SCENTYS is a simplified single shareholder company with share capital of 470,806.60 euros, registered with the Paris Trade and Companies Register under number 478 525 009 and headquartered at 4, rue Chauveau Lagarde– 75008 Paris (hereinafter “We/Us”).
In the conduct of our business, we are particularly vigilant about keeping confidential the personal data we process and protecting your privacy in general.
We act in compliance with EU regulation 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the “General Data Protection Regulation”, or GDPR (hereinafter GDPR) and French Law 78-17 of January 6, 1978 on information technology, files and freedoms, as modified.
The terms “data controller”, “subcontractor”, “personal data”, “processing”, “personal data breach”, “member states” shall have the same meaning as in the GDPR and terms derived from them shall be interpreted in an identical manner.
Who is responsible for processing your personal data?
We control the processing of your personal data in the course of conducting our business.
If you have questions about the processing of your personal data, you can contact us:
When do we collect your personal data?
We may have collected your personal data when:
Personal data may be transmitted to us directly by you or by another individual in the company or organization you work for or on whose behalf you act.
Personal data may also be collected through cookies and other internet tracking technologies on our Website, such as your IP addresses, length of connection, language, location data, preferences, browsing history, etc. We invite you to review our cookies tool for more details.
What personal data do we collect?
We collect the following personal data:
The collection of this personal data is required. If this required information is not provided, we cannot create a customer account for you. These requirements to provide personal data are contractual in nature.
The collection of this personal data is required. If this required information is not provided, we cannot respond to your request. These requirements to provide personal data are contractual in nature.
The collection of this personal data (with the exception of title and date of birth) is required. If this required information is not provided, we cannot execute purchase contracts, manage the business relationship, or follow up on and respond to your claims. These requirements to provide personal data are contractual in nature.
The collection of this personal data is required. If this required information is not provided, we cannot respond to your application. These requirements to provide personal data are contractual in nature.
The collection of other personal data may also be required. You will be informed directly at the time of collection of all personal data the collection of which is required, of the contractual or regulatory nature of the obligation to provide it, and of the consequences of failing to provide said personal data. On the contact form on our Website, all fields for personal data that is required are marked with an asterisk.
You may provide personal data when using our Social Media and the free text fields in the contact form on our Website. You are hereby notified that you should provide only adequate and relevant information. You should not write comments that are excessive or insulting, or provide data that is considered sensitive with regard to article 9 of the GDPR (racial or ethnic origin, political opinions, philosophical or religious beliefs, union membership, data about health condition or sexual life, offenses committed, convictions, detention orders).
We do not process your personal data related to bankcards. Transactions are entirely processed via “SYSTEMPAY” and “STRIPE” payment modules.
What is the purpose and legal basis for processing your personal data?
Your personal data is collected for the purposes and on the legal bases outlined in the table below:
Identification and management of customer accounts
Management and processing of orders, deliveries, and product returns
Management of our communication with you
Management of the business relationship
Management of accounting
Management of job applications
Management of games and contests, polls and satisfaction surveys
Sending of messages with information about our business (e.g. greetings and wishes, event invitations)
Management of events we organize (sign-ups)
Audience measurement on our Website
To whom is your personal data sent?
The personal data we collect is intended, depending on the case, for the authorized staff in our customer relations, accounting, marketing, sales, legal and human resources departments.
We may also provide your personal data:
Where is your personal data stored?
Your personal data is stored on secure servers located in France.
However, we may transmit all or some of your personal data to certain subcontractors and partners operating outside the European Union for the purposes outlined above.
Transfers that may occur and precautions that will be taken are described below.
Country to which data is sent
(Standard contractual clauses, binding corporate rules or BCR, adequacy decision from the European Commission)
Partners based outside the European Economic Area (if necessary and subject to your consent)
Destination country varies case-by-case
The safeguard measure depends on the country in question and is verified if such a transfer is considered for a specific case.
How long do we keep your personal data?
Your personal data is kept only as long as is strictly required by the purposes outlined above.
When the periods listed above expire, your personal data will be either erased or anonymized.
As an exception, in the event of pre-litigation or litigation, all or some of your personal data may be kept for longer if it is relevant to said pre-litigation or litigation.
What are your rights and how can you exercise them?
Per the provisions of article 15 of the GDPR, and subject to exceptions, you have the following rights:
The existence of these rights notably depends on the legal basis of the processing that is the subject of the request. These rights are not without limitations and, in certain cases, we may reject your request (for instance, on legitimate and compelling grounds with regard to the right to object). Under certain circumstances, we may respond that your request cannot be met with a positive response from us and we will explain why we cannot comply.
If we have a reasonable doubt about your identity, we may request some additional information or documents to verify your identity (for instance, in certain cases, a black and white copy of the front of your French identity card).
In accordance with the conditions set forth in the regulation, you may exercise your rights by writing to us at the addresses given above. If you have a customer account on our Website, you can also access, modify, correct, or delete your personal data directly by going to the “My Account” page and then the tab “Your personal data”.
We will do our best to respond to your requests within a reasonable timeframe, and in all cases will respond by the deadline set by the regulations in force.
What steps do we take to protect your personal data?
Respecting your right to data protection, security and privacy is our priority.
All payments made online are handled in accordance with the payment card industry data security standard (PCI DSS). It is an international security standard that ensures the privacy and integrity of data and thus the security of transactions.
The organizational and technical security measures we implement are adapted to the degree of sensitivity of your personal data, to protect it from malicious attacks, accidental loss, accidental or illegal destruction, alteration or disclosure to unauthorized third parties.