1. Name and contact data of the data controller and also the company data protection officer
This Data Protection Policy covers data processing by: Data controller:
Aubade Paris (hereinafter Aubade), 10-12 rue du Colonel Driant, 75001 Paris, France
2. Collection and storage of personal data and also nature and purpose and their use
a. When visiting the website
When you access the websites of Aubade, the browser on your end device automatically sends information to our website server.
This information is temporarily saved in a log file. The following information is collected without any action on your part and deleted automatically within 4 weeks:
We process these data for the following purposes:
The deletion of your data at us does not exclude that data, in accordance with Article 6 para. 1 sentence 1 item c GDPR, is stored by our hosting provider for a longer period of time for the prosecution of criminal offenses pursuant to statutory obligations.
In addition, we also use cookies and analytics services during visits to our website. Further explanations can be found under sections 4 and 5 of this Data Protection Policy.
b. When ordering as a guest
If you would like to order products as a guest via our website, we collect the following information:
These data are collected in order to identify you as our contractual partner,
The data are processed upon your query and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR are required for the stated purposes of fulfilling the contract and pre-contractual measures. To ensure smooth and simple processing of your order and for faster clarification of queries, you can also provide other data:
Your personal data which we collect for the order are saved until the end of the statutory warranty period and then automatically deleted, unless we are obliged to longer storage under Article 6 Subs. 1 Sentence 1 lit. c GDPR due to tax- and commercial-law retention and documentation duties or you have consented to a prolonged period under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.
c. When setting up a user account
You can set up a password-protected user account with us in which we save your personal data. The purpose of this is to provide you with the greatest possible comfort through easier, faster and more personal purchasing in the processing of your orders. If you would like to set up a password-protected user account with us, we need the following information from you:
The data are processed upon your query and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR are required for the stated purposes of fulfilling the contract and pre-contractual measures.
Creating a user account is not required for using our website or for orders you would like to place with us. We also offer you the possibility of placing your order as a guest (see section 2. b)). In that case however, you have to enter all your data again for every order.
After your user account is deleted, your personal data are automatically deleted, unless we are obliged to longer storage under Article 6 Subs. 1 Sentence 1 lit. c GDPR due to tax- and commercial-law retention and documentation duties or you have consented to a prolonged period under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.
d. When registering for our newsletter
We distribute newsletters that contain personalised product recommendations from our own product range and information about special benefit programmes for customers (including contests, discounts and sales). As part of the compilation and distribution of newsletters, we process personal data, including behaviour-related information, about you and work with the company Emarsys eMarketing Systems AG (hereinafter referred to as “Emarsys”) in this area.
Provided that you have given your explicit consent in accordance with Article 6 (1) sentence 1 point (a) GDPR, we will use your e-mail address for the purpose of sending you our newsletter regularly. The provision of an e-mail address is the only requirement for subscribing to the newsletter.
You will subsequently receive a registration confirmation via e-mail that you must confirm in order to receive our newsletter (double opt-in). This serves as proof to us that you actually initiated the registration process.
If you have not registered for our newsletter, we regularly use your e-mail address following an order to send you our newsletter with information about products similar to the ones that you just ordered, provided that you do not object to this practice. The processing of personal data is authorised in this connection under Article 6 (1) sentence 1 point (f) GDPR as a result of our legitimate interest in conducting direct marketing activities.
You may cancel the newsletter at any time without stating your reasons by using the unsubscribe link in the e-mail, by making the request directly in your user account or by directly notifying contact@aubadepro. You will then no longer receive the newsletter.
Our newsletter is offered exclusively as personalised information in order to draw your attention to special offers that may be of interest to you and fulfil your needs. For this reason, other available information about you, including customer data from your user account, purchasing history and usage behaviour (e.g. wish lists, basket contents, finding favourite products and accessed product pages), is used in addition to your e-mail address to offer personalised content. On the basis of your consent or our legitimate interest in conducting optimised direct marketing, your purchasing and usage behaviour in the online shop is tracked and analysed for the purpose of selecting content, and is linked to your user account. We do not make additional use of the profile information or transmit it to third parties.
We use the services of Emarsys to technically implement customisation. Emarsys analyses the information described above on our behalf for the purpose of planning content for the newsletter. In this process, opening, clicking, bounce, delivery, log-off and conversion rates are evaluated. The analysis also uses cookies or pixel tags that collect information such as the IP address, browser type/version, e-mail client and time of access. As a result, we can see who opened the e-mail and clicked the links contained in it. You can cancel our newsletter at any time if you object to this analysis.
A data processing agreement pursuant to Article 28 GDPR has been concluded with Emarsys. Under this agreement, Emarsys warrants that it will process data in compliance with the General Data Protection Regulation and guarantees that the rights of data subjects will be protected. You will find more information on Emarsys’s tracking activities here.
e. When using our contact form
If you have questions of any nature, you can get in touch with us via a contact form available in the bottom right hand corner of all pages of the website. This requires the stating of a valid email address and also your given name and the subject of your query so that we know who sent the query and how we can answer it.
The data for the purpose of contacting us are processed under Art. 6 Subs. 1 Sentence 1 lit. f GDPR on the basis of our legitimate interests.
The personal data we collected for using the contact form will be automatically deleted after your query has been dealt with.
3. Transfer of data to third parties
In so far as this is legally permissible and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR required for the processing of contractual relationships with you, your personal data will be transferred to third parties. This includes in particular transfer to companies for administrative purposes and to ensure centralized customer management with regard to our contractual relationship as well as the transfer to shipping and logistic companies for the purpose of delivering the goods you ordered and the transfer of payment data to payment service providers and/or banks to carry out a payment transaction. It further includes transfer to companies for operating customer support, customer reviews and product reservation. The transferred data shall be used by the third parties solely for the stated purposes.
If you make use of our customer helpdesk via our website your data (name and email-address) entered into the contact form are transferred to Zendesk Inc., 1019 Market St, San Francisco, CA 94103 USA („Zendesk“).
Zendesk uses this information to answer your requests on our behalf. This is based on our Data Processing Agreement with Zendesk. By this Agreement, Zendesk assures to protect your rights to your personal data and that the use of the data by Zendesk is in accordance with the GDPR.
Zendesk assures that your personal data is fully protected against unauthorized access. Zendesk will not use your data to contact you for its own purposes or to for transferring them to third parties.
As a US-based company, Zendesk complies with the privacy policy of the US Privacy Shield and is registered with the U.S. Department of Commerce's US Privacy Shield Program.
4. Cookies
We use cookies on our website. These are small files that your browser automatically creates and saves on your end device (laptop, tablet, smartphone or suchlike when you visit our website. Cookies do not cause any harm to your computer and do not contain any viruses, trojans or other malware.
The cookie stores information which arises in conjunction with the specifically used end device. This does not mean, however, that this gives us direct knowledge of your identity.
Cookies are used on the one hand so that we can make the use of our offerings more pleasant for you. Therefore, we use session cookies to recognise that you have already visited individual pages our website, you have already logged on in your user account or for displaying the shopping cart. These are automatically deleted after you leave our website.
In addition, we use temporary cookies saved on your end device for a certain defined period to optimise user friendliness. If you visit our website again to use our services, it is automatically recognised that you were already here before and which entries and settings you made so that you do not have to repeat them.
On the other hand, we use cookies to compile statistics on the use of our website and to evaluate the optimisation of our offerings for you (see section 5). These cookies enable us to automatically recognise that you were here before the next time you visit our website. These cookies are automatically deleted after a defined period of time.
The data processed by cookies are required for the stated purposes to protect our justified interests and also of third parties under Art. 6 Subs. 1 Sentence 1 lit. f GDPR.
Most browsers accept cookies automatically. You can configure your browser, however, so that no cookies are saved on your computer or a message always appears before a new cookie is created. Complete deactivation of cookies can, however, lead to you not being able to use all the functions of our website.
5. Analytical tools
The following tracking and targeting measures which we use are carried out on the basis of Art. 6 Subs. 1 Sentence 1 lit. f GDPR.
With the deployed tracking measures we want to ensure an appropriate design and continuous optimisation of our website. On the other hand, we use tracking measures to compile statistics on the use of our website and to evaluate the optimisation of our offerings for you.
Via the deployed targeting measures we want to ensure that you only see advertising tailored to your actual or presumed interests on your end devices.
These interests are to be considered as justified within the meaning of the aforementioned regulation.
The pertinent data processing purposes and data categories can be found in the corresponding tracking and targeting tools.
a. Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google") for the purpose of creating a website experience tailored to users' needs and continuing optimisation of our website.
In this context, pseudonymised user profiles are created and cookies (see sect. 4) are used.
The information generated through the use of cookies about your usage of this website such as
The information will be used for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the purposes of market research and ensuring an internet experience tailored to users' needs. Furthermore, this information may be transferred to third parties to the extent that this may be legally required or those third parties process these data on our behalf. Under no circumstances will your IP address be associated with any other data held by Google. The IP addresses will be anonymised so that attribution is not possible (IP masking).
You can block the installation of cookies by selecting the appropriate settings in your web browser software; however, please note that if you do so, you may not be able to use the full functionality of this website.
You can also block the collection of the data generated by the cookie and relating to your usage of our website (including your IP address) and the processing of such data by Google by downloading and installing a web browser add-on.
As an alternative to the web browser add-on, in particular for web browsers installed on mobile end devices, you can also block tracking by Google Analytics by clicking on this link :https://tools.google.com/dlpage/gaoptout?hl=fr
An opt-out cookie is created which prevents the tracking of your data when you visit this website in the future. The opt-out cookie applies only to the web browser you are using and only to this website and will be stored on your end device. If you delete the cookies on this web browser, you will have to set another opt-out cookie.
More information on data privacy in relation to Google Analytics can be found on the Google Analytics Help page.
An opt-out cookie is created which prevents the tracking of your data when you visit this website in the future. The opt-out cookie applies only to the web browser you are using and only to this website and will be stored on your end device. If you delete the cookies on this web browser, you will have to set another opt-out cookie.
More information on data privacy in relation to Google Analytics can be found on the Google Analytics Help page.
https://support.google.com/analytics/answer/6004245?hl=fr
b) Criteo
This website uses technologies from Criteo GmbH to collect and save information on the surfing behaviour of website visitors in anonymised form for marketing purposes. This is done by means of cookies (see section 4). Criteo uses an algorithm to analyse surfing behaviour and can then display targeted personalised advertising banners adverts on other websites (publisher). Under no circumstances can the collected data be used to personally identify visitors of this website. The collected data will be used solely to improve our offerings. There will be no other use or transfer to third parties.
You can object to the anonymised analysis of your surfing behaviour on this website by clicking on this link.
If you have opted out (opt-out cookie) and you would like to see personalised Criteo banners again, please click here.
Further information about the Criteo technology can be found in the : https://www.criteo.com/fr/privacy/
c) Facebook Custom Audiences
In addition, we also use Facebook website custom audiences of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). This is a marketing service at Facebook. It enables us to have individually co-ordinated and interest-based advertising on Facebook shown to certain groups of pseudonymised visitors to our website who also use Facebook.
A Facebook custom audience pixel is integrated in our website. This is a Java Script code via which personal data concerning the use of the website is stored. This includes your IP address, the browser used as well as the originating and destination page. This information is transmitted to Facebook servers in the USA. Facebook is subject to the EU-US privacy shield, so that an appropriate data level is guaranteed.
There, an automated comparison will be made to ascertain whether you have stored a Facebook cookie. Via the Facebook cookie, it will automatically be established whether you belong to the target group relevant for us. If you belong to the target group, you will be shown corresponding adverts by us on Facebook. During this process, you will not be personally identified, either by us or by Facebook, through the comparison of the data. You can also prevent the use of Facebook custom audiences by clicking on this link :
Through this opt-out, any future recording of your personal data when visiting this website is prevented.
d) Meta Conversion API (Facebook)
On our website we use the tracking tool Meta Conversion API from the American Meta Platforms Inc. For the European region, the company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible.
Via this data interface, we exchange data about your behaviour with Facebook based on our legitimate interest (Article 6 (1) point (f) DSGVO) or your consent (Article 6 (1) point (a) DSGVO). This allows us to show you personalised advertisements. We and Facebook also use this data to process your transactions. Through the Conversions API, Facebook receives information about your visit to our website and your behaviour there. If you are registered with a service offered by Facebook, Facebook can assign the visit to your account.
Because Meta also processes your data in the likes of the USA, we would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can result in various risks for the legality and security of the data processing. Meta uses standard contractual clauses (SCC) as the basis for Data Processing outside of the European Union, e.g. in the USA. Meta thereby undertakes to comply with the European level of data protection when processing your data, even outside the European Union.
You can find information on Meta’s processing based on standard contractual clauses here https://www.facebook.com/legal/EU_data_transfer_addendum and here https://www.facebook.com/legal/terms/dataprocessing. You can find information about the data that is processed by the Meta Conversions API here: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 You can find information about the data security conditions that Meta uses to protect your data here: https://www.facebook.com/legal/terms/data_security_terms You can deactivate the tool at any time in your cookie settings. If you are logged into Facebook, you can make changes here: https://www.facebook.com/settings/?tab=ads#
e) Bing Conversion Tracking
We use Conversion Tracking provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This allows us to capture and track the actions of users on our website who arrive at our website by clicking a Bing advertisement.
If you visit our website after having been re-directed from a Bing ad, we will place a cookie on your computer. This allows Microsoft to capture and store data on the usage of the website (e.g. time spent on the website, which parts of the website were accessed and which ads re-directed you to our website), and if this results in an order being placed, the order value and the time of order placement. No information that directly identifies you is collected.
This information is transmitted to a server belonging to Microsoft in the USA and stored there for up to 180 days. Microsoft complies with the data privacy protection regulations of the "US-Privacy-Shield" and is registered in the "US-Privacy Shield" program of the US Department of Commerce. We have also entered into a data processing agreement with Microsoft for the use of Bing Ads. In that contract Microsoft affirms that any data processing by them is performed in compliance with the General Data Protection Regulation and that they guarantee the protection of the data subjects' rights.
If you do not want to participate in the conversion tracking outlined here, you can do so by refusing the placement of the cookie necessary for this by selecting the web browser settings for generalized disabling of automatic cookie installation. You can find more information on data privacy and the cookies used by Microsoft Bing on the Microsoft website).
We use the Google Tag Manager tool provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). Google Tag Manager helps us to manage the tools about which we inform users in this Data Privacy Statement. You can find more details regarding these tools in the information on the respective tool.
The tag manager tool itself (which implements the tags) is a cookie-free domain. The tool controls the triggering of other tags which again may collect data under certain circumstances. Google Tag Manager will not access those data. If deactivation was made at the domain or cookie level, this continues to apply to all tracking tags which are deployed with Google Tag Manager. You can find more information about Google Tag Manager in the Use Policy for this product.
g) Google Adwords Conversion Tracking
We also use Google Conversion Tracking from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA to statistically capture and analyse the use of our website in order to optimize our offerings for you. To this end, Google Adwords saves a cookie (see sect. 4 above) on your computer in so far as you access our website via a Google advertisement.
These cookies expire after 30 days and do not permit personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked the advertisement and was redirected to that page.
Every Adwords customer receives a different cookie. Thus, cookies cannot be tracked via the webpages of Adwords customer. The information generated via the conversion cookie is used to produce conversion statistics for Adwords customers who have opted to use conversion tracking. The Adwords customers find out the total number of users who clicked their advertisement and were redirected to a page containing a conversion tracking tag. They do not receive any information, however, which can be used to identify users personally.
If you do not want to take part in the tracking procedure, you can refuse the required cookie – for example via browser settings which generally deactivate the automatic saving of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that it blocks cookies from the "www.googleadservices.com" domain.
You can find Google's privacy notice on conversion tracking here.
h) Google Remarketing
We use cross-device remarketing technologies from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA to help you see targeted advertising on other websites based on your visit to our websites.
When you visit our websites, Google may retrieve recognition features for your browser or device (e.g., creating a so-called browser fingerprint), evaluate your IP address or a recognition feature in the form of a small text file on your device stores (e.g., so-called third-party cookie). Google may also link and store your visit to our website with one or more of these recognition features in order to display our advertising on other sites in the internet.
The recognition features mentioned above are configured as pseudonyms and can be used by Google to recognize your device on other websites. For example, if you visit a page that participates in Google's Display Network (i.e. displays ads on behalf of Google), Google may recognize your device and browser based on the above mentioned features.
We also provide our websites with so-called "remarketing tags". This means that we include keywords in our websites that contain statements about the content of the displayed page (such as product or service categories). The keywords we use neither include personal nor sensitive information. Google receives and stores these keywords to the above mentioned recognition features. Thus, if you visit a webpage that we tagged with a particular product category, Google stores that tag and assigns it to your recognition criteria.
By doing this, we may use Google to advertise on other websites that are based on the visited pages. If you are visiting another website that participates in the Google Display Network, Google will be able to tell you, based on the recognition features and the keywords stored on these recognition features, whether and, if so, which of our advertisements you want to see.
Further information about the Google data protection policy can be found here.
If you sign up for Google services with your own login credentials or use one or more of your own Google accounts, Google can combine the recognition features of different browsers and end devices. Thus, if Google has ever created its own recognition feature for the laptop, desktop, or smartphone or tablet you're using, these recognition features can be associated with each other once you've used or used a Google service with your login information. In this way, Google can target our advertising campaigns beyond end devices. However, Google will do so only if you have consented to this data processing in the past to Google.
If you do not want to take part in the tracking procedure, you can refuse the required cookie – for example via browser settings which generally deactivate the automatic saving of cookies. For further information please visit here.
j) Emarsys Web Extend and Smart Insight
We use Emarsys Webextend and Smart Insight of Emarsys eMarketing Systems AG (hereinafter: “Emarsys”) to evaluate the behaviour of our website visitors and to personalise the newsletter (see 2. d). In this context, pseudonymised user profiles are produced. In addition, cookies (see Item 4) and JavaScript snippets are employed. Emarsys receives the information generated by the cookies about the use of the website (e.g. IP address, browsing information and the item numbers of products that were viewed or placed into the basket). The cookies are erased at the end of a session or no later than a year after they were put into place. We use the information obtained by Webextend to enhance existing customer profiles and to enable individualised content. For this purpose, we use information including receipt and read confirmations of e-mails as well as information about the computer and Internet connection, operating system, platform, your surfing history, your ordering history, the date and time of your visit to the home page and products/items that you viewed. If you have registered for our newsletter, if you have a user account and have logged onto it or if you visit our site by clicking on a link in a newsletter, we will link the collected information to your profile on the basis of your consent (see 2. d). The use of Web Extend and Smart Insight is based on our legitimate interest (Article 6 (1), Sentence 1, point f of the GDPR) in analysing and optimising our online and advertising offers. For this reason, Emarsys processes information on our behalf in order to assess the use of our website and our newsletter as well as to compile reports about the activities of our customers and interested individuals. A processor agreement pursuant to Article 28 of the GDPR has been concluded with Emarsys. Under this agreement, Emarsys warrants that it will process data in compliance with the GDPR and guarantees that the rights of data subjects will be protected. You may object to the data processing of our website by Emarsys by clicking here. This will cause an opt-out cookie to be placed. Afterwards, no other data about your usage behaviour on our website will be collected and stored by Emarsys.
6. Data subject rights
You have the right:
7. Right to object In so far as your personal data are processed on the basis of legitimate interests pursuant to Art. 6 Subs. 1 Sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, in so far as there are grounds arising from your particular situation or it relates to objection to direct advertising. In the latter case, you have a general right to object which we shall heed without the stating of a particular situation.
If you want to exercise your right to object, simply send an email [email protected].
8. Data Security All the data you personally transfer will be sent encrypted with the customary and secure TLS standard (Transport Layer Security). TLS is a secure and proven standard, which is also used for online banking, for example. You can recognise a secure TLS connection inter alia by the "s" appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continually monitored and improved to reflect technological developments.
9. Actuality of and changes to this Data Protection Policy
This Data Protection Policy is the latest version and was last amended as of May 2018.
The further development of our website and offers on it or changes in statutory or public-authority requirements many render it necessary to amend this Data Protection Policy. The latest version of Data Protection Policy can be downloaded and printed out at any time from the website.