Privacy Policy

Last updated: [01.10.2024]

This Privacy Policy outlines how EI Y.G. (“we,” “our,” or “us”) collects, uses, processes, and protects personal data of individuals (“you,” “your”) who interact with our services in accordance with French law and the European Union’s General Data Protection Regulation (GDPR).

Company Name

EI Y.G. (Witspell brand)
9 Rue des Colonnes, Paris, France, 75002

Contact: support@witspell.com

1. Data Controller

EI Y.G. is the Data Controller as defined by GDPR. We determine the purposes and means of processing your personal data.

2. What Personal Data Do We Collect?

We collect personal data that you provide to us or that we collect automatically when you interact with our services, which may include:

  • Identity Data: Name, surname, date of birth, gender.
  • Contact Data: Address, email address, phone number.
  • Transaction Data: Payment information, purchase history.
  • Technical Data: IP address, browser type, device information, cookie identifiers.
  • Usage Data: Information about your interactions with our services, including pages visited, links clicked, and content viewed.
  • Marketing & Communication Preferences: Your preferences for receiving marketing materials and your communication preferences.

3. Purpose of Data Collection and Use

We collect and process personal data for the following purposes:

  • To Provide Services: To manage and fulfill our contractual obligations, such as processing your orders, handling deliveries, and providing customer service.
  • For Legal Compliance: To comply with legal obligations, including tax, accounting, and mandatory reporting obligations under French and EU law.
  • To Improve Services: To monitor and improve the performance and experience of our website and services, analyze trends, and personalize your experience.
  • For Marketing Purposes: With your consent, we may send you newsletters, promotional materials, or other information related to our products and services. You may unsubscribe at any time.
  • To Ensure Security: To ensure the security of our website and services, including fraud detection, troubleshooting, and data breach prevention.

4. Legal Basis for Processing

We process your personal data based on one of the following legal grounds:

  • Contractual Necessity: Data is processed when it is necessary to perform a contract or to take steps at your request before entering into a contract.
  • Legal Obligations: Data is processed to comply with French or EU laws.
  • Legitimate Interests: Data is processed to pursue our legitimate interests (e.g., improving our services), except where your rights override those interests.
  • Consent: Where required, we will obtain your consent before processing your personal data (e.g., for marketing communications). You can withdraw your consent at any time.

5. How Long Do We Retain Personal Data?

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law. This may include:

  • Customer Records: Retained for the duration of the business relationship and 5 years thereafter for legal purposes.
  • Payment Information: Retained for the duration required by applicable tax and accounting laws (usually 10 years).
  • Marketing Data: Retained until you withdraw your consent or exercise your right to object.

6. Sharing of Personal Data

We may share your personal data with:

  • Service Providers: We may share data with third-party service providers who perform functions on our behalf, such as payment processors, hosting services, and marketing platforms.
  • Legal Authorities: We may disclose personal data to comply with legal requirements, respond to legal processes, or to protect our rights.
  • Business Transfers: If we undergo a merger, acquisition, or asset sale, your personal data may be transferred to the new entity.

7. International Transfers of Personal Data

If we transfer your data outside the European Economic Area (EEA), we ensure that it is adequately protected by:

  • Standard Contractual Clauses: Using contractual protections approved by the European Commission.
  • Adequacy Decisions: Ensuring that the destination country has been recognized as providing an adequate level of protection under GDPR.

8. Your Rights

Under the GDPR, you have the following rights concerning your personal data:

  • Right of Access: You have the right to request access to your personal data and to obtain a copy.
  • Right to Rectification: You may request correction of inaccurate or incomplete data.
  • Right to Erasure: You have the right to request deletion of your personal data under certain conditions (e.g., if the data is no longer necessary for the purposes for which it was collected).
  • Right to Restriction of Processing: You may request that we restrict the processing of your personal data under certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and request that it be transferred to another controller.
  • Right to Object: You may object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: If you have given consent for certain processing activities, you have the right to withdraw your consent at any time.

To exercise any of these rights, please contact us at [Insert Contact Information]. We will respond to your request within one month as required by GDPR.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve user experience and analyze traffic. Cookies may be set by us or third-party providers. You may manage your cookie preferences through your browser settings.

For more detailed information, please refer to our Cookie Policy link to the cookie policy.

10. Security of Personal Data

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. This includes secure servers, encrypted communications, and restricted access to personal data.

11. Data Breaches

In the event of a data breach that compromises your personal data, we will notify you and the relevant supervisory authority (CNIL) without undue delay if the breach is likely to result in a high risk to your rights and freedoms.

12. Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children without verifiable parental consent. If we learn that we have collected personal data from a child without consent, we will take steps to delete the data.

13. Supervisory Authority

If you believe that we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the French data protection authority (CNIL):

  • Commission Nationale de l’Informatique et des Libertés (CNIL)
    Address: 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07
    Phone: +33 1 53 73 22 22
    Website: https://www.cnil.fr

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page, and significant changes will be communicated to you directly. Please review this page periodically for updates.

For any questions or concerns regarding this Privacy Policy or the handling of your personal data, please contact us at:

  • Email: support@witspell.com

By using our services, you agree to the collection and use of your personal data as described in this Privacy Policy.