PRIVACY POLICY
Bolle Brands Group ("Bollé Brands", "us" or "we", including the holding, Bolle Brands France SAS, Bollé Brands (UK) Ltd and all affiliates and subsidiaries) is committed to protecting your privacy. We will only use your data as set out in this Privacy Policy. This Privacy Policy explains how we process information that can be used to directly or indirectly identify you as an individual ("Personal Data") collected through our website/app or otherwise in our commercial relationship. Please read this information carefully. By visiting our site (“our Site”) you are accepting and consenting to the practices described in this Privacy Policy, and you warrant that all data provided by you is accurate. For further information about shopping on our Site, please read our Terms and Conditions, FAQs and Delivery Information.
You can find out more about us here.
If you have any questions or want more details about how we use your Personal data, please contact us.
Bollé Brands France SAS is the data controller of the Personal Data collected on our Site, according to applicable laws and regulations on data privacy, in particular EU 2016/679 General Data Privacy Regulation and the UK’s Data Protection Act 2018, in each case as amended or replaced from time to time (hereafter together “GDPR”).
Contact details
If you have any questions about this privacy policy or our privacy practices, please contact our Data Protection Manager in the following ways:
Full name of legal entity: BOLLE BRANDS FRANCE SAS
Email address: gdpr@bollebrands.com
Postal address: 34 rue de la soie 69100 Villeurbanne, France
You have the right to make a complaint at any time to the supervisory authority in your jurisdiction: the Information Commissioner's Office (ICO) in UK. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
What Personal Data do we collect?
Contact data: Your contact information required for our commercial relationship and in particular for creating your online account, including shopping online, such as your name, email address, postal address, and telephone number, your username and password.
Communication data: Includes your preferences in receiving marketing and communications from us or any of our third parties.
Profile data: Includes your interests, preferences, feedback and survey responses.
Order data: Includes purchases or orders made by you, details about payments to and from you and other details of products you have purchased from us. We will not collect nor process your banking details. Payments are made via a secure online payment platform and will never pass through our Site in plain text. Order data also includes the information you may provide us with when you request additional information about a product or an order, or when you contact our after-sales support services.
Certain data related to your navigation of our Site, and to the devices and technology you use to visit our Site, is collected through cookies. You can consult all information related to the cookies placed, their purpose and lifespan in our Cookies Policy, accessible at the bottom of each page of our Site.
Why do we collect and use your Personal Data?
We collect your Personal Data when you contact us, when we enter into a contractual relationship, when you create your account or browse on our Site, or when you subscribe to our newsletter or marketing activities.
The collection and processing of these data are necessary to liaise with you (eg. to provide order confirmation, replies to your queries, etc.) for the execution of the contract (for instance delivery of the product ordered) and to keep track of our relationship, to conduct marketing activities, as well as to comply with our obligations under applicable laws and regulations, to defend and assess a legal right, and for fraud prevention purposes.
We will always have a legal basis for using your Personal Data. In some cases, the legal basis may be your consent, for example we will get your consent before sending third party direct marketing communications to you via email or text message. On other occasions, we will rely on another legal basis, such as legitimate expectations You have the right to withdraw consent to marketing at any time by contacting us.
You will find below the details of the purposes and legal basis for our collection and processing of your Data:
Purpose/Activity |
Type of Data Collected |
Legal Basis for Processing |
To create and manage your account |
Contact data |
To take steps prior to entering into a contract with you and/or fulfil a contract, we have with you |
To process and fulfil orders |
Order data |
To fulfil a contract, we have with you |
For bookkeeping purposes |
Order data |
To comply with accounting and tax regulations and laws that apply to us |
To respond to and resolve queries |
Order data |
· If you are about to become a client, or if you are already a client: to take measures before entering into an agreement with you and/or for the termination of the agreement. · If you are not yet a client: your consent via the sending of your data and your contact request. |
For marketing purposes |
Contact data Profile data |
Your consent |
To manage our relationship with you |
Contact data |
Our legitimate interests (with the aim of continuously improving the services we provide to you as part of our relationship |
Contact data |
Necessary to comply with a Legal obligation |
|
To represent and defend the rights of the data controller or third parties before judicial authorities |
Contact data Order data Communication data |
Our legitimate interests or those of third parties regarding the protection of their rights. |
To prevent fraud and check the regularity of transactions |
Contact data Order data |
Our legitimate interests (to prevent fraud or guarantee the security of the network and information on your IT systems) |
To offer you prizes, awards and other goodies as part of competitions |
Contact data Profile data Communication data |
Your consent |
Where is your Personal Data collected from?
We collect your Personal Data from various reliable and verified sources:
• The data that you communicate to us on different media, through registrations, surveys and polls or direct and indirect interactions with Bollé Brands. For example, the data that you provide to register for events organized by Bollé Brands, to send us an information request, etc.
• The data that we collect automatically, for example via certain technology, such as cookies.
• The data that we collect in accordance with applicable legislation from publicly available sources.
• The data that we obtain legally from third parties, for example, when we may need to confirm contact or financial information. In this case, we typically receive this Personal Data from third parties authorized to transfer it under their own privacy and data protection policies or in accordance with the law. Where applicable, we inform you of the identity of these third parties and invite you to refer to their privacy and data protection policies to inform yourself about the origin of this Personal Data and the conditions under which they are collected.
How do we share your Personal Data?
We share your Personal Data with our service and third-party providers to the extent that this is necessary to provide our products and services to you, such as payment processing and authorization, text message services, fraud protection and credit risk reduction, order fulfilment and shipping, marketing and promotional material distribution. We may also share Personal Data with authorities, institutions, public entities, or other legitimate recipients (“Bodies”) as permitted by applicable laws and regulations, and for instance to protect and defend our rights. The categories of Bodies stated above may act, as the case may be, as data controllers or processors. Apart from the aforementioned Bodies, your data will not be disclosed.
A list of these subcontractors, with indication of where they are located, is available upon request at gdpr@bollebrands.com.
We require all our sub-data processors (within the meaning of the GDPR) to respect the security of your Personal Data and to treat it in accordance with the law and only permit them to process your Personal Data for specified purposes and in accordance with our instructions. We request that the persons authorized to process your Personal Data have committed themselves to confidentiality and that they implement technical and organizational measures to ensure a good level of security.
Moreover, where your Personal Data must be processed by service providers acting as autonomous data controllers (e.g. payment service providers), we undertake to ensure that their compliance with the applicable laws regarding personal data is one of our selection criteria for said service providers.
Please note that we may also share your Personal Data with potential buyers and other stakeholders in the event of a merger or legal restructuring such as an acquisition, joint venture, sale or division.
Sharing your data outside of the EEA (EU countries only)
We do not store your Personal Data outside the European Economic Area (EEA).
We may be required to share your Personal Data outside of the European Economic Area (EEA). If we are required to share your Personal Data outside of the EEA, we will make sure that it is protected in the same way as it is within the EEA, and will ensure the appropriate safeguards to protect your privacy.
How long do we store your Personal Data?
The points below show how long we keep which information, and our reasons why. We will store your Personal Data for as long as necessary to fulfil the purposes described in this Privacy Policy.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
These are the criteria that we use to determine when we will delete your data:
• We retain Order data for as long as you have an account on the Site, and to the extent required by law (such as tax/bookkeeping laws), which may vary from one EU country to the other. For France, you Order data is stored for 10 years.
• We retain Personal Data such as Contact data, Profile data, Order data and Communication data, where needed, to the extent relevant for limitation periods for potential claims (typically five years after date of a purchase).
• We retain Personal Data such as Contact data, Order data, Marketing data, and Preference data for as long as you have consented to receive marketing communication from us. If you have never ordered anything on our Site, your Personal Data is stored for a maximum of 3 years as from your last contact with us (by sending us an email or clicking on a link in an email we send for instance).
• In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Protecting your information
The security of your Personal Data is a key concern to us. We are taking great care for the choice of our IP devices, software, our subcontractors and for improving our internal processes. We take and require that our subcontractors take, appropriate technical and organizational measures to protect your data, prevent loss, destruction, unauthorized or unlawful access and use of your Personal Data. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
While we have put in place appropriate security measures to protect your Personal Data, please note that no electronic transmission or storage information is 100% secure and that we cannot guarantee that loss, destruction, unauthorized or unlawful access and use of your data will never occur.
What are your rights regarding your Personal Data we process?
Subject to and as defined by applicable laws and regulations, you have the following rights on your Personal Data you provided us with:
• The right to be informed of the data processing and its conditions.
• The right of access: you can obtain confirmation as to whether or not we process personal data that concerns you, and if so, you can ask for a copy of your personal data and a copy of the data you have provided in a machine-readable format.
• The right to rectification: You may ask to modify, update or correct your data in certain cases, especially if they are inaccurate. If you have an account, you can modify some of your personal data through your account.
• The right to erasure: you may ask us to delete or erase all or part of your Personal Data subject to legal conditions.
• The right to data portability: you have the right to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used machine-readable format and to transmit it to another data controller.
• The right to object: you can request that we stop the processing of your data, unless we demonstrate compelling legitimate grounds which override your interests, freedom and rights. You always have the right to object to direct marketing.
• The right to request restriction of processing of your Personal Data: you can ask us to suspend the processing of your Personal Data if (a) you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• The right not to be subject to a decision based solely on automated processing, including profiling, if this decision produces legal effects on you and similarly significantly affects you.
• The right to withdraw your consent if the processing was made on this ground. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
• The right to send us instructions about some of our data processing, regarding the way you want us to proceed with the storage, deletion and communication of your Personal Data after your death.
Guidance to these rights can be found at:
• For UK: www.ico.org.uk
• For EU: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en
Please note that exercising such rights may be subject to requirements and conditions as set forth in applicable laws and regulations.
Should you have any question or wish to exercise your rights, please contact us.
You also have the right to lodge a complaint about our processing with the relevant supervisory authority.
Contact
If you have any questions please visit our contact us page. Postal address: 34 rue de la Soie 69100 Villeurbanne (France) If you have any comments or queries in connection with our Privacy Policy or wish you use any of your privacy rights, please contact us via email or mail address above.
Changes to this Privacy Policy
Any changes we make to our Privacy Policy in the future will be posted on our Site and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.
This Privacy Policy was last updated on 28th July 2021.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.