The company Maison Zilli (‘Zilli’) is the publisher of the website www.zilli.com (‘Website’), which involves the processing and storage of personal data of users of the Website (‘Users’).
‘User’ means any person who uses or has used the Website, including visitors to the Website.
‘Personal Data’ means any information communicated by Users and that serves to identify a User directly or indirectly.
The GDPR extends and facilitates access to Personal Data while reaffirming the basic principles needed to protect the User’s privacy (including by providing that the collection of Personal Data be minimalised, its use restricted and its storage time limited). It also preserves the integrity and confidentiality of the Personal Data itself.
ARTICLE 1 – MANAGEMENT OF PERSONAL DATA BY ZILLI
1.1 Nature of the Personal Data collected by Zilli
1.1.1 Zilli collects and processes Personal Data provided by Users on the Website, especially for the purposes of creating a customer account on the Website, effecting an online order, receiving a newsletter and contacting Zilli’s Customer Services.
Personal Data may include a User’s name, address, telephone number and e-mail address and his or her financial information (for example credit or debit card numbers), required to process orders and the payment of products ordered.
1.2 Why Zilli collects Personal Data
Zilli only processes Personal Data that is strictly necessary for the following purposes:
- To manage product orders effected on the Website;
- To manage after-sales support;
- To improve use of the Website;
- To manage information about Zilli products;
- For customer review management;
- To manage subscriptions for Zilli’s newsletter and for its circulation; and
- To obtain anonymised web traffic statistics.
1.3 Storage of Personal Data collected by Zilli
Personal Data provided by Users on the Website is stored on the server of the Website’s host, OVH, in France.
This Personal Data is kept for no longer than is required to meet the purpose for which it was collected.
On expiry of this period, the Personal Data will automatically be deleted or made anonymous.
At any time, you may request that your Personal Data be deleted (see Article 1.6).
1.4 Processing of Personal Data collected by Zilli
Personal Data, collected for the purposes mentioned in Article 1.2, is processed using IT tools.
In addition, Zilli may transmit Personal Data:
- To suppliers or third-party service providers, including postal services and Website providers and (for online payment) transaction processing and fraud prevention services.
- To any State body if, in good faith, Zilli considers that such disclosure is required to comply with the law or for legal proceedings; and
- To third party assignees, in the event that all or part of Zilli’s assets are sold.
1.5 Security of Personal Data collected by Zilli
1.5.1 Zilli has put in place specific security measures, to preserve the confidentiality of Personal Data and to prevent its unauthorised use.
Any financial information provided by Users on the Website, is stored at secure premises of a financial institution chosen by Zilli. Transactions concluded on the Website are protected by an SSL encryption process. However, all Users will be aware that no data transmission over the Internet is 100% secure and that all information communicated online may potentially be intercepted and used by those other than the intended recipient.
At any time, a User may request the deletion, anonymisation, a copy of, the updating of or amendment of all or part of his or her Personal Data (see Article 1.6).
1.5.2 The Website may contain hyperlinks to third party websites. Zilli does not have any control over the content or privacy policies of these websites.
1.6 Access and amendments to Personal Data collected by Zilli
1.6.1 In accordance with the General Data Protection Regulation 2016/679 (GDPR), any User may ask Zilli, at any time, to access, correct, update or delete, in part or in full, the Personal Data that he or she has provided on the Website.
A User may also make legitimate objections to the processing of this Personal Data and to its use for commercial purposes.
To enable the User to exercise any of these rights, Zilli has added a section to the User’s customer account on the Website entitled ‘Management of your data’.
Under this section, a User may request the total or partial deletion of his or her Personal Data by:
- using the Contact Form (that can be downloaded by clicking on the ‘Contact Form’ link); or
- by writing to Zilli directly, using the contact details referred to in Article 4 below.
1.6.2 Users are responsible for informing Zilli of any updates or changes to their Personal Data, including their postal and e-mail addresses, to enable their orders to be processed correctly.
Zilli may, for storage purposes, keep copies of its communications with Users and any replies to questions or comments sent to Users by Zilli’s Customer Service team.
ARTICLE 2 – COOKIES
Pursuant to the General Data Protection Regulation (GDPR) you must be informed of and give your consent prior to the insertion of cookies. Therefore, you may choose not to be tracked while visiting the Website. However, please note that, in accordance with the GDPR, some cookies are exempt from this consent requirement (for example, the cookies necessary for the Website to function).
2.1 What is a cookie?
A cookie is a small file that can be saved on the User’s terminal (computer, tablet, smartphone, etc.) on accessing a Website, reading an e-mail, installing or using software or a mobile telephone application.
Cookies enable websites, in particular, to function efficiently and improve their performance.
Cookies also provide information to the websites’ owners, for statistical or publicity purposes, mainly to personalise User browsing by remembering User preferences.
2.2 List of cookies used on the Website
2.2.1 The cookies needed for the proper functioning of the Website:
This cookie enables User sessions to be kept open while the User visits the Website, and allows the User to place an order. In particular, it enables the Website to remember the language selected by a User, the currency used, the last category of products visited, recently viewed products, and the User’s identifiers, login credentials, last name, first name, position, encrypted password and, if the User so desires, the e-mail linked to the customer account and the User’s identifiers for the shopping basket.
The default storage period for information collected via this cookie is twenty (20) days.
Operating cookies are essential for the proper functioning of the Website. In particular, they enable the presentation of the Website to adapt to the display preferences of the User terminal, to remember the User, to enable him or her access to password-protected areas (for example, the User’s customer account) on the Website, such as his account.
2.2.2 browser cookies or those called ‘audience measurement’:
- Google Analytics ga:
The default storage period of information collected via this cookie is two (2) years.
- Google Analytics gid:
The default storage period for this cookie is twenty-four (24) hours.
- Google Analytics gat:
The default storage period for information collected via this cookie is one (1) minute.
Navigation cookies called 'audience measurement' are used to determine how Users use the Website.
The elements thereby collected, enable Zilli to continually improve the browsing experiences of Users, in particular by establishing statistics and volumes of usage of the Website and by improving the usefulness and ergonomics of the services accessible via the Website.
In accordance with the General Data Protection Regulation 2016/679 (GDPR), a User may choose the length of time that Personal Data transmitted to Google Analytics is stored before being deleted. This choice can be changed at any time, by means of the cookie setting mechanism directly available on the Website.
On expiry of the chosen time limit or the one applied by default, the User’s Personal Data is deleted automatically.
2.3 User consent
2.3.1 The principle of freely given User consent
As a matter of principle, cookies require prior information to be given and a request for Users’ consent (especially those related to targeted advertising operations). The law nevertheless provides that some cookies are exempt from the requirement for consent.
Cookies requiring consent to be obtained cannot be transcribed on the terminal of Users, for so long as long as the User has not given his or her consent.
You have the choice to accept or refuse the installation of cookies. The refusal of a cookie requiring your consent does not affect your access to or your use of the Website.
2.3.2 Obtaining User consent
Except with the User’s prior consent, the installation and reading of cookies must not be carried out if the User:
- does not continue to browse; or
- clicks on the link present on the banner that enables cookie settings to be changed and refuses to allow cookies to be installed.
As soon as User goes to the Website (on the home page or any another page), he or she is informed, by a banner, of:
- the exact purpose of the cookies used;
- the possibility of rejecting the cookies and changing cookie settings by clicking on a link present in the banner; and
- the fact that the continuation of browsing is worth the User agreeing to the installation of cookies on his or her terminal.
HOWEVER, BY CONTINUING TO BROWSE THE WEBSITE, WITHOUT MAKING A SPECIFIC CHOICE, THE USER IS DEEMED TO HAVE GIVEN HIS OR HER CONSENT.
2.4. How to withdraw User consent
The User may, at any time, withdraw his or her consent, as easily as he or she can give it, through the cookie settings directly accessible on the Website.
Please note that:
- cookies needed for the proper functioning of the Website cannot be disabled (for example, the Prestashop Cookie, referred to in Article 2.2.1, that is required for the online store to function); and
- disabling any or all of the browsing cookies may limit the operation and performance of the Website and limit access to some of its functions and to the services accessible via the Website.
2.5 Period for which your consent to cookies is valid
Consent to cookies is valid for a maximum of thirteen (13) months, from the date on which they are first installed on your terminal pursuant to your express consent.
On expiry of this period, a User’s consent must be obtained again.
During the period for which consent to cookies is valid, this period cannot be extended during new visits by the User to the Website.
ARTICLE 4 – CONTACT
Any request relating to the processing of a User’s Personal Data may be sent at any time to Zilli:
- by post to the address: Zilli – ‘Service Client’ [Customer Services] – 48 rue François 1er - 75 008 Paris
- by e-mail using the form on the Website under the tab ‘Contact us’.