As of May 25, 2018, the General Data Protection Regulation (GDPR) applies within the European Union.
This new European regulation is a continuation of the French Law "Informatique et Libertés" of 1978 and strengthens citizens' control over the use that can be made of their data. It harmonizes the rules in Europe by offering a unique legal framework to professionals. It allows them to develop their digital activities within the European Union based on the trust of users.
You can be sure that we attach great importance to the protection of your Data and that we do everything in our power to keep and process them reliably.
Let's first define what is a "Personal Data"?
Personal data is any information relating to an identified or identifiable individual. It includes name, first name, postal address, telephone number, IP address, email address, date of birth, ..
Why do we need some of your Personal Data?
In order to satisfy your desire to buy a doll (or any other article on our site) and to be able to carry out a sales transaction (= a contract) together, our store needs you to communicate a whole series of data concerning you.
This also concerns the way we communicate with you via different types of media (newsletters, presentation of new products, invitations to a competition, message on the occasion of your birthday, ...).
The mission of this new European regulation RGPD is to strengthen the rights you have on your data: right of access, rectification, opposition, deletion, portability and limitation of processing.
We will explain what data we collect, how and why we collect it, who processes it, how we protect it, and most importantly, what your exact rights are in this regard.
The person in charge of processing Personal Data in our company is Mr. Emmanuel BROUET.
The company Un Bonheur de Colibri has declared its file to the CNIL under the number 1818082.
We will describe below all the data we collect and process when you access and use our website https://www.unbonheurdecolibri.be (the "Site")
If any provision of this Policy is found to be invalid or contrary to applicable law, it shall be deemed unwritten and shall not invalidate the remaining provisions of this Policy.
This Policy applies to all Personal Data collected via our Site, when you create a user account, when you subscribe to the Newsletter or for any other exchange between you and Colibri (by telephone, email exchanges, via the contact form, by post, via Social Networks, ...).
What data do we collect?
When you use and/or consult our Site, here is the list of Personal Data that we collect:
- Data relating to your identity (such as surname, first name, date of birth, gender, postal address, landline telephone number, mobile telephone number, ...)
- Your email address which will be the "key" to create a user account on our Site, but also used for all exchanges between us
- Data related to the navigation on our Site, in particular the IP address, the search history, the browser and the operating system used, ...
The Data of your orders in particular the complete history of these, your preferences of carriers and delivery, your points of fidelity, your methods of payment, ...
- Data concerning your visits to our Site such as the date of visit, the number of pages visited, traffic data, ...
We remind you that no bank details (credit card number, expiry date, cryptogram, Paypal address or password) transit via our Site and are therefore not recorded on our Site. These Data are collected directly by professional service providers used for online payments (via their own site).
How do we collect your Data?
During your visit and when creating/viewing/modifying your user account, your Personal Information is collected by our site, for example:
- When you enter them directly in the user account creation form or when you modify your Data in this account
- When you contact us via the contact form
- When you subscribe to our newsletter
This is what we call a "direct" method of collecting Data.
A cookie is a small file consisting of numbers and letters that is stored in the memory of your browser and/or device when you visit our Site. These cookies allow our Site to store information that enables us to provide you with a better, faster and more secure visiting and shopping experience. These small data files stored on your device speed up the layout while allowing our Site to record certain information when you visit the Site or use our services, applications or messaging systems.
You can refuse the recording of these Cookies and even configure your browser to warn you before accepting new Cookies.
To do this, you can set your browser parameters.
In any case, we commit ourselves never to communicate the content of these Cookies to third parties, except in case of legal requisition and/or on injunction of the legal authorities.
Collecting your Data, but for what purpose?
As a user and customer of our Site, we collect your so-called "direct" Data (i.e. those that you have consented to communicate to us) in order to use them for different reasons:
To create a user account allowing us to have a complete and relevant CIF (Customer Information Form)
To manage your orders and execute the sales contract between us
To send you our newsletter and other commercial information if you have given your explicit consent
To send you certain information concerning your user account such as your purchase history, your loyalty points, the follow-up of your orders and your parcels, ...
To carry out the forwarding of your orders near our carriers
To answer all your requests and all your questions via the contact form of the Site or via the module of telephone recall on the homepage
To meet all our legal obligations (such as the accounting management of your orders)
To improve our site, its ergonomics, its use, ...
To allow us to carry out many sales statistics which can relate to the typology of the bought products, the various zones of catchment covered, the profile of our customers (age, sex, country,?), the turnover carried out, the history by product, by customer, by country,?
But we also use some of your so-called "indirect" Data (collected by means of Cookies on our site) for the following reasons:
To improve your visit to our Site (faster loading, certain information to be no longer encoded, recognition of your username and password, ...)
To obtain statistics allowing us to measure and analyze the traffic, the number of users, the most/least consulted pages, the entry and exit pages of our Site (i.e. the pages where you arrive on our Site and from where you leave), ...
Who manages your Data?
The Personal Data you have entrusted to us are exclusively processed internally by Colibri and are/will never be communicated to third parties.
However, in the context of our commercial activities and in order to fulfill the sales contract (i.e. processing and shipping your order), your Data may be communicated to our service providers, in particular
For the Payment part: our Site proposes you various means of payment
- Credit card such as Carte Bleue, Visa, Mastercard, ... (via the company Hipay)
- Paypal account (via Paypal company)
- Check or bank transfer (via our partner Crédit Mutuel)
We remind you that we never have access to your bank details, card numbers, card code, Paypal password, ... All transactions are secured through SSL encryption ensuring the utmost confidentiality of these data.
For the Delivery part: part of your Data are used for the creation of shipping labels for your packages. These labels are generated internally at Colibri via computer programs made available to us by our transport partners with whom we have signed written collaboration agreements.
For possible after-sales service: in the case of a repair, the sending of a spare part or the exchange of a product, we may have to communicate some of your Data to our suppliers in order to carry out the after-sales service operation. But this way of working remains very marginal because in the majority of the time, the exchanges transit via our offices and not directly to you.
For the dispatch of our Newsletters: the dispatch of our newsletters and presentation of new products is ensured by Mailpro, edited by the company SAASCO SA established in Nyon in Switzerland.
Links to external sites: our Site contains links to various third-party sites, including those of our suppliers, certain social networks (such as Facebook, Google+, Instagram, Pinterest, etc.), our customers' blogs, etc. Obviously, Colibri has no control over these external sites and cannot be held responsible for the way in which your Data may be stored, used or protected on their servers. We advise you to inquire about the treatment of your Data by these third party sites.
How long do we keep your Data?
Colibri has decided to keep your Data only for as long as is necessary for the various purposes for which your Data was collected. Obviously, this retention period is not the same for all operations, some of which are subject to legal retention obligations.
Here is an overview of the different retention periods for your Data:
- For your user account: retention of all billing data for 10 years from the date of purchase. If you request deactivation and/or deletion of your user account, all of your data will be retained for 5 years from the date of your request for termination (except for billing data).
- For any contact with Colibri (via the Contact form or by sending an email to our address), your Data will be kept for a maximum of 13 months from the last contact
- For all subscriptions to our newsletter and new product presentation letters, we keep your Data until you request to unsubscribe.
Indirect information collected through cookies will be kept for up to 12 months. After this period, we may anonymize your data (make it completely anonymous), which allows us to keep it only for statistical and commercial purposes
How do we protect your Data?
Of course, the protection of your Personal Information is one of our top priorities. This Data is kept on secure servers and protected from any risk (both internal and external) thanks to antivirus, firewalls and other technical means.
We use Secure Sockets Layer (SSL) technology, which is an encryption technology for links between web servers and browsers. This type of link guarantees the confidentiality of data exchanges between your computer and our web server. When visiting our Site, your browser will authenticate our SSL certificate before establishing a secure connection with our server.
This type of connection ensures that no one other than you and us can see or access the information you enter in your browser. This SSL method can be recognized by an address beginning with "https://" and the appearance of a padlock in the browser's address bar.
We strive to protect your Data, but we cannot guarantee the absolute security of information transmitted to our Site. We cannot be held responsible for any breach of the privacy and security settings on our Site.
As such, you agree that you transmit your Data at your own risk and that the security of your information is also your responsibility. Never disclose your password to others or provide personal information in public areas of the Site that may be viewed by other visitors.
What rights do you have?
The implementation of the new RGPD regulation strengthens your rights with regard to the Personal Data you have provided to us. The main pillar of this regulation is to be able to choose how your Data is used, in particular:
You can view and browse our Site without providing any Personal Data. Unfortunately, you will not be able to place orders or use certain features of our Site (contact us, post a review in the guestbook or blog, request a callback, ...)
You can manage your subscription to our Newsletter and our commercial letters at any time by unsubscribing via the link at the bottom of each of our communications
You can log in to your user account at any time to consult and/or modify all the direct Personal Data encoded on our Site. You also have the option to permanently delete your user account if you do not wish to keep it on our Site. This measure is irreversible, it will permanently erase your entire order history and will also remove any benefits you may have.
In accordance with the provisions of the applicable regulations on the protection of personal data (the European Regulation 2016/679 on Data Protection - RGPD), but also the law of January 6, 1978 known as "Informatique et Libertés" and all its amendments, you have a right of access and a right to rectify your Data.
The rights you have under this new regulation are the following:
- Right to object to the processing of your Data on legitimate grounds (according to Article 21 of the GDPR)
- Right to limit the processing of your Data
- Right to the portability of your Data
- Right to withdraw at any time the consent previously given (but the processing carried out before this withdrawal remains fully valid)
- Right to the erasure of your Data
To enforce your Personal Data Rights and in accordance with Article 12.6 of the GDPR, for the exercise of these rights, Colibri (being the data controller) reserves the right to ask you for proof of your identity. This proof of identity information will be deleted once we have responded to your request.
A DPO (Data Protection Officer) has been appointed within our company: this is Emmanuel BROUET.
You can exercise these rights by sending a letter in French or English (indicating your name, first name, postal address, e-mail address and a copy of both sides of your identity card):
By e-mail: to firstname.lastname@example.org
By postal mail :
Un Bonheur de Colibri SAS - To the attention of the DPO (BROUET Emmanuel)
387, Rue de l'Eglise
76750 Bierville (France)
We will answer your request within one month.
Is your Data transferred outside the European Union?
The Data collected on our Site are hosted by the company MT Web - 34, Rue Joseph Pujol in 33100 Bordeaux (France) whose servers are located exclusively in France.
The sending of our Newsletters is managed by the site Mailpro, edited by the company SAASCO SA established in Nyon in Switzerland. Therefore, your Data may be transferred outside the European Union. Of course, this company is obliged to respect the confidentiality and the protection of the Data by contractual obligations, to treat them only for the purposes for which we transmit them to them and to protect them in the most secure way possible.
Of course, the use of the various services offered by our Site implies the acceptance of this Policy. If you do not agree to this Policy, we invite you not to use the Site or to use it anonymously (i.e. without entering Personal Data, which will severely limit the services offered and will make it impossible to enter an order).
This "Data Protection and Privacy" Policy was last updated on November 14, 2019 in accordance with the implementation of the European Data Protection Regulation (RGPD).