IKKS AND THE PROTECTION OF ITS CUSTOMERS’ PERSONAL DATA

YOUR PERSONAL DATA CONTROLLER

The data controller is IKKS Retail, a simplified joint stock company with a capital of €36,037,000, referred to hereinafter as IKKS. Registered offices: 8/10, rue Barbette - 75003 Paris, trade and companies’ register Paris n°479 960 965.


THE NATURE OF THE PERSONAL INFORMATION COLLECTED BY IKKS 

IKKS may collect the following personal information concerning Customers using the on-line retail site (Users) by means of forms or concerning in-store Customers by means of coupons which can be collected in the store: title, name, email address, postal address, mobile or landline telephone numbers, date of birth.

Customers using the on-line retail site may also register different delivery addresses or credit card details (card type and number, expiry date) in order to facilitate future payments. The voluntary registration of these payment card details is carried out according to the PCI DSS data protection standard and is not accessible to IKKS staff. It may only be used by organisations in charge of the protection and completion of on-line payments. 

Furthermore, IKKS uses the information relating to the browsing habits of site users on an “anonymous” basis in order to propose Products which correspond to their searches on the site.

IKKS also collects the interactions of user Customers with the Brand which are required to fulfil their various Brand requests and inquiries: adding products to the basket, placing orders, contacting Customer Services.

All the personal data collected by IKKS is provided by the user Customer by means of an active procedure.


REASONS FOR PROCESSING YOUR PERSONAL DATA

The personal data collected is processed digitally for the purpose of managing customer sales, commercial prospecting, informing customers about exclusive promotional offers and products, the latest Brand news and new products, the completion of satisfaction surveys and statistical analyses relating notably to the Products purchased and services used by customers.

The Customer’s personal data is collected for the following purposes:

1°) for pre-contractual or contractual processing: the creation and management of the Customer’s account in order to fulfil sales methods, manage customer complaints and the after-sales services and to respond to information requests from the customer or prospect;

2°) for processing based on the legitimate interest of IKKS: commercial prospecting, the creation of customer loyalty campaigns and satisfaction surveys and sending newsletters; the production of commercial statistics; the organisation of legal competitions.

3°) for processing whose legal basis is dependent on your consent: within the framework of geolocation: when the Site is accessed IKKS may invite the Customer to authorise the geolocation of the store in the vicinity of the Customer's location by activating, if required, the location service on their mobile device and/or tablet. This data allows for an approximate estimation of the latter’s location, subject to the Customer's prior agreement, in order to find the nearest store with a view to optimising the Product delivery conditions.


LEGITIMATE INTEREST OF IKKS IN THE PROCESSING OF YOUR PERSONAL DATA 

In addition to the enforcement terms of the sales contract which may bind IKKS to the Customer, the legitimate interest of IKKS consists, on the one hand, of doing its utmost to guarantee the security of the on-line retail site and a positive browsing and purchasing experience and, on the other hand, to obtain the means to understand the Customer’s requirements and expectations so that a response can be provided notably for the purpose of improving the Products and Brands proposed by IKKS.


LENGTH OF TIME DURING WHICH YOUR PERSONAL DATA WILL BE RETAINED BY IKKS

IKKS will retain the Customer's personal data on the following basis:

- all personal data collected from the Customer will be retained for the entire duration of the commercial relationship for a reasonable period from the end of said commercial relationship depending on the need to solve problems and improve services which may be provided by IKKS. Said data will no longer be used at the end of this period.

- personal data relating to sales which is required to comply with the legal and statutory obligations, notably compliance with prescription or archiving deadlines, will be retained in accordance with the legal periods (maximum of ten years) in a database of archives provided specifically for this purpose.


THE RECIPIENTS TO WHOM IKKS MAY PASS ON PERSONAL DATA COLLECTED 

The Customer's personal data may be transmitted/passed on to the following recipients:

- Companies and partners affiliated with the IKKS group.

- Government bodies and public organisations in the case of legal or statutory requirements.

- Firms in charge of data processing such as franchisees / affiliates, subcontractors and suppliers providing services to IKKS (messaging firms, communication firms, agencies, profile creation firms, etc.).

IKKS retains personal data collected in the European Union.

However, it is possible to an extremely limited degree that the data collected when the Customer is using the IKKS services or sites could be transferred to subcontractors or commercial partners located in other countries, some of whom may be governed by regulations on the protection of personal data which are less protective than those in force in the Customer's country of residence. In this case, IKKS will to its utmost to ensure that the required processing is carried out in accordance with our confidentiality policy and is governed by similar contractual clauses to those proposed by the European Commission in terms of guaranteeing an adequate level of protection for the private life and basic rights of individuals.


THE PROTECTION OF YOUR PERSONAL DATA BY IKKS 

IKKS and its partners use information protection techniques such as access control procedures, virtual private networks, firewalls and cryptographic mechanisms. The aim is to guarantee the confidentiality, integrity and authenticity of data and to limit the data collected and access to this data exclusively to its intended recipients in order to guarantee the confidentiality of information.

The IKKS site uses a security system according to the SSL encryption protection system (Secure Socket Layer) that encrypts information to protect as effectively as possible all sensitive data related to the payment means. Bank card details are protected by complying with the PCI DSS security standards.


THE RIGHTS OF HOLDERS OF THE PERSONAL DATA COLLECTED BY IKKS

All personal information which the Customer or User may be required to transmit to IKKS for the use of certain services is governed by the (EU) General Data Protection Regulation 2016/679 and the provisions of the amended Data Protection Act n° 78-17 of 6 January 1978.

In this context, the Customer or User will be granted the right to access, correct, remove, delete or transmit their data and the right to limit and oppose the processing of their personal data and information which may be exercised at any time by writing to the following address:

Protection des données personnelles
IKKS – Service Communication
94 rue Choletaise, 49455 SAINT-MACAIRE-EN-MAUGES

In order to access or amend personal data or cancel a registration, users may also click on "MY ACCOUNT" on IKKS.COM. For your information, the collection and processing of your personal data has been declared to the CNIL under no. 1008675.