The General Data Protection Regulation (GDPR) establishes the legal framework applicable to personal data processing. It reinforces the rights and obligations of data controllers, subcontractors, individuals concerned and recepient of data.
THOREME executes and uses personal data processing relating to its website users.
This policy explains how THOREME collects, processes and protects the personal information of its website users.
THOREME is responsible for processing the personal data collected and processed through its website www.thoreme.mywizi.com.
This policy applies to all the personal data that THOREME gathers, uses, shares or processesing the performance of its activities, both online (hereafter “website”) and offline (hereafter “services”).
Personal data processing can be managed directly by THOREME or via a subcontractor previously appointed by THOREME.
3. Origin of the collected data
In the first instance, THOREME gets directly from its clients or contacts their personal data via a newsletter subscription, a registration on the website, a purchase, a survey, a comment, a question, etc.
Type of personal data collected this way:
- postal address;
- e-mail address;
- user name;
- phone number ;
- credit card or other payment information;
- date of birth;
- information, comments or contents about marketing preferences;
- content generated by the users, messages and other contents relating to the website;
- sometimes, information given about the client’s or contact’s family or other persons. In such cases, THOREME assumes the client or contact is entitled to share this information;
- sensitive personal data such as information regarding image, health (included information linked to the use of the product and the medical history), sex life (and related behaviours);
- any other personal data provided directly and voluntarily.
THOREME stipulates if the client or contact must provide any personal information.
Type of data collected this way:
- mobile or browser-related data;
- information regarding the way the website is used, such as details on the web pages that were visited, the banners and hyperlinks on which the user clicked, and so on;
- the opening of e-mails sent by THOREME;
- the websites visited before the user landed on THOREME;
- the IP address;
- the hyperlinks on which the user clicked;
- the username, profile picture, gender, network and any other information shared on third-party websites (such as the “like” feature on Facebook or the “+1” feature on Google +);
- the MAC address;
- the information shared by using the social media tools built into the THOREME website or connection identifiers to social media to access the THOREME website and applications; and
- the information provided regarding the user’s location.
Finally, the personal data car be collected from other sources such as:
- trusted commercial partners;
- social media pages;
- user research companies;
- intermediaries facilitating data portability.
The personal data collected this way can include interests such as hobbies, pets, consumption and market research data, purchasing behaviour, public data or activities such as blogs, videos, Internet posts of information generated by the user.
4. Purposes of processing
THOREME can use personal user data for commercial purposes in order to:
- process and manage purchased, to communicate information regarding the purchase for instance, to treat payments, to deliver the purchased products and offer an adequate customer service;
- allow the user to benefit from promotions, giveaways, surveys and polls;
- allow the user to share information and ideas on the THOREME page, social networks, forums and other communication canals;
- better understand the user’s need and provide more relevant information, analyse and examine commercial activities, conduct tests, develop and evaluate new products, carry out market studies and audits, identify usage tendencies and determine the efficiency level of marketing campaigns as well as the level of satisfaction of customers;
- inform the user about products and services, send them promotional supports (such as new products announcements, discounts, saving plans, joint discounts and other programs) linked to the THOREME brand and that of trusted commercial partners carefully selected, subject to the approval of marketing announcements;
- manage the website and matching the experience and website contents to the previous activities in order to customise the experience;
- answer questions or requests;
- manage any signalled inconvenience in relation with a product;
- manage the files globally;
- comply with legal and regulatory requirements.
THOREME can save anonymous data from personal data by leaving out some information (such as the name). THOREME uses this anonymous data to analyse products. THOREME reserves the right to use this anonymous data and forward it to third parties including, without any restrictive conditions, to research partners in its sole discretion.
5. Data recipients
THOREME can share the personal data collected with service partners, trusted third parties working in its name such as e-commerce agencies, softwares, data hosting provider and other IT services, payment systems, etc. These third-party service providers are bound to use the personal data collected only to provide the services requested by THOREME and according to its instructions.
THOREME can also share the personal data collected with other trusted third parties, such as commercial partners and data exchange providers in order to be able to offer customised contents including more relevant advertisements for products and services prone to appeal to the user. These third parties can install and access their own cookies, web beacons and similar tracking technologies on the user’s mobile in order to offer them customised contents and advertisements when they visit the THOREME website.
The website and applications can also allow the user to log in using an account on a social network or another third party. “Log in using Facebook” is an example of connecting through a third party.
If another company acquires parts of the THOREME brand or of its assets, this company can acquire the personal data collected in whole or in part and will assume the rights and obligation relating to personal data as described in this policy. In case of insolvency, bankruptcy or receivership, the personal data can also be transferred as an asset of the company, subject to the application of the prevailing law.
THOREME will have to transfer the collected data in order to fulfil its obligations in the course of a judicial investigation to comply with the applicable law, with court orders, with subpoena and warrants for which it is given notice, to protect of defend its rights and to investigate or help prevent any potential violation of the applicable law and of this policy.
6. Data protection
Appropriate technical and organisation measures protect the personal data collected against accidental or illicit destruction, loss, alteration, disclosure ou unauthorized access or any other form of illicit treatment.
During collection and transfer of sensitive personal data, THOREME uses many additional security technologies and processes to help protect the information.
The personal data provided are stored on computer systems located in controlled facilities that can only be accessed by a limited number of persons who need it to perform their tasks and all the required services.
Encryption techniques are used when THOREME processes highly confidential data (such as credit card numbers) on the Internet.
User’s rights relating to the personal data collected:
- asking for information regarding the processing of personal data;
- asking for a copy of the personal data held;
- asking to update the personal data held or to edit any incorrect or incomplete personal data;
- asking for deletion of the personal data held or for usage restrictions from THOREME (“right to be forgotten”);
- taking away consent to personal data processing at any time;
- opposing personal data processing (including for direct marketing purposes); or
- asking for personal data to be transferred (“right to data portability”).
Furthermore, in some instances, THOREME can process personal data via automated decision-making processes, including profiling. This can include the segmentation and customisation of data to match communications and products to perceived needs.
If the user feels that the processing of their personal data does not comply with European data protection laws, they are hereby advised that they have to right to file a claim with an inspection authority – CNIL in France – at this address:
Cnil – Claims service
3, place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Phone: 0033 1 53 73 22 22
9. Length of personal data conservation
THOREME only keeps personal data as long as is reasonable for the purposes detailed in this policy or to comply with legal and contract requirements THOREME is subject to.
When the personal data are processed, they are kept up until 2 years depending on their nature, starting on the date of the last interaction between THOREME and the user.
The THOREME website is not intended for children. THOREME requires all users under 18 not to provide any personal information on its website.
The parents or legal representative of a child under 16 registered on the website or who provided personal data must contact THOREME to have it removed. The information voluntarily provided by minors may be used by third parties to generate unsolicited e-mails. THOREME invites parents and legal representatives to teach minors how to use the Internet in a safe and responsible fashion.
11. Contact THOREME
Should you have any comments, questions or claims regarding this policy of the processing of personal data or if you wish to exercise one of the aforementioned rights, you can contact THOREME at firstname.lastname@example.org.
This policy may be modified at any time according to changes in legislation, jurisprudence or CNIL recommendations.
The users will be informed about any new version of this policy through THOREME’s method of choice.