Privacy policy
Effective from: 05/27/2024
What is the purpose of this policy?
24 Sèvres, which manages the e-commerce site www.24s.com and the iOS mobile application 24S (hereinafter jointly the "Site"), attaches great importance to the protection and confidentiality of your personal data, which for us represents a guarantee of reliability and trust.
The data privacy policy specifically reflects our desire to ensure that 24 Sèvres complies with the applicable rules on data protection and, more specifically, those of the General Data Protection Regulation ("GDPR").
In particular, the privacy policy aims to inform you about how and why we process your data in the context of activities related to the products and services we provide to you.
Who is this policy for?
The policy applies to you, wherever you live, whenever you visit our Site, whether or not you have a user account on our Site or whether or not you make purchases on our Site.
With regard to the loyalty programme La Carte 24 Sèvres, a joint programme with Le Bon Marché Rive Gauche and La Grande Épicerie de Paris, we invite you to read the Charter dedicated to La Carte 24 Sèvres.
Why do we process your data?
As part of the services we offer, we may need to process your personal data in order to :
- to enable you to use and benefit from our Site (e.g. to search for products, add them to your basket, make purchases, manage the processing of orders and their delivery, personal shopper service, marketplace, etc.) and all its functionalities on the basis of the performance of the contract.
- to manage user accounts (e.g. account creation, access to the service and deletion of accounts) on the basis of the performance of the contract.
- to be able to manage fraud on our Site on the basis of our legal obligation to be able to do so. We would point out that this does not involve profiling within the meaning of the RGPD, since validation of the blocking of your account in the event of suspected fraud is always carried out by our teams and is never done automatically.
- communicate with our customer service via email, chat or telephone on the basis of the performance of the contract.
- pay online on the basis of performance of the contract.
- receive our technical emails (e.g. modification of passwords, etc.), which are essential for the proper functioning of our service, on the basis of the performance of the contract.
- receive our commercial emails and our newsletter on the basis of your prior consent if you are not a customer and on the basis of our legitimate interest in sending you commercial offers if you are already a customer of our products and/or services.
- operate videos in order to provide you with a quality service, based on the performance of the contract.
- provide you with high-quality customer service (e.g. answering your questions, managing any complaints) on the basis of the performance of the contract.
- take part in our competitions on the basis of compliance with the rules of the competition concerned, which may be available in our FAQ section.
- provide you with a quality Very Important Customer ("VIC") and Customer care service on the basis of performance of the contract.
- to be able to collect your GPS position when you browse our mobile application where you have given your prior consent.
- to guarantee and enhance the security and quality of our day-to-day services (e.g. statistics, data security, etc.) on the basis of our legal obligations, the performance of the contract and our legitimate interest in ensuring the proper functioning of our services.
Your data is collected directly from you when you use our Site and we undertake to process your data only for the purposes described above.
What data do we process and for how long?
We have summarised the categories of personal data we collect and their respective retention periods.
If you would like more details about the retention periods applicable to your data, you can contact us : bonjour@24s.com.
- Personal identification data (e.g. surname, first name, postal address, etc.) : kept for as long as you use the Site to create an account or make a purchase, plus the statutory limitation periods, which are generally 5 years.
- Identity document (e.g. national identity card or passport) : kept for the period during which your request is processed if you are applying for a tax refund, plus the statutory limitation periods, which are generally 5 years.
- Economic and financial data (e.g. bank account number, verification code, etc.) : kept for the time required to complete the transaction and to manage invoicing and payments, plus the statutory limitation periods, which are generally 5 to 10 years. This data is kept directly by our payment service providers.
- Email address to receive our technical messages : kept until your account is deleted.
- Email address for receiving our commercial messages (including our newsletter) kept : until the end of your subscription to these emails or up to 3 years from the last contact with you.
- Connection data (e.g. logs, IP address, etc.) : kept for 1 year.
- Purchase invoices : kept for 10 years, even if the person concerned is no longer a customer.
- Purchase history : kept for as long as your account is active, until you request that your account be deleted or after 36 months of inactivity on the account.
- Information relating to your on-line purchases, your purchasing preferences and centers of interest that you choose to communicate to us during exchanges with our various services (Customer Service, VIC, etc.).
- GPS geolocation : retained for the duration of the activation of your account until you opt-out or after a period of inactivity of 36 months on the account.
For cookies, please consult our dedicated Cookie Policy accessible on our Site.
Once the retention periods described above have expired, the deletion of your personal data is irreversible and we will no longer be able to communicate it to you after this period. At most, we may only keep anonymous data for statistical purposes.
Please also note that in the event of a dispute, we are obliged to retain all data concerning you for the duration of the case, even after the expiry of the retention periods described above.
What rights do you have to control the use of your data?
The applicable data protection regulations give you specific rights which you can exercise, at any time and free of charge, to control the use we make of your data.
- The right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality or the confidentiality of correspondence.
- The right to rectify any personal data that is incorrect, obsolete or incomplete.
- The right to request the deletion ("right to be forgotten") of personal data that is not essential for the proper functioning of our services.
- The right to limit the use of your personal data, which allows us to freeze the use of your data in the event of a dispute as to the legitimacy of processing.
- The right to the portability of your data, which allows you to recover part of your personal data so that it can be easily stored or transmitted from one information system to another.
- The right to give instructions on what should happen to your data in the event of your death, either through you, a trusted third party or a beneficiary.
For a request to be taken into account, it must be made directly to : bonjour@24s.com. Any request that is not made in this way and/or is incomplete cannot be processed.
Requests cannot come from anyone other than you. We may therefore ask you to provide proof of identity if there is any doubt about the identity of the person making the request.
We will respond to your request as quickly as possible, within one month of receipt, unless the request is complex or repeated. In this case, the response time may be up to three months. This applies in particular to people who have a "La Carte 24 Sèvres" loyalty account.
Please note that we can always refuse to respond to any excessive or unfounded request, particularly with regard to its repetitive nature.
Who can access your data?
We never transfer or sell your data to third parties or commercial partners. All your personal data is used exclusively by our teams or by our IT service providers.
More specifically, we only share your data with people who are duly authorised to use it to provide you with our service, such as our IT department or our customer relations department.
Your personal data is also transferred to our IT service providers who are used solely to operate our Site, such as our data host or our technical email sending tool.
We would like to point out that we check all our IT service providers before recruiting them in order to ensure that they scrupulously comply with the rules applicable to the protection of personal data.
How do we protect your data?
We implement all the technical and organisational means required to guarantee the security of your data on a day-to-day basis and, in particular, to combat any risk of unauthorised destruction, loss, alteration or disclosure of your data (e.g. training, access control, passwords, etc.).
Can your data be transferred outside the European Union?
The personal data processed by our Site is exclusively hosted on servers located within the European Union.
Furthermore, we do our utmost to use only technical tools whose servers are also located within the European Union. However, if this is not the case, we scrupulously ensure that they implement the appropriate guarantees required to ensure the confidentiality and protection of your personal data. In addition, we undertake to always enter into standard contractual clauses with them, drawn up by the European Commission, in order to provide a framework for such transfers.
Who can you contact for more information?
In order to guarantee the protection and integrity of your data, we have formally appointed an independent Data Protection Officer ("DPO") to our supervisory authority.
You can contact our DPO free of charge at any time to obtain more information or details on how we process your data: bonjour@24s.com.
How can you contact the CNIL?
You may at any time contact the "Commission nationale de l'informatique et des libertés" or "CNIL" at the following address: CNIL Complaints Department, 3 place de Fontenoy - TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22.
Can this policy be changed?
We may amend our privacy policy at any time to adapt it to new legal requirements and to new processing operations that we may carry out in the future.
Certified compliant by Dipeeo