Auriseo is compliant with the provisions of the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and with French Data Protection Law no. 78-17 of 6 January 1978.
2. Who is the data controller ?
Any information provided by the User when they visit the Website (especially when they create and update their customer account, purchase a product on the Website, or subscribe to the newsletter) is processed by the company AURISEO, a simplified joint-stock company with share capital of €62,658.90, registered in the Cahors Trade Register under number 508 151 511, with registered office at 1134 Chemin du Bartassec 46000 Cahors. The company operates under the trade name ‘Audilo’.
To this end, Auriseo is the data controller and defines for what purpose and how your personal data will be used (the data processing ‘purposes’).
Auriseo processes some personal data when the User browses the Website (see below).
3. Your data is collected for the following processing purposes:
- To ensure the creation and management of your customer account – Auriseo needs information concerning you to create and manage your customer account, which facilitates the purchase process on the Website (audilo.co.uk). The lawful basis for this processing is the execution of pre-contractual measures and of the contractual relationship.
- To manage orders and customer relations – Auriseo needs information concerning you to manage you orders and follow up on them (for example : purchase of a product, payment, delivery, invoicing, customer relations monitoring). The lawful basis for this processing is the execution of the contractual relationship between the parties.
- To carry out commercial marketing – Auriseo may use information collected via the Website to send you advertising or information. The lawful basis for this processing is the User’s consent or Auriseo’s legitimate interest in carrying out commercial marketing, depending on whether the advertising is sent electronically or by post.
- To organise a survey or competition – Auriseo may collect information to organise competitions or surveys, to organise the awarding of prizes to competition winners and to improve use of the website. The lawful basis for this processing is the User’s consent or Auriseo’s legitimate interest in organising surveys for research purposes and in improving its services.
- To pass on your data to commercial partners – only with your consent, Auriseo may provide your data to selected commercial partners, so that they may send you information and advertising. The lawful basis for this processing is the User’s consent.
- To gather statistics and improve the Website – Auriseo may use any data collected to analyse activity on the Website and improve the services it offers. The lawful basis for this processing is Auriseo’s legitimate interest in improving its services.
4. What kind of data do we collect from you ?
Auriseo may collect the following personal data from you: title, full name, email address, password, date of birth, delivery address, billing address, phone number, payment information, IP address, connection data and browsing data.
This data is collected at the different stages of the user journey on the Website:
- creating a customer account
- changing your customer account information
- purchasing a product on the Website
- subscribing to the newsletter
- taking part in a survey or competition
When providing a certain piece of information is optional, this will be indicated next to the field. When providing a certain piece of information is mandatory, you must enter this information. Otherwise, Auriseo will be unable to carry out its processing task (validating an order or ensuring subscription to a newsletter, for example).
Auriseo may collect certain sensitive information (including health information) provided by the User (via the contact form, for example). In this event, the User expressly consents to this personal data being processed. In this case, the User may withdraw their consent at any time by sending a request to the department indicated in article 11. Please note that if you withdraw your consent, this does not affect the legality of any processing based on your consent given before this withdrawal.
5. Who receives the collected data ?
5.1. Data collected on the Website (audilo.com) is passed on to internal services.
5.3. Data may be passed on to the following subcontractors:
- OVH, the website host;
- LYRA NETWORK (PAYZEN), an online payment service provider, so that it can provide its online payment service when you order products from us.
These subcontractors have limited access to the User’s details and are required to use them in accordance with the provisions of applicable data protection regulations.
Auriseo ensures that its subcontractors process data securely.
5.4. Auriseo may also share data with third parties, such as commercial partners, provided that you have expressly given your consent to this transfer, so that they can send you information and/or advertising. A list of our current partners is available upon request.
5.5. Finally, in order to fulfil our legal obligations, your personal data may be passed on to the authorised administrative and legal authorities, upon request from these authorities.
6. Transfer of data outside the European Union
We do not transfer your data outside the European Union.
7. Personal data retention period
Auriseo only retains your data for the time necessary for the purposes for which this data was collected to be fulfilled and for as long is allowed by the applicable laws.
This retention period varies according to the processing purpose. To find out more about these retention periods, please contact firstname.lastname@example.org
Once it is no longer needed for the processing purposes, Auriseo will delete your data from its systems and/or will take measures to anonymise it so that it cannot be used to identify you.
8. Your data rights and how to exercise them
The User enjoys the following data rights:
- The right to access, which includes the right to obtain a copy of your personal
data held by Auriseo.
- The right to data portability, which includes the right to obtain your personal data
held by us in a structured, interoperable, electronic format and
the right to it being transferred to another data controller. The User may exercise their right to
data portability by going to the ‘MY PERSONAL DATA’ tab in their customer
account. Here, the User can download their personal data held by Auriseo for free
onto an electronic medium.
- The right to rectification, which covers your right to seek rectification of incomplete or inaccurate personal information being processed. You may modify the personal data that appears in your customer account at any time by logging in to your account.
- The right to have your data erased, which is your right to request the erasure of your processed personal data. The data will be erased subject to legal obligations to retain it.
- The right to restriction of processing, which corresponds to the right to have the processing of your data restricted when you dispute the correctness or legality of the processing of your data.
- The right to object (for reasons relating to your
specific situation) to Auriseo’s processing of your data. We will respect your request unless we provide a legitimate reason otherwise, in accordance with the applicable regulations in force.
- The right to withdraw your consent at any time, when the data was collected after you gave your consent. The User is hereby informed that, should they withdraw their consent to a specific type of processing of their personal data (subject to contractual and legal restrictions and reasonable warning), the service for which they gave their consent will no longer be provided.
- The right to define guidelines regarding the retention, the erasure and the transfer of your personal data after your death, in accordance with the provisions of article 40-1 of French Data Protection Law no. 78-17 of 6 January 1978.
Furthermore, if the User no longer wishes to receive commercial or marketing communications from Auriseo, they are reminded that they can unsubscribe at any time by clicking on the unsubscribe link present in all emails received.
The User may exercise all their rights by writing us (with proof of identity):
- an email to the address: email@example.com , or
- a letter, addressed to: AURISEO, 8 passage des deux soeurs, 75009 Paris
Auriseo will respond to the User within a month of their request to exercise their rights, either to provide a response or to notify them that Auriseo requires more time to provide a response. Auriseo is not obliged to agree to a User request that is clearly unfounded or excessive.
In any event, the User is informed that they have the right to lodge a complaint with the competent data protection authority.
9. Data security
Auriseo implements organisational and technical security measures to protect personal data against alteration, destruction and unauthorised access.
10. Minors’ personal data
Please note that registration on the Website is reserved for those aged 16 or over. Auriseo does not intend to collect or process personal data belonging to minors under the age of 16. Therefore, if you are under 16, please seek permission from your parent or guardian before providing information via our Website. Without this consent, minors are not authorised to provide us with information. If they do so, we will cease to process their personal data as soon as we are made aware of their age. Auriseo will not be held responsible if information belonging to minors is entered during the registration process in violation of these provisions.
You can also contact us by writing us:
- an email to the address: firstname.lastname@example.org , or
- post, addressed to: AURISEO, 8 passage des deux soeurs, 75009 Paris
Auriseo reserves the right to update this Policy according to the legal, technical and commercial situation. Should this occur, Auriseo agrees to publish the new version on the Website. Auriseo will also inform its Users of the modification via email as soon as possible if it is a significant modification that affects the processing of their data. If the User disagrees with the terms of the new wording of the policy, they may delete their account or exercise their rights in accordance with article 8.
Any User without an account will be informed via an alert on the Website home page.