The "Site" refers to this website, namely extern-design.fr. "Data subjects" refers to any person concerned by the data collection carried out by the data controller.
Hereinafter referred to as "data controller". The data controller is the natural or legal person who determines the purposes and means of processing.
The data controller commits to ensuring that personal data processing complies with the General Data Protection Regulation (GDPR) and the French Data Protection Act. Data collection is limited to what is strictly necessary, in accordance with the data minimization principle set by the GDPR. The personal data collected on the Site are as follows:
This data is collected through the customer account creation form.
In accordance with current regulations, any data processing carried out by the Site is based on one of the six legal bases provided for by the GDPR. Thus, the data collected by the Site is based on the execution of the contract: it is necessary for the execution of the sales contract by enabling the sale of products by the Seller and their delivery under the best conditions. In the case of data collected for commercial prospecting (or newsletter), it is collected on the basis of consent, through a checkbox. In addition, each electronic message specifies the identity of the advertiser and offers a simple means of opposing the receipt of new solicitations (with an unsubscribe link at the end of the message). Data may also be collected for accounting reasons, in which case this collection is based on legal obligation.
Personal data is collected for the following purposes:
A recipient, as defined by the GDPR, is a person authorized to obtain communication of data recorded in a file or processing due to their functions. The data collected by the Site has the data controller as its sole recipient. The data is also communicated to the data controller's co-contractors for the proper execution of the contract. The co-contractor is the following: payment service provider.
In accordance with the principle of limited retention of personal data, provided for by the GDPR and the French Data Protection Act, the collected data is retained for the duration of the contractual relationship. Billing data is kept for ten years in application of the French Commercial Code (Article L.123-22), commercial data is kept for three years from the end of the commercial relationship.
Data subjects may access their data, rectify it, request its erasure, or exercise their right to limit the processing of their data. They can also withdraw their consent to data processing at any time, object to the processing of their data, exercise their right to data portability.
To exercise these rights or for any questions about the processing of your data in this system, data subjects can contact the data controller at the following email address: If data subjects believe, after contacting the data controller, that their "Data Protection" rights are not respected, they can file a complaint with the CNIL.
A cookie is a text file used to record information relating to the User's navigation on the Site but does not allow identification of the latter. The use of these cookies is intended to carry out frequency analyses or audience measurements to improve the quality of the Site. The user can deactivate the installation of these cookies by modifying their browser settings. The Site's cookie policy complies with Article 5(3) of Directive 2002/58/EC as amended in 2009 (transposed by the French Data Protection Act) laying down the principle:
(The consent provided for by these provisions refers to the definition and conditions provided for in Articles 4(11) and 7 of the GDPR). Thus, the Site provides an informative banner collecting the User's prior consent for cookies requiring it. The user is able to withdraw their consent at any time. Among the cookies requiring prior information and prior collection of user consent, we can mention:
Regarding trackers not subject to consent, we can mention: