PERSONAL DATA PROTECTION POLICY

The purpose of the Personal Data Protection Policy is to inform you that your personal data is processed when you browse the Application published by the company ECO TLC – REFASHION (*) hereinafter referred to as the eco-organization (the “Application”).

(*) REFASHION is a trade name of the ECO TLC company.

We hereby inform you of the nature of the personal information that is collected, how we use it, with whom we share it, how we strive to protect it, how you can access and/or correct your information and lastly, how you can contact us if you have any questions.

The purpose of this document is to also communicate all information made mandatory by Article 32 of the French Data Protection Act and by Article 13 of EU Regulation EU 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals regarding the processing of personal information and the free circulation of this information (“GDPR”).

Lastly, attention is drawn to the fact that we may need to modify this document in particular to ensure that it meets new regulations or to adapt it to our practices.

 

Article 1 – Processing Manager

The information collected via the Application’s various Personal Data collection forms is processed by ECO TLC – REFASHION, SAS (Société par actions simplifiée) company with a capital of 40,000 euros, whose head office is located at 4, Cité Paradis 75010 Paris France, registered at Paris Trade and Companies Register under number B 509 292 80 (“Refashion” or “we”), as data controller.

 

Article 2 – Personal Data Collection by Refashion

Personal Data designates any and all information related to an identified or identifiable individual, i.e., a person who can be directly or indirectly identified.

The eco-organization is brought to collect and process your personal data according to your actions on the Application:

Action 1: When you browse the Application

The personal data collected by Refashion is as follows: browsing data such as the IP address and communication details that are made available through the use of your computer. These data are collected (i) either automatically, (ii) or after having obtained your consent. In addition, statistical data may be collected during your visit and be used (number of pages viewed, number of site visits, etc.). For more information on statistical data, or data collected through the use of cookies, see our Cookie Policy.

Action 2: When you contact us via the contact form

If you contact us via the “contact us” section, the following data will be collected: name, first name, e-mail address, mobile phone number, postal code and content of the message sent to the eco-organization.

Action 3: When you have a personal account on the Application

Registration Form Certain information will be requested from you when you complete the registration form on the Application, namely:

• Civility

• Last name and first name

• Function

• Email and phone number

• Professional information (company name, SIRET, website, country, NAF code, activity, skills, etc.)

• Reason(s) for the registration request, etc.

Personal Account Certain information may be collected when you log in and use your account, including:

• Data concerning the contact persons registered in a company file

• Connection logs

• Search history

• Search criteria and filter applied

• Materials offered

• Suggested solutions, etc.

 

Action 4: When you receive communications from the eco-organization

This action only concerns Users with a Personal Account. If you have an account and unless you object, you are likely to receive communications from Refashion, based on the information collected through the registration form.

It is possible that several actions concern you. For example, you can browse the Application, have a Personal Account without having objected to receiving communications and contact Refashion via the contact form. In this case, you are concerned by all of this data processing.

 

Article 3 – Purpose(s) of Personal Data processing and legal bases

Refashion is an eco-organisation approved by the State and whose main mission of general interest is to provide information and assist stakeholders in the CHF industry on the most environment-friendly production methods. Its mission is to encourage the collection and recovery of clothing, household linen and footwear waste.

As an eco-organisation approved by the public authorities, Refashion is obliged to report back to public authorities on the performance of initiatives undertaken, in particular in terms of information provided and awareness-raising measures.

To measure the effectiveness of its initiatives and the communication of its Application’s contents, Refashion is obliged to gather User Personal Data and analyse the browsing behaviour and choices.  Given its mission of general public interest, Refashion thereby has a legitimate interest in collecting personal data for these purposes.

Otherwise, the purposes and legal bases of the data processing carried out via the Application are as follows:

 

Actions Legal basis Purpose Legal basis
Action 1: When you browse the Application ·         Evaluate, understand, and report on how you use the service. Consent.
·         Subsequently send personalized advertising and / or content in other contexts. Consent.
·         Select and distribute content for you, then evaluate their distribution as well as their effectiveness. Consent.
·         Production of usage and performance statistics Refashion’s legitimate interest in having statistics on its Application.
Action 2: When you contact us via the contact form ·         Allow you to send us requests for information and other requests. Refashion’s legitimate interest in dealing with users’ questions / complaints.
·         Allow us to respond to your contact requests.
Action 3: When you have a personal account on the Application ·         Allow you to register on the Application. Execution of pre-contractual measures between Refashion and you.
·         Allow you to access the Application and its services / content. Execution of the contract with you.
·         Analyse the navigation and the choices of the User on the Application in order to carry out profiling, for content personalization purposes. Consent.
Action 4: When you receive communications from Refashion ·         Send you Inquiries / Opinion requests by email Refashion’s legitimate interest (within the limits of the right to object)
  ·         Send you information letters by email Refashion’s legitimate interest (within the limits of the right to object)

Finally, your data is also likely to be processed by Refashion for the following purposes and legal bases:

Purpose Legal basis
Respond to your requests to exercise rights (right of access, rectification, erasure, opposition, portability, etc.). Refashion’s legal obligation.
Where applicable, be able to demonstrate compliance with our legal and regulatory obligations. Refashion’s legal obligation.

 

Article 4 – Recipients or categories of recipients of Personal Data

Recipients at Refashion

The recipients of the personal data collected are the staff members of the eco-organization authorized to have access to it for the performance of their duties. These staff are authorized and will access your data within the limits of those strictly necessary for the performance of their duties.

Partner and / or subcontractor recipients

Your personal data may, where appropriate, be sent to subcontracting companies or partners to which the eco-organization may call upon in the context of the performance of the services provided by the Application. Refashion ensures compliance with data protection requirements for all of its subcontractors.

External recipients

Users: some of your personal data may be consulted by other users, as part of their research and consultation of a company file on the Application.

Judicial, public, and governmental authorities: the eco-organization may be required to disclose your Personal Data when this disclosure is necessary to:

– Comply with the law (or a subpoena or court order).

– Comply with legitimate requests from public and governmental authorities.

– Prevent a crime or carry out an investigation, for example in the event of fraud or identity theft.

– Protect the rights, property or safety of the eco-organization, its users or third parties.

 

Article 5 – Transferring data to a country outside the EU

It is understood by data transfer, all communication, copying or movement of Personal Data intended for processing in a third-party country or any data to which a third party outside of France may have access.

If your data is transferred to Refashion partners located outside of the European Union, Refashion guarantees:

  • Having collected all the required authorisations from the competent authorities to perform said transfer.
  • Having managed this transfer by standard European Commission contractual clauses or internal company rules (Binding Corporate Rules) or ad hoc contractual clauses that the CNIL (French National Data Protection Commission) has previously recognised as guaranteeing an adequate level of protection of privacy and the fundamental rights of individuals.

In the event of transfer to the United States, Refashion undertakes to verify if the receiving entity of said data has complied with the “Privacy Shield”, a self-certification mechanism for companies established in the United States. This mechanism has been recognised by the European Commission as offering an adequate level of protection for personal data transferred by a European entity to one established in the United States.

 

Article 6 – The rights of individuals

You have the right to access, rectify, delete your personal data and to its portability.

You can also request that the processing of your data is limited or refuse that it be processed.

You have the right to communicate your instructions to Refashion concerning your personal data in the event of your death.

You can exercise your rights with Refashion:

Refashion reserves the right to request the settlement of “reasonable costs” related to any administrative costs borne for supplying information if your request is clearly unfounded or unreasonable. Refashion shall endeavour to meet your request within the deadlines required by the GDPR.

To protect your privacy and ensure your security, Refashion will also undertake suitable measures to check your identify before granting you access to your personal information or to correct, modify or delete it.  All requests shall be accompanied by a copy of your personal ID.

You can, at any time and free of charge, withdraw your consent and / or object to receiving newsletters / promotional offers:

  • By clicking on the link offering to unsubscribe from the newsletter affixed to each sending of emails.
  • Using the aforementioned means of contact.

Unsubscribing will stop sending new emails.

If you consider that the eco-organization does not comply with its legal obligations in terms of data protection or that we have not responded effectively to your request, you still have the right to lodge a complaint with the National Commission for Information Technology and Freedoms (“CNIL”).

 

Article 7 – Data Security and Confidentiality

You Data security:

  • We implement organisational and technical security measures to guarantee the confidentiality and integrity of personal data. In this regard, the purpose of administrative, organisational, technical, and physical precautions is to protect your personal data from loss, theft, non-authorised access, non-authorised transmission and all modifications or deletion. In all cases, Refashion shall implement security measures that are suitable for the type of data collected.
  • Data that is collected is confidentially saved and is protected to a very high level of security. The servers on which this data is saved comply with security standards currently in force. They are protected against digital and physical attacks.
  • All of the Application’s pages on which you are required to communicate Personal Data are made secure in https. However, despite all efforts made, Refashion cannot guarantee that this protection is infallible due to unavoidable risks that occur during the transmission of personal data.

Security of data transmitted to our external service providers:

We always select service providers with the greatest of care and attach the greatest importance in the way that your data is made secure.

Therefore, these service providers act on Refashion’ s orders only and at no time use your data other than for carrying out the services that we have entrusted to them.

A contract is systematically signed between Refashion and its selected service providers in which we request that the appropriate technical, physical, logical, and organisational measures are implemented in order to ensure the confidentiality and the security of processed Personal Data and thereby prevent it from being deformed, damaged or that non-authorised third parties access it.

 

Article 8 – Period that Personal Data is kept

Refashion only keeps Personal Data for the time required for the operations for which it was been collected and complies with the regulations in force and the following policy on the period that data is kept:

Personal Data Categories

In general, when you have a Personal Account, your personal data are kept as long as your account remains active and then are archived in order to meet legal obligations or for evidentiary purposes or are anonymized. for study and statistical purposes.

Your personal data collected to send you newsletters / commercial offers will be used by the eco-organization for this purpose until your opposition or for a period of 3 years from the end of the contractual relationship (deletion of the account, last activity of the account).

Data concerning information requests or claims

3 years from the date that it was collected or the last contact or the end of the commercial relationship

Data proving a right or a contract

5 years as from the collection of the data or the last contact or the end of the commercial relationship

Some data may be kept for an additional period in order to manage claims and/or disputes as well as meet legal or regulatory requirements or to respond to any requests made by authorised authorities. Data shall be deleted when Refashion receives information on the death of the person.

The Personal data is deleted without delay when Refashion becomes aware of the person’s death.

 

Article 9 – Cookies

When browsing the Application, information on your browsing behaviour may be recorded in files known as “Cookies” installed on your computer, depending on the choices that you made concerning Cookies, and that you can modify at any in time.

Cookies allow the Application visited to thereby manage, save, and recover information about your browsing behaviour as well as obtaining technical communications on the Application’s browsability.

 

For all additional information, please refer to our Cookie Policy.

©2021 Refashion. All rights reserved.