PRIVACY POLICY
FROM ITS PASTRY CHOCOLATERIE PRALUS
This Privacy Policy explains how we use your personal data (your “ Information ”).
It applies to Information we collect about you when:
- you are a Customer of our Online Stores (see our “ Customer Policy ”)
- you are a Prospect, interested in our services (see our “ Policy relating to our Prospects ”)
- you are an Internet user and are browsing our Site (see our “ Cookie Policy ”).
Finally, it contains information applicable to all our Policies (see our section “ Information applicable to all our Policies ”).
This Privacy Policy came into effect on June 10, 2024 .
We may change this Privacy Policy at any time if we change how we process your Information. We will inform you by the means most appropriate to our relationship with you (sending an email, displaying a notification on our Site).
1. Basic information
1.1. Who are we ?
SA PATISSERIE CHOCOLATERIE PRALUS, the data controller, is a simplified joint stock company with a share capital of €216,000, whose head office is located at 34, rue Général Giraud in Roanne (42300), registered with the RCS of Roanne under the name number 394 627 913, represented by Mr. François Pralus as President. (hereinafter referred to as “ SAS PRALUS ”).
1.2. How can you contact us?
For any questions regarding the protection of your personal data, you can contact us by one of the following means:
- By email: contact@chocolats-pralus.com or clickandcollect@chocolats-pralus.com
- By phone: 77.68.99.36
- By mail: SA PATISSERIE CHOCOLATERIE PRALUS - Personal Data Department – 34, rue Général Giraud – 42300 Roanne
1.3. Definitions
When we use capitalized terms in our Privacy Policy, we are referring to the definitions below, regardless of whether they are written in the singular or plural:“ Stores ” means the physical stores of the Pralus group, mentioned in section 2.3.2., in which Customers can choose to collect orders for Products placed via Click & Collect.
“ Online Store ” means the online store accessible from the addresshttps://www.chocolats-pralus.com/ , which is an integral part of the Site, on which you can order our Products and choose to be delivered at home or in store.
“ Customer ” means you if we have already concluded a commercial agreement together within the framework of the Online Store or Stores.
“ Information ” means personal data relating to you, whether such information identifies you directly or indirectly.
“ Internet user ” means you when you access our Site.
“ We ”, “ us ”, “ our ” and “ SAS PRALUS ” refer to our company as identified in the Who are we? .
“ Privacy Policy ” means this document in its entirety.
“ Policy ” means in our Confidentiality Policy one of the policies applicable to a specific category of persons.
“ Products ” means all the products that we can sell to you.
“ Prospect ” means you if you have expressed a commercial interest in our company or if we have identified you as potentially interested in our company.
“ Site ” refers to our website accessible at the following address:https://www.chocolats-pralus.com/ .
2. Customer Policy
This Policy explains the processing we carry out with your Information when you are a Customer and order our Products via the Stores or the Online Store.
2.1. What information do we collect about our Customers?
When you are a Customer, We may use different categories of Information about you, which you may provide to us yourself or which we may collect indirectly.Category of Information Collected | Description of Information that may be collected |
Identify | First and last name and title, address (billing address, delivery address), telephone number, email, date of birth, customer code that we assign to you internally. |
Personal account | Username, password and email associated with the account |
Settlement / Payment | Payment, terms and conditions of payment (discounts), information relating to means of payment: Bank card (the first 4 and last 4 digits of the card used, expiry date, name of the holder) |
Transaction | Transaction number, details of the purchase made |
Monitoring of the commercial relationship | Products purchased, orders, invoices and payment terms and deadlines, history of purchases made, correspondence with you, after-sales service, exchanges and comments between you and our customer relations manager |
Loyalty program | Customer number, promotional offers assigned, promotional offers used. |
2.2. Why do we use our Customer Information and for how long?
- we may need it to deliver the Products you have ordered from us ( Performance of a contract )
- we may need it to comply with our legal obligations ( Legal Compliance )
- we may have legitimate interests in using your Information ( Our Legitimate Interest )
- we may do this after obtaining your consent ( Consent ). You can withdraw your consent at any time.
Purpose | Legal basis | The duration of the conversation |
Management of our commercial relationship (order management, deliveries, after-sales service) | Execution of a contract | Throughout the duration of our contractual relationship |
Management of our legal, accounting and tax obligations within the framework of our contractual relationship | Compliance with the law | Conservation in archive form for the legal retention period to which we are required (e.g.: up to 10 years for our accounting obligations) |
Management of payments made on our Online Store | Execution of a contract | Until receipt of the Products, increased by the time limit provided for contesting receipt of the Products and the withdrawal period in order to manage reimbursements |
Retention of credit card information following a one-off online payment | Legitimate interest | Up to 13 months for instant debit payment cards and up to 15 months for deferred debit payment cards, in accordance with article L.133-24 of the Monetary and Financial Code. |
Management of the fight against fraud | Legitimate interest of SAS PRALUS to detect potential fraud that Customers could commit on the Online Store. | 6 months |
Claims and litigation management | Legitimate interest of SAS PRALUS to establish proof of a right or the proper execution of our contractual obligations | Throughout the duration of the limitation period applicable to our commercial relationship (e.g.: up to 5 years for civil limitation) |
Online Store Security (prevention and detection of computer attacks) | Legitimate interest of SAS PRALUS to detect malicious behavior in order to preserve the security of its Online Store, as well as the availability, integrity and confidentiality of the data it contains (personal data included). | 6 months |
Management of our loyalty program (management of your discounts and allocation of promotional offers) | Consent | For 3 years from our last contact with you or until we withdraw your consent |
Sending transactional emails to the Customer related to the operation of the Online Store | Execution of a contract | Throughout the duration of the contractual relationship |
Carry out satisfaction surveys or requests for opinions following an order | Legitimate interest of SAS PRALUS to carry out surveys satisfaction aimed at collecting the impressions of its Customers |
During 5 years |
Organization and management of your participation in a competition | Execution of a contract (competition rules) | For 5 years for probationary purposes |
Sending our newsletter | Consent | For 3 years from our last contact with you or until we withdraw your consent |
Prospecting in connection with products or services similar to those already purchased by you | Legitimate interest of SAS PRALUS | Up to 3 years from our last contact with you. You have the right to object to receiving our commercial prospecting |
Managing an opposition list | Legitimate interest of SAS PRALUS to no longer send prospecting to its customers who have objected to it | For 3 years from the exercise of your right of opposition |
2.3. Who do we communicate our Customer Information to?
2.3.1. To our teams
Your Information may be communicated to all our teams who need it to carry out their missions as part of the commercial management of our Clients. Example: our sales team to enter into contracts with you, our Support/After-sales service team to handle your questions or complaints, etc.
2.3.2. At our Stores
Your Information may be communicated to all Store teams who need it to prepare your Product orders and allow you to collect them via Click & Collect and respond to your requests.
Furthermore, any support request sent to the address clickandcollect@chocolats-pralus.com is processed by the data controller identified in the “How can you contact us” section. »
The list of our Stores, their addresses and contact methods are accessible in our general conditions of sale.
2.3.2. To our subcontractors
We use different technical service providers for different reasons:Identity of the subcontractor | Reasons for outsourcing |
Shopify | Hosting our servers |
Payplug | Online payment management |
Stencer | Online payment management |
Shopify | Sending transactional emails and the newsletter |
Ugo | Hosting of Click & Collect interfaces for collecting Products in Stores |
2.3.3. To administrative or judicial authorities
We may be required to communicate certain of your Information to administrative or judicial authorities when we receive a legal requisition.
2.3.4. To carriers
Carriers and logistics providers may be recipients of some of your Information for the handling and delivery of your orders.C olissimo | Delivery of orders |
Chronopost | Delivery of orders |
Chronofresh | Delivery of orders |
2.4. Where do we store our Customer Information?
Some of our technical subcontractors may host some of your Information outside the European Union. When this is the case, we ensure beforehand that our subcontractors take adequate guarantees in compliance with the General Data Protection Regulation (GDPR).
Below you will find the list of data transfers outside the European Union that can be carried out and the appropriate guarantees that we take:
Recipient identity | Adequate guarantees taken |
S hopify | Adequacy decision (USA, Canada): https://www.shopify.com/fr/legal/dpa |
3. Lead Policy
This Policy explains the processing that we carry out with your Information when you are a Prospect of SAS PRALUS.
3.1. What information do we collect about our Prospects?
When you are a Prospect, We may use different categories of Information about you, which you may provide to us yourself or which we may collect indirectly (for example, from publicly available sources).Category of Information Collected | Description of Information that may be collected |
Identify | First and last name, title, postal address, telephone number, email |
Monitoring of the prospecting relationship | Prospecting procedures carried out by SAS PRALUS, requests for information from the Prospect, direct requests received from the Prospect, correspondence with you, etc. |
3.2. Why do we use our Prospect Information and for how long?
When you are a Prospect, We may use your Information for different reasons:- we may have legitimate interests in using your Information ( Our Legitimate Interest )
- we may do this after obtaining your consent ( Consent ). You can withdraw your consent at any time.
Purpose | Legal basis | The duration of the conversation |
Management of our prospecting relationship (monitoring our requests, responding to your requests, making appointments, etc.) | Legitimate interest of SAS PRALUS to develop its commercial activity | Up to 3 years from the last contact with you. |
Sending our newsletter | Consent | For 3 years from our last contact with you or until we withdraw your consent |
Email prospecting for consumers | Consent | For 3 years from our last contact with you or until we withdraw your consent |
Organization and management of your participation in a competition | Execution of a contract (competition rules) | For 5 years for probationary purposes |
Managing an opposition list | Legitimate interest of SAS PRALUS to no longer send prospecting to people who have objected to it | For 3 years from the exercise of your right of opposition |
3.3. Who do we communicate our Prospect Information to?
3.3.1. To our teams
Your Information may be communicated to all our teams who need it to carry out their missions as part of the commercial management of our prospects. Example: our sales team to send you commercial requests, to respond to your requests for documentation, etc.3.3.2. To our subcontractors
We use different technical service providers for different reasons:Identity of the subcontractor | Reasons for outsourcing |
S hopify | Hosting our servers |
S hopify | Sending transactional emails and the newsletter |
Ugo | Hosting of Click & Collect interfaces for collecting Products from the Store |
3.4. Where do we store our Prospect Information?
Our main computer servers are geographically located in France.Some of our technical subcontractors may host some of your Information outside the European Union. When this is the case, we ensure beforehand that our subcontractors take adequate guarantees in compliance with the General Data Protection Regulation (GDPR).
Below you will find the list of data transfers outside the European Union that can be carried out and the appropriate guarantees that we take:
Recipient identity | Adequate guarantees taken |
S hopify | Adequacy decision (USA, Canada): https://www.shopify.com/fr/legal/dpa |
4. Cookie Policy
4.1. Preamble
When you visit our Site as an Internet user, we may place or read cookies or trackers on your terminal.
Our Cookie Policy also applies to our Customers when they connect to our Online Store.
4.2. What is a cookie ?
A cookie is a small file placed or read on your terminal (computer, tablet, smartphone).
They allow you to store information on your terminal related to your browsing on our Site.
Reading and storing cookies generally requires your consent; however, certain so-called technical cookies may be placed without your consent.
4.3. Who places the cookies?
SAS PRALUS and its partners may place cookies on your terminal.
4.4. What types of cookies do you use?
We use different types of cookies:
4.4.1. Technical cookies
We use technical cookies necessary for the operation of our Site; These cookies are placed by Shopify, the framework on which we built our Site.Below you will find the list of technical cookies.
To find out more, you can visit: https://www.shopify.com/legal/cookies#merchant-storefronts
For your information, these cookies are exempt from obtaining your prior consent due to their technical nature.
Cookie publisher | Cookie name | Purpose of the cookie | Cookie lifespan |
Shopify | _ab | Used in connection with administrator access. | 2 years |
Shopify | _customer_account_shop_sessions | Used in combination with the _secure_account_session_id cookie to track a user's session for new customer accounts | 30 days |
Shopify | _secure_account_session_id | Used to track a user's session for new customer accounts | 30 days |
Shopify | _secure_session_id | Used to track a user's session through the multi-step checkout process and keep their order, payment and shipping details connected. | 24h |
Shopify | _shopify_country | For stores where the pricing currency/country is set from GeoIP, this cookie stores the country we detected. This cookie allows you to avoid performing GeoIP searches after the first request. | session |
Shopify | _shopify_m | Used to manage customer privacy settings. | 1 year |
Shopify | _shopify_tm | Used to manage customer privacy settings. | 30 minutes |
Shopify | _shopify_tw | Used to manage customer privacy settings. | 2 weeks |
Shopify | _storefront_u | Used to facilitate updating customer account information. | 1 minute |
Shopify | _tracking_consent | Used to store a user's preferences if a merchant has privacy policies in place in the visitor's region. | 1 year |
Shopify | _cmp_a | Used to manage customer privacy settings. | 24 hours |
Shopify | vs | Used as part of payment. | 1 year |
Shopify | cart | Used in connection with shopping cart. | 2 weeks |
Shopify | cart_currency | Set after checkout is complete to ensure new carts are in the same currency as the last checkout. | 2 weeks |
Shopify | cart_sig | A hash of the contents of a shopping cart. This is used to verify the integrity of the cart and to ensure certain cart operations are performed. | 2 weeks |
Shopify | cart_ts | Used as part of payment. | 2 weeks |
Shopify | cart_ver | Used in connection with shopping cart. | 2 weeks |
Shopify | checkout | Used as part of payment. | 4 weeks |
Shopify | checkout_token | Used as part of payment. | 1 year |
Shopify | customer_account_locale | Used for new customer accounts | 1 year |
Shopify | dynamic_checkout_shown_on_cart | Used as part of payment. | 30 minutes |
Shopify | hide_shopify_pay_for_checkout | Used as part of payment. | session |
Shopify | keep_alive | Used as part of buyer location. | 2 weeks |
Shopify | master_device_id | Used in connection with merchant login. | 2 years |
Shopify | previous_step | Used as part of payment. | 1 year |
Shopify | discount_code | Used as part of payment. | session |
Shopify | remember_me | Used as part of payment. | 1 year |
Shopify | secure_customer_sig | Used to identify a user after logging into a store as a customer so that they do not need to log in again. | 1 year |
Shopify | shopify_pay | Used as part of payment. | 1 year |
Shopify | shopify_pay_redirect | Used as part of payment. | 1 hour, 3 weeks or 1 year depending on the value |
Shopify | shop_pay_accelerated | Used as part of payment. | 1 year |
Shopify | storefront_digest | Stores a storefront password summary, allowing merchants to preview their storefront while it is password protected. | 2 years |
Shopify | tracked_start_checkout | Used as part of payment. | 1 year |
Shopify | checkout_session_lookup | Used as part of payment. | 3 weeks |
Shopify | checkout_prefill | Used as part of payment. | 5 months |
Shopify | checkout_queue_token | Used as part of payment. | 1 year |
Shopify | checkout_queue_checkout_token | Used as part of payment. | 1 year |
Shopify | checkout_worker_session | Used as part of payment. | 3 days |
Shopify | checkout_session_token | Used as part of payment. | 3 weeks |
Shopify | checkout_session_token_<<token>> | Used as part of payment. | 3 weeks |
Shopify | cookietest | Used to ensure the proper functioning of our systems | 1 month |
Shopify | order | Used in connection with the order status page. | 3 weeks |
Shopify | identity-state | Used in connection with client authentication | 24 hours |
Shopify | identity-state-<<token>> | Used in connection with client authentication | 24 hours |
Shopify | identity_customer_account_number | Used in connection with client authentication | 12 weeks |
Shopify | card_update_verification_id | Used as part of payment. | 20 months |
Shopify | customer_account_new_login | Used in connection with client authentication | 20 months |
Shopify | customer_account_preview | Used in connection with client authentication | 7d |
Shopify | customer_payment_method | Used as part of payment. | 1 hour |
Shopify | customer_shop_pay_agreement | Used as part of payment. | 20 months |
Shopify | pay_update_intent_id | Used as part of payment. | 20 months |
Shopify | location | Used as part of payment. | 2 weeks |
Shopify | profile_preview_token | Used as part of payment. | 5 months |
Shopify | login_with_shop_finalize | Used in connection with client authentication | 5 months |
Shopify | preview_theme | Used in connection with the theme editor | session |
Shopify | shopify-editor-unconfirmed-settings | Used in connection with the theme editor | 4 p.m. |
Shopify | wpm-test-cookie | Used to ensure the proper functioning of our systems. | session |
4.4.2. Audience measurement cookies
We use audience measurement cookies to establish traffic statistics for our Site and usage statistics for our Online Store.Cookie publishers | Cookie names | Purposes of cookies | Lifespan of cookies | To know more |
Google Analytics: _ga | We use Google Analytics to help us measure how you interact with the Online Store. | Maximum 13 months | https://policies.google.com/privacy | |
META | Pixel META | We use the META Pixel to measure how you interact with the Online Store from the META group's social networks (Facebook, Instagram, Threads). | Maximum 13 months | https://www.facebook.com/privacy/explanation |
4.4.3. Advertising cookies
We use advertising cookies to display personalized advertising based on your browsing and your profile.We use advertising cookies to display personalized advertising on social networks.
Cookie editor | Name of cookies | Purposes of cookies | Cookie lifespan | To know more |
META | Pixel META | We use the META Pixel to offer you advertising on your META applications (Facebook, Instagram, Threads). | 13 months maximum | https://www.facebook.com/privacy/explanation |
TikTok | _ttp | We use the TikTok pixel to personalize advertising to you on your TikTok feed | 13 months from last use | https://ads.tiktok.com/help/article/using-cookies-with-tiktok-pixel?lang=en |
_pinterest_ct_rt | We use this cookie to personalize advertising to you on your Pinterest feed. | 12 months | https://help.pinterest.com/fr/business/article/pinterest-tag-parameters-and-cookies |
4.4.4. How can I withdraw my consent?
You can withdraw your consent at any time by setting it on our cookie manager accessible on any page of the Site.
5. Information applicable to all of our Policies
5.1. What are your rights ?
The regulations relating to the protection of personal data grant you several rights:Permission to access | You can ask us for access to any Information we have about You. |
Right of rectification | You can ask us to correct your Information if it is inaccurate. |
Right to object | You can ask us to stop using your Information when we do so based on a legitimate interest. You can also ask us to stop receiving marketing. |
Right to withdraw your consent | Where any of our processing is based on your prior consent, you may withdraw your consent at any time. We will then stop using your Information for this processing. |
Right to erasure | You can ask us to erase your Information and for us to stop using it. |
Right to limitation | You can ask us to temporarily stop using your Information while requiring that we retain it temporarily. |
Right to portability | You can ask us to provide you with an export of your Information in a reusable format and, where possible, ask us to transmit it to another organization which can reuse it. |
Right not to be the subject of an automated individual decision | You have the right not to be subject to a decision based exclusively on automated processing producing legal effects concerning you or significantly affecting you. |
Right to define guidelines regarding your data in the event of death | You have the right to set, update or revoke guidelines relating to the retention, erasure or communication of your Information after your death. |
Right to lodge a complaint | You can lodge a complaint with the authority responsible for protecting personal data (in France, the CNIL, www.cnil.fr) if you believe that your rights have not been respected. |
5.2. How to exercise your rights?
To exercise your rights, contact us using the contact details in the article “ How can you contact us? ”.We will do our best to provide you with a response within one month.
The rights that you can exercise are defined by the GDPR and depend on the legal basis of our processing. It may therefore happen that we cannot accept a request to exercise rights because the right invoked cannot be exercised. If this is the case, we will let you know.
We may also ask you for proof of identity to be certain that it is you who is exercising your rights and when we have no other means of ensuring this. You should only send us proof of identity if we ask you to do so.