Policy on the use of personal data

Activities related to the website https://alternativefengshui.com/en involve the processing of personal data.

What does the personal data policy cover?

This policy informs you about the nature of this data processing and your rights regarding your personal data.

This privacy policy has been drafted in accordance with Law No. 78-17 of January 6, 1978 (known as the “Data Protection Act” or “LIL”) and the General Data Protection Regulation (“RGPD”) No. 2016/679.

Who is responsible for this policy?

The data controller is the company SCIC INTERSTICES SUD AQUITAINE, represented by its legal representative Monsieur Papin Eric.

The contact details of the data controller are as follows: Alternative Fengshui – 26 rue Pétricot – 64200 Biarritz - France

The data controller can be reached at the following number: +33618061055

The contact email address is as follows: eric.papin@alternativefengshui.com

Who does this policy apply to?

This policy is intended for users of the website.

It applies to:

  • Individuals to whom we have outsourced technical services (web hosting, maintenance, and website security providers);
  • Individuals who have access to the website’s back office for administrative purposes;
  • Individuals who write or are mentioned in the website’s content;
  • Individuals who contact us via the website’s contact form;
  • Individuals who publish testimonials on our website;
  • Individuals who subscribe to the newsletter (if a newsletter is available);
  • Customers of our online store (if an online store is available);
  • Individuals we list on the website as partners;
  • Individuals who post reviews and comments on our website;

What is the purpose of the collected data?

The purpose of this data processing is to manage the website.

This data processing enables:

  • Technical management of the website (maintenance, hosting, website security);
  • Administration of the website;
  • Management of the website’s editorial content;
  • Management of inquiries submitted via the contact form;
  • The management of testimonials published on the website;
  • The management of newsletter subscriptions (if a newsletter is available);
  • The management of customer orders on the online store (if an online store is available);
  • The listing of partners on the website;
  • The management of reviews and comments published on the website;

Legal basis for processing: what gives us the right to process data

The legal bases for data processing are as follows:

  • For the technical management of the website (maintenance, hosting, website security), the legal basis is legitimate interest;
  • For the administration of the website, the legal basis is legitimate interest;
  • For the management of the website’s editorial content, the legal basis is the consent of the individuals whose information is published;
  • For the management of inquiries submitted via the contact form, the legal basis is legitimate interest (enabling online communication) or the performance of pre-contractual measures (providing quotes at the request of individuals);
  • For the management of testimonials published on the website, the legal basis is the consent of the individuals concerned;
  • For the management of newsletter subscriptions, the legal basis is the subscriber’s consent (if a newsletter is in place);
  • For the management of orders on the online store, the legal basis is the order placed by these customers (if an online store is in operation);
  • For the listing of partners on the website, the legal basis is the consent of these individuals;
  • For the management of reviews and comments published on the website, the legal basis is the consent of the individuals concerned;

Data retention period

Les données faisant l’objet d’un traitement sont conservées pendant une durée n’excédant pas celle nécessaire aux finalités pour lesquelles elles sont enregistrées (principe de minimisation des traitements).

Les durées maximums de conservation sont les suivantes :

  • Pour la gestion technique du site (maintenance, hébergement, sécurité du site) : 12 mois pour les adresses IP et logs de connexion ;
  • Pour l’administration du site Internet : tant que les personnes concernées administrent le site ;
  • Pour la gestion des contenus rédactionnels du site : 5 ans à compter de leur publication ;
  • Pour la gestion des demandes de renseignements par le formulaire de contact : 3 ans à compter de la demande ;
  • Pour la gestion des témoignages publiés sur le site : 5 ans à compter de la publication ;
  • Pour la gestion des abonnements à la newsletter : l’adresse e-mail est conservée tant que la personne concernée ne se désinscrit pas (si il y a une newsletter mise en place) ;
  • Pour la gestion des commandes sur la boutique en ligne : 5 ans à compter de la fin du contrat (si il y a une boutique mise en place avec vente en ligne) ;
  • Pour le référencement des personnes partenaires sur le site : 5 ans à compter de la publication ;
  • Pour la gestion des avis et commentaires publiés sur le site : 5 ans à compter de la publication ;

Data processed

Le responsable de traitement traite les catégories de données suivantes :

  • État-civil, identité, données d’identification, images (nom, prénom, adresse, photographie, etc.) ;
  • Données de connexion (adresses IP, logs, identifiants des terminaux, identifiants de connexion, etc.) ;
  • Informations d’ordre financier (données bancaires, etc.) ;

Whether data collection is mandatory or optional

The data collected is required to achieve the purposes of the processing.

Data sources

The data is provided directly by the individual concerned.

Recipients of the data

Depending on their respective needs, the following parties may receive all or part of the data:

  • Those responsible for technical services (hosting providers, maintenance providers, website security providers);
  • Online payment service providers (PayPal, Stripe);

What safety measures have been put in place?

The data controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

The data controller takes measures to ensure that any natural person acting under the authority of the data controller or the processor who has access to personal data does not process such data except on the instructions of the data controller, unless required to do so.

The following specific security measures have been implemented:

  • All processed data is transmitted in encrypted form via the HTTPS protocol;

Whether or not data is transferred to a country outside the European Union and the associated safeguards

The data controller does not transfer any personal data outside the European Union.

Automated decision-making

The processing involves fully automated decision-making. The data controller undertakes to comply with the requirements of Article 22 of the RGPD.

Disposition of Personal Data After Death – Right of Access, Rectification, Erasure, and Data Portability

The data subject may establish guidelines regarding the retention, erasure, and disclosure of their personal data after their death. These guidelines may be general or specific.

The data subject also has the right to access, object to, rectify, erase, and, under certain conditions, request the portability of their personal data. The data subject has the right to withdraw their consent at any time if consent constitutes the legal basis for the processing.

The request must include the data subject’s first and last name, email address, or mailing address, and must be signed and accompanied by a valid form of identification.

The data subject may exercise these rights by contacting:
Alternative Fengshui
26 rue Pétricot
64200 Biarritz - France

eric.papin@alternativefengshui.com

Complaint

The data subject has the right to file a complaint with the supervisory authority (CNIL).

 

Scroll to Top