Personal Data Protection Policy of Nona Source
Last updated in 13/04/2023
The website www.nona-source.com (the "Website") is published by Nona Source, a société par actions simplifiée registered with the Paris Trade and Companies Register under number 842 426 769, and whose registered office is located at 12 rue Philippe de Girard 75010 Paris (hereinafter "Nona Source", "We" or “Us”).
Nona Source places the highest priority and takes the utmost care to protect the privacy and personal data of its Website users and the representatives of its business customers and prospects.
This Policy describes the processing of your Personal Data by Nona Source (hereinafter the "Processes") and your rights regarding the protection of your Personal Data.
For more information about how We handle your product orders placed through the Website (the "Orders"), please refer to the Nona Source Terms & Conditions of Sale.
We may amend this Policy from time to time, in particular if there are changes to our use of your Personal Data. Please check this page regularly to ensure that you agree with any changes. You will be notified of these modifications, either through a special note on our Website or through a personal notification.
1.What is Personal Data?
Personal Data refers to any information or pieces of information that could identify you as a natural person either directly (e.g. your name, surname) or indirectly (e.g. such as your professional function, or your IP address). This means that Personal Data includes information such as email and phone number, but also unique identifiers like your computer’s IP address or your device’s MAC address or Data regarding your navigation on our Website.
2. Who is responsible for protecting your Data?
The ‘Data Controller’ is the entity that determines the purposes and means of processing and is responsible to you for compliance with Data protection regulations (hereinafter “the Data Controller”).
As regards Website management, Nona Source (whose contact information is provided below) acts as the Controller. If you have any concerns, questions or requests regarding our use of your Personal Data, you may contact us at:
- by e-mail at the following address: firstname.lastname@example.org (by specifying in the subject of the email: "personal data"), or
- by mail at the following address: 12 rue Philippe de Girard 75010 Paris (to the attention of the person in charge of data protection).
3. Why and how do We use your Data?
How do We collect your Data?
We collect your Personal Data as follows:
- directly from you when you use our Website and our services (completion of various forms on the Website, placement of an Order, communication with Us directly, for after-sale services etc.)
- indirectly in an automated manner when you access or use the Website (cookies, technical details, browsing information, etc.)
- indirectly from third parties (social media, etc.)
What Data do We collect?
Nona Source collects several types of Personal Data about you:
Data that We collect directly from You
The categories of Personal Data that We may collect directly from you include:
- Information needed to process your Order: items selected, delivery and billing address, contact information (see above), including your credit card number and expiry date,
- Information for after-sale services: information about returns, exchanges, and repairs, including descriptions of any problems relating to your purchase, in the event that this information includes personal data;
- Information about your preferences: liked products and services, if you choose to provide US with this information, in the event that this information includes personal data;,
- History and content of your exchanges with Us: We generate the history of our relationship when you contact us regarding a customer service issue or when you submit a complaint to Us,
- Recording of calls to our customer service department: when you contact Us or one of our advisers, your conversations may be recorded to ensure quality service. You will always be provided alternative ways to contact Us if you do not want your conversation to be recorded.
When populating a Data collection form, all mandatory information will be identified with an asterisk or an equivalent method. If you do not complete the mandatory fields, We will not be able to process the relevant request and/or Order.
Data that We collect automatically
We automatically collect certain Data about you when you access or use the Website, specifically:
- Technical information: We collect information about the device that you use to login, as well as your use of the Website (g., operating system, type of browser used, whether a proxy is used, location of the device inferred from your IP address that identifies your computer, access time, accessed pages and the link that enabled you to access our Website),
Data that We collect indirectly from third parties
We may also obtain Personal Data about you from social media networks you use through our Website, or from your activity on social media pages. Specifically, when You share your experience with Nona Source with other customers using social media, You provide Data about yourself to this social media network and to Us. These communications are governed by the social media's Personal Data protection policies, which We invite you to review.
- On what legal grounds and for which purposes do We use the Data that We collect?
In accordance with applicable Personal Data protection law, We only collect Personal Data when We have a legal basis to do so.
Personal Data is collected either:
- based on your consent,
- as part of the performance of a contract,
- in our legitimate interest, or
- in accordance with a legal obligation.
- We collect Personal Data based on your consent, for the following purposes:
- To manage your requests and queries (other than related to an Order): We use your Data to send you the information you request,
- To send you commercial and marketing solicitations: We may use your Data to propose you new products and special offers, to invite you to upcoming events that may be of interest to you, and to send you our newsletters.
- We collect Personal Data based on the performance of a contract, for the following purposes:
- To process your Order: We use your Data to manage the purchase, delivery and invoicing of the products You Order, which includes any information provided for the creation of your customer account,
- After-sale services: We use your Data to handle any request You may have as part of our after-sale services, including returns, exchanges, and repairs.
- We collect Personal Data based on our legitimate interest, for the following purposes:
- To measure and improve the performance of our Website: We use performance cookies to allow Us to count visits and traffic sources. This helps Us to know which pages are the most and least popular and see how visitors move around the Website.
- To prevent payment frauds and ensure the validity of payments We receive,
- To defend our interests in the event of a dispute or court action,
- We collect Personal Data based on legal obligations, for the purpose of complying with applicable laws:
In the event that certain commercial documents include personal data, we inform you that we store transactions history and any other commercial documents for legal and administrative reasons (accountability, tax, legal or commercial warranties, insurance, audit, etc.).
- Who has access to your Data?
Your Data is processed by Nona Source for the purposes described above and are only accessible to Nona Source personnel on a need-to-know basis.
Certain third parties may also have access to your Data, specifically:
- our subcontractors and service providers:for after-sale services, as well as for technical and logistical reasons (logistics specialists, carriers, Website hosting and maintenance providers, payment and fraud management service providers, technical service providers responsible for sending e-mails and newsletters, customer service department, etc.),
- any third-party company which may, in the event of Nona Source’s restructuring, acquire all or part of Nona Source or merge with our company,
- any authority, court or other third party when disclosure is required by law, regulations or a judicial decision, or if such disclosure is necessary to protect and defend our rights.
- Is any Personal Data transferred outside of the European Union?
Your Data is processed by Nona Source in France. However, We may rely on certain service providers, which are located abroad or which themselves rely on processors located abroad, including outside of the European Economic Area (EEA) in countries where personal data protection laws differ from those that apply in the EEA.
Any transfer of your Data outside the European Union will be made subject to (i) strict measures to ensure the confidentiality and security of such transfers and (ii) appropriate safeguards that will comply with the applicable regulations on the protection of Personal Data, such as the signing of standard contractual clauses based on the European Commission's template, including any necessary supplementary measure, which are available upon request.
- How long do We store your Data?
Data is stored as long as required for the purpose for which it was collected and, in any case, will be destroyed at the end of such period.
In most cases, your Data is stored for the term of our relationship, then for a 3-year period following termination of our relationship (which typically corresponds to the date of your last Order via the Website, the date your customer account is closed or the date of our last contact with you). The Data is then either (i) archived when necessary for accounting or documentation purposes for the applicable statutory limitation period (generally up to 10 years) then destroyed or anonymized once the limitation periods have expired or (ii) if there is no archive, immediately deleted or anonymized.
By way of exception, We may store your Data for shorter or longer periods.
Please see the table below for additional details about these periods.
Applicable Data categories
Period of storage before erasure
Customer Orders management
Identification and Order Data: duration of the processing of the Order until delivery + warranty period + Then purchase-related Data is archived for up to 10 years for accounting or documentation purposes.
Customer relationship management
Purchase history, communications between you and Us, customer account
Duration of relationship + 3 years + Then Purchase history Data is archived for up to 10 years for accounting or documentation purposes; other
Sending our newsletter/commercial solicitation
Information concerning your e-mail address and your options regarding electronic solicitation
3 years from the most recent Order or from last contact with you, or earlier if you wish to unsubscribe before the end of this period.
Then, the Data will be destroyed or anonymized, unless You reiterate your desire to receive our offers and newsletters.
Data concerning the dispute/complaint
If no court action is filed, based on the applicable statutory limitation period: up to 5 years from the event
In the event of a court action: duration of proceedings through full enforcement of the legal decision or settlement agreement
4. What are your Data protection rights?
Access, rectification and portability
In accordance with current regulations, you have the right to access your Data. You may also request correction of your Personal Data should they be inaccurate. Depending on the type of processing, you may also have the right to request that the Personal Data in our possession be updated or corrected.
To respond to your request, We are required by law to verify your identity. If need be, We may ask you to provide Us with a proof of identity. We may need to ask you for additional information or supporting documents to respond to your request. We will make every effort to respond to your request as soon as possible.
You may, to the extent provided for by law, exercise your right to Data portability which allows you to retrieve, in an interoperable format, the Personal Data that you provided to Us in an automated manner when you created your account and/or enrolled in our customer loyalty program, as well as when you selected products (favorite products, etc.).
Right to erasure of Your Data and to limitation of the processing of your Data
You may request erasure of your Personal Data if:
- You have withdrawn your consent to the processing of your Data and Nona Source relies on consent for such processing (see above),
- You object to the processing of your Personal Data for reasons relating to your personal circumstances,
- You object to the use of your Data for commercial solicitation purposes or profiling,
- Your Data was collected on-line when you were a minor.
Alternatively, to the extent provided for by law, you may request the limitation of the processing of your Data.
Please note that despite the exercise of your right to erasure or processing limitation, We will store some of your Personal Data when the law requires or authorizes Us to do so, when We have a legitimate reason to do so (for example, to prove performance of a contract) or to exercise or defend our rights in court. For example, if We consider that you have violated our General Terms and Conditions of Use or our General Terms and Conditions of Sale.
Right to establish instructions for the management of your Personal Data after your death
For France and when mandatory local provisions so provide, you may determine how you want Us to handle your Personal Data upon your death.
Procedure to exercise your Data protection rights
To exercise your rights, You may contact Us directly at: email@example.com (by specifying in the subject of the email: "personal data").
Additionally, if you have a customer account, you may exercise your right to access, rectification and/or erasure of your Data by accessing your account.
For any questions related to your rights and the processing of your Data, please contact Us at: firstname.lastname@example.org (by specifying in the subject of the email: "personal data").
5. How is your Personal Data secured?
Nona Source uses technical and organizational measures that comply with applicable legal and regulatory requirements, to keep your Data secure and confidential.
Under written agreements, Nona Source requires its service providers and processors to provide safeguards and implement sufficient security measures to protect the Personal Data they have agreed to process, in accordance with applicable requirements under Personal Data protection laws.
However, Nona Source does not control all risks related to the operation of the Internet and draws your attention to the inherent risks of using any website.
6. Protection of minors
Our Website is not intended for children. We do not knowingly collect Data about children, unless it is permitted by law.
You must be at least eighteen (18) years of age to share your Data with Us. If We are notified that a minor under eighteen (18) years of age has submitted Data to Us, We reserve the right to immediately delete such Data and any associated account.
When you visit our Website, it may store or retrieve information on your browser, mostly in the form of cookies.
This information might be about you, your preferences or your device and is mostly used to make the Website works as you expect it to and to customise your user experience.
You can obtain more information about the types of cookies present on our Website and manage your cookies preferences on this link.
Please note that blocking some types of cookies may impact your experience of the Website and the services We are able to offer.
8. Third party websites
9. How can you contact Us if you have queries or complaints?
For any questions concerning this Policy or for any queries or complaints regarding your Personal Data, please contact Us any time at the following address: email@example.com (by specifying in the subject of the email: "personal data").
If you have a complaint about the way We collect and process your Data, you also have the right to lodge a complaint with the French data protection supervisory authority (the Commission Nationale de l’Informatique et des Libertés, located at 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, Tel: +33 (0)1 53 73 22 22) or if you live elsewhere within the European Economic Area, your local data protection supervisory authority.