Free shipping via Colissimo for orders over €50 in France.

Confidentiality policy

The protection of the personal data and privacy of its customers as well as anyone accessing its websites is of the utmost importance to Jeff de Bruges.

This Personal Data Protection and Cookies Policy (“Policy”) explains what types of personal data concerning you Jeff de Bruges and its subcontractors, if any, may process.

All operations on your personal data are carried out in compliance with the regulations in force and in particular with the French Data Protection Act of 6 January 1978 as amended and with Regulation no.2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“Regulation”).

The user of the website acknowledges having read and accepted this Policy, and that they have accepted the General Terms and Conditions of Use of the website. If the user disagrees with these terms, they are free not to use the websites and not to provide any personal data.

ARTICLE 1 – DEFINITIONS

“Personal data” – any information relating to an identified natural person or which can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to that person.

“Processing of personal data” – any operation or set of operations which is performed upon data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction.

“Controller” – the natural or legal person, public authority, agency or other body which, alone or jointly with others, collects and processes personal data.

“Recipient” – the natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not it is a third party.

“Authorised third party” – a natural or legal person, public authority, agency or body, under the direct authority of the controller or subcontractor, which is authorised to process personal data.

ARTICLE 2 – SCOPE OF APPLICATION

The company Jeff de Bruges is active in e-commerce, within the meaning of Law no. 2004-575 of 21 June 2004 on confidence in the digital economy.
The purpose of this Personal Data Protection (hereinafter the “Policy”) is to inform anyone who has provided personal data to Jeff de Bruges (hereinafter the “Data Subjects”) of the manner in which their personal data is collected and processed by Jeff de Bruges.

ARTICLE 3 – IDENTITY OF THE CONTROLLER

Personal data are collected by Jeff de Bruges Diffusion, a simplified joint-stock company with capital of 16,000,000 euros, whose registered office is located at 12 avenue Joseph Paxton, SIRET no.448 989 947 00024, represented by Philippe Jambon, in his capacity as CEO.

ARTICLE 4 – PROCESSING OF PERSONAL DATA

Jeff de Bruges collects data concerning you in the operation of its website www.jeff-de-bruges.com. These data are processed in accordance with the purposes for which they were collected, under the conditions of Article 4 (b) below.

(a) Purposes
In the framework of a contract or pre-contractual measures:
· Purchasing products and services;
· Executing the order including delivery (including the click and collect service);
· Paying for reserved products and services;
· Accessing a customer account where users can update their personal information, view or amend information regarding various purchases made and orders placed;
· Creating a Customer file for the follow-up and provision of services;
· Conducting post-purchase satisfaction surveys;
· Contacting a person from Consumer Services.
With the consent of the user or customer:
· Sending newsletters and promotional messages on condition that the customer ticks the box provided for this purpose and expresses their agreement, when creating their account on this website;
· Reminding users of baskets in progress that have not been validated or whose payment was unsuccessful;
· Developing statistics and web analytics;
· Organising competitions, lotteries and all promotional operations, with the exception of online gambling and games of chance subject to the approval of the Autorité de Régulation des Jeux en Ligne (French Online Gaming Regulatory Authority);
· Managing user and customer reviews, surveys and polls on services or content of the website and applications.
In the context of the legitimate interest of the organisation to enable it to ensure continuity of service:
· Responding to enquiries
· Fraud and claims management
b) Data processed
When data is collected, the user is informed whether certain data are mandatory or optional. The data identified by an asterisk in the registration form are mandatory. Unless these data are provided, the user will be unable to access and use the services.

Moreover, Jeff de Bruges may collect personal data for other purposes, taking care to obtain the prior consent of the Data Subjects.

In particular, Jeff de Bruges may be required to collect the following data:
· Identity: surname, first names, address, telephone number (landline or mobile), email address, date of birth, internal processing code allowing the identification of the customer (this internal processing code is distinct from the registration number in the National Directory of Identification of Natural Persons (RNIPP), the social security number and the debit card number);
· Data relating to means of payment: transaction number, debit card number;
· Data relating to the business relationship: requests for documentation, product purchased, quantity, amount, delivery address, purchase history, product returns, correspondence with the customer and after-sales service;
· Invoice payment data: terms of payment, discounts granted, receipts, unpaid invoices, reminders, balances;
· Contact data: messages sent on the website via the contact forms (“Ideas or suggestions”), correspondence that could possibly be sent to us;
· Data relating to newsletter subscriptions: surname, first name, address, telephone number (landline or mobile);
· User statistics: IP address, cookies, for example, the pages visited by the user, the date and time of the visit (see details on cookies below).
The mandatory or optional nature of the data that Data Subjects may be asked to provide is indicated on the data collection forms by an asterisk. If responses are not provided, Jeff de Bruges will not be able to provide you with the requested service. In any case, Jeff de Bruges undertakes to process all data collected in accordance with the applicable regulations and in particular the French Data Protection Act of 6 January 1978 as amended and Regulation no.2016/679.

c) Recipients of the data collected
The personal data collected on this website are reserved exclusively for Jeff de Bruges and members of the network.

In the event that Jeff de Bruges entrusts data processing activities to subcontractors (deliverers, IT service providers, etc.), they will be chosen particularly for sufficient guarantees as to the implementation of appropriate technical and organisational measures, in particular in terms of reliability and security measures.

With the express and prior consent of the user, data may be passed on to Jeff de Bruges' business partners. This agreement can be withdrawn at any time by the user.

d) Data transferred to public authorities and/or bodies
In accordance with the applicable regulations, data may be transmitted to the competent authorities on request and in particular to public bodies, exclusively to meet legal obligations, legal officials, public officers and bodies responsible for debt recovery.

e) Data transferred abroad
The Company carries out the majority of its data processing on the territory of the European Union.
However, for certain specific services, in particular IT services, the Company may use subcontractors established outside the European Union.
In this case, the Company shall require subcontractors to provide adequate guarantees necessary for the supervision, confidentiality and security of these transfers, and ensure this is the case.
Jeff de Bruges reserves the right to transfer your personal data in order to satisfy its legal obligations, and in particular if it is forced to do so by judicial requisition.


f) Retention periods
Jeff de Bruges will retain your personal data in a secure environment for as long as is necessary to fulfil the purposes for which they were collected or for the minimum retention period required by the applicable legislation, particularly in civil and commercial matters.

The data are kept for the period strictly necessary for the management of the business relationship. The data processed in the context of market research operations with your agreement may not be kept for more than 3 years after the last contact from you or where you have expressed your objection.

ARTICLE 5 – COOKIES



ARTICLE 6 – RIGHTS OF INDIVIDUALS

In accordance with Regulation (EU) 2016/679 on the protection of personal data, the user has the following rights over their data: right of access, right to withdraw consent, right of rectification, right to erasure (right to be forgotten), right to object, right to limit processing, and right to portability. The user may also have additional national rights (e.g., to define guidelines for the storage, erasure and communication of your personal data after your death).

The user may object to the processing of their personal data, for reasons relating to their particular situation.

To exercise these rights, the user may change their information directly in the “my account” section or, if the site does not allow it, send a letter to: Jeff de Bruges, Service Informatique, Parc du Bel Air, 12 avenue Joseph Paxton, Ferrières-en Brie, 77614 Marne-la-Vallée Cedex 3. You may be asked to show proof of identity. You can also send your request by email to the following address: DPO@jeff-de-bruges.com.

In the event of failure to comply with the provisions below, the user has the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL – the French Data Protection Authority) www.cnil.fr or their local Data Protection Supervisory Authority.

ARTICLE 7 – SECURITY MEASURES

Taking into account the state of the art, the costs of implementation, the nature of the data to be protected and the risks to the rights and freedoms of individuals, Jeff de Bruges shall implement all appropriate technical and organisational measures to guarantee the confidentiality of the personal data collected and processed and a level of security appropriate to the risk.

ARTICLE 8 – AMENDMENTS TO THE CONFIDENTIALITY POLICY

If Jeff de Bruges amends this Policy, or if law or regulation require it, this will be posted on our websites and will be effective immediately upon posting. Therefore, we encourage you to refer to it each time you visit our websites in order to be aware of the latest version which is permanently available on our websites.

For any information on the protection of personal data, the user can also consult the website of the CNIL www.cnil.fr or of their local Data Protection Supervisory Authority.

Last updated: 20th December 2021