Last updated: June 2019
This page presents in detail how your personal data of User of the Internet site www.ray-jane.fr (the Site ) are collected and treated by Domain Ray-Jane ( Us , as the Controller of the treatment) and our sub-contractors.
For faster reading, you can view our simplified Privacy Statement .
Protecting your data is important to us. We respect your privacy and want to provide you with a clear and transparent understanding of the data we collect.
You have rights of access, rectification, opposition, portability, limitation and deletion of your personal data.
To exercise these rights, please write to the address of the Controller :
353 av. du Bosquet
83330 Le Castellet
The Site does not process any particularly sensitive data.
To provide the best security possible, the Site always processes your personal data by transmitting them encrypted. Encryption is ensured by the use of the technology called " Let's Encrypt ".
The data collected by the Site is accessible to the Controller and to the following subcontractors (data processors) :
- OVH : company providing the web hosting services of the Site,
(OVH RCS Lille Métropole 424 761 419 00045, 2 rue Kellermann, 59100 Roubaix, France)
- Actucom : provider responsible for the creation and the maintenance of the Site.
( Actucom , Graphic Design and Webdesign, 42 Avenue des Combattants, 69500 Bron, France)
No other subcontractor has access to the server or interfaces that may display the personal data collected by the Site.
The Credit card data are forwarded to the Financial Service Stripe Inc (whose head office is currently located 3180 18th Street - Ca 94110 San Francisco, USA), responsible for the payment transactions of the Site.
Treatments that do not require your consent
Tracers ( Cookies )
When you interact with our content, web analysis and statistical measurement technologies allow us to understand your interest in our offers and to improve them. Cookies are used for this purpose. By default they are kept for a maximum of 13 months.
The Site uses other Cookies for technical reasons only. They allow the provision of the service that is expressly requested by the User, that is to say : the secure consultation of a merchant site.
The session cookie that is necessary for the functioning of the system (web content management system) is destroyed when the session expires, or when the user exits his browser.
The Cookies named 240planBak and 240plan are created by the hosting service (OVH). They have a duration of 15 minutes. They are used as part of the HTTP services technique called "load balancing" for which no specific consent is required.
Apart from these cookies, the site does not store nor transmit any cookie that may contain your personal data.
Our "Cookie Management" page explains how to delete cookies and how to disable their use with the major Internet browsers.
In order to allow the provision of the service expressly requested by the User, that is to say, the secure consultation of a merchant website, the Site records logs of data relating to invalid connection attempts, errors (navigation, loading, payment, etc.) and development information such as the use of obsolete applications.
The logs about blocked attacks are also kept up-to-date by the various components of the system, including anti-virus and firewall softwares.
In order to be relevant, the information recorded in the logs include the IP address of the user and a timestamp. In the absence of crossover with our other treatments allowing a more precise identification of the Users, the collection of data for the logs of the Site does not require the express consent of the User.
Log data are automatically deleted after 90 days, except for blocked attacks that are retained indefinitely for security reasons.
Treatments that require your consent
The consent of the User is collected before or during the collection of the data that are used by these treatments.
Information collected during customer account creation
The name and email address of the User are collected during the creation of his account, as well as his preferences regarding subscriptions to newsletters that are sent by the Controller.
Thanks to the collection of these data, the User can receive targeted information, mainly free invitations that are likely to interest him based on its regional location.
These data are kept for three years from their collection or from the last contact from the User.
As soon as he logs into his account, the Registered User can access a "Personal Data" page allowing him to change his consent to subscribe to the various newsletters.
Information collected during the order
To complete an order, the User must provide his contact, billing and delivery information. These data are collected so as to enable the User to purchase deliverable goods and services, to process orders and to meet legal obligations regarding the sales made on the Site.
In accordance with the French Commercial Code (Article L. 123-22) personal data relating to purchases that are made on the Site are kept for 10 years (purchase orders, delivery notes, invoices, etc.).
The credit card details of the User are processed by the Site only during the completion of the purchase transaction made by the User. They are not retained by the Site, but are immediately forwarded to the Financial Service Stripe Inc . headquartered in the United States.
By adhering to the principles of "Privacy Shield", Stripe Inc. provides the guarantees compliant with the GDPR to regulate the transfer of personal data received from entities of the European Economic Area.
As this transfer is based on a European Commission adequacy decision concerning a country and a certification mechanism ensuring an adequate level of protection, it does not require any particular authorization from the supervisory authority (the CNIL, in France).
For the sake of transparency, the controller, however, voluntarily ensures to inform the persons that are concerned of the transfer to Stripe of the data of their payment card and of the certification of compliance to the "Privacy Shield" presented by Stripe ( https: // stripe. com / privacy-shield-policy ) and verifiable at https://www.privacyshield.gov/
The storage of the baking data on into an intermediate database is therefore managed by Stripe Inc.
Archived bank data are only accessible to the controller in a secure and anonymous way: the name of the cardholder and the verification code are missing and the card number is truncated.
Stripe is required to retain banking information so as to comply with its legal and regulatory obligations and for the purpose of monitoring, preventing and detecting fraud. Stripe also retains personal data in order to comply with its tax, accounting and financial obligations, when required by its contractual obligations with its financial partners, and when the retention of data is prescribed by the payment methods that Stripe supports. Stripe attests that when it retains data, it does so in accordance with the current limitation periods and retention requirements prescribed by applicable law.
Since the bank data sent to Stripe are not kept in the active database of the site, the proper retention time for these data is therefore a factor that Stripe Inc. has to assess and apply as a,n international financial service.