Apoticaria is committed to ensuring the highest level of protection for your personal information.
As part of its activities, Apoticaria provides its customers with an e-commerce service accessible from the website www.apoticaria.com.
In order to provide its service, Apoticaria collects personal data about individuals. The collection of data takes place on the Apoticaria website, by telephone or when receiving paper orders.
The purpose of this section is to provide you with comprehensive information about Apoticaria's use of its customers' personal data.
In the personal data collection forms on the Site or in paper format, the Customer is informed, among other things, whether the data collection is mandatory or not. If a mandatory data field is not provided, Apoticaria will not be able to perform its services.
Table of contents
- 1. WHO COLLECTS PERSONAL DATA?
- 2. WHAT ARE THE PURPOSES OF THE COLLECTION OF YOUR PERSONAL DATA AND WHY DO WE COLLECT IT?
- 2.1 LEGAL BASIS FOR PROCESSING
- 2.2 WHAT DATA DO WE COLLECT, AND HOW DO WE USE IT?
- 3. TO WHOM IS YOUR DATA TRANSMITTED?
- 4. WHAT ARE MY DATA RIGHTS
- 4.1. What are my rights?
- 4.2 How to exercise them?
- 5. HOW LONG WILL MY DATA BE KEPT?
- 5.1. General rules concerning the management of the commercial relationship :
- 5.2. Specific rules concerning certain data processing operations :
- 6. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA?
- 6.1. General rules
- 6.2. Rules applicable to bank data and the bank card
- 7. WHAT SHOULD WE KNOW ABOUT THE DATA COLLECTED BY SOCIAL NETWORKS?
- 8. WILL I RECEIVE COMMERCIAL SOLICITATIONS?
- 8.1. Principles applicable to Apoticaria
- 8.2. Prospecting by email and sms
- 9.1. WHAT IS A COOKIE?
- 9.2. FOR WHAT PURPOSES ARE COOKIES, TAGS AND TRACERS USED?
- 9.3. HOW TO CONFIGURE THE DEPOSIT OF COOKIES, TAGS AND TRACERS?
- 10. WHAT IS THE DATA PROTECTION OFFICER OF APOTICARIA
- 10.1. WHAT ARE ITS MISSIONS?
- 10.2. HOW TO CONTACT THE DATA PROTECTION OFFICER
1. WHO COLLECTS PERSONAL DATA?
The company that collects the personal data and implements the data processing is :
Apoticaria, a limited liability company with a capital of 102300 Euros, registered in the Trade and Companies Register of Auch under the number 493 713 127, whose head office is located at lieu dit Mateuil 32190 BELMONT.
2. WHAT ARE THE PURPOSES OF THE COLLECTION OF YOUR PERSONAL DATA AND WHY DO WE COLLECT IT?
2.1 LEGAL BASIS FOR PROCESSING
The privacy of the users is protected by the regulations. According to the data protection regulations, Apoticaria is only allowed to use the personal data of its users if it has a valid legal basis. Apoticaria must ensure that it has one or more of the following legal bases:
- The performance of a contract (e.g. to process and fulfill an order for goods or to open and manage an Apoticaria account), or ;
- Fulfillment of a legal obligation (e.g., retention of invoices), or ;
- When it is in the legitimate interest of Apoticaria, or ;
- When the user has given consent.
A "legitimate interest" of Apoticaria must not conflict with the rights and freedoms of users. Examples of legitimate interests mentioned in the GDPR include fraud prevention, direct marketing and data sharing within a group of companies (such as Apoticaria).
2.2 WHAT DATA DO WE COLLECT, AND HOW DO WE USE IT?
Apoticaria collects and saves personal data from its customers for the following purposes:
|Data||How do we use this data?||Why?|
|Name / Contact information||To deliver your orders to your address.
To send you your order information by email: payment, shipping, order update, etc.
To send you our current promotions, new products, etc. by email.
To comply with the law which requires us to inform you in case of changes in the services we offer.
To prevent and detect fraud.
To serve you Apoticaria.com advertisements when you browse the internet.
Understand what you and other customers like.
Receive your payment, refund you.
Prevent and detect fraud.
|We collect this information in order to fulfill our commitment to deliver your order.
We collect this data to keep you informed about the status of your order.
To share our news with you. These emails are only sent to you if you have signed up for our newsletter.
To prevent and detect any attempts at fraud against you or Apoticaria.
To relay our offers, including those based on your browsing history. This is based on our legitimate business interests.
To provide you with quality products and services at competitive prices.
To fulfill our commitments.
To prevent and detect fraud against you or Apoticaria.
|Contact history When you contact us by: phone, email, mail, social networks, online chat and in-branch.||Provide customer service and support.
Train our staff.
Notice and feedback.
|To respond to your questions, claims, complaints or requests for refunds.
We use this data to train our customer service and improve our services.
We use this data to improve our services and help other customers with their shopping experience.
|History of your purchases
What you have purchased and the products you have put in your cart.
|To place your order.
To manage returns and provide customer service.
|We collect this data in order to fulfill our commitment to you.
We collect this data to fulfill our commitment to you.
|Information about the devices you use (smartphone, tablet, computer) and how you navigate our website.
Information you provide to us when you browse our website or use our app, including your IP address, device type and location data, and how you use our website.
|Find out what you and other customers like.
Improve our website.
Protect our website.
To provide you with the best browsing experience possible.
To recommend products to you.
To serve you Apoticaria.com advertisements when you browse the internet.
|To make sure we offer you the best possible products and services at attractive prices and provide you with a personalized shopping experience. This is based on our legitimate business interests.
To provide you with the best possible browsing experience.
To prevent and detect any attempt to defraud you or Apoticaria, and to fulfill our legal obligations regarding the protection of your data.
To recommend products to you based on your browsing and purchase history. This is based on our legitimate business interests.
To relay our offers, including those based on your browsing history. This is based on our legitimate business interests.
|Your entries in contests, responses to our surveys and comments.||For the organization and management of competitions.
Surveys and comments.
|To organize a draw or designate a winner in contests. Your consent is requested at the time of registration.
We use the data collected to improve our customer service offering and to assist other customers in their shopping experience.
3. TO WHOM IS YOUR DATA TRANSMITTED?
Your data is passed on to partners of Apoticaria who may process the data on their behalf (these are recipients) or solely on behalf of and according to the instructions of Apoticaria (these are subcontractors).
The recipients of the data are:
- Banks and financial institutions used for online payment on the site
- The police authorities in the context of judicial requisitions concerning the fight against fraud
- Customs services in case of delivery abroad
Apoticaria also uses subcontractors for the following operations:
- Secure payment on websites and mobile applications
- The fight against fraud and the recovery of unpaid bills
- The shipping of your orders and packages
- Management of the chat, phone calls, their possible recordings and the sending of postal mail
- Personalization of site content
- Carrying out technical maintenance and development of the website, internal applications and the Apoticaria information system.
- The sending of commercial prospecting emails and mobile notifications
Apoticaria may also share personal data if the structure of the Apoticaria Group changes in the future:
- In the event of a sale, transfer or merger of the business or any part thereof, or if Apoticaria acquires or merges with another company.
- If such a transaction takes place, Apoticaria will ensure that the other party complies with data protection legislation.
4. WHAT ARE MY DATA RIGHTS
4.1. What are my rights?
Pursuant to Articles 14 to 22 of Regulation 2016/679 of 27 April 2016, any natural person using the service has the right to exercise the following rights:
Finally, when Apoticaria detects a personal data breach that may pose a high risk to your rights and freedoms, you will be informed of this breach as soon as possible.
4.2 How to exercise them?
These rights can be exercised with the company Apoticaria which collected the personal data in the following way:
By mail, by writing to us at the following address
Apoticaria - BP 9 - 32190 Vic-Fezensac, indicating your name, first name, address, email and if possible customer reference in order to speed up the processing of your request.
Electronically to: firstname.lastname@example.org
In order to guarantee the identity of the applicant, all requests for personal data held by Apoticaria must be accompanied by proof of identity.
Apoticaria will respond within 1 month after exercising the right. In some cases, due to the complexity of the request or the number of requests, this period may be extended by 2 months.
5. HOW LONG WILL MY DATA BE KEPT?
Apoticaria has determined specific rules regarding the retention of Users' personal data.
5.1. General rules concerning the management of the commercial relationship :
To calculate the most relevant shelf life, Apoticaria distinguishes:
- People who are known as "prospects" and have never made a purchase from Apoticaria and its partners
- The people called "customers" who have made at least 1 purchase
A separate retention period will be applied to prospects and customers.
For prospects, the starting point of the retention period is the creation of the account.
For customers, the starting point of the retention period is the last purchase made by the customer at Apoticaria. The retention period of a customer's data will differ depending on whether the customer is a member of a loyalty program or not.
5.2. Specific rules concerning certain data processing operations :
For certain types of processing, data retention is subject to specific retention periods.
Here are some examples:
For more information on the retention periods applied by Apoticaria, you can contact the data protection officer.
6. WHAT SECURITY MEASURES ARE TAKEN TO PROTECT MY DATA?
6.1. General rules
As the person in charge of processing, Apoticaria takes all necessary precautions to preserve the security and confidentiality of the data and in particular to prevent it from being distorted, damaged or accessed by unauthorized third parties.
Apoticaria has deployed a robust security system to ensure the utmost security of the data collected and to detect data breaches. This includes physical security of the buildings housing our systems, computer system security to prevent external access to your data, and having secure copies of your data.
When using subcontractors, Apoticaria ensures that the subcontractors comply with the data protection regulations.
6.2. Rules applicable to bank data and the bank card
To ensure the security of payments, Apoticaria uses the services of a PCI-DSS certified provider, Stripe. This standard is an international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and thus to secure the protection of card and transaction data.
When you place a credit card order with Apoticaria, our order taking system connects in real time with the Stripe system which collects your data and performs various checks to prevent abuse and fraud. The data is stored on Stripe's servers and is not transmitted to Apoticaria's servers at any time. Stripe makes the authorization request to the bank and sends us a transaction number that allows transactions up to the amount of the authorization.
In order to avoid having to re-enter your credit card information for future orders, you can choose to have your credit cards associated with your online account by checking the appropriate box. Your credit cards are stored securely with Stripe. You can consult the list of your registered cards (in hidden mode), but also delete all or part of its contents, in the "Cards" section. In this case, your deleted cards will no longer appear in your online account or in future orders.
In order to be able to debit the account at the time of invoicing or to credit it following a return, Stripe keeps the bank data associated with the authorization number, the time necessary to carry out the transaction (payments after shipment of the goods) and the processing of possible complaints (returns, disputes).
If you have chosen to register your credit cards, they are automatically deactivated when the validity date of the card expires.
7. WHAT SHOULD WE KNOW ABOUT THE DATA COLLECTED BY SOCIAL NETWORKS?
Apoticaria offers to use social networks to improve the business relationship and to provide you with targeted advertising offers on these networks.
The use of social networks to interact with Apoticaria (including, but not limited to, Facebook Messenger, Facebook Connect, Facebook's "share" buttons, Instagram or Twitter) may result in the exchange of data between Apoticaria and these social networks.
For example, if you are logged into the Facebook social network on your computer and you visit a page on the Apoticaria Site, Facebook may collect this information. Similarly, if you click on the "tweet" button on a page of the Apoticaria Site, Twitter will collect this information.
Apoticaria invites you to consult the personal data management policies of the various social networks to find out what personal data they may transmit.
8. WILL I RECEIVE COMMERCIAL SOLICITATIONS?
8.1. Principles applicable to Apoticaria
Apoticaria uses your contact information to send you targeted advertisements, including by email, postal mail, SMS, mobile notification, social networks or third party websites.
In this context, Apoticaria is committed to respecting the rules applicable to each prospecting channel.
8.2. Prospecting by email and sms
Apoticaria complies with the rules of the Directive 2002/58/EC of July 12, 2002, which provides for the express prior consent of the User for the sending of commercial prospecting by electronic means (e-mail or SMS).
Thus, when you create your account on the site, you are expressly asked for your consent:
- To receive offers from Apoticaria by email
- To receive offers from Apoticaria's partners to whom your information may be sent
- To receive offers from Apoticaria by sms
Apoticaria will not send you personalized email or text messages if you have not consented to them.
There is an exception in the case where the User, without having given his prior consent, can nevertheless be canvassed if he is already a customer of Apoticaria and the purpose of the canvassing is to offer similar products or services.
In any case, the User has the possibility to oppose the reception of such solicitations by carrying out the following actions:
- When creating your account, check "no" in the boxes related to prospecting;
- For email, by clicking on the unsubscribe link provided in each email or by going to your Apoticaria account in the newsletter section;
- For the sms, by sending a stop SMS to the number indicated in it or by going to his account Apoticaria in the newsletter section;
- By contacting customer service.
When using our Service, information relating to the navigation of your terminal (computer, tablet, smartphone, etc.) may be recorded in "Cookies" files deposited on your terminal, subject to the choices you have expressed concerning Cookies and that you can modify at any time.
9.1. WHAT IS A COOKIE?
A cookie is a small text file saved by the browser of your computer, tablet or smartphone and which allows to keep user data in order to facilitate navigation and to allow certain features.
There are two types of cookies:
- first party cookies, deposited by Apoticaria for the needs of navigation and operation of the site;
- third party cookies deposited by third party partner companies in order to identify your centers of interest and to send you personalized offers. These third party cookies are directly managed by the companies that publish them and that must also respect the regulations on data protection.
9.2. FOR WHAT PURPOSES ARE COOKIES, TAGS AND TRACERS USED?
The Cookies that Apoticaria issues on the site and mobile application allow us to:
- to establish statistics and volumes of frequentation and use of the various elements composing our services. For this purpose, we use audience measurement cookies.
- to adapt the presentation of our Site according to the terminal used;
- to adapt the presentation of our Site according to the affinities of each user;
- to memorize information relating to a form that you have filled out on our Site (registration or access to your account, subscribed service, contents of an order basket, etc.);
- to allow you to access reserved and personal areas of our Site, such as your account, thanks to identifiers;
- implement security measures, such as requiring you to log back into your account after a certain period of time;
- share information with advertisers on other websites to provide you with relevant advertisements in line with your interests. In this regard, we use advertising cookies.
9.3. HOW TO CONFIGURE THE DEPOSIT OF COOKIES, TAGS AND TRACERS?
In accordance with the 2002/58/CE directive of July 12, 2002, Apoticaria collects your prior consent to the deposit of advertising, audience measurement and social network sharing cookies.
You can choose at any time to express and modify your wishes regarding cookies, by the means described below.
9.3.1. Setting up your browser
You can configure your browser so that cookies are saved on your terminal or, on the contrary, that they are rejected, either systematically or according to their sender. You can also configure your browser software so that you are offered the option of accepting or rejecting cookies from time to time, before a cookie is likely to be stored in your terminal.
How do you exercise your choices, depending on the browser you use?
Each browser has a different configuration for managing cookies and your choices. It is described in the help menu of your browser, which will allow you to know how to modify your wishes regarding cookies.
For Internet Explorer™: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies ,
For Safari™: http://docs.info.apple.com/article.html?path=Safari/3.0/fr/9277.html ,
For Chrome™: http://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647 ,
For Firefox™: http://support.mozilla.org/fr/kb/Activer%20et%20d%C3%A9sactiver%20les%20cookies ,
For Opera™: http://help.opera.com/Windows/10.20/fr/cookies.html
9.3.2. Setting the operating system of your smartphone
You have the possibility to control the deposit of Cookies on your smartphone in the operating system rules.
On iOS: https://support.apple.com/fr-fr/HT201265
On Android: https://support.google.com/chrome/topic/3434352
9.3.3. Setting cookies with a tool offered by Apoticaria
In order to comply with the regulations, Apoticaria uses a tool that allows the user to configure the deposit of cookies when connecting to the site www.apoticaria.com
To access the list of deposited cookies and to configure the deposit click here
9.3.4. List of audience analysis tools used by Apoticaria
- Google Adwords to analyze the sales made through this channel
- Google Analytics to analyze the type of audience
- Yandex Metrica to analyze user behavior on the site and improve the use of the site
- Google Tag Manager to analyze the behavior of visitors and improve the use of the site
- Facebook and Twitter sharing buttons:
10. WHAT IS THE DATA PROTECTION OFFICER OF APOTICARIA
10.1. WHAT ARE ITS MISSIONS?
The data protection officer appointed within Apoticaria is responsible for ensuring compliance with the regulations and rules described in this document.
In particular, he or she is responsible for establishing a register of personal data processing operations carried out within the company and for ensuring that these comply with the regulations and any changes to them.
He ensures team awareness and responds to users wishing to exercise their rights regarding the personal data collected by Apoticaria
10.2. HOW TO CONTACT THE DATA PROTECTION OFFICER
You can contact the data protection officer at email@example.com
To find out more about your rights, visit the website of your supervisory authority:
- In France, the CNIL: https: //www.cnil.fr
- In the UK, the ICO: https: //ico.org.uk
- In Spain, the AEPD: http: //www.agpd.es/portalwebAGPD/index-idfr-idphp.php
- In Portugal, the CNPD: https: //www.cnpd.pt/index.asp
- In Belgium, the OPC: https: //www.privacycommission.be/fr
- In Switzerland, FDPIC: https: //www.edoeb.admin.ch/edoeb/de/home.html