Personal Data Protection Policy

>
Personal Data Protection Policy

1. Who are we?

The presentation of the LDLC group is available at the following address: https://www.groupe-ldlc.com/presentation-du-groupe/

The LDLC group is made up of several companies and merchant sites.

The purpose of GROUPE LDLC’s privacy policy is to:

  • Send you information related to personal data that is processed by our services;
  • Inform you of your rights and how you can exercise them.

This Policy has been drafted in compliance with the provisions of the General Data Protection Regulations (“GDPR”), the amended Data Protection Act of 1978. It is likely to evolve according to the regulations, the case law and the doctrine of the supervisory authorities.

2. Who is responsible for processing your data?

The LDLC GROUP and its subsidiaries (hereinafter “LDLC GROUP”), responsible for the processing of personal data carried out on their sites, collect information about you, in particular when creating your Customer Account or during your purchases.

As the person who determines the purposes and means of processing, the controller is GROUPE LDLC as well as the various companies in the group such as:

  • THE LDLC SCHOOL
  • DISTRIBUTION LDLC
  • DLP CONNECT
  • LDLC-EVENT
  • OLYS
  • LDLC VR STUDIO

Contact details for the head office of GROUPE LDLC and its subsidiaries:

Head office address: 2 rue des Érables, 69760
Telephone number: 04 72 52 37 77
E-mail address: dpo@groupe-ldlc.com

3. What type of data do we collect?

We collect the data necessary to meet a specific purpose.

The data we collect may have as a legal basis:

  • Your consent, which can be withdrawn at any time;
  • The performance of our contractual relationship or pre-contractual measures;
  • Compliance with a legal obligation to which we are subject;
  • The legitimate interest pursued by the controller, in respect of your interests and rights.

The following table presents the information to be provided when the data is collected from the data subject (Article 12 of the GDPR).

4. What are the treatments implemented?

Types of treatments Data concerned by the processing Purposes of processing Legal bases for processing Recipients
Commercial prospecting and marketing actions Identity; Contact details ; Exchanges related to the implementation of projects; Statistics

The purpose of the processing is to enable prospecting operations, including:

  1. The production of statistics
  2. Site improvement
  3. The development of the commercial strategy
  4. Conducting a satisfaction survey.

Consent (article 6.1.a GDPR)

Legitimate interest, namely information and promotion of similar products and services (Article 6.1.f GDPR)

Internally: the departments responsible for communication and marketing.

Externally, our IT and marketing service providers.

Recording of phone calls Phone call

The purpose of the processing is:

  1. carrying out customer satisfaction surveys and studies
  2. staff training
Legitimate interest, namely the carrying out of satisfaction surveys and customer studies, as well as the training of staff (Article 6.1.f GDPR) Internally: the service in charge of customer relations.
Contact forms Identification data;
Date and subject of the request;
Follow-up provided;
Activity statistics

The purpose of the processing is to respond to your requests. It allows:

  1. Receipt of requests sent,
  2. The management of the follow-up given to these requests,
  3. The production of statistics.

Execution of a pre-contractual or contractual measure (Article 6.1.b GDPR)

Legitimate interest in knowing how to meet the expectations of users of the site (Article 6.1.f GDPR)

Internally: the departments responsible for processing your request.

Externally, the IT service provider.

Customer management Identification data

The purpose of the processing is:

  1. Management of the contractual relationship
  2. Realization of statistics
  3. Conducting customer satisfaction surveys and studies
  4. Management of complaints, after-sales service and guarantees

Consent (article 6.1.a GDPR)

Execution of a contract (article 6.1.b of the GDPR)

Compliance with a legal obligation (article 6.1.c GDPR)

Internally: the Group entities in charge of processing your request, our service providers and subcontractors.

Externally: partner sellers when purchasing a product on the ldlc.com Marketplace

Procurement management Identification data;
Payment data;
Transaction data;

The purpose of the processing is:

  1. Management of the contractual relationship
  2. Management of complaints, after-sales service and guarantees
  3. Accounting management
  4. Improvement of the proposed offers

Execution of the contract (article 6.1.b GDPR)

Compliance with a legal obligation (article 6.1.c GDPR)

Internal: the service in charge of commercial management.

External: partner sellers when purchasing a product on the Ldlc.com Marketplace

Reviews management Identification data; Transaction data;

The purpose of the processing is to enable:

  1. Compliance with transparency criteria
  2. Reliability of review processing
  3. The production of statistics

Consent (article 6.1.a GDPR)

Legitimate interest in knowing how the site works (Article 6.1.f).

Internally: the departments responsible for communication, marketing, our IT service provider

Externally: reviews are intended to be published “individually” but are subject to moderation

Management of people’s rights Identification data The purpose of the processing is to ensure the management of your rights as covered by the GDPR and the Data Protection Act (amended) Compliance with a legal obligation (article 6.1.c GDPR)

Internally, the DPO and the persons authorized to manage your rights.

Externally certain regulated professions (lawyers)

Management of outstanding payments and disputes Identification data;
Payment data;
Transaction data;

The purpose of the processing is:

  1. Management of the contractual relationship
  2. Accounting management
  3. Management of the rights of the data controller

Execution of the contract (article 6.1.b GDPR);

Compliance with a legal obligation (article 6.1.c GDPR)

Legitimate interest in knowing the survival of the site (Article 6.1.f),

Internal: the department in charge of accounting.

External: authorized service providers which may include regulated professions (lawyers, auditors)

Fraud management Identification data;
Payment data;
Transaction data;
Navigation and connection data.

The purpose of the processing is to:

  1. Preventing and combating illegal activities or activities not authorized by the terms of use
  2. The census of proven non-payments
  3. Identification of people in default for the purpose of exclusion for future transactions

Compliance with a legal obligation (article 6.1.c GDPR)

Legitimate interest of the site (Article 6.1.f)

Internally: Our accounting department

Externally: financial, judicial or state agencies, public bodies on request and within the limits of what is permitted and justified by the regulations

Verification of compliance with the commercial conditions of the controller Identification data;
Payment data;
Transaction data;
Navigation and connection data.
Check compliance with the commercial conditions of the data controller (for example during contests, purchasing restrictions, etc.) Legitimate interest in compliance with the commercial conditions (article 6.1.f GDPR) Internally: The department in charge of order verification
Marketplace management Identification data; Navigation and connection data

The purpose of the processing is to:

  1. Management of the contractual relationship
  2. Receipt of requests sent
  3. Management of accounting operations
  4. Fight against fraud

Compliance with a legal obligation (article 6.1.c GDPR)

Legitimate interest of the site (Article 6.1.f)

Within the limits of the respective needs:
Internally: The departments in charge of managing the Marketplace

Externally: service providers in charge of the Marketplace, financial, judicial authorities or State agencies, public bodies on request and within the limits of what is permitted and justified by the regulations

Management of promotional operations Identification data

The purpose of the processing is:

  1. Selection of suppliers
  2. Developing our business strategy
  3. Realization of statistics
Consent (article 6.1.a GDPR)

Internal: the department responsible for commercial management.

External: the service providers authorized to process the data that you transmit to us and which allow us to offer you the services offered

Social media management Identification data visible by default on the platforms The purpose of the processing is:
Interactions between our Group and subscribers (commercial management)
Technical network administration
The production of statistics

Consent (article 6.1.a GDPR)

Legitimate interest in knowing how the site works (Article 6.1.f).

Internally, the department responsible for communication

Externally, visitors to social media platforms

360° customer program

To know more

Identification data and data relating to customer orders (surname, first name, telephone, email address, postal address, order number, etc.). Program aimed at offering a true multi-channel experience to customers of the various LDLC.COM brands (branches, franchises, subsidiaries) for commercial management Legitimate interest, namely the multi-channel processing of customer requests (order tracking, after-sales service, complaints, etc.). Consent for the personalized customer area. Stores under the LDLC.COM brand (branches, franchises, subsidiaries) and GROUPE LDLC

Question/answer program

To know more

Customer account data necessary for the management of the program.

Allow Internet users (customers or prospects) authenticated on the GROUPE LDLC site to obtain additional information on the product sheet:

  1. By asking questions
  2. By being informed of the answers to the questions
  3. By answering questions
  4. By voting for the relevance of the answer(s) Check compliance with the terms of use of the program

Legitimate interest, namely obtaining information on a product or service.

Consent for the personalized customer area and the post of information(s) (questions, answer or vote).

Execution of a contract (compliance with the terms of use of the program).

LDLC GROUP, its branches, franchises, subsidiaries.
Online browsing (cookies) Navigation data, Duration of your visit, Technical information (IP address, browser used, etc.)

The purpose of the processing is:

  1. Ensure the maintenance of the site and its functionalities
  2. to improve the interactivity of the site (services offered by third-party sites such as sharing buttons).
  3. Stream appropriate content depending on the device used.
Consent
(Article 6.1.a of the GDPR) Legitimate interest in knowing the functioning of the site for functional cookies (Article 6.1.f).

Internally: the departments responsible for communication.

Externally, our IT service provider.

Newsletter Identity; subscription date; statistics Subscription management; Management of electronic shipments; Development of statistics relating to the service Consent (article 6.1.a GDPR)

Internally: the department responsible for communication;

Externally, our IT and communication service providers.

Recruitment Identification data and professional life appearing in particular in the CV and cover letters. The purpose of the processing is to enable recruitment operations: processing of applications (CV and cover letter) and management of interviews

Consent (Article 6.1.a GDPR)

Execution of a pre-contractual measure (Article 6.1.b GDPR)

Internally, the departments responsible for recruitment operations.

Externally, any recruitment firms and temporary work agencies

Gift card Identity (surname, first name), email and postal contact details (for sending physical cards) of the initiator, participant and beneficiary

The purpose of the processing is to:

  • provide the gift card service
  • allow gift cards to be spent throughout their validity period
  • manage the history of transactions on gift cards as well as after-sales service and disputes
  • analyze the risk of fraud
  • compile statistics and improve the service
Execution of a pre-contractual or contractual measure (Article 6.1.b GDPR)

Internally: the departments in charge of the gift card project, the participating shops.

Externally, our IT and marketing service providers, the company BUYBOX in charge of the gift card solution.

Check management Data relating to checks and their control Control of checks; consultation of the national file of irregular checks (FNCI); fight against non-payment and fraud.

Legitimate interest (article 6.1.f GDPR), namely the fight against non-payment and fraud

The time of questioning the check guarantee company

Internal accounting services.

Externally, the check guarantee company

5. Who are the recipients?

In addition to the recipients indicated above, and in order to accomplish the aforementioned purposes, we disclose your personal data only to:

  • LDLC Group entities that need to know them to ensure their management;
  • Service providers and subcontractors performing services on our behalf; They are rigorously selected and act according to our instructions;
  • Partner sellers in the event of the purchase of a product on the Ldlc.com Marketplace;
  • Stores under the LDLC banner for the 360° program
  • Financial, judicial or state agencies, public bodies on request and within the limits of what is permitted by regulation;
  • Credit reporting and collection agencies in the context of credit assessment or debt collection in the event of unpaid invoices;
  • Certain regulated professions such as lawyers, notaries, auditors.

6. What are the retention periods?

GROUPE LDLC keeps personal data for a period that does not exceed the period necessary for the purposes for which they are collected in accordance with the provisions of the law of January 6, 1978 as amended and the GDPR.

The data may be retained later in the following cases when retention is necessary:

  • To the exercise of the right to freedom of expression and information,
  • To comply with a legal obligation,
  • For the performance of a task in the public interest or in the exercise of official authority vested in the controller,
  • For reasons of public interest in the field of public health,
  • For archival purposes in the public interest,
  • For scientific or historical research purposes or for statistical purposes,
  • Or the establishment, exercise or defense of legal claims.

The criteria for determining retention periods are as follows:

  • Legal or regulatory provisions
  • The doctrine and case law of supervisory authorities
  • Sector references

Bank cards are only recorded after an explicit request from the customer, on the payment page (if this option is offered to you). They are kept for a future order in order to improve your shopping experience on our sites. Cards saved for a future purchase are kept in a secure space with our payment provider. GROUPE LDLC does not keep this information. You have the possibility to delete your registered card at any time, on the payment page.

Cookies have a lifespan limited to thirteen months after their first deposit in the user’s terminal equipment (following the expression of consent), as recommended by the CNIL. You can change your preferences at any time via the cookie manager whose link is present at the bottom of the page of our sites. To find out more about cookies and how we are committed to using them, please visit this page .

Commercial management: Your data is kept for the duration of the contractual relationship and according to the limitation periods relating to the conservation or protection of the rights of the data controller.

Management of accounting and tax operations: Accounting and tax data are kept for a period of 10 years.

Management of commercial operations: The data is kept until the withdrawal of consent or 3 years from the last contact. They can also be stored:
– For a period of 3 years from the last contact that the persons to whom they relate had with our company;
– After the execution of the contract, in intermediate archiving, to meet accounting or tax obligations or to constitute evidence in the event of litigation and within the limit of the applicable limitation period.

The data of the customer account, created by the latter, are intended to be kept until the deletion of the account by the user. However, the account may be considered inactive if not used for 2 years and may be subject to deletion.

Management of the rights of persons: When a person exercises his right of opposition to receive prospecting, in order to guarantee its effectiveness, the information allowing this right to be taken into account is kept for a minimum of 3 years from the exercise of the right. right.

Management of reviews: At the request of an author of a review, GROUPE LDLC offers the possibility of unpublishing a review, while maintaining traceability for the purposes of later verification of the review. GROUPE LDLC may delete notices in the event of a change of ownership and/or complete renovation of an establishment, or a modification of the substantial characteristics of a product or service. GROUPE LDLC will keep a history of the opinions deleted, and all documents related to the opinions, from the site and the reason for their deletion for a maximum period of one rolling year from the date of deletion of the opinion.

Management of unpaid bills: In the case of unpaid bills, the data is erased from the file listing the people in a situation of unpaid bills at the latest, 48 hours from the moment when the unpaid bill has actually been settled. Exceptionally, and when necessary and proportionate circumstances justify it, data may be retained in order to prevent renewal. In case of non-regularization, the information is likely to be kept in the file listing the people within the limit of 3 years from the occurrence of the unpaid. They can then be archived to meet accounting and tax obligations or serve as evidence in the event of litigation within the limit of the applicable limitation period.

Recording of telephone calls: Recordings are kept for a maximum of 6 months.

Supporting documents sent to Customer Relations: the purpose of the processing linked to the request for supporting documents is to combat fraud and unpaid bills. The data is kept for 30 days from the month following its receipt and 24 months from the transaction date in the event of a dispute. Supporting documents containing copies of bank cards are immediately deleted.

Newsletters: You can unsubscribe from newsletters at any time from the link provided for this purpose in the email, or directly from your Customer Account.

7. Who has access to personal data?

The data controller does not sell or share your data with third-party business partners. Some of the employees may have access to the data which is necessary for them within the framework of their functions.

Our various service providers may have access to the data for the performance of their contract, in compliance with the purposes set out above and with the regulations.

Data may be transmitted in the context of business transactions (merger, acquisition, sale, restructuring, etc.).

“Authorized third parties” (public authorities or court officers) are organizations that can access certain data contained in public and private files, on the basis of a text authorizing them to do so.

As part of the 360° customer project, aimed at offering a true multi-channel experience to customers, data is shared between the various LDLC.COM brands (branches, franchises, subsidiaries): the customers resulting from this data transfer, who have a email address, will have a web account created following their migration to the new cash register software. However, the account will only be activated when the customer has changed his password on the site during his first connection. The data concerned comes from invoices for purchases made in shops under the LDLC brand, the list of which is available at the following address: https://www.groupe-ldlc.com/boutiques/ . The legal basis for this processing is Legitimate interest, namely the multi-channel processing of customer requests (order tracking, after-sales service, complaints, etc.) and consent for the personalized customer area.

Regarding the LDLC Marketplace, our company’s role is to connect sellers and buyers. The latter are informed that their data and personal information collected when placing an order via the Marketplace, are processed by Groupe LDLC and the service providers in charge of the marketplace. Only the information strictly necessary for the execution of the transactions will be transmitted to the seller, and this for the sole purpose of processing the transactions.

8. Do we transfer data abroad?

Your data is not transferred to third countries and remains hosted within the European Union.

Regarding the functionalities related to the use of social networks, your publications are likely to be accessible outside the European Union. We invite you to consult the data management policy of the networks concerned.

9. Security

We are committed to ensuring the security of your personal data through strict procedures within our company.

For data collected “online”, communications on the client side are encrypted between the user’s workstation and our servers (HTTPS secure zone). The LDLC GROUP undertakes to make every effort to protect your personal data. Within GROUPE LDLC, only those persons will have access to your information who, because of their functions, have a legitimate interest in accessing it. In the context of technical operations, your data may also be hosted by our subcontractors. These are rigorously selected and act in accordance with our instructions.

10. Rights of persons / your rights

Data subjects have the following rights, which they exercise under the conditions provided for by the GDPR:

  • Right of opposition, to withdraw consent at any time. Where the processing of your personal data is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent made before its withdrawal.
  • Right of access to personal data concerning you
    GDPR Article 15
  • Right to rectify data concerning them if they are inaccurate
    Article 16 GDPR
  • Right to erasure of data concerning them subject to the conditions for exercising this right pursuant to the provisions of Article 17 of the GDPR
  • Right to restriction of processing
    GDPR Article 18
  • Right to data portability
    GDPR Article 20
  • Right of objection
    GDPR Article 21
  • Right to define directives relating to the fate of your personal data (conservation, deletion and communication of data) after your death.
    Article 85 of the Data Protection Act (amended)
  • Right to lodge a complaint with a supervisory authority (the CNIL in France).
    Article 104.4 of the Data Protection Act (modified)
  • Automated decision. The data subject has the right not to be the subject of a decision based exclusively on automated processing, including profiling, producing legal effects concerning him or significantly affecting him in a similar way. The data subject has the right to obtain human intervention from the controller, to express his or her point of view and to contest the decision.

Consult the cnil.fr website for more information on your rights.
These rights can be exercised directly with the data controller.

11. Exercise your rights

To exercise these rights or for any question about the processing of your personal data, we invite you to use the following forms depending on the site concerned:

You can also contact Groupe LDLC and its subsidiaries at the following coordinates, in particular for data relating to another site:

  • Head office address: GROUPE LDLC – DPO – 2 rue des Érables, 69760
  • Telephone number: 04 72 52 37 77
  • E-mail address: dpo@groupe-ldlc.com

12. Complaint

If you believe, after contacting us, that your “Data Protection” rights have not been respected, you can file a complaint with a supervisory authority.

The French supervisory authority is the Commission Nationale de l’Informatique et des Libertés (CNIL).

Date of last update: 15.12.2021

Start typing and press Enter to search

Shopping Cart

No products in the cart.