Preamble

This Privacy Policy forms an integral part of the General Terms and Conditions of Use (GTCU) of the site. The definitions set out in the GTCU also apply to this policy.

The purpose of this policy is to inform users about how their personal data is collected, used and protected by Novosto, and about the rights they have regarding this data.

Definitions

The following terms, used in the singular or plural in this Privacy Policy, have the following definitions:

  • Intermediate archiving : Temporary transfer of personal data still of administrative interest (litigation, legal obligation) to a separate database with restricted access, prior to deletion or anonymisation.
  • Privacy Policy : This policy for the protection of users' personal data forms an integral part of the General Terms and Conditions.
  • Terms and conditions : Refers to all the general terms and conditions of use, service and sale of the site.
  • Personal data : Any information relating to an identified or identifiable natural person, collected and processed by Novosto as part of the use of the site.
  • Specific rights : Rights granted by the regulations on personal data to data subjects concerning the processing of their data, detailed in Article IX.
  • Person concerned : Website user (web user, customer, subscriber) whose personal data is processed by Novosto.
  • Regulation on Personal Data: Law no. 78-17 of 6 January 1978 as amended and the General Data Protection Regulation (RGPD).
  • Novosto : The company e-namae OÜ, whose registered office is at Lõõtsa tn 5, 11415, Tallinn, registered under number EE102333112.
  • Terminal(s) : Device used by the user to access the site (computer, tablet, smartphone, etc.).

Legal basis for processing

Fundamentals of Data Processing

In order to use the Website and benefit from its services, the Data Subject must accept, as a minimum, the General Terms and Conditions of Use, as well as, if applicable, the General Terms and Conditions of Sale and/or the General Terms and Conditions of Service. These documents establish a contractual relationship between the Data Subject and Novosto, forming the legal basis for the collection and processing of Personal Data by Novosto.

This Personal Data is required to carry out various processing operations linked to the performance of the contractual relationship, the purposes of which are detailed in the paragraph entitled "Purposes of processing".

Processing is also necessary to comply with a legal obligation to which Novosto is subject. For example, Novosto must keep logs of access to the Website in accordance with Decree No. 2011-219 of 25 February 2011 on the retention and communication of data identifying any person who has contributed to the creation of content posted online.

The processing of Personal Data is also justified by the legitimate interests pursued by Novosto or by a third party, unless those interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require the protection of personal data, in particular if the Data Subject is a child.

Novosto may have a legitimate interest in processing Personal Data, for example, to prevent fraud. In this case, Novosto ensures that the processing is necessary to achieve this legitimate interest and assesses its consequences for the Data Subject, taking into account the nature of the Data processed and the manner in which it is processed.

Novosto takes care not to harm the interests or fundamental rights and freedoms of the Data Subject by allowing him or her, at any time, to object to all or part of the processing described in these Privacy Policies and to exercise his or her Specific Rights, in accordance with the conditions set out in the paragraph entitled "Specific Rights".

Treatment objectives

The Personal Data of the Data Subject is necessary to allow access to the Website, its use and improvement, and to allow Novosto to :

  • To carry out operations related to its commercial relationship with the Data Subject, including the management of invoices, accounting, the monitoring of customer relations with a Customer or Subscriber, such as carrying out satisfaction surveys, managing complaints, the use of the Site and services in general.
  • To select Customers or Subscribers for studies, surveys and product tests, as well as loyalty-building, canvassing and promotional activities.
  • To personalise communication with Customers or Subscribers, in particular by means of informative e-mails, according to their preferences and their use of the Site.
  • Carry out canvassing operations, including the technical management of canvassing operations (standardisation, enrichment, de-duplication).
  • Carrying out commercial canvassing operations.
  • Produce sales statistics, analyses and marketing tools (including classification, scoring, etc.).
  • To organise competitions, lotteries or any other promotional operation, with the exception of online gambling subject to approval by the French Online Gambling Regulatory Authority (Autorité de Régulation des Jeux en Ligne).
  • To manage requests to exercise Specific Rights under the conditions set out in the paragraph entitled "Specific Rights".
  • Managing unpaid bills and disputes.
  • To manage comments made by Data Subjects on the Website and/or on internet pages published by Novosto, such as social network pages.
  • Combating fraud.

Storage of Personal Data

The Site is hosted by a company whose contact details are given in the General Terms and Conditions of Use, which can be accessed from the footer of the site.

All necessary precautions have been taken to store the Personal Data of Data Subjects in a secure environment, in order to prevent any alteration, damage or access by unauthorised third parties. The information provided by the Person Concerned will never be transmitted to third parties for commercial purposes, nor sold or exchanged, except with the express prior consent of the Person Concerned.

Collection of Personal Data on the Site

Novosto collects the following Personal Data during the creation of an Account and its subsequent use, which are provided by the Customer and Subscriber during their browsing and kept for a period of three (3) years, on an active basis, from the last connection of the Person Concerned to the Site:

  • Gender
  • Date of birth
  • E-mail address
  • Identifier used on the Site
  • Payment identifier
  • Delivery address
  • Invoice address
  • Telephone number

Connection data (date, time, IP address, pages consulted) of the Person Concerned when browsing the Site, in particular those linked to the use of Specific Services by the Subscriber.

  • Data provided by the Subscriber on the Site when using the Specific Services.
  • The reason(s) for exclusion, if applicable (evidence of behaviour, less than one month old, justifying the exclusion).

This Personal Data is also kept in Intermediate Storage for a further period of two (2) years in accordance with the common limitation period.

  • Bills
  • Amount of transactions carried out and the date and time of these transactions

The data mentioned above is also kept in Intermediate Storage for a further seven (7) years, in accordance with Novosto's tax and accounting obligations.

Only the Personal Data designated as compulsory on the Site is required to have an Account.

Communication of Personal Data to Third Parties

Novosto may communicate certain Personal Data to third parties when this is necessary for the completion of Orders, in accordance with the General Terms and Conditions of Sale, or for the Subscription, in accordance with the General Terms and Conditions of Service. These communications are made in order to guarantee in particular:

  • Shipment of Products
  • The fight against fraud
  • After-sales service, etc.

Securing online transactions

In accordance with the General Terms and Conditions, the Site uses the technology of various PSP (Payment Service Provider) companies to secure the banking transactions of Customers and Subscribers.

When a payment is made on the Website, the Concerned Party's bank details are transmitted in encrypted form to the company processing the payment, without Novosto being able to read them.

Novosto does not collect the full credit card number of the Customer or the Subscription, nor its cryptogram.

In order to exercise their rights, such as those identified in the "Specific Rights" paragraph, relating to their bank card details, the Data Subject is invited to contact the company that processed the payment directly. To obtain the contact details of the PSP company, please contact Novosto at contact@Novosto.com.

Specific rights

In accordance with the Personal Data Regulations, the Data Subject has the right, at any time, to benefit from the following Specific Rights:

  • Data access
  • Data rectification
  • Deleting data
  • Limitation of data processing
  • Data portability
  • Opposition to data processing
  • Drawing up post-mortem instructions

Access rights

The Data Subject has the right to ask Novosto for confirmation of the processing of his/her Personal Data, as well as to access this data and the following information:

  • The purposes of the processing ;
  • The categories of Personal Data concerned;
  • The recipients or categories of recipients to whom Personal Data have been or will be communicated;
  • The envisaged retention period for Personal Data, or the criteria used to determine this period where this is not possible;
  • The right to request rectification, erasure or restriction of the processing of Personal Data, or to object to such processing;
  • The right to lodge a complaint with the CNIL ;
  • The information available on the source of the Personal Data if it is not collected from the Data Subject;
  • The existence of automated decision-making, including profiling, as well as information on the underlying logic and the intended consequences of this processing for the Data Subject.

Where Personal Data is transferred to a third country or an international organisation, the Data Subject has the right to be informed of the appropriate safeguards relating to such transfer.

Novosto provides a copy of the Personal Data being processed. A reasonable fee based on administrative costs may be charged for any additional copies requested by the Data Subject. If the request is made electronically, the information will be provided in a current electronic format, unless the Data Subject requests another format.

The Data Subject's right to obtain a copy of his or her Personal Data must not infringe the rights and freedoms of others.

Rectification of Personal Data

The Data Subject may ask Novosto, as soon as possible, to correct inaccurate Personal Data concerning him or her. Furthermore, the Data Subject may request that incomplete Personal Data be completed by providing an additional declaration.

Erasure rights

The Data Subject has the right to ask Novosto to delete his/her Personal Data as soon as possible in the following cases:

  • Personal Data are no longer necessary for the purposes for which they were collected or processed by Novosto ;
  • The Data Subject has withdrawn his/her consent to the processing of his/her Personal Data, and there is no other legal basis for such processing;
  • The Data Subject exercises his/her right to object in accordance with the conditions set out below, and there are no compelling legitimate grounds for the processing;
  • Personal Data have been processed unlawfully;
  • The deletion of Personal Data is necessary to comply with a legal obligation;
  • The Personal Data has been collected from a child.

Limitation of Personal Data Processing

The Data Subject may ask Novosto to limit the processing of his/her Personal Data in the following situations:

  • Novosto reviews the accuracy of the Personal Data after the Data Subject has challenged its accuracy;
  • The processing is unlawful and the Data Subject refuses the deletion of the Personal Data, requesting instead their limited use;
  • Although Novosto no longer requires the Personal Data for processing, it is still necessary for the Data Subject to establish, exercise or defend legal claims;
  • The Data Subject has objected to the processing in accordance with the conditions set out below, and Novosto assesses whether legitimate grounds justify the processing.

Right to the portability of Personal Data

The Data Subject has the right to receive from Novosto his/her Personal Data in a structured, commonly used and machine-readable format in the following cases:

  • Where the processing of Personal Data is based on consent or on a contract ;
  • When processing is carried out using automated procedures.

When the Data Subject exercises his/her right to portability, he/she has the right to request that the Personal Data be transmitted directly by Novosto to another controller designated by him/her, insofar as this is technically possible.

The Data Subject's right to the portability of his or her Personal Data must not compromise the rights and freedoms of others.

Exercising your right to object

The Data Subject has the right to object at any time, on grounds relating to his/her particular situation, to the processing of his/her Personal Data based on Novosto's legitimate interest. In this case, Novosto will cease processing the Personal Data, unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject, or if the Personal Data must be kept for the establishment, exercise or defence of legal claims.

We would also like to remind you that if the Data Subject has provided a telephone number, he or she has the right to register on a telephone anti-solicitation list.

Post-mortem directives and management of personal data after death

The Data Subject may provide Novosto with instructions concerning the retention, deletion and communication of his/her Personal Data after his/her death. These instructions may also be registered with a certified trusted digital third party. These instructions, similar to a "digital will", may designate a person to carry them out. In the absence of such instructions, the Data Subject's heirs will be designated.

In the absence of directives, the heirs of the Person Concerned may ask Novosto :

  • Access to the personal data needed to organise and settle the deceased's estate;
  • Communication of digital assets or data of sentimental value that can be passed on to heirs;
  • Closure of the Data Subject's account on the Site and opposition to any further processing of his/her Personal Data.

The Data Subject may also indicate to Novosto at any time that he or she does not wish his or her Personal Data to be communicated to a third party in the event of his or her death.

Exercising Users' Specific Rights

Users may exercise their specific rights by contacting Novosto at any time:

  • By e-mail to the following address contact@Novosto.com
  • By post to the following address: e-namae OÜ, Lõõtsa tn 5, 11415, Tallinn.

In order to guarantee the authenticity of requests, Novosto may request information to confirm the user's identity, such as surname, first name, e-mail address and a copy of a valid form of identification.

Novosto undertakes to process the User's request within a maximum of one (1) month from receipt. This period may be extended by two (2) months if necessary due to the complexity or volume of requests, in which case Novosto will inform the User.

However, in the event of a request for deletion of personal data or exercise of the right to erasure, Novosto reserves the right to retain such data in the form of Intermediate Storage in order to comply with its legal obligations or for evidential purposes during the applicable limitation period.

Finally, the user has the right to submit a complaint to the competent supervisory authority, the CNIL.

The security of your password

Novosto implements robust security measures to ensure the secure storage of the Data Subject's password. However, the reliability of this password also depends on its initial choice.

The Data Subject is reminded that his or her password must meet certain criteria to be considered valid. It must contain at least 8 characters and include at least 3 of the 4 following types: upper case, lower case, numbers and special characters.

To make it easier to create complex passwords, mnemonic methods can be used. For example, you can take the first letters of each word in a meaningful sentence, such as "Un Mot de Passe se reten !", which can be transformed into "1mdp@sr !". Other tricks include capitalising names, retaining punctuation marks such as the exclamation mark, and representing numbers by their digits.

Cookies placed on the Terminal of the Person Concerned after their visit to the Site

The cookies placed on the Terminal of the Person Concerned after his/her visit to the Site are used for various purposes. They are used to make it easier for the Person Concerned to access the Site and to collect information about their browsing.

These cookies record the different pages visited by the Person Concerned, as well as the dates and times of consultation, without ever allowing Novosto to personally identify the Person Concerned. They are stored on the Terminal of the Person Concerned for no longer than thirteen (13) months.

In addition, the personal data collected from cookies issued by Novosto or third parties is used in particular to:

  • to compile statistics on visits to and use of the Site in order to improve its services;
  • to adapt the presentation of the Site to the display preferences of the Data Subject's Terminal;
  • to store information relating to forms filled in by the Data Subject on the Site, such as when registering or accessing his/her account;
  • to implement security measures, in particular in the event of the need to reconnect the Data Subject after a certain period of time.

Through the use of cookies, Novosto also collects and processes various data, such as :

  • information about the Data Subject's Terminal (type, operating system, plug-ins, Internet service provider, browser, advertising identifier, IP address, language preferences);
  • the Data Subject's browsing data on the Site (consultation of pages, URL, etc.);
  • information about the Data Subject him/herself (age, gender, socio-professional category, presumed interests, etc.), obtained through his/her online activity and provided by third parties such as advertisers or advertising agencies.

Opposition to cookies

On their first visit to the Site, Data Subjects are informed that they may refuse to accept the cookies that are necessary for the operation of the Site. They may do this by configuring their Internet browser or by exercising their choices on this page (see below).

While browsing the Site, information may be recorded or read on the Data Subject's Terminal, depending on his or her preferences.

[Insert the opt-out option for each cookie].

For further assistance, Data Subjects may consult the dedicated help pages of their browser, including the most common browsers:

The Data Subject may also configure his/her browser to send a signal indicating to websites that he/she does not wish to be tracked ("Do Not Track" option):