- how their personal data is collected and processed in accordance with the legislation in force and in particular with European Regulation No. 2016/679 of the Parliament and of the Council of 27April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which entered into force on 25 May 2018. Personal data are all data that can identify a user. This includes the first name, surname, age, postal address, e-mail address, location of the user and his IP address:
- what are the rights of the users regarding this data;
- who is responsible for processing the personal data collected and processed ;
- to whom this data is transmitted ;
1. Data collected and processed and collection mode
Ordering products on the website
When the Customer makes a purchase on the www.diega.fr website, the following personal data is collected:
- First name,
- Postal address,
- Telephone number,
- E-mail address
SARL C.P. will keep in its computer systems of the website and in reasonable conditions of security all the data collected.
SARL C.P. will regularly review the personal data held, and delete any data that are no longer required. No personal data will be held for more than five years. After this period, the data may be anonymised and retained by SARL C.P for legal or statistical purposes.
The user's bank details are not kept after the purchase. In any case, the cryptogram is never kept by SARL C.P.
Subject to the user's express consent, obtained when registering for the SARL C.P newsletter, the following personal data is collected:
- E-mail address
2. Transmission of data to a third party
SARL C.P may communicate personal data to its subcontractors, service providers and suppliers. For example, when the Customer makes a purchase on the website, his/her contact information will be communicated to the delivery service provider.
The data collected and processed by the website are exclusively hosted and processed in France.
3. Data controller and data protection officer
The data Controller is: SARL C.P
He can be contacted by email at firstname.lastname@example.org or by post at :
SARL C.P, 15 rue Béranger, 75003, Paris.
The Data Controller is responsible for determining the purposes and means of processing personal data.
Obligations of the data controller
The data controller undertakes to protect the personal data collected and to respect the purposes for which the data were collected.
The website has a T.L.S certificate to ensure that the information and data transfer through the website is secure. The purpose of this certificate is to secure the data exchanged between the user and the website.
The data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this would involve disproportionate formalities, costs and steps for the user.
In the event that the integrity, confidentiality or security of the user's personal data is compromised, the controller undertakes to inform the user by any means.
4. User rights
In accordance with the regulations concerning the processing of personal data, the user has the following rights:
Right of access, rectification and erasure
The user may view, update, modify or request theerasure of personal data concerning him/her.
If he/she has one, the user has the right to request the erasure of his/her personal space on the website.
Right to data portability
The user has the right to request the portability of his/her data, held by the website, to another.
Right to restriction and to object to data processing
The user has the right to request the restriction or to object to the processing of his/her data by the website, without the Data Controller being able to refuse, unless it can be shown that there are legitimate and compelling reasons, which can prevail over the interests and rights and freedoms of the user.
For any information concerning his rights, or to exercise them, the user must write to the data controller at the following address : SARL C.P, 15 rue Béranger, 75003, Paris.
In order for the data controller to comply with the request, the user is required to provide the following information: first and last name, e-mail address and, if relevant, account number or personal space on the website or subscriber number.
The Data Controller is obliged to respond to the user within 30 days.
Right to refer to the competent authority
In the event that the Data Controller does not respond to the user's request, or if he believes that his rights have been infringed, he is entitled to refer the matter to the CNIL or any competent judge.
the user to