PRIVACY POLICY

The presentation of the company Labyrinth Paris is available at the following address: https://www.labyrinth-paris.com/la-maison/

The Labyrinth Paris company is a merchant site.
The objective of the Labyrinth Paris confidentiality policy aims:
• send you information related to personal data that is processed by our services;
• Inform you of your rights and how you can exercise them.

This confidentiality policy was drawn up in compliance with the provisions of the General Data Protection Regulation ("GDPR") and Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms called a modified "Data Protection". It reflects our current practices and is likely to evolve according to the regulations, the case law and the doctrine of the control authorities.

The company LABYRINTHE PARIS, responsible for personal data processing operated on their site, collects information concerning you, in particular when creating your customer account or during your purchases.
As a person who determines the purposes and the means of treatment, the controller is the company Labyrinth Paris:

LABYRINTHE PARIS
Website: https://www.labyrinthe-paris.com/
RCS number: 838 318 582
Address: 231, rue Saint-Honoré 75001 Paris France
E-mail address: contact@labyrinthe-paris.com

Personal data is information relating to an identified or identifiable natural person. For example, they include the name, address and genre of a person.

We can collect personal data directly from you or indirectly.

We will inform you when your information is necessary to process your request, to respond to your requests or to provide you with our products and services. If you do not give this information, it may delay or make it impossible to process your request, answer your questions and provide products or services.

We strive to ensure that the personal data we hold is accurate at any time. We therefore encourage you to update your data in case changes occur.

We can also ask you to update your data from time to time. We recommend that you only provide the data requested or necessary for your request, with the exception of sensitive data relating to race, ethnic origin, political opinions, religious or philosophical beliefs, and health data , sex life or sexual orientation.

We remind you that we do not collect, directly or indirectly, of personal data of people under the age of sixteen (16), without prejudice to any local law fixing a different minimum age. We therefore ask you not to provide us with personal data from people who do not meet this criterion.

We collect the personal data necessary to respond to a specific purpose.

The data we collect may have as a legal basis:

• your prior consent (article 6.1.A of the GDPR), which can be removed at any time;
• the execution of our contractual relationship or pre -contractual measures (article 6.1.B of the GDPR);
• compliance with a legal obligation to which we are submitted (article 6.1.c of the GDPR);
• The legitimate interest continued by the controller (article 6.1.F of the RGPD), in compliance with your interests and rights.

The following table presents the information to be provided when the data is collected from the person concerned (article 12 of the GDPR).

4.1 Commercial and marketing prospecting actions

- Identity (including your first name, last name, sex, image, nationality); Contact details (including your postal address, e-mail, telephone numbers); Personal status (including your title of civility; exchanges linked to the implementation of projects; statistics.

- The purpose of treatment is to allow prospecting operations, including:
a) The realization of statistics
b) Site improvement
c) The development of the commercial strategy
d) Realization of satisfaction survey

- Consent
Legitimate interest, namely information and promotion on similar products and services and reward our best customers

- internally: the services responsible for communication and marketing
- externally: our computer providers and marketing

4.2 Contact forms

- Identification data; Date and subject of the request; Suites brought; Activity statistics

- The purpose of treatment is to respond to your requests. It allows:
a) receipt of requests sent,
b) Management of follow -ups given to these requests,
c) the realization of statistics.

- Execution of a pre -contractual or contractual measure legitimate interest, namely meeting the expectations of site users.

- Internal: the services responsible for processing your request

- externally: our service providers and subcontractors

4.3 Customer management

- Identification data

- The purpose of treatment:
a) Management of the contractual relationship
b) Realization of statistics
c) Realization of satisfaction and customer studies survey
d) Complaints, after -sales service and guarantees

- Consent
Execution of a contract
Respect for a legal obligation

- internally: in charge of processing your request

- externally: our service providers and subcontractors and in particular the carriers

4.4 Purchasing management

- Identification data;
Payment data (including billing data, type or means of payment, credit card or debit number);
Transactions relating to transactions;

- The purpose of treatment:
a) Management of the contractual relationship
b) Complaints, after -sales service and guarantees
c) Accounting management
d) Improvement of the offers offered

- Execution of the contract
Respect for a legal obligation

- internally: the service in charge of commercial management

- externally: our service providers and subcontractors

4.5 Management of people's rights

- Identification data

- The purpose of treatment is to ensure the management of your rights such as covered by the GDPR and the IT and Liberty Act (modified)

- Respect for a legal obligation

- internally: the data protection delegate ("DPO") and the people authorized to ensure the management of your rights.

- externally: certain regulated professions (lawyers), our service providers and subcontractors

4.6 Management of unpaid and litigation

- Identification data;
Payment data (including billing data, type or means of payment, credit card or debit number);
Transactions relating to transactions;

- The purpose of treatment:
a) Management of the contractual relationship
b) Accounting management
c) Management of the rights of the controller

- Execution of the contract
Respect for a legal obligation
Legitimate interest to the recovery of unpaids

- Internal: the service in charge of accounting.

- externally: authorized providers who can include regulated professions (lawyers, auditors), our service providers and subcontractors

4.7 Fraud management

- Identification data;
Payment data (including billing data, type or means of payment, credit card or debit number);
Transactions relating to transactions;
Navigation and connection data.

- The purpose of treatment is to:
a) prevention and the fight against illegal or unauthorized activities by the conditions of use
b) The turnover of proven unpaids
c) The identification of people in unpaid situations for exclusion for future transactions

- Respect for a legal obligation
Legitimate interest of the site

- internally: our accounting service

- externally: financial, judicial authorities or state agencies, public organizations on request and within the limit that is allowed and justified by regulations, our service providers and subcontractors

4.8 Verification of compliance with the commercial conditions of the controller

- Identification data;
Payment data (including billing data, type or means of payment, credit card or debit number);
Transactions relating to transactions;
Navigation and connection data.

- Check compliance with the commercial conditions of the controller (for example during contests, purchase restrictions, etc.)

- legitimate interest namely compliance with commercial conditions

- Internal: the service in charge of checking orders

4.9 Management of promotional operations

- Identification data

- The purpose of treatment:
a) Selection of suppliers
b) Develop our commercial strategy
c) Realization of statistics

- Consent

- Internal: the service responsible for commercial management.

- externally: providers authorized to process the data you send to us and which allow us to offer you the services offered

4.10 Social networks management

- Default visible identification data on platforms

- The purpose of treatment:
Interactions between our group and subscribers (commercial management)
The technical administration of networks
The realization of statistics

- Consent
Legitimate interest to the functioning of the site

- internally: the communication service

- externally: our service providers and subcontractors, visitors to social media platforms

4.11 Question/ answer program

- Customer account data necessary for program management.

- Allow internet users (customers or prospects) authenticated on the Labyrinth Paris site, to obtain additional information on the product sheet:
a) by asking questions
b) being informed of answers to questions
c) by answering questions
d) by voting for the relevance of the response (s) check compliance with the conditions of use of the program

- legitimate interest, namely obtaining information on a product or service.
Consent for the personalized customer area and the information post (s) (questions, answers or votes).
Execution of a contract (compliance with the conditions of use of the program).

- The Labyrinth Paris company

4.12 Online navigation (cookies)

- Navigation data, duration of your visit, technical information (IP address, browser used, etc.)

- The purpose of treatment:
a) Ensure the maintenance of the site and its features
b) Improve the interactivity of the site (services offered by third -party sites such as sharing buttons).
c) Diffuse appropriate content depending on the device used.

- Consent
Legitimate interest to the functioning of the site for functional cookies

- internally: communication services.
- externally: our service providers and subcontractors

4.13 Newsletter

- Identify ; Subscription date; statistics

- Subscription management; Management of electronic shipments; Development of statistics relating to the service

- Consent

- internally: the communication service;

- externally: our service providers and subcontractors responsible for IT and communication.

4.14 Recruitment

- Identification and professional life data appearing in particular in the CV and motivation letters.

- The purpose of treatment is to allow recruitment operations: treatment of applications (CV and cover letter) and interview management

- Consent
Execution of a pre -contractual measurement

- Internal: the services responsible for recruitment operations.

- externally: our service providers and subcontractors and in particular any recruitment firms and temporary agencies

4.15 Affiliation

- Tracers for the invoicing of affiliation operations, data related to the order (IP address, IP of Clics, ID Order, Amount, date of the sale)
Affiliate: identification, billing and connection data.

- The purpose of treatment is to allow affiliation operations and in particular the accounting of business supply flows with affiliates
- Cookie consent, affiliation for customers
Execution of a pre -contractual or contractual measure for the data of the affiliate

- Internal: the services responsible for affiliation.

- externally: our service providers and subcontractors and in particular regulated professions (lawyers, auditors)

4.16 Concours

- Identification data

- Participation in competitions, determination of winners, sending gains

- Consent
Legitimate interest, namely sales promotion
Execution of a contract for the competitions subject to purchase obligation

- internally: the services in charge of the organization of contests

- externally: the carriers for the delivery of the won lots; to the social networks concerned if the game is presented on these networks

In addition to the recipients indicated above, and in order to accomplish the aforementioned purposes, we disclose your personal data only to:

• Entities and employees of Labyrinth Paris who need to know them to ensure their management while respecting the aforementioned purposes, and who are required to respect its confidentiality;
• Service providers and subcontractors providing services on our behalf, in particular: logistics and transport providers, payment service providers, banks, etc. These providers and subcontractors are rigorously selected and act in accordance with our instructions, imposing them to respect the confidentiality of your personal data and prohibiting them from using it for any other purpose. We also impose on them the application of appropriate security measures to protect your personal data.
• Financial, judicial authorities or state agencies, public organizations on request and within the limits of what is permitted by regulations;
• Credit and recovery assessment agencies in the context of solvency assessment or receipt of claims in the event of unpaid invoices;
• Some regulated professions such as lawyers, notaries, auditors.
  

6.1 General rules

Labyrinth Paris retains personal data for a period which does not exceed the duration necessary for the purposes for which they are collected, in accordance with the provisions of the law of January 6, 1978 modified and the GDPR.

The data can be kept later in the following cases, when the conservation is necessary:

• To the exercise of the right to freedom of expression and information,
• Compliance with a legal obligation,
• To the execution of a mission of public interest or falling under the exercise of the public authority of which the controller is invested,
• For reasons of public interest in the field of public health,
• For archival purposes in the public interest,
• For scientific or historical research or for statistical purposes,
• Or the observation, the exercise or the defense of legal rights.
  

The criteria for determining the conservation durations are as follows:

• Legal or regulatory provisions
• Doctrine and case law of control authorities
• Sectoral references

6.2 Specific rules

THE Bank cards Are only registered after an explicit request from the customer, on the payment page (if this option is offered to you). They are kept for a next order to improve your shopping experience on our sites. The cards recorded for a future purchase are kept in a secure space from our payment service provider. Our company does not keep this information. You can delete your recorded card at any time, on the payment page.

Cookies have a lifespan limited to thirteen months after their first deposit in the terminal equipment of the user (following the expression of consent), as recommended by the CNIL.

Business management : Your data is kept for the duration of the contractual relationship and according to the prescription periods relating to the conservation or protection of the rights of the controller.

Management of accounting and tax operations : Accounting and tax data is kept for a period of 10 years.

Management of commercial operations : The data is kept until the withdrawal of consent or 3 years from the last contact. They can also be kept:

• For a period of 3 years from the last contact that the people to whom they relate have had with our company;
• After the execution of the contract, in intermediate archiving, to meet accounting or tax obligations or to build evidence in the event of litigation and within the limit of the applicable limitation period.
  
  Customer account data, created by the latter, are intended to be kept until the account is deleted by the user. However, the account may be considered inactive in the absence of use for 2 years and may be deleted.
  

Management of people's rights : When a person exercises their right to oppose prospecting, in order to guarantee their effectiveness, the information allowing this right to be taken into account at least 3 years from the exercise of the law.

Unpaid management : In cases of unpaid, the data is deleted from the file identifying people in unpaid, at the latest 48 hours from the moment when the unpaid has been resulted. Exceptionally, and when the necessary and proportionate circumstances justify it, the data can be kept in order to prevent renewal. In the event of non-regularization, the information is likely to be kept in the file identifying people within the limit of 3 years from the occurrence of the unpaid. They can then be archived to meet accounting and tax obligations or serve as proof in the event of litigation within the limit of the applicable limitation period.

Supporting documents sent to the clien relationshipT: The processing of demand for supporting documents is the purpose of the fight against fraud and unpaid. The data is kept 30 days from the month following their reception, and 24 months from the date of transaction in the event of a dispute. The supporting documents containing copies of bank cards are immediately deleted.

Newsletters : You can unsubscribe from newsletters at any time from the link provided for this purpose in email, or directly from your customer account.

Internally, some employees may have access to the data necessary for them in the context of their functions.

Our various partners and providers can have access to data for the execution of their contract, in compliance with the above-ended purposes and regulations. The different categories of recipients are:

• Carriers,
• Banks, payment service providers and credit establishments,
• IT providers, accommodation and telephony services,
• The providers in charge of the fight against fraud and the recovery of unpaids,
• Financing providers,
• The “authorized third parties” (public authorities or auxiliaries of justice) are organizations that can access certain data contained in public and private files, on the basis of a text authorizing them for example the tax administration, the administrations of the justice, police and gendarmerie, bailiffs

The data can be transmitted within the framework of business operations (merger, acquisition, transfer, restructuring, etc.).

Your data is not transferred to third countries and remain hosted within the European Union.

With regard to features related to the use of social networks, your publications are likely to be accessible outside the European Union. We invite you to consult the data management policy of the networks concerned.

The controller implements appropriate technical and organizational measures in order to guarantee a level of security adapted to the risk given the state of knowledge, implementation costs and nature, scope, context and Targets of treatment as well as risks, the degree of probability and severity of which varies, for the rights and freedoms of people.

When evaluating the appropriate security level, in particular the risks of treatment, resulting in particular from the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, is taken into account in particular from the processing, loss, alteration, alteration, disclosure. , kept or processed in another way, or unauthorized access to such data, accidentally or illegal.

The persons concerned have the following rights, which they exercise under the conditions provided for by the GDPR:

• Right of opposition, to withdraw their consent at any time. When the processing of your personal data is based on consent, you have the right to withdraw your consent at any time without infringing the lawfulness of the treatment based on consent made before the withdrawal.
• Right of access to personal data concerning you (article 15 of the GDPR)
• Right of data rectification concerning them if they are inaccurate (article 16 of the GDPR)
• Right to erase data which concerns them subject to the conditions of exercise of this right in application of the provisions of article 17 of the GDPR
• Right to limit treatment (article 18 of the GDPR)
• Right to data portability (article 20 of the GDPR)
• Right of opposition (article 21 of the GDPR)
• Right to define directives relating to the fate of your personal data (conservation, erasure and communication of data) after your death (article 85 of the modified Data Protection Act)
• Right to submit a complaint to an authority for control (article 104.4 of the modified Data Protection Act)
• Automated decision. The person concerned has the right not to be the subject of a decision based exclusively on automated treatment, including profiling, producing legal effects concerning or affecting it in a similar way. The person concerned has the right to obtain human intervention from the controller, to express their point of view and to challenge the decision.

Consult the site cnil.fr For more information on your rights.
These rights may be exercised directly from the controller.

To exercise these rights or for any questions on the processing of your personal data, we invite you to use the Labyrinth Paris forms.

You can also contact our company to the following contact details:

• Address: Labyrinthe Paris 231, rue Saint-Honoré 75001 Paris France
• E-mail address: contact@labyrinthe-paris.com
  

If you consider it, after contacting us, that your "Data Protection" rights are not respected, you can send a complaint to a supervisory authority.

The French control authority is the National Commission for Data Protection (CNIL).