PRIVACY POLICY

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from www.curiousscarlet.com  (herein referred to as the “Site”).

This Privacy Policy applies, without restriction or reservation, between the Data Subject and the Data Controller.

Its purpose is to provide information on the way in which the Data Controller collects and processes certain personal data concerning the Data Subject, in accordance with the applicable (hereinafter referred to as the "Legislation"), in relation to the use of the "Site" by the Data Subject.

This Privacy Policy is part of the Data Controller’s General Terms and Conditions of Sale.

Definitions

  • Browsing means the consultation, review, order and/or purchase of Products on the Site by the Data Subject.
  • Consent means any freely given, specific, informed, and unambiguous indication by which the Data Subject agrees, by a statement or by a clear affirmative action, to the Processing by the Data Controller of Personal Data relating to him or her.
  • Cookie means a file that makes it possible to trace the journey of the Data Subject on the Site.
  • Data Processor means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller.
  • Data Subject means any individual who browses the Site, provided that he or she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity.
  • File means any structured set of Data accessible according to specific requirements, whether centralized, decentralized or distributed in a functional or geographical manner.
  • Legislation means any applicable law and regulation relating to Personal Data protection.
  • Personal Data means any information relating to the Data Subject.
  • Processing means any operation or set of operations which are performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • Products means the products offered for sale on the Site by the Data Controller to the Data Subject.
  • Recipient means a natural or legal person, public authority, agency, or another body, to which the Personal Data is disclosed, whether they are a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry shall not be regarded as Recipients.
  • Site means the infrastructure developed by the Data Controller in accordance with the IT formats that can be used on the Internet, including data of various kinds, and in particular texts, sounds, static or moving images, videos, databases, intended to be consulted by the Data Subject to know, book, order and/or purchase Products.
  • Third Party means a natural or legal person, public authority, agency or body other than the Data Subject, the Data Controller, the Data Processor and persons who, under the direct authority of the Data Controller or the Data Processor, are authorized to Process Personal Data, and in particular tour operators, travel agencies and booking systems.

CONVENTION

Principles relating to Processing

In accordance with the Legislation, the Data Controller undertakes to respect the following principles for each Processing:

  • Lawfulness
  • Fairness
  • Transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity
  • Confidentiality
  • Accountability

Context of the Processing

The Personal Data may be collected and processed by the Data Controller on various occasions, including:

  • Purchase of Products on the Site
  • Contact with the Data Controller
  • Subscription to the newsletter
  • Creation of a client account
  • Navigation on the Site

Processing Details

The Data Controller reserves the right to anonymize the Personal Data processed before deleting it.

Anonymized data may then be processed for statistical purposes.

RIGHTS OF THE DATA SUBJECT

  1. Rights of access

The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him or her is being processed, and, where that is the case, access to the Personal Data and the following information:

  • The purposes of the Processing
  • The categories of Personal Data concerned
  • The Recipients or categories of Recipient to whom the Personal Data have been or will be disclosed, Recipients in third countries or international organisations
  • Where possible, the foreseeable period for which the Personal Data will be stored, or, if not possible, the criteria used to determine this period
  • The existence of the right to request from the Data Controller rectification or deletion of Personal Data or restriction of processing of Personal Data concerning the Data Subject or to object to such processing
  • The right to lodge a complaint with the Supervisory Authority
  • Where the Personal Data is not collected from the Data Subject, any available information as to its source
  • The existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the foreseeable consequences of such Processing for the Data Subject.
  • The Data Controller shall provide a copy of the Personal Data being processed and reserves the right, in return for providing such a copy, to pay a reasonable fee based on the administrative costs for any additional copy requested by the Data Subject.
  1. Rights of rectification and erasure

The Data Subject has the right to obtain from the Data Controller the rectification and/or deletion of inaccurate or obsolete Data as quickly as possible, unless otherwise hindered by a situation that prevents the exercise of this right, and in particular:

  • The exercise of the freedom of expression and information
  • Compliance with a legal obligation
  • Public interest in public health, archives, scientific or historical or statistical research
  • The establishment, exercise, or defence of legal rights
  1. Right to object

The Data Subject has the right to object at any time, for reasons relating to his or her situation, to Personal Data Processing based on the performance of a task in the public interest or the necessity of the legitimate interest of the Data Controller.

The Data Controller then undertakes not to further process the Personal Data, unless it can be demonstrated that there are legitimate and compelling reasons for the Processing that prevail over the interests and rights and freedoms of the Data Subject, or for the establishment, exercise, or defence of legal rights.

In addition, the Data Subject has the right to object at any time to the Personal Data Processing carried out for the purpose of prospecting by the Data Controller, insofar as the Data Subject is linked to such prospecting.

Finally, when Personal Data is processed for scientific or historical research purposes or for statistical purposes, the Data Subject has the right to object, for reasons relating to his or her situation, to the processing of the Personal Data, unless the Processing is required for the performance of a public interest task.

  1. Right to restriction

The Data Subject has the right to obtain from the Data Controller restriction of Processing where one of the following applies:

  • The accuracy of the Personal Data is challenged by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the Personal Data
  • The Processing is unlawful, and the Data Subject opposes the deletion of the Personal Data and requests the restriction of its use instead
  • The Data Controller no longer needs the Personal Data for the purposes of the Processing, but it is required by the Data Subject for the establishment, exercise, or defence of legal claims
  • The Data Subject has objected to Processing pending the verification of whether the legitimate grounds of the Data Controller override those of the Data Subject.
  • The Data Subject who has obtained restriction of Processing shall be informed by the Data Controller before the restriction of Processing is lifted.
  1. Right to portability

The Data Subject shall have the right to receive the Personal Data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used, and machine-readable format and have the right to transmit this Personal Data to another controller without hindrance from the Data Controller, where:

  • The Processing is based on the Consent of the Data Subject or on the performance of a contract to which the Data Subject is a party
  • The Processing is carried out using automated processes.
  • The Data Subject, when exercising his or her right to the portability of the Personal Data, has the right to have the Personal Data transmitted directly from the Data Controller to another controller, when this is technically possible.
  1. Right to file a complaint to the Supervisory Authority

The Data Subject has the right to file a complaint before the Supervisory Authority if he/she considers that he/she is the subject of unlawful Personal Data Processing by the Data Controller.

  1. Right to define guidelines on the future state of the Personal Data

The Data Subject has the right to define guidelines on the future state of the Personal Data after his death to the Data Controller who will use all his technical means to ensure that this will be respected.

Invalidity of the Privacy Policy

If any provision of this Privacy Policy shall be deemed invalid under any applicable law or court decision that has been made final, it shall be deemed unwritten, without invalidating the entire Privacy Policy or altering the validity of any other provisions of this Privacy Policy.

Cookie Management

When Browsing the Site, the Data Subject is required to consent to the installation of Cookies on his or her computer terminal.

Cookies generally record information relating to Browsing (pages viewed, date and time of viewing, etc.), which may be retrieved during the Data Subject's subsequent Browsing with transmission of the Personal Data to the Data Controller. The installation of these Cookies requires the Consent of the Data Subject.

We use cookies to collect information, on an aggregate basis, about how the “Site” is used. This information includes the date and time of visits to the “Site” and time spent on our website. We also use cookies to learn more about our audience size and usage patterns, to store information about your preferences to allow us to customize our website according to your interests and to provide a more personalized experience, to speed up searches or to recognize you when you return to our website, to identify the pages viewed or searched for, page response times, download errors, length of visits, page interaction information (such as click, scrolling, etc.) or methods used to browse away from a page, but none of our cookies is intended to identify you personally.

Cookies are automatically deleted within thirteen (13) months from their installation if the Data Subject does not renew his/her Consent before the expiration of this period.

The Data Subject may refuse to give his Consent to the installation of non-functional Cookies, withdraw his Consent and/or set the Cookies at any time by using the Data Controller's Cookies Manager below or by configuring his browser himself as follows:

You can obtain more information about cookies at http://www.allaboutcookies.org/

PERSONAL INFORMATION WE COLLECT

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as “Device Information.”

We collect Device Information using the following technologies:

Cookies are data files that are placed on your device or computer and often include an anonymous unique identifier.  

Log files track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

Web beacons, Tags, and Pixels are electronic files used to record information about how you browse the Site.

Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card and debit card numbers), email address, and phone number.  We refer to this information as Order Information.

When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.

HOW DO WE USE YOUR PERSONAL INFORMATION?

We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). 

Additionally, we use this Order Information to:

  • Communicate with you
  • Screen our orders for potential risk or fraud
  • When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.

We use the Device Information that we collect to:

  • Help us screen potential risk and fraud (in particular, your IP address)
  • Improve and optimize our Site (by generating analytics about how our customers browse and interact with the Site)
  • Assess the success of our marketing and advertising campaigns.
  • Comply with applicable laws and regulations
  • Respond to a subpoena, search warrant or other lawful request for information we receive
  • Otherwise protect our right

BEHAVIOURAL ADVERTISING

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you.

You can opt out of targeted advertising by:

Facebook - https://www.facebook.com/settings/?tab=ads
Google - https://www.google.com/settings/ads/anonymous
Bing - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at:  http://optout.aboutads.info/

DO NOT TRACK

Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.

DATA RETENTION

When you place an order through the Site, we will maintain your order information for our records unless and until you ask us to delete this information.

MINORS

Some pages on the Site are not intended for individuals under the age of 21.

CHANGES

We may update this privacy policy from time to time to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at info@curiousscarlet.com