Customer data protection charter

Last update : August 2024

1.Our contact details

The data controller is the company that determines how and for what purpose your personal data is used.

The personal data collected on the site or when you place orders in shops is processed by GROUPE COURIR SAS, registered under n°843 726 704 R.C.S PARIS, whose registered office is located at 91 avenue Ledru Rollin - 75011 Paris, telephone: 01 75 64 32 01, hereinafter referred to as "COURIR".

2.Our commitment to protecting personal data

Since its creation in 1980, COURIR has always maintained a close relationship with its customers, as well as with the local social and economic fabric. It is constantly improving its compliance with the General Data Protection Regulation (RGPD) and Law No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties to ensure the highest level of protection for your personal data.

So that you can make your purchases with complete peace of mind, this personal data protection charter (hereinafter referred to as "personal data") describes in one document clear, simple and sincere information concerning the processing of personal data by COURIR. This charter will enable you to better understand what information and personal data we collect and how we use it to provide you with services on a daily basis, while respecting your rights with regard to your personal data.

Whatever the sales or contact channel you use, COURIR undertakes, in accordance with current legislation, to protect your privacy by ensuring the protection, confidentiality and security of the personal data you entrust to us.

For all information on the protection of personal data, please consult the website of the Commission Nationale de l'Informatique et des Libertés (French Data Protection Authority) www.cnil.fr.

3.How we use your personal data

3.1 Why does COURIR collect your personal data?

COURIR uses your personal data mainly for the following purposes:

- Customer account management (e.g. accessing your customer account, storing your personal details so that you do not have to re-enter them during your visit or on future visits to the site, in the event of a forgotten password, updating your personal details);
- Managing orders and those of our partners (e.g. order registration, delivery, invoicing and customer accounting, secure payment on the site or in shop);
- Fraud prevention ;
- Customer and prospect relationship management (e.g. customer service, complaints, refunds, dispute management);
- Management of our myCOURIR Start / Plus loyalty programme;
- Sending satisfaction surveys and opinion polls (e.g. sending an e-mail after purchasing a product, submitting opinions on our products);
- The communication of our newsletters and promotional offers by SMS and/or Email;
- Carrying out analyses, statistics and tools for steering, measuring and reporting with a view to adapting our commercial and marketing activities (e.g. personalised advertising);
- The organisation of lotteries or competitions.

3.2 What type of personal data is collected?

We collect and process your identification data such as surname, first name, postal address, email address, date of birth, password, fixed or mobile telephone number, loyalty card number, connection data, order history and Customer Service information. In some cases, we may collect the customer's experience on our online services, such as products added to the shopping basket, as well as the products consulted and your purchasing preferences. In some cases, we may collect location data, for example to tell you which shop is closest to you.

The compulsory nature of the data is indicated at the time of collection by an asterisk. Some data is collected automatically as a result of your actions on the site, while other information may be transmitted by partners.

In accordance with the law, we do not under any circumstances collect special categories of personal data such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic personal data, biometric personal data for the purpose of uniquely identifying a natural person, personal data concerning health or personal data concerning the sex life or sexual orientation of a natural person.

These particular categories of personal data are never collected or processed by COURIR.

3.3 When does COURIR collect your personal data?

We collect the information you provide when :

- Create your customer account on our website or in shop;
- Join our myCOURIR loyalty programme;
- You place an order on our site or in shop as part of your purchases;
- You are browsing our site and consulting products;
- You are taking part in a game or competition;
- Contact our Customer Service department;
- Write a review on our products;
- You respond to a satisfaction survey;
- You are viewing our advertisements;

3.4 On what legal basis and for how long is my personal data processed?

In accordance with the terms of this Charter, the general terms of sale or use of our products or services, the processing of your personal data is justified on various grounds (legal basis) depending on the use we make of the personal data. These include

- The contract: the processing of personal data is necessary for the performance of a sales contract, the general terms and conditions of sale or use or for the performance of pre-contractual measures taken at your request;
- Consent: you agree to the processing of your personal data by means of an express consent (tick box, click...). You may withdraw this consent at any time;
- Legitimate interest: COURIR has a legitimate interest in processing your data which is justified, balanced and does not infringe your privacy. Save in exceptional circumstances, you may at any time object to processing based on legitimate interest by notifying COURIR ;
- Legal obligation: the processing of your personal data is made compulsory by a legal obligation with which COURIR must comply.

These processing operations are carried out taking into account your interests and fundamental rights as customers. As such, they are accompanied by measures and guarantees to ensure the protection of your interests and rights, while striking a fair balance with the legitimate interests we pursue.

Most data (e.g. your customer account information and order history) is kept for as long as you are an "active" customer and for a period of 5 years from your last activity (e.g. purchase, connection to your account or expiry of a contract). Your data is then archived with restricted access for a further period for limited purposes authorised by law (payment, guarantee, disputes, etc.). After this period, it is deleted.

Purpose of processing Legal basis Shelf life in active base
Customer account management Contract 5 years from last activity
Managing orders and those of our partners Contract Delivery data: 5 years from date of delivery Invoicing and accounting data: 10 years from date of invoice
Fraud prevention Legitimate interest 3 years from registration on an alert list
Customer and prospect relationship management Legitimate interest From the last activity : Customer: 5 years Prospect: 3 years
Managing the myCOURIR Start / Plus loyalty programme Contract Delivery data: 5 years from date of delivery Invoicing and accounting data: 10 years from date of invoice
Sending satisfaction surveys and polls and submitting product reviews Legitimate interest 5 years from the date of publication of the notice
The communication of our newsletters and promotional offers by SMS and/or Email Consent You can withdraw your consent at any time (at the bottom of the emails you receive or on your customer account, under "My information").
Carrying out analyses, statistics and tools for steering, measuring and reporting with a view to adapting our sales and marketing activities; Legitimate interest - Consent for the collection of navigation data Data retained for as long as the customer remains active, does not object to processing and does not request the deletion of his/her data.Browsing / connection / cookie data: 13 months maximum
Organising lotteries or competitions (raffles) Contract Contract duration

3.5 Who receives your personal data?

COURIR processes certain personal data within its strictly authorised internal departments as part of their duties.

In the course of our business, we may use the services of subcontractors, to whom we may transfer your data in order to carry out the tasks entrusted to them. COURIR remains responsible for the processing of your data and we ensure that the use of your information and the security standards used are compliant. We use several categories of sub-contractors:

- Logistics sub-contractors (transport, delivery, order preparation) ;
- Payment subcontractors (secure payment, fraud prevention) ;
- Technical subcontractors (IT outsourcing and suppliers of Cloud solutions, cashier systems management, etc.) ;
- Subcontractors in charge of customer relations (refund requests, call centre, product reviews, satisfaction surveys, etc.) ;
- Marketing sub-contractors (canvassing, recommendations, personalisation, targeted advertising, tracking of purchase paths, etc.) ;
COURIR may communicate certain personal data to advertising platforms and commercial partners, where appropriate with your consent.

Sub-contractors and service providers are obliged to respect the confidentiality and security of personal data which may be communicated to them and to use them only within the framework of the execution of their sub-contracting mission or service provision. COURIR guarantees that the personal data of clients/prospects will not be disclosed to any unauthorised third party without its agreement.

COURIR may also communicate certain personal data to the tax authorities when this is required by the legal obligations applicable to the Company. In particular circumstances, COURIR may be led to disclose personal data when required by the judicial authorities.

COURIR does not sell or rent the personal data of customers/prospects to third parties.

3.6 Is your data transferred outside the European Union?

We may share personal data with other companies in order to implement the services you have contracted or subscribed to (e.g. home delivery, collection points, product availability alerts, etc.). Operations with third-party recipients of your data are subject to a contract in order to ensure that your data is protected and that your rights are respected.

Insofar as possible, COURIR makes every effort to ensure that personal data transferred to partners or sub-contractors is done so within the European Union, or in countries considered "adequate" by the CNIL.

In the event that COURIR communicates personal data outside the European Union, measures are taken to ensure that said data will benefit from the same level of protection as that imposed by the European Union in terms of data protection.

In this respect, COURIR will ensure that the processing is carried out in accordance with this policy and that it is governed by the European Commission's standard contractual clauses which make it possible to guarantee a sufficient level of protection for the privacy and fundamental rights of individuals.

4.Exercising your rights over your personal data

4.1 What are your rights?

You have full rights under French Law No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties and under the General Data Protection Regulation.

You also have the right to lodge a complaint with the CNIL.

4.2 How to exercise your rights

- Subscribe and unsubscribe to COURIR newsletters

You can subscribe to and unsubscribe from COURIR newsletters in the [My account - My information] area and by ticking the appropriate box in [My preferences].

You can also unsubscribe from COURIR newsletters by clicking on the link "To stop receiving messages from Courir, click here" at the bottom of all emails sent by COURIR, and then validate your unsubscription.

- Rectification of your personal data

You can change your personal details (surname, first name, password, email address, default addresses) directly in your [My account - My details] area. You can also request rectification of your personal data using the Customer Service form on our site. Choose "Web account" > "I would like to change my details".

- Portability of your personal data

You can exercise your right to the portability of your personal data by logging into your customer account. Click on "My information" then "Porting my personal data". A file in JSON format will be downloaded containing your customer account information (surname, first name, date of birth, transactions carried out, etc.).

- Your other legal requests

You can exercise your right to erasure and access via this form. This form is also available in our FAQ under "CUSTOMER ACCOUNT" > "How do I manage my personal data? For the request to be processed correctly, you must enter the email address linked to your customer account, otherwise we will unfortunately be unable to retrieve your information. We collect this information to ensure that you can exercise your rights in accordance with articles 12 et seq. of the RGPD and to enable us to respond to you as quickly as possible. It is intended for our team in charge of managing requests.

You may also exercise your rights of access by sending a letter together with a copy of any identity document to the Service DPO, Délégué de la protection des données à caractère personnel at the following address: 6 place Robert Schuman, 38000 Grenoble.

5.Our personal data security measures

5.1 Our security and confidentiality commitments

Respecting your right to the protection, security and confidentiality of your data is our priority. COURIR undertakes to implement security measures appropriate to the degree of sensitivity of the personal data in order to protect it against any malicious intrusion, loss, alteration or disclosure to unauthorised third parties.

During the development, design, selection and use of our services which are based on the processing of personal data, COURIR takes into account the right to the protection of personal data right from the design stage. In this respect, for example, we proceed with the pseudonymisation or anonymisation, as appropriate, of personal data as soon as this is possible or necessary.

As all personal data is confidential, access to it is limited to COURIR

employees, or service providers acting on behalf of COURIR, who need it to carry out their duties. All persons having access to your data are bound by a duty of confidentiality and may be subject to disciplinary measures and/or other sanctions if they fail to comply with these obligations.

At Courir, we are fully committed to protecting the personal data you entrust to us. In our constant concern for security, we encourage you to exercise caution to prevent any unauthorised access to your personal data.

In particular, we invite you to read our cookies policy on our website.

5.2 Our Data Protection Officer

We have appointed a Data Protection Officer (DPO) whose personal details are as follows: Claire Pellarin, Délégué de la protection des données à caractère personnel, 6 place Robert Schuman, Bât B1- 38000 Grenoble, dpo@courir.com.