting information, your data will not be used for prospecting purposes electronically. In addition, if you wish to stop receiving the newsletter sent from ELEPHAS by e-mail, you can click on the unsubscribe link located at the base of each communication.
In step with the applicable regulations on the protection of personal data, you can, at any time, exercise your rights of access, rectification, deletion of data concerning you and your rights of limitation and opposition to the processing and the portability of your personal data. If you wish to exercise these rights, you can contact us at firstname.lastname@example.org or via the contact form.
In addition, you have the legal right to set guidelines on the fate of your post mortem personal data.
In addition, any minor at the time of collection of his personal data may obtain the erasure as soon as possible.
These rights are exercised by mail to the following address:
- Connected Beauties/ELEPHAS, 13 rue Ernest Cresson 75014 Paris.
In this context, we kindly ask you to accompany your request with the necessary elements for your identification (surname, first name, e-mail) as well as any other information necessary for the confirmation of your identity (photocopy of the identity document).
The collection of certain personal data is essential to allow access to certain services or services (precise postal addresses, e-mail, mobile number, etc.). You can of course exercise your right to oppose the collection and processing of such data, but this may result in the impossibility of benefiting from these services or benefits. You also have the right to lodge a claim with the CNIL.
In order to improve the quality of the services offered on the site and their adequacy with your expectations, ELEPHAS may use “cookies”, text files used to identify your device when you connect to one of our services.
The deposit of cookie or plotter in your terminal (computer, tablet, smartphone, etc.) makes it possible to collect information and personal data. Depending on your choice of setting your device, cookies allow you to:
- Use the main functionalities of the ELEPHAS website;
- Optimize our website and detect any technical problems;
- Memorise your choices and preferences and customise your user interface;
- Compile statistics for the purpose of managing the traffic and using the various elements of the ELEPHAS website (sections visited, the user’s route) to improve the ergonomics of the site and the interest in the services offered;
- Evaluate the effectiveness of our advertising campaigns by recording and evaluating the number of sales and clicks based on our advertising investments;
- Know the content of the pages you consult, the information you have chosen to share when you register on other sites, the pages and websites that you have seen;
- Share information on social networks;
Ensuring the security and confidentiality of the personal data you entrust to us is a priority for ELEPHAS. We thus implement all the technical and organizational measures that are useful, considering the nature, scope and context of the personal data that you communicate to us and the risks presented by their processing, to preserve the security of your personal data and, in particular, to prevent any destruction, loss, alteration, disclosure, intrusion or unauthorized access to such data in an accidental or unlawful manner. You are thus assured of purchasing your ELEPHAS products in complete confidentiality and safety.
Personal data concerning minors
ELEPHAS does not collect or process personal data relating to children under the age of 16 without the prior consent of parents or holders of parental responsibility for the child.
If personal data concerning children are collected via the website www.elephas.fr or its social networks (Facebook, Instagram, Twitter and Pinterest), the parents or holders of the exercise of the parental authority have the possibility of opposing it by contacting us at the address indicated at the bottom of this page.
Moreover, as stated above, the minor child at the time of collection of his personal data may obtain the erasure as soon as possible.