BACK2SLEEP processes personal data ("Data") in the course of its business, including the Data of persons browsing its website (the "Site").
BACK2SLEEP may modify or supplement its Policy at any time, in particular in order to comply with any changes in legislation, regulations, case law or technology.
Personal data" is any information relating to an identified natural person who can be identified directly or indirectly from that data.
The term "Processing" refers to operations or sets of operations involving Personal Data, regardless of the process used.
The "Service" describes the services offered by BACK2SLEEP.
- Data Controller - Data Protection Officer
BACK2SLEEP is responsible for processing Data collected directly or indirectly from Users of the service, hereinafter referred to as "Users".
BACK2SLEEP has appointed a Data Protection Officer. He or she is independently responsible for the internal application of data protection and management rules, and for cooperation with the supervisory authorities.
Here are the contact details of our DPO:
for the attention of the Data Protection Officer
Mr Olivier FOURCADE
188 rue de Rivoli
Email : firstname.lastname@example.org
Use and Collection of Personal Data
In order to use BACK2SLEEP services or order BACK2SLEEP products, certain information must be provided. Failure to provide this information will make it impossible for BACK2SLEEP to process your request to use a service or to obtain information about this service.
User data :
User Data is collected :
- Via website ;
- Via physical order forms ;
- Send an e-mail to email@example.com.
BACK2SLEEP collects the following data in connection with the above-mentioned collection activities:
- Civility ;
- Name ;
- First name(s) ;
- Billing address ;
- Delivery address ;
- Phone numbers ;
- E-mail address ;
- If applicable function ;
- Internal processing code to identify the User ;
- Payment details: postal or bank details, cheque and/or credit card number, credit card expiry date;
- Transaction data: transaction number, details of purchase, good or "subscription" service;
- quantity, amount, size of medical device, periodicity, history of contractual relationship, product returns, origin of service or order ;
- correspondence with the User, identity of persons in charge of customer relations.
BACK2SLEEP collects User Data for :
- Processing 1 - Contract performance :
Main purpose of processing: to carry out processing relating to the services offered by BACK2SLEEP.
Personal data: Surname, first name, billing address, delivery address, telephone number, e-mail address, job title if applicable, products and services ordered, quantity, amount, size of medical device, frequency, delivery address, history of contractual relationship, product returns, origin of service or order.
- Processing #2 - Payment management (customer and supplier) :
Main purpose of processing: managing payments (invoicing, accounting) for participants.
Personal data: User ID (for accounting purposes), first name, last name, e-mail address, payment method data, transaction data, transaction data, quantity, amount, medical device size, periodicity.
- Processing no. 3 - Managing claims and overdue payments :
Main purpose of processing: management of complaints and after-sales service, and management of unpaid invoices and disputes.
Personal data: Surname, first name, billing address, delivery address, telephone number, e-mail address, job title if applicable, payment details, transaction details, quantity, amount, size of medical device, frequency, delivery address, contractual history, product returns, origin of service or order, correspondence with the User, identity of persons in charge of customer relations.
- Processing #4 - Newsletter :
Main purpose of data processing: to provide information on BACK2SLEEP news and current events concerning sleep, snoring and related diseases. Personal data: Surname, first name, address, postcode, town, country, telephone number, e-mail address, job title if applicable.
- What security and confidentiality measures has BACK2SLEEP implemented?
BACK2SLEEP is committed to preserving the quality, confidentiality and integrity of its customers' personal and confidential data. It implements all technical and organizational measures to ensure the security of personal data processing and the confidentiality of personal data.
In this respect, BACK2SLEEP takes all necessary precautions, in view of the nature of the data and the risks presented by the processing, to prevent it from being modified, damaged or accessed by unauthorized third parties (physical protection of premises, authentication procedures with personal and secure access via confidential identifiers and passwords, logging of connections, encryption of certain data, etc.).
BACK2SLEEP mainly uses SSL (Secure Sockets Layer) software, which encrypts information entered by Users before it is sent. It maintains physical and electronic security measures and procedures relating to the collection, storage and communication of Users' personal information. Security procedures may require BACK2SLEEP to ask customers to prove their identity before communicating their personal information. Persons having access to Personal Data are bound by a duty of confidentiality.
However, despite its best efforts to protect Personal Data, BACK2SLEEP cannot guarantee the infallibility of this protection against any errors that may occur during the transmission of Personal Data, given the unavoidable risks of Internet transmission, which are beyond any reasonable control. Each customer is responsible for the confidentiality of his or her password and online account information. The User must protect himself against unauthorized access to his password and computer. If the User shares a computer, he/she must log out after each use.
- Non-disclosure of Data
Data will never be communicated to third parties outside the cases provided for in this Policy. Personal data may be disclosed to a third party if BACK2SLEEP is obliged to do so by law or by a regulatory provision, or if such disclosure is necessary in the context of a legal request or a contentious procedure.
- Who is the Data intended for?
Within the limits of their respective responsibilities and for the purposes mentioned above, the main persons likely to have access to User data are BACK2SLEEP employees in charge of fulfilling orders. In order to carry out these tasks and facilitate the processing of Data, in particular in terms of collecting and hosting the Site and Data, BACK2SLEEP uses the services of several subcontractors, including Shopify International Ltd, the site host.
These subcontractors are required to process requests in accordance with this Policy. They are not authorized to sell or disclose them to other third parties.
- Transfer of Data outside the European Union?
BACK2SLEEP undertakes to comply with applicable regulations relating to the transfer of data to foreign countries, in particular in the following ways:
- BACK2SLEEP transfers the personal data of its Customers and Users to countries recognized by the CNIL as offering an equivalent level of protection.
- BACK2SLEEP transfers the personal data of its Customers and Users outside countries recognized by the CNIL as having a sufficient level of protection: In this case, BACK2SLEEP acts in accordance with the standards required by the General Data Protection Regulation and the French Data Protection Act.
- How long is the Data kept?
BACK2SLEEP keeps the Data, for each of the processing operations set out in this Policy, only for as long as is necessary for the purpose of the corresponding processing operation.
- Processing no. 1 - Contract performance
Retention period: for the duration of the contractual relationship, then 5 years after termination of the relationship with the User.
- Processing no. 2 - Payment management
Retention period: 10 years from the end of the fiscal year to which the invoices relate.
- Processing no. 3 - Managing claims and overdue payments
Retention period: conversation for the time required to manage litigation after knowledge of a dispute, until the action is time-barred.
- Processing #4 - Newsletter :
- Retention period: for BACK2SLEEP customers, for the duration of the contractual relationship, plus three years (or until the customer unsubscribes from the Newsletter),
for people who are not BACK2SLEEP customers for three years (or until they unsubscribe from the Newsletter)
What are cookies and what do they do?
When the site is consulted, information relating to the navigation of the customer's terminal (computer, tablet, smartphone, etc.) on the site may be recorded in text files called "Cookies", installed on the customer's browser. Cookies are used to recognize the customer's browser for the duration of the cookie's validity. Only the issuer of the cookie concerned is likely to read or modify the information contained in it.
Cookies enable :
- To measure and analyze the frequentation and use of the site, its sections and services offered, allowing BACK2SLEEP to conduct studies and improve the interest and ergonomics of the site and services,
- To memorize the browser's display preferences (language used, display parameters, operating system used, etc.) and to adapt the site's presentation during visits, according to the hardware and software for viewing or reading that the terminal has and that is used for browsing the site.
- To store information relating, for example, to a form filled in by the User or to a service (registration, account access) or selected information (subscribed services).
- To allow access to reserved and personal areas of the site or Services, such as the personal account, thanks to identifiers or personal data concerning the User and previously communicated.
- Implement safety measures.
Cookies deposited by a third party on ?
Sharing the use of your terminal with others
If the customer's terminal is used by several people and when the same terminal has several browsers, BACK2SLEEP cannot be certain that the services intended for this terminal correspond to the customer's own use and not that of another User of this terminal. Sharing the use of the terminal with other people and configuring the browser's parameters with regard to Cookies are the free choice and responsibility of the customer.
Managing and using cookies
Managing cookies from your browser
The User may configure his browser software so that Cookies are stored in his terminal, or so that they are rejected, either systematically, or depending on the sender. In accordance with the applicable regulations, any canvassing by e-mail, SMS or MMS, will only be carried out with the prior consent of the customer to receive canvassing via the paper or electronic registration form on the Site. Each canvassing e-mail will offer the possibility of objecting to the processing of data for canvassing purposes by clicking on an unsubscribe link. At any time and free of charge, the User may object to prospecting by other means by contacting BACK2SLEEP at the following e-mail address: firstname.lastname@example.org.
- What rights do Users have?
Whenever BACK2SLEEP processes Personal Data, all reasonable steps are taken to ensure that the Personal Data is accurate and relevant to the purposes for which it is processed.
In accordance with Law 78-17 of January 6, 1978 as amended and the General Data Protection Regulation (EU) of April 27, 2016, the User also has the following rights:
Right of access (article 15 of the RGPD)
In all cases
Right of rectification (article 16 of the RGPD)
In all cases
Right to erasure (article 17 of the RGPD)
Only for processing that is not based on compliance with a legal obligation, the performance of a mission in the public interest, a mission for archival purposes, or necessary for the establishment, exercise or defense of legal claims.
Right to restrict processing (Article 18 of the RGPD)
In all cases
Right to object to processing (Article 21 of the RGPD).
Only for processing operations that do not have a legal basis in the performance of a contract or the fulfilment of a legal obligation.
Right to data portability (Article 20 of the RGPD)
Only for processing based on consent, on the performance of a contract or if the processing is carried out using automated processes.
Right to lodge a complaint with the CNIL
In all cases
Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent given prior to withdrawal of consent
Only when processing is based on the data subject's consent to the processing of his or her personal data for one or more specified purposes
These rights may be exercised by writing to the Data Protection Officer at the following e-mail address: email@example.com or by post at the following address: 188 rue de Rivoli 75001 PARIS.