Privacy Policy

The protection of your personal data is our highest priority, which is why we only use your data in strict compliance with the applicable data protection principles. From 25 May 2018, the provisions of the EU General Data Protection Regulation (hereinafter GDPR) will apply throughout Europe. As of today, we would like to inform you in detail about how Jal Company processes personal data in accordance with the new Regulation (cf. Article 13 et seq. GDPR). Please read our Privacy Policy carefully. If you have any questions or comments about our Privacy Policy, you can contact us at any time at the email address below.

Overview

The following data protection provisions inform you about the type and scope of processing of personal data by Jal Company, 24 rue Eugénie Cotton 44800 Saint Herblain (hereinafter “Jal Company”, “we”, “us” or “our”). Personal data is information that can be used to identify you directly or indirectly. The use of our applications, products, services, technologies or features and all associated pages, applications and services (collectively referred to as “Offer”) is subject to this Privacy Policy.

By registering for a new account and/or by providing appropriate explanation to existing customers, you confirm your agreement to this Privacy Policy and expressly agree to the processing, use and disclosure of your personal data in the manner described herein.

Data processing by Jal Company can be divided into two categories:

  • All data necessary for the execution of a contract with Jal Company will be processed for the purpose of contract execution and/or contract preparation. If external service providers are also involved in the processing of the contract, e.g. payment service providers, optimization services, hosting providers, etc., your data will be passed on to them to the extent required.
  • When you use our Offer, various information is exchanged between your terminal and our server or the server of the services we use. This may also include personal data. The information collected in this way is used in particular to further optimize our offer.

According to the requirements of the GDPR, you have various rights that you can assert against us. This includes the right to withdraw your consent at any time regarding the processing of selected data, in particular the processing of data for advertising purposes. The possibility of withdrawing your consent is always highlighted typographically. You will find further information on your rights below in an additional paragraph and in the individual descriptions of the respective data processing.

Our offer is only accessible to persons who have reached the age of 16. If you have not yet reached the said minimum age required, you may use our Offers only if and to the extent that your parents have expressly consented to this and if you have provided us with sufficient proof of such consent. If you have any questions regarding our Privacy Policy, you can contact us at any time: contact@marcgrays.com.

2. Name and contact details of the data controller and the company’s data protection officer

This Privacy Policy applies to the processing of data by Jal Company 24 rue Eugénie Cotton 44800 Saint Herblain, France, as the controller within the framework of the GDPR for the following offers: www.marcgrays.com. You can contact them at the address provided or by e-mail at contact@marcgrays.com. Jal Company 24 rue Eugénie Cotton 44800 Saint Herblain, France has been designated as the controller within the EU in accordance with Articles 3 Para. 2 and 27 Para. 1, 3 of the GDPR.

3. Purposes of data processing, legal bases and legitimate interests pursued by us or by a third party and categories of recipients.

3.1. USE OF OUR OFFER

When you use our Offer, in particular our website or app, information is automatically sent to our servers by the app or browser used on your device and temporarily stored in a log file. The following information is recorded without your intervention and stored in the log file until it is automatically or manually deleted:

  • the IP address of the device used,
  • the date and time of access,
  • the name and URL of the file accessed, the website/application from which access took place (referrer URL),
  • the unique identifier of the browser you are using,
  • the name of your Internet service provider.

The processing of the above data is carried out in accordance with Article 6, paragraph 1 point f) of the GDPR. Our legitimate interest arises from the purposes of data collection listed below. At this point, we would like to point out that the data collected does not allow us to identify you personally or to draw any conclusions about this. We use the IP address of your terminal and the other data listed above for the following purposes:

  • ensure the correct establishment of a connection,
  • ensure comfortable use of our Offer,
  • assess system security and stability and,
  • perform other administrative tasks.

The data is stored in accordance with the retention periods provided for by law and is then automatically deleted. In addition, we use cookies, tracking tools, targeting procedures and interfaces to other services, for example to social media platforms, payment services or app store providers, within the scope of our Offer. The exact procedures and the way in which your data is used for such purposes are explained in more detail in Section 4 below.

3.2. CONCLUSION, EXECUTION OR TERMINATION OF A CONTRACT

The legal basis used is Art. 6 Para. 1 lit. a), lit. b) GDPR and Art. 9 para. 2 lit. a) GDPR. Insofar as we do not use your contact details for customer support (see in detail section 3.3.), we store the data collected for the processing of the contract until the end of the contract or until the expiry of any contractual warranty and guarantee rights. After the expiry of the said period, we will store the personal data required by law for the prescribed legal period. During such a period (usually six to ten years from the conclusion of the contract), the data will only be reprocessed in the event of an audit by the tax authorities.

3.3. DATA PROCESSING FOR CUSTOMER SUPPORT OR CUSTOMER SERVICE

3.3.1. Informative purposes

To the extent that you have registered for our Offer, we will guide you as an existing customer. In such a case, we will process your contact details in order to send you information, for example about new, extended or improved functions, products and services.

3.3.2. TARGETED ADVERTISING

In order for you to receive only the information that is supposed to interest you, we categorize and supplement your customer profile with other information. We use statistical information as well as information about you (e.g. reference data or master data from your customer profile). The aim is to optimize our Offer according to your actual or assumed personal interests and/or needs and to provide you with appropriate recommendations so that you are not annoyed with unnecessary promotions. The legal basis for the aforementioned processing operations is Article 6, paragraph 1, point b) and point f) of the GDPR as well as Article 9, paragraph 2, point a) of the GDPR. The processing of existing customer data for advertising purposes is considered a legitimate interest recognized in accordance with recital 47 of the GDPR.

3.3.3. Customer Support

We have a customer service for handling service, support and other user requests based on Article 6, paragraph 1, point b) of the GDPR. If you submit a support request via one of our channels (e.g. our contact form, live chat, email, etc.), the following data (depending on the content and the selected contact channel) will be processed via our servers:

  • the data you entered,
  • your name,
  • Your email address,
  • information about your browser,
  • your IP address.

3.3.4. Sending the Newsletter

We offer interested customers the opportunity to subscribe to our newsletter. In order to ensure that the email address entered is actually associated with the interested customer, we use the double opt-in procedure: once you have entered your email address in the registration field, we will send you a confirmation link. Only when you click on this confirmation link will your email address be added to our mailing list. We store the data collected in this process solely for documentation and verification purposes. This data includes in particular:

  • the email address transmitted,
  • the IP address of the device used,
  • the date and time of recording,
  • the way of addressing,
  • the date, content and time of the confirmation email,
  • the IP address of the device used for confirmation,
  • and the date and time of your confirmation.

The legal basis used is Article 6, paragraph 1, point a) GDPR. We store said data until the end of the contractual relationship because we can thus prove the legality of sending the Newsletter. After the expiry of said period, we will store the personal data required by law for the prescribed legal period. During such a period (usually ten years from the conclusion of the contract), the data will be processed again only in the event of an audit by the tax authorities. You can withdraw your consent at any time with effect for the future. To do so, simply click on the unsubscribe button in the corresponding e-mail or send a brief notification by e-mail. To do so, please use the contact information of our data protection officer.

3.3.5. Right to contest

You can withdraw your consent to the processing of data for the purposes mentioned above at any time free of charge, separately for the respective communication channel and with effect for the future. Simply send an e-mail or a letter to the contact details given under point

In the event of an objection, we will block the contact address concerned for further processing of promotional data. We will process your objection as soon as possible and implement the corresponding blocking measures immediately after verification. We would like to point out that in exceptional cases, information or product recommendations may still be sent even after receipt of your objection. This is only done for technical reasons and does not mean that we will not implement your objection. Thank you for your understanding.

4. Data processing for the provision of our services

In the following, we would like to inform you about the processing of data required to provide our Offer:

4.1. ONLINE PRESENCE AND WEBSITE OPTIMIZATION

We do not sell or rent your data to third parties for marketing purposes without your express consent. In order to offer our customers the best possible product, to improve the quality of our Offering from time to time and to protect the interests of our customers, we will, in certain circumstances, disclose certain data to third parties; however, such disclosure will always be subject to strict restrictions, which are described in more detail below:

4.1.1. Cookies – General information

We use cookies on our website on the basis of Article 6 (1) (f) GDPR. Our interest in optimising our Offers must be considered justified within the meaning of the aforementioned regulation. Cookies are small files that your browser automatically creates and which are stored on your terminal device (laptop, tablet, smartphone, etc.) when you use our Offers. Cookies do not damage your terminal device, do not contain viruses, Trojan horses or other malware. Cookies enable information to be stored that is specific to the terminal device used in each case. However, this does not mean that we can immediately identify you. The use of cookies serves in particular to make the use of our Offer more pleasant for you. We use session cookies to detect that you have already visited certain pages of our website. If you use our Offer again at a later date, the cookie automatically recognises you. In addition, we also use temporary cookies for user-friendliness purposes, which are stored on your terminal device for a certain defined period of time. These are automatically deleted when you exit.

On the other hand, we use cookies to statistically record the use of our Offers and evaluate them in order to optimize them for you and to display information specifically tailored to your needs. These cookies enable us to recognize you automatically when you return to our site. These cookies are automatically deleted after a defined period of time. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, completely deactivating cookies prevents you from accessing the full functions of our Offers. The storage period of cookies depends on their intended use and is not the same for everyone.

4.1.2. Klaviyo

To design and continuously improve our customer engagement efforts in accordance with Art. 6 (1) a) GDPR, we use an email marketing platform Klaviyo, 225 Franklin St, Floor 10, Boston, MA 02110, USA (hereinafter "Klaviyo"). We use Klaviyo for our email marketing campaigns and to contact our already registered users. For this purpose, when you register twice in the Marc Grays email list, we send the following information to Klaviyo:

  • your name,
  • Your email address,
  • your time zone,
  • information about your device (screen resolution, browser information and operating system),
  • your IP address,
  • your location and
  • the language used.

You can withdraw your consent at any time regarding the processing of data by clicking on the “Unsubscribe” button present in each Newsletter or by simply informing us that you no longer wish for this type of processing in the future. To do so, please use the contact information of our Data Protection Officer.

4.1.3. Facebook Pixels

In order to use, further optimize and evaluate the conversion of our Facebook campaigns as required, we use an individual behavior pixel from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) in accordance with Article 6 (1) (f) GDPR. This pixel is integrated into the code of our website. This allows us to check that the Facebook ads we initiate are only displayed on the page of users who have shown an interest in our services. In doing so, we ensure that our Facebook ads arouse the potential interest of the user and do not annoy them. We also track the actions of Facebook users after they have seen or clicked on one of our Facebook ads. This allows us to evaluate the conversion of the respective campaign for statistical, market research and billing purposes.

The following information is processed:

  • timestamp,
  • the URL,
  • campaign information (including impression specification, form field, activated button).

The data collected in this way is anonymous and does not allow us to draw any conclusions about the identity of the user. Processing for the purposes of behavioral and interest-based advertising is considered a legitimate interest recognized in accordance with recital 47 of the GDPR. The data is stored in accordance with the retention periods provided for by law and is then deleted automatically.

If you log in to your Facebook account after placing the pixel or visit our website while logged in, it is possible that this data will be stored and processed by Facebook, about which we hereby inform you. Facebook may connect this data to your Facebook account and use it for advertising purposes, in accordance with Facebook's Data Usage Policy: https://www.facebook.com/about/privacy/ . You can find more information about the Facebook pixel here . You can allow Facebook and its partners to serve ads on Facebook and other sites. You can withdraw your consent at any time regarding the special data processing by changing your Facebook settings or by simply informing us that you no longer wish this type of processing in the future. To do this, please use the contact information of our data protection officer. Please note that the declared objection only applies to the device used. For more information, please refer to Facebook's Privacy Policy and privacy information .

4.1.4. Facebook Similar Audiences Campaigns

In order to use, further optimize and evaluate the conversion of our Facebook campaigns as needed, we use an individual behavior pixel from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) in accordance with Article 6 (1) (f) GDPR. You can find more information about Facebook Similar Audiences campaigns at: https://www.facebook.com/business/help/365463786964246

Said processing for the purpose of behavioral and interest-based advertising is considered a legitimate interest recognized in accordance with Recital 47 of the GDPR. If you are part of Facebook's Similar Audiences, we will transmit your email address and device ID to Facebook. You can withdraw your consent to the special data processing at any time by changing your Facebook settings: https://www.facebook.com/settings/?tab=ads or by simply informing us that you no longer wish for this type of processing in the future. To do so, please use the contact information of our Data Protection Officer.

4.1.5. Pinterest Tag

In order to use, further optimize and evaluate the conversion of our Pinterest campaigns as required, we use a Pinterest tag, an individual code snippet, from Pinterest Inc., 635 High Street, Palo Alto, CA, USA, (“Pinterest”) that is integrated into the content of our website, in accordance with Article 6 (1) (f) GDPR. This allows us to check that the Pinterest ads we initiate are only displayed on the page of users who have shown an interest in our services. In doing so, we ensure that our Pinterest ads arouse the potential interest of the user and do not annoy them. We also track the actions of Pinterest users after they have seen or clicked on one of our Pinterest ads. This allows us to evaluate the conversion of the respective campaign for statistical, market research and billing purposes. The following information is processed:

  • device information (e.g. type, brand),
  • the operating system used (e.g. iOS 11),
  • the IP address of the device used,
  • the time of recourse to our Offer,
  • The type and content of the campaign and
  • the reaction to the respective campaign (click on a button for example).

The data collected in this way is anonymous and does not allow us to draw any conclusions about the identity of the user. The said processing for the purpose of behavioral and interest-based advertising is considered a legitimate interest recognized in accordance with Recital 47 of the GDPR. The data is stored in accordance with the retention periods provided for by law and is then deleted automatically. If you log in to your Pinterest account after visiting our website or visit our website while logged in, it is possible that this data will be stored and processed by Pinterest, about which we hereby inform you. It is possible that Pinterest may connect this data to your account and also use it for advertising purposes. You can find more information in Pinterest's Privacy Policy: https://policy.pinterest.com/de/privacy-policy . You can withdraw your consent to the special data processing at any time by deactivating all relevant settings under “Personalization” in your Pinterest account https://help.pinterest.com/de/articles/edit-your-settings#Web or by activating the “Do Not Track” setting in your browser.

4.1.6. Google Analytics

In order to design our Offer as required and to continuously optimise it, we use the Google Analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) in accordance with Art. 6 para. 1 lit. f GDPR. Through the use of cookies, Google creates pseudonymised usage profiles. The information generated by the cookie about your use of this website such as

  • browser type/version,
  • the operating system used,
  • the referring URL (the previously visited page),
  • the host name of the accessing computer (IP address),
  • the time of the server request.

are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the offers, to compile reports on activities and to provide other services related to the use of the Offer for market research and needs-based design purposes. This information may also be passed on to third parties if required to do so by law or if third parties are commissioned to process this data. Your IP address will under no circumstances be merged with other Google data. IP addresses are anonymized, so that an assignment is not possible (so-called IP masking).

You can prevent the use of cookies in advance by changing the settings of your browser software or withdraw your consent to further processing via the cookie by clicking on this link and choosing to no longer participate; however, please note that in this case not all functions of our offers can be used to their full extent. Furthermore, you can prevent the creation of data generated by a cookie and related to your use of our Offer (in particular your IP address) as well as the processing of said data by Google by downloading and installing the browser add-on . We recommend using Private mode on mobile devices. You can find more information on data protection in connection with Google Analytics on the Google Analytics website .

4.1.7. Google Tag Manager

Google Tag Manager allows us to manage the tags on our website (website code). These facilitate the management and development of our Offer and reduce loading times. Google Tag Manager only implements the website code. Google Tag Manager does not create cookies and does not collect any personal information. The tool only integrates website code that we have stored elsewhere and that can be used to collect data. The tool only serves to facilitate the modulation of the code but does not access the data processed by the code. We will inform you about all integrated tags in this Privacy Policy. You can find more information about Google Tag Manager as well as the terms of use on the Google pages.

4.1.8. Stripe Payment Processing Service

For the purpose of contract execution and especially payment processing, we transmit your name and email address to our payment service Stripe Payments Europe Ltd., block 4, Harcourt Center, Harcourt Road, Dublin 2, Ireland (“Stripe”) in accordance with Article 6, paragraph 1, point (a) and (b) of the GDPR. By using the Stripe library, we will not process the information entered during the order process (address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) but will transmit it directly to Stripe from your browser. The data is used exclusively by Stripe for the execution and completion of the payment process and transmitted securely via the “SSL” encryption method. Stripe is PCI DSS certified . Stripe may transfer, process and store personal information outside the European Union. You can find more information on Stripe's Privacy Policy by clicking on this link .

4.1.9. Lucky Orange

We use Lucky Orange to better understand our users' needs and optimize this service and experience. Lucky Orange is a technology service that helps us better understand our users' experience (e.g., how much time they spend on which pages, what links they choose to click, what users like or dislike, etc.), which allows us to maintain our service with user feedback. Lucky Orange uses cookies and other technologies to collect data about our users' behavior and their devices (in particular, device IP address (captured and stored only in anonymous form), device screen size, device type (unique identifiers,), browser information, geographic areas (country only), preferred language used to display our website). Neither Lucky Orange nor we will use this information to identify individual users or to match it with additional data about an individual user. For more details, please see Lucky Orange's privacy policy by clicking this link . You can opt out of creating a user profile, storing data about your use of our site by Hotjar and using Lucky Orange's tracking cookies on other websites by following this opt-out link .

4.1.10 SMSBump

We use SMSBump to send an alert when a customer abandons their cart before checking out. Neither SMSBump nor this information will ever be used to identify individual users or match it to additional data about an individual user. SMSBump only collects:

  • Name
  • Phone number
  • Message Delivery Status
  • Link Interactions

If you would like to view SMSBump's privacy policy, please click on the following link . If you would like to unsubscribe from SMS message alerts, we provide a way to unsubscribe for each SMS sent. If you have any additional questions, please contact: contact@marcgrays.com.

5. Recipients outside the EU

As stated in points 3.4 and 3.5 above, data may also be transmitted to recipients located outside the European Union or the European Economic Area. This applies in particular to the processing of the aforementioned analysis and targeting technologies, which may result in data being transmitted to the servers of the service providers. Affiliated service providers that we need to provide our services, such as hosting providers, CRM tools or analysis service providers, may be other recipients. These servers may be located outside the European Union, in particular in the USA. We ensure that these service providers guarantee data protection standards equivalent to those of the GDPR and that the applicable guidelines are complied with. Therefore, we only work with certified service providers. For this certification, the European Commission has established the adequacy of the level of data protection under number C(2016) 4176) in accordance with Article 45 of the GDPR. The use of such certified service providers thus meets the European standard for legally compliant data processing. In addition, service providers based outside the European Union have granted us adequate contractual guarantees ensuring compliance with these European standards and the adoption of the rights of data subjects, for example by relying on the standard contractual clauses of the European Commission.

6. Your rights

6.1. OVERVIEW

In addition to the right to object to the consents you have given us, you may exercise the following rights if the respective legal conditions are met:

  • The right to information regarding your personal data stored with us according to Article 15 of the GDPR,
  • In the case of transmissions in accordance with Articles 46, 47 or 49, paragraph 1, point 2 of the GDPR, the right to information or reference to suitable or adequate guarantees and the possibility of obtaining a copy of said guarantees or whether said guarantees are available,
  • Your personal data stored with us in accordance with Article 15 of the GDPR,
  • The right to correct inaccurate data or to complete accurate data in accordance with Article 16 of the GDPR,
  • The right to delete your data stored with us in accordance with Article 17 of the GDPR,
  • The right to restrict the processing of your data in accordance with Article 18 of the GDPR,
  • The right to data portability in accordance with Article 20 of the GDPR.

6.2. RIGHT OF CONTEST

Under the conditions set out in Article 21, paragraph 1 of the GDPR, it is possible to withdraw your consent regarding the processing of data for reasons related to the particular situation of the data subject. The aforementioned general right of objection applies to all processing purposes described in this Privacy Policy based on Article 6, paragraph 1, point f) of the GDPR. Apart from the special right of objection regarding data processing for advertising purposes (see section 3.3 above), the GDPR requires us to implement a general right of objection only if you provide us with reasons of paramount importance (e.g. a danger to life or health). In addition, you can also contact our competent supervisory authority: Commissioner for Data Protection and Freedom of Information Berlin, Friedrichstraße 219, 10969 Berlin, Germany.

7. Data security

We use the highest standards of information security for our infrastructure and the processing of your data. For example, we use IT protection mechanisms such as firewalls and data encryption. Our buildings and data are subject to physical access controls. Only employees who need access to our customers' personal data to carry out their business may access it. All data that you have personally transmitted to us, including your payment information, is transmitted via the general and secure SSL (Secure Socket Layer) standard. SSL is a secure and proven standard that is used in particular for online banking transactions. You will recognize an SSL connection in particular by noticing the s after http (https://…) in the address bar of your browser or by the lock symbol in the lower part of the browser. In addition, we use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss and unauthorized access by third parties. Our security measures are continuously monitored in relation to technological progress, regularly adapted to the respective risks and, if necessary, improved.

8. Children's Privacy Policy.

Protecting the privacy of young children is especially important. For this reason, we do not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow them to register. If you are under 16, please do not send us any information about yourself, including your name, address, telephone number, or email address. No one under 16 is permitted to provide personal information to the Services. If we learn that we have collected personal information from a child under 16 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at contact@marcgrays.com

9. Changes to our Privacy Policy.

If we change our privacy policy and procedures, we will post those changes on our website to inform you of what information we collect, how we use it, and under what circumstances we may disclose it. Changes to this privacy policy are effective when they are posted on our website.