PRIVACY POLICY

FROM ITS PASTRY CHOCOLATERIE PRALUS

This Privacy Policy explains how we use your personal data (your “ Information ”).
It applies to Information we collect about you when:

  • you are a Customer of our Online Stores (see our “ Customer Policy ”)
  • you are a Prospect, interested in our services (see our “ Policy relating to our Prospects ”)
  • you are an Internet user and are browsing our Site (see our “ Cookie Policy ”).

Finally, it contains information applicable to all our Policies (see our section “ Information applicable to all our Policies ”).
This Privacy Policy came into effect on June 10, 2024 .
We may change this Privacy Policy at any time if we change how we process your Information. We will inform you by the means most appropriate to our relationship with you (sending an email, displaying a notification on our Site).

1. Basic information

1.1. Who are we ?

SA PATISSERIE CHOCOLATERIE PRALUS, the data controller, is a simplified joint stock company with a share capital of €216,000, whose head office is located at 34, rue Général Giraud in Roanne (42300), registered with the RCS of Roanne under the name number 394 627 913, represented by Mr. François Pralus as President. (hereinafter referred to as “ SAS PRALUS ”).

1.2. How can you contact us?

For any questions regarding the protection of your personal data, you can contact us by one of the following means:

  • By email: contact@chocolats-pralus.com or clickandcollect@chocolats-pralus.com
  • By phone: 77.68.99.36
  • By mail: SA PATISSERIE CHOCOLATERIE PRALUS - Personal Data Department – ​​34, rue Général Giraud – 42300 Roanne

1.3. Definitions

When we use capitalized terms in our Privacy Policy, we are referring to the definitions below, regardless of whether they are written in the singular or plural:
Stores ” means the physical stores of the Pralus group, mentioned in section 2.3.2., in which Customers can choose to collect orders for Products placed via Click & Collect.
Online Store ” means the online store accessible from the addresshttps://www.chocolats-pralus.com/ , which is an integral part of the Site, on which you can order our Products and choose to be delivered at home or in store.
Customer ” means you if we have already concluded a commercial agreement together within the framework of the Online Store or Stores.
Information ” means personal data relating to you, whether such information identifies you directly or indirectly.
Internet user ” means you when you access our Site.
We ”, “ us ”, “ our ” and “ SAS PRALUS ” refer to our company as identified in the Who are we? .
Privacy Policy ” means this document in its entirety.
Policy ” means in our Confidentiality Policy one of the policies applicable to a specific category of persons.
Products ” means all the products that we can sell to you.
Prospect ” means you if you have expressed a commercial interest in our company or if we have identified you as potentially interested in our company.
Site ” refers to our website accessible at the following address:https://www.chocolats-pralus.com/ .

2. Customer Policy

This Policy explains the processing we carry out with your Information when you are a Customer and order our Products via the Stores or the Online Store.

2.1. What information do we collect about our Customers?

When you are a Customer, We may use different categories of Information about you, which you may provide to us yourself or which we may collect indirectly.
Category of Information Collected Description of Information that may be collected
Identify First and last name and title, address (billing address, delivery address), telephone number, email, date of birth, customer code that we assign to you internally.
Personal account Username, password and email associated with the account
Settlement / Payment Payment, terms and conditions of payment (discounts), information relating to means of payment: Bank card (the first 4 and last 4 digits of the card used, expiry date, name of the holder)
Transaction Transaction number, details of the purchase made
Monitoring of the commercial relationship Products purchased, orders, invoices and payment terms and deadlines, history of purchases made, correspondence with you, after-sales service, exchanges and comments between you and our customer relations manager
Loyalty program Customer number, promotional offers assigned, promotional offers used.


2.2. Why do we use our Customer Information and for how long?

When you are a Customer, We may use your Information for different reasons:
  • we may need it to deliver the Products you have ordered from us ( Performance of a contract )
  • we may need it to comply with our legal obligations ( Legal Compliance )
  • we may have legitimate interests in using your Information ( Our Legitimate Interest )
  • we may do this after obtaining your consent ( Consent ). You can withdraw your consent at any time.
Below you will find the reasons for which we process your Information (the purposes of our processing) and the retention periods of your Information:
Purpose Legal basis The duration of the conversation
Management of our commercial relationship (order management, deliveries, after-sales service) Execution of a contract Throughout the duration of our contractual relationship
Management of our legal, accounting and tax obligations within the framework of our contractual relationship Compliance with the law Conservation in archive form for the legal retention period to which we are required (e.g.: up to 10 years for our accounting obligations)
Management of payments made on our Online Store Execution of a contract Until receipt of the Products, increased by the time limit provided for contesting receipt of the Products and the withdrawal period in order to manage reimbursements
Retention of credit card information following a one-off online payment Legitimate interest Up to 13 months for instant debit payment cards and up to 15 months for deferred debit payment cards, in accordance with article L.133-24 of the Monetary and Financial Code.
Management of the fight against fraud Legitimate interest of SAS PRALUS to detect potential fraud that Customers could commit on the Online Store. 6 months
Claims and litigation management Legitimate interest of SAS PRALUS to establish proof of a right or the proper execution of our contractual obligations Throughout the duration of the limitation period applicable to our commercial relationship (e.g.: up to 5 years for civil limitation)
Online Store Security (prevention and detection of computer attacks) Legitimate interest of SAS PRALUS to detect malicious behavior in order to preserve the security of its Online Store, as well as the availability, integrity and confidentiality of the data it contains (personal data included). 6 months
Management of our loyalty program (management of your discounts and allocation of promotional offers) Consent For 3 years from our last contact with you or until we withdraw your consent
Sending transactional emails to the Customer related to the operation of the Online Store Execution of a contract Throughout the duration of the contractual relationship
Carry out satisfaction surveys or requests for opinions following an order Legitimate interest of SAS PRALUS to carry out surveys
satisfaction aimed at collecting the impressions of its Customers
During 5 years
Organization and management of your participation in a competition Execution of a contract (competition rules) For 5 years for probationary purposes
Sending our newsletter Consent For 3 years from our last contact with you or until we withdraw your consent
Prospecting in connection with products or services similar to those already purchased by you Legitimate interest of SAS PRALUS Up to 3 years from our last contact with you. You have the right to object to receiving our commercial prospecting
Managing an opposition list Legitimate interest of SAS PRALUS to no longer send prospecting to its customers who have objected to it For 3 years from the exercise of your right of opposition

2.3. Who do we communicate our Customer Information to?

2.3.1. To our teams

Your Information may be communicated to all our teams who need it to carry out their missions as part of the commercial management of our Clients. Example: our sales team to enter into contracts with you, our Support/After-sales service team to handle your questions or complaints, etc.

2.3.2. At our Stores

Your Information may be communicated to all Store teams who need it to prepare your Product orders and allow you to collect them via Click & Collect and respond to your requests.
Furthermore, any support request sent to the address clickandcollect@chocolats-pralus.com is processed by the data controller identified in the “How can you contact us” section. »
The list of our Stores, their addresses and contact methods are accessible in our general conditions of sale.

2.3.2. To our subcontractors

We use different technical service providers for different reasons:
Identity of the subcontractor Reasons for outsourcing
Shopify Hosting our servers
Payplug Online payment management
Stencer Online payment management
Shopify Sending transactional emails and the newsletter
Ugo Hosting of Click & Collect interfaces for collecting Products in Stores

2.3.3. To administrative or judicial authorities

We may be required to communicate certain of your Information to administrative or judicial authorities when we receive a legal requisition.

2.3.4. To carriers

Carriers and logistics providers may be recipients of some of your Information for the handling and delivery of your orders.
C olissimo Delivery of orders
Chronopost Delivery of orders
Chronofresh Delivery of orders


2.4. Where do we store our Customer Information?

Our main computer servers are geographically located in France.
Some of our technical subcontractors may host some of your Information outside the European Union. When this is the case, we ensure beforehand that our subcontractors take adequate guarantees in compliance with the General Data Protection Regulation (GDPR).
Below you will find the list of data transfers outside the European Union that can be carried out and the appropriate guarantees that we take:
Recipient identity Adequate guarantees taken
S hopify Adequacy decision (USA, Canada): https://www.shopify.com/fr/legal/dpa
 

3. Lead Policy

This Policy explains the processing that we carry out with your Information when you are a Prospect of SAS PRALUS.

3.1. What information do we collect about our Prospects?

When you are a Prospect, We may use different categories of Information about you, which you may provide to us yourself or which we may collect indirectly (for example, from publicly available sources).
Category of Information Collected Description of Information that may be collected
Identify First and last name, title, postal address, telephone number, email
Monitoring of the prospecting relationship Prospecting procedures carried out by SAS PRALUS, requests for information from the Prospect, direct requests received from the Prospect, correspondence with you, etc.

3.2. Why do we use our Prospect Information and for how long?

When you are a Prospect, We may use your Information for different reasons:
  • we may have legitimate interests in using your Information ( Our Legitimate Interest )
  • we may do this after obtaining your consent ( Consent ). You can withdraw your consent at any time.
Below you will find the reasons for which we process your Information (the purposes of our processing) and the retention periods of your Information:
Purpose Legal basis The duration of the conversation
Management of our prospecting relationship (monitoring our requests, responding to your requests, making appointments, etc.) Legitimate interest of SAS PRALUS to develop its commercial activity Up to 3 years from the last contact with you.
Sending our newsletter Consent For 3 years from our last contact with you or until we withdraw your consent
Email prospecting for consumers Consent For 3 years from our last contact with you or until we withdraw your consent
Organization and management of your participation in a competition Execution of a contract (competition rules) For 5 years for probationary purposes
Managing an opposition list Legitimate interest of SAS PRALUS to no longer send prospecting to people who have objected to it For 3 years from the exercise of your right of opposition

3.3. Who do we communicate our Prospect Information to?

3.3.1. To our teams

Your Information may be communicated to all our teams who need it to carry out their missions as part of the commercial management of our prospects. Example: our sales team to send you commercial requests, to respond to your requests for documentation, etc.

3.3.2. To our subcontractors

We use different technical service providers for different reasons:
Identity of the subcontractor Reasons for outsourcing
S hopify Hosting our servers
S hopify Sending transactional emails and the newsletter
Ugo Hosting of Click & Collect interfaces for collecting Products from the Store

3.4. Where do we store our Prospect Information?

Our main computer servers are geographically located in France.
Some of our technical subcontractors may host some of your Information outside the European Union. When this is the case, we ensure beforehand that our subcontractors take adequate guarantees in compliance with the General Data Protection Regulation (GDPR).
Below you will find the list of data transfers outside the European Union that can be carried out and the appropriate guarantees that we take:
Recipient identity Adequate guarantees taken
S hopify Adequacy decision (USA, Canada): https://www.shopify.com/fr/legal/dpa

4. Cookie Policy


4.1. Preamble

When you visit our Site as an Internet user, we may place or read cookies or trackers on your terminal.
Our Cookie Policy also applies to our Customers when they connect to our Online Store.

4.2. What is a cookie ?

A cookie is a small file placed or read on your terminal (computer, tablet, smartphone).
They allow you to store information on your terminal related to your browsing on our Site.
Reading and storing cookies generally requires your consent; however, certain so-called technical cookies may be placed without your consent.

4.3. Who places the cookies?

SAS PRALUS and its partners may place cookies on your terminal.

4.4. What types of cookies do you use?

We use different types of cookies:

4.4.1. Technical cookies

We use technical cookies necessary for the operation of our Site; These cookies are placed by Shopify, the framework on which we built our Site.
Below you will find the list of technical cookies.
To find out more, you can visit: https://www.shopify.com/legal/cookies#merchant-storefronts
For your information, these cookies are exempt from obtaining your prior consent due to their technical nature.
Cookie publisher Cookie name Purpose of the cookie Cookie lifespan
Shopify _ab Used in connection with administrator access. 2 years
Shopify _customer_account_shop_sessions Used in combination with the _secure_account_session_id cookie to track a user's session for new customer accounts 30 days
Shopify _secure_account_session_id Used to track a user's session for new customer accounts 30 days
Shopify _secure_session_id Used to track a user's session through the multi-step checkout process and keep their order, payment and shipping details connected. 24h
Shopify _shopify_country For stores where the pricing currency/country is set from GeoIP, this cookie stores the country we detected. This cookie allows you to avoid performing GeoIP searches after the first request. session
Shopify _shopify_m Used to manage customer privacy settings. 1 year
Shopify _shopify_tm Used to manage customer privacy settings. 30 minutes
Shopify _shopify_tw Used to manage customer privacy settings. 2 weeks
Shopify _storefront_u Used to facilitate updating customer account information. 1 minute
Shopify _tracking_consent Used to store a user's preferences if a merchant has privacy policies in place in the visitor's region. 1 year
Shopify _cmp_a Used to manage customer privacy settings. 24 hours
Shopify vs Used as part of payment. 1 year
Shopify cart Used in connection with shopping cart. 2 weeks
Shopify cart_currency Set after checkout is complete to ensure new carts are in the same currency as the last checkout. 2 weeks
Shopify cart_sig A hash of the contents of a shopping cart. This is used to verify the integrity of the cart and to ensure certain cart operations are performed. 2 weeks
Shopify cart_ts Used as part of payment. 2 weeks
Shopify cart_ver Used in connection with shopping cart. 2 weeks
Shopify checkout Used as part of payment. 4 weeks
Shopify checkout_token Used as part of payment. 1 year
Shopify customer_account_locale Used for new customer accounts 1 year
Shopify dynamic_checkout_shown_on_cart Used as part of payment. 30 minutes
Shopify hide_shopify_pay_for_checkout Used as part of payment. session
Shopify keep_alive Used as part of buyer location. 2 weeks
Shopify master_device_id Used in connection with merchant login. 2 years
Shopify previous_step Used as part of payment. 1 year
Shopify discount_code Used as part of payment. session
Shopify remember_me Used as part of payment. 1 year
Shopify secure_customer_sig Used to identify a user after logging into a store as a customer so that they do not need to log in again. 1 year
Shopify shopify_pay Used as part of payment. 1 year
Shopify shopify_pay_redirect Used as part of payment. 1 hour, 3 weeks or 1 year depending on the value
Shopify shop_pay_accelerated Used as part of payment. 1 year
Shopify storefront_digest Stores a storefront password summary, allowing merchants to preview their storefront while it is password protected. 2 years
Shopify tracked_start_checkout Used as part of payment. 1 year
Shopify checkout_session_lookup Used as part of payment. 3 weeks
Shopify checkout_prefill Used as part of payment. 5 months
Shopify checkout_queue_token Used as part of payment. 1 year
Shopify checkout_queue_checkout_token Used as part of payment. 1 year
Shopify checkout_worker_session Used as part of payment. 3 days
Shopify checkout_session_token Used as part of payment. 3 weeks
Shopify checkout_session_token_<<token>> Used as part of payment. 3 weeks
Shopify cookietest Used to ensure the proper functioning of our systems 1 month
Shopify order Used in connection with the order status page. 3 weeks
Shopify identity-state Used in connection with client authentication 24 hours
Shopify identity-state-<<token>> Used in connection with client authentication 24 hours
Shopify identity_customer_account_number Used in connection with client authentication 12 weeks
Shopify card_update_verification_id Used as part of payment. 20 months
Shopify customer_account_new_login Used in connection with client authentication 20 months
Shopify customer_account_preview Used in connection with client authentication 7d
Shopify customer_payment_method Used as part of payment. 1 hour
Shopify customer_shop_pay_agreement Used as part of payment. 20 months
Shopify pay_update_intent_id Used as part of payment. 20 months
Shopify location Used as part of payment. 2 weeks
Shopify profile_preview_token Used as part of payment. 5 months
Shopify login_with_shop_finalize Used in connection with client authentication 5 months
Shopify preview_theme Used in connection with the theme editor session
Shopify shopify-editor-unconfirmed-settings Used in connection with the theme editor 4 p.m.
Shopify wpm-test-cookie Used to ensure the proper functioning of our systems. session

4.4.2. Audience measurement cookies

We use audience measurement cookies to establish traffic statistics for our Site and usage statistics for our Online Store.
Cookie publishers Cookie names Purposes of cookies Lifespan of cookies To know more
Google Google Analytics: _ga We use Google Analytics to help us measure how you interact with the Online Store. Maximum 13 months https://policies.google.com/privacy
META Pixel META We use the META Pixel to measure how you interact with the Online Store from the META group's social networks (Facebook, Instagram, Threads). Maximum 13 months https://www.facebook.com/privacy/explanation

4.4.3. Advertising cookies

We use advertising cookies to display personalized advertising based on your browsing and your profile.
We use advertising cookies to display personalized advertising on social networks.
Cookie editor Name of cookies Purposes of cookies Cookie lifespan To know more
META Pixel META We use the META Pixel to offer you advertising on your META applications (Facebook, Instagram, Threads). 13 months maximum https://www.facebook.com/privacy/explanation
TikTok _ttp We use the TikTok pixel to personalize advertising to you on your TikTok feed 13 months from last use https://ads.tiktok.com/help/article/using-cookies-with-tiktok-pixel?lang=en
Pinterest _pinterest_ct_rt We use this cookie to personalize advertising to you on your Pinterest feed. 12 months https://help.pinterest.com/fr/business/article/pinterest-tag-parameters-and-cookies

4.4.4. How can I withdraw my consent?

You can withdraw your consent at any time by setting it on our cookie manager accessible on any page of the Site.

5. Information applicable to all of our Policies

5.1. What are your rights ?

The regulations relating to the protection of personal data grant you several rights:
Permission to access You can ask us for access to any Information we have about You.
Right of rectification You can ask us to correct your Information if it is inaccurate.
Right to object You can ask us to stop using your Information when we do so based on a legitimate interest. You can also ask us to stop receiving marketing.
Right to withdraw your consent Where any of our processing is based on your prior consent, you may withdraw your consent at any time. We will then stop using your Information for this processing.
Right to erasure You can ask us to erase your Information and for us to stop using it.
Right to limitation You can ask us to temporarily stop using your Information while requiring that we retain it temporarily.
Right to portability You can ask us to provide you with an export of your Information in a reusable format and, where possible, ask us to transmit it to another organization which can reuse it.
Right not to be the subject of an automated individual decision You have the right not to be subject to a decision based exclusively on automated processing producing legal effects concerning you or significantly affecting you.
Right to define guidelines regarding your data in the event of death You have the right to set, update or revoke guidelines relating to the retention, erasure or communication of your Information after your death.
Right to lodge a complaint You can lodge a complaint with the authority responsible for protecting personal data (in France, the CNIL, www.cnil.fr) if you believe that your rights have not been respected.

5.2. How to exercise your rights?

To exercise your rights, contact us using the contact details in the article “ How can you contact us? ”.
We will do our best to provide you with a response within one month.
The rights that you can exercise are defined by the GDPR and depend on the legal basis of our processing. It may therefore happen that we cannot accept a request to exercise rights because the right invoked cannot be exercised. If this is the case, we will let you know.
We may also ask you for proof of identity to be certain that it is you who is exercising your rights and when we have no other means of ensuring this. You should only send us proof of identity if we ask you to do so.