The french version https://www.guayapi.com/politique-de-confidentialites/ is the only official version. This translation is only here for help and information.
Updated on: 12/6/2021
It also aims to inform users of their rights as well as the exercise of these rights in accordance with the national regulations in force and Regulation 2016/679 of April 27, 2016 on the protection of personal data.
The data controller is the company Guayapi, SARL with a share capital of € 24,000 whose head office is located at 55 rue Traversière
75012 Paris, France and registered in the Paris Trade and Companies Register under number 353 588 718.
(hereinafter referred to as the “Company”).
The Company has appointed a data protection officer (hereinafter referred to as the “DPO”) whom you can contact at the following email address: firstname.lastname@example.org [/ email] or by post at the following postal address:
Data protection officer
55 rue Traversière
75012 Paris, France
This policy applies to you when:
- You are visiting our website
- We provide products and / or services to you as a customer
The type of data collected
We collect and use basic information about the users of our website, which we use primarily to improve our website. We look at how you use our website, how often you visit our website and when the website is used the most. In addition, we also use website data to monitor visitor behavior and optimize our campaigns in the context of remarketing.
We collect and use information about you or about individuals within your organization in order to communicate with you (eg: contact form).
This is usually personal information that we may collect and use about you:
- First name ;
- Last name ;
- Email address ;
- Phone number;
We collect and use information about you to provide our products and / or services to you. When collecting data, we limit ourselves to the information necessary to achieve our objective. This is usually personal information that we may collect and use about you:
- First name;
- Last name;
- House number;
- Postal code;
- Email address;
- Phone number;
- VAT number;
- Order number;
- Transmission mode;
- Payment method;
- Items purchased;
- Amount of items purchased.
For a customer, the email address is used for two purposes:
- For sending an order confirmation
- For delivery information
If the ordering process is interrupted, we may send you a reminder email with the contents of the shopping cart (also known as an abandoned shopping card).
How do we collect your personal data?
We automatically collect your data using cookies when you visit our website, based on the cookie settings in our cookie bar. When you contact us or register for our store through the website, we also collect information from you.
We collect your personal information as part of our contractual relationship.
We collect personal data from customers in different ways:
- Personal data that you provide to us as a customer (eg: when you register on our store);
- Personal data that we collect automatically.
How do we use your personal information?
Website user information helps us improve your user experience with our website.
We use customer data for this purpose:
- Provision of products and / or services;
- Marketing activities;
- Financial activities;
- Customer analysis.
The main reason for using customer data is to ensure that contractual agreements can be honored so that the relationship runs smoothly. In exceptional cases, we use your personal data in the context of criminal proceedings.
Who do we share your personal data with?
We may share your personal information with the following categories of people in different ways and for different reasons, depending on the case and in accordance with local laws and regulations:
- All business entities reporting to Guayapi;
- When required by law: tax, audit or other authorities;
- Third parties such as service providers who perform functions on our behalf;
- Third parties such as outsourced IT providers and file storage providers with whom we have a processing agreement;
- Marketing and social media technology platforms: Facebook
This list is not exhaustive.
How long do we keep your personal data?
We will delete your personal data from our systems if:
The user-level and event-level retention period associated with cookies, user IDs and advertising IDs are stored in Google Analytics for 26 months before being automatically deleted.
If we have not had significant contact with you for a period of 5 years, we will erase your data, unless the law or the competent authorities require us to keep it longer.
For the consumer applies:
All personal data concerning the placing of an order ends up in the back end of our website (WooCommerce). For the whole process, we need the personal data in WooCommerce.
User rights over personal data
Permission to access
Users have the right to access personal data concerning them. Users have the right to obtain confirmation that their data is or is not being processed. If users exercise this right, the Company will communicate a copy of the characteristics of the processing carried out on their personal data (the purposes of the processing, the categories of data concerned, etc.).
The information will be provided either electronically or in hard copy. Users may obtain a copy of their personal data subject to respect for the rights of others.
Right of rectification
Users who notice that the personal data concerning them are incorrect or incomplete have the right to request the correction or completeness of this information.
Right to restriction of processing
Users have the right to obtain the limitation of the processing of their personal data, in particular when they dispute the accuracy of the data, when the processing is unlawful and they wish to obtain the limitation and not the erasure of their data. or when the data controller no longer needs the personal data but they are still necessary for the establishment, exercise or defense of legal claims.
Right to object to processing
Users can object to their personal data being processed if they have a legitimate reason and if the processing is based on their consent.
As soon as you exercise your right to object, your personal data will no longer be processed. When the processing is based on a legal obligation, the right of objection does not apply.
The Company informs you that the modification or deletion will take place as soon as possible.
Right to be forgotten
Users can request the erasure of their personal data in the cases listed in article 17 of the GDPR: when they are no longer necessary for the purposes for which they were processed or collected, when they must be erased at as a legal obligation, when they have been the subject of unlawful processing or when you withdraw your consent for the intended purpose.
However, the erasure of this data cannot be carried out when the processing is necessary, among other things, for the exercise of the right to freedom of expression and information, to comply with a legal obligation incumbent on the Company, to the establishment, exercise or defense of legal claims.
Right to data portability
Users have a right to the portability of the personal data they have transmitted. You will be able to access it in a structured, commonly used and machine-readable format. You can also request that this data be transmitted to another data controller when the technique allows it.
You can exercise your rights by contacting the DPO appointed by the Company at the address above.
Security of personal data
The Company implements all appropriate security measures to ensure the protection of personal data collected, and in particular to prevent the destruction, loss, alteration, disclosure or unauthorized access of data.
To this end, security measures such as anonymization or data encryption will be implemented. Steps will also be taken to ensure the continued confidentiality, integrity, availability and resiliency of processing systems and services.
Any security breach affecting your data and likely to create a high risk for your rights and freedoms will be notified to you as soon as possible.
Storage of personal data
The servers used by the Company to store your personal data are located in France.
The Company transmits certain personal data to its subcontractors providing services necessary for the performance of the services. Some subcontractors host personal data on servers located outside the European Union. Therefore, the Company ensures that they are able to guarantee the same level of data protection as that required by the GDPR within the European Union.