PRIVACY POLICY

The present Privacy Policy applies to personal data (hereinafter referred to as 'Personal Data') processed in the course of your use of the website 'www.lilimargo.com' (hereinafter referred to as the 'Site').

1. PERSONAL DATA

All Personal Data collected on the Site are processed under Law No. 78-17 of January 6, 1978, relating to information technology, files, and freedoms, as subsequently amended, including by Law of June 20, 2018, incorporating Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons concerning the processing of personal data and on the free movement of such data, as well as any legislation or regulations that may supplement or replace it (hereinafter the 'Applicable Personal Data Regulation').

By entering your phone number during payment and initiating a purchase, or by subscribing via our subscription form or a keyword, you agree that we may send you SMS notifications (for your order, including abandoned cart reminders) and marketing offers by SMS. Marketing SMS messages will not exceed 10 per month. You acknowledge that consent is not a condition for any purchase.

If you wish to unsubscribe from receiving marketing messages and SMS notifications, reply with STOP to any mobile message sent by us or use the unsubscribe link provided in one of our messages. You understand and agree that alternative methods of unsubscribing, such as using alternative words or requests, will not be considered a reasonable means of withdrawal. Message and data rates may apply.

For any questions, send HELP by SMS to the number from which you received the messages. You can also contact us for more information. If you wish to unsubscribe, please follow the procedures above.

The processing of your Personal Data and its characteristics are defined in the processing table.

1.1 WHO PROCESSES YOUR PERSONAL DATA AND WHO HAS ACCESS TO IT?

1.1.1. Data controller

All Personal Data collected on the Site are processed under the responsibility of the company LILI MARGO, registered in the Nanterre Trade and Companies Register under number 833348650 and having its registered office at 99 rue Paul Vaillant Couturier, 92240, Malakoff (hereinafter "LILI MARGO" or "we"). Within the meaning of the applicable regulations, LILI MARGO is responsible for the processing concerned.

1.1.2. Recipients

Within LILI MARGO, and with regard to each processing operation, your Personal Data is only communicated or made accessible to those persons to whom it is necessary to communicate it for the needs and given the purpose of the processing operation in question.

Your Personal Data may be communicated to third parties for the purposes of the corresponding processing.

The recipients or categories of recipients of your Personal Data are identified in the processing table.

1.1.3. Transfer of Personal Data outside the European Union

Your Personal Data is stored on servers located in the European Union. They are not transferred outside the European Union.

1.2 WHAT ARE THE CATEGORIES OF PERSONAL DATA THAT WE COLLECT AND FOR WHAT PURPOSE(S)?

In accordance with the regulations applicable to Personal Data, we only process your Personal Data if one of the following conditions is met:

  • The processing of your Personal Data is necessary for the performance of a contract to which you are a party, and in particular the performance of your order on the site, or for the performance of pre-contractual measures taken at your request;
  • The processing of your Personal Data is necessary to comply with a legal obligation incumbent upon us;
  • The processing of your Personal Data is necessary for the pursuit of our legitimate interests;
  • You have expressly consented to the processing of your Personal Data for one or more specific purposes.

The Personal Data processed by us are listed by purpose in the processing table. We process your Personal Data only for the specified purposes and in accordance with the legal bases that are brought to your attention in the processing table.

We only collect Personal Data that is strictly necessary for the purposes detailed below.

Please note that in order to benefit from certain services and functions on the Site, you will be asked to provide certain Personal Data on a mandatory basis via collection forms. The mandatory nature of responses is indicated by an asterisk (*) in front of the corresponding box. The data identified as mandatory is required in order to benefit from the Site's functionalities. Failure to complete these fields will prevent you from accessing the corresponding functionality.

You are solely responsible for the accuracy of the Personal Data provided.

1.3 HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We only retain your Personal Data for the duration that is strictly necessary in light of the purpose of the processing. For each processing operation, these durations are specified in the table of processing operations.

1.4 HOW ARE YOUR PERSONAL DATA PROTECTED?

We are committed to protecting your Personal Data. To do so, we take all necessary physical, technical, and organizational measures to prevent any unauthorized or unlawful processing, as well as any accidental loss, destruction, or damage to your Personal Data.

1.5 WHAT ARE YOUR RIGHTS?

You have the right to access, rectify, erase, limit, and object to the processing of your Personal Data, as well as the right to data portability. You can exercise these rights by making your request to the addresses provided in the 'Contact Us' section, in accordance with the regulations in force. Please specify which right you wish to exercise and provide all necessary details for us to respond to your request.

These rights are exercised in accordance with applicable regulations.

  • The right of access means you can request at any time to be informed whether we are processing personal data about you and, if so, to be informed about which Personal Data is being processed and the characteristics of the processing.
  • The right of rectification means you can request the rectification of your Personal Data when it is inaccurate. You can also request that your Personal Data, if incomplete, be completed to the extent relevant to the purpose of the processing.
  • The right to erasure means you can request the erasure of your Personal Data, in particular when: (i) their retention is no longer necessary for the purposes for which they were collected; (ii) your Personal Data is processed based on your consent, and you wish to withdraw this consent, and there is no other legal basis for the processing; (iii) you have objected to the processing of your Personal Data and, as a result, you wish for them to be erased; (iv) your Personal Data has been unlawfully processed; (v) your Personal Data must be erased to comply with a legal obligation under EU law or French law.
  • The right to restriction means you can request that we restrict the processing of your Personal Data when: (i) you contest the accuracy of your Personal Data, for a period enabling us to verify the accuracy of your Personal Data; (ii) following processing that has been established as non-compliant, you prefer restriction of processing to full erasure of your Personal Data; (iii) we no longer need your Personal Data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims; (iv) you have objected to the processing of your Personal Data, and you wish for processing to be restricted while we verify whether the legitimate grounds you invoke override ours. Restriction of processing means that we will only store your corresponding Personal Data. We will not carry out any other operations on your Personal Data.
  • The right to object means you can object to the processing of your Personal Data when such processing is based on our legitimate interest. The right to object is subject to demonstrating a legitimate reason based on your specific situation. We will cease processing unless we have compelling legitimate grounds for the processing that override your interests, rights, and freedoms. When your Personal Data is processed for direct marketing purposes, you can object at any time to the processing of your Personal Data for such purposes.
  • The right to define directives regarding the fate of your data after your death allows you to communicate your instructions regarding the retention, erasure, and communication of your Personal Data after your death.
  • The right to data portability means you can request, in accordance with applicable regulations, to receive your Personal Data in a structured, commonly used, machine-readable format and to transmit it, or request us to transmit it directly to another party of your choice, where technically and legally feasible.

When we process your Personal Data based on your consent, you have the right to withdraw your consent at any time by contacting the addresses provided in the 'Contact Us' section. However, the withdrawal of your consent does not affect the validity of the processing carried out before such withdrawal.

2. COOKIES

2.1 WHAT IS A COOKIE?

A cookie is a tracker placed on your terminal that serves to record information about your visit and navigation on the Site.


When you connect to the Site, we may need to install cookies on your terminal.


Some cookies are essential for the use of the Site (these are called "essential" cookies), while others allow for customizing displayed content, generating visitor statistics, or displaying advertisements.


Essential cookies that are strictly necessary for providing a service you wish to access do not require your prior consent to be used.

2.2 COOKIES USED

Below, you will find information about the characteristics of the cookie used on the Site, its purpose, and how to disable it.

Cookie Name:
Prestashop Cookie

Purpose:
Storage of information necessary for the use of the site: Cookie creation date and acceptance memory; user's language; user message group; guest IDs if the user is logged in; current user login IDs; storage of user product comparisons; storage of first name, last name, email, current cart, encrypted password, login status (whether the user is logged in or not)

Lifespan:
1 month

If you reject or delete this cookie, some elements and associated functions of our Site may become unavailable to you, and your experience of using our Site may be diminished or even impossible.

2.3 STORAGE DURATION

The cookie is not stored for more than 1 month.

2.4 YOUR CHOICES REGARDING COOKIES

For cookies on your smartphone, instructions are available at the links below:


For iOS: https://support.apple.com/fr-fr/HT201265


For Android: https://support.google.com/chrome/topic/3434352

3. MODIFICATION OF THE PRIVACY POLICY

This Privacy Policy may be updated.


When you have provided us with a valid email address, we will inform you of such changes by email and provide you with the new version of the Privacy Policy before implementing the change. We also recommend that you regularly review this privacy policy to have a full understanding of our commitments to security and the protection of your Personal Data.

4. CONTACT US

For any questions regarding this privacy policy and for the exercise of your rights, you can contact us:

If the response provided does not satisfy you, you have the right to lodge a complaint with the National Commission for Informatics and Liberties ("CNIL")

  • by mail: Commission Nationale de l'Informatique et des Libertés

3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07

5. TABLE OF PERSONAL DATA PROCESSING

Account Opening

Management of Customer Accounts and Sending of Commercial Prospecting

Consent (Art.6.1.a GDPR)

Title, last name, first name, username, profile photograph, date of birth, company, email address, phone numbers, city, country, order history;

> 3 years from the opening of the account if no orders have been placed

In case of an order, the retention period is as indicated in the "Order Management" section

- LILI MARGO employees responsible for the website, customer service, and IT.

- External service providers responsible for IT maintenance and hosting of the website


Order Management

Management of Customer Contracts

Contractual Performance (Art. 6.1.b GDPR)

Title, last name, first name, username, email, company, billing address, delivery address, phone numbers, payment method, IP address,
order details, order number, tracking number, exchange of information during the order;

> 5 years from the end of the contract execution for orders placed by professionals (Article L 110-4 of the Commercial Code; Article 2224 of the Civil Code) or for orders with a value of less than 120 euros placed by consumers
> 10 years from the delivery for orders placed by consumers with a value of more than 120 euros (Article L 213-1 and Article D213-2 of the Consumer Code)
> 10 years from the closure of the accounting year for data used in accounting (Article L123-22 Commercial Code)

- LILI MARGO employees responsible for the website, customer service, and IT

- External service provider responsible for payments

- External service providers responsible for delivery

- External service providers responsible for IT maintenance and hosting of the website


Management of "LMClub" Rewards

Management of "LMClub" Contracts

Contractual Performance (Art 6.1.b GDPR)

Title, last name, first name, username, email, registration, "ambassador" code, billing address, phone numbers, bank identity statement, number of affiliates, total number of orders, order dates, order amounts, commission amounts, payment history;

> 5 years from the end of the contract execution

- LILI MARGO employees responsible for the website, customer service, and IT

- External service providers responsible for IT maintenance and hosting of the website


"Shopping Cart Abandonment" Reminders

Shopping Cart Abandonment Reminder

Consent (Art.6.1.a GDPR)

Email address;

> 3 years from the last login (the user is a identified customer or prospect)

- LILI MARGO employees responsible for the website, customer service, and IT

- External service providers responsible for IT maintenance and hosting of the website


Management of Information Requests

Management of Information Requests Made on the Website

Consent (Art.6.1.a GDPR)

Title, last name, first name, username, email address, phone numbers, city, country, request subject;

The retention period depends on the nature of the request. For example,

> Data related to a request regarding an ongoing order will be retained as indicated in the "Order Management" section

> Data related to requests about products offered for sale or the terms of the "Ambassador" program will be retained for 3 years from the last contact with the user in the absence of an order

- LILI MARGO employees responsible for the website, customer service, and IT

- External service providers responsible for IT maintenance and hosting of the website


Newsletter

Sending a Newsletter

Consent (Art.6.1.a GDPR)

Title, last name, first name, username, email address, city, country;

> Data is retained until unsubscribed
> In case of unsubscribing, data necessary for managing objections is retained for 3 years from the date of unsubscribing

- LILI MARGO employees responsible for the website, customer service, and IT

- External service providers responsible for IT maintenance and hosting of the website

- External service provider responsible for sending the newsletter

A "Consumer" Reviews

Management of Reviews Given by Consumers through Website Features and Reusable for Promotion in accordance with the terms of a license.

Contractual Performance (Art 6.1.b GDPR)

Name, last name, username, publication date, review;

> 5 years from the end of the contract execution

- LILI MARGO employees responsible for the website, customer service, and IT

- External service providers responsible for IT maintenance and hosting of the website

- External service provider responsible for communication


Advertising Targeting

Targeted Advertising

Consent (Art.6.1.a GDPR)

Email, browsing information, IP address

> 13 months from the date of consent

- LILI MARGO employees responsible for the website, customer service, and IT

- External service providers responsible for IT maintenance and hosting of the website

- External service provider responsible for communication


Sales Statistics

Sales Analysis

LILI MARGO's legitimate interest in establishing statistics in order to have an overall view of its sales, analyze its results to improve its services (Art 6.1.f GDPR)

Name, last name, email address, sales information

> 3 closed financial years following the last transaction with the user.

- LILI MARGO employees responsible for the website, customer service, and IT

- External service providers responsible for IT maintenance and hosting of the website


Connection Tracking

Connection and Browsing Log

Consent (Art.6.1.a GDPR)

Lorsque l'utilisateur s'est connecté via son compte: les données traitées sont toutes les informations du compte


Lorsque l'utilisateur ne s'est pas connecté via un compte client, seule l’adresse IP et les informations de navigation sont collectées.

> 13 mois pour les données issues de cookies
> 3 ans à compter de la dernière connexion dès lors que l'utilisateur est client ou prospect identifié

- salariés LILI MARGO en charge du Site web, du service client et de l’informatique.

- prestataires externes en charge de la maintenance informatique et de l’hébergement du Site

- prestataire externe en charge de la communication