OUR PRIVACY POLICY AND DATA PROTECTION

At My Little Day, we are very serious about protecting our customers’ private information.
It is extremely important for us to ensure total confidentiality and security of all your personal data.
With this text, we would like to explain as clearly as we can what information or personal data we collect and what we do with this information.
The organization My Little Day, as a data controller, commits itself to respect the stipulations laid out in the amended laws no. 78-17 of the French Data Protection Act of 6th January 1978 relating to information technology, files and freedoms regarding the automated processing of obtained personal data, as well as the regulations (EU) no. 2016/679 of the 27th April 2016 from it’s application on 25th May 2018.

 

1 – WHY DO WE COLLECT PERSONAL DATA?

When you visit our website, subscribe to our newsletter, order our products or contact us through social media, emails or by phone, we collect data about you.
This data allows My Little Day to understand better it’s clients, to anticipate their needs and improve our customer service every day.
For example, it enables us to send you some personalized emails or little surprises, and it stops you from seeing over and over again the same adverts on social media.
The most important: we are only collecting your data for My Little Day, and we commit ourselves to not give your information to any other service providers or third-party subcontractors unless it is really necessary. These subcontractors commit themselves equally to observe the same privacy policy as we do.
We will never sell, transfer or give your data to anyone else for commercial purposes without your written consent (for example when a contest takes place with one of our partners).

 

2 – WHAT TYPE OF DATA DO WE COLLECT AND WHAT IS IT USED FOR?

Personal data refers to all information allowing someone to directly or indirectly identify a person, notably by an identifier, such as a name, an identification number, location data, an online identifier, or one or more elements relating to physical; physiological, genetic, psychic, economic, cultural or social identity.
When you create your account at My Little Day or when you make an order, some personal data is requested.
This is the data we need to communicate with you and deliver your products in the best conditions. It refers to information necessary for the execution of the contract or the implementation of pre-contractual measures.
Some other optional data can be asked for as well (such as the birth dates of your children, the date of your event…).
We collect and process this data exclusively for our account and won’t give them to anyone (except from our emailing technologies such as Mailchimp). Your data is used to send you personalized content, help you organize your event, or even to reward you for your loyalty.
 

2.1 – Types of collected data:

  • Customer’s compulsory identification data (Name, surname, address, email, phone number…).

  • Optional personal characteristics data (age, date of birth, sex, party type, birth dates…).

  • Electronic identification data (IP address, cookies…).

  • Order data (eg. Delivery methods, names of delivery recipients order history, order forms, bills, etc).

  • Customer service data.

  • Customer reviews through our partner Avis Vérifiés.

  • Emailing data.

  • Data linked to our website traffic.

 Data relating to payment by bank card is not stored by My Little Day.
My Little Day uses a secure SSL (Secure Socket Layer) payment method.
Banking details are encrypted (made illegible) at the moment of transmission on the network. The encryption is made visible by the lock symbol in the browser.
 The transaction is carried out via a payment service provider. Only this provider records the bank details supplied in their secure server.
No intermediate receives this data.

2.2 – Use of the data and legal basis:

Use of Data Processing Legal Founding
Management of client accounts, shopping baskets and orders made. This is necessary for the execution of the contract or for the execution of pre-contractual measures.
Management of deliveries and order tracking. This is necessary for the execution of the contract
Management of client services by telephone or email. Communications between client services and the client may be retained so that we can continually improve the quality of our services. This is necessary for the execution of the contract, and for the pursuit of our own legitimate interests (to improve the quality of our products and services) and / or relies on your consent.
Send targeted offers and advice through different channels: directly on our site, by email, through social networks or any other mean in the future. This use requires your consent and is necessary for the pursuit of our own legitimate interests (to suggest relevant content).
Collection and management of client opinions on our products and services. This use requires your consent and is necessary for the pursuit of our own legitimate interests (to improve the quality of our products and services).
Target advertising on social networks. This use requires your consent and is necessary for the pursuit of our own legitimate interests (to suggest relevant content).
Possible personalisation of site content depending on the preferences of the user. This use is necessary for the pursuit of our own legitimate interests (to suggest relevant content) and/or requires your consent.
Sharing of site content onto social networks. This use requires your consent and is necessary for the pursuit of our own legitimate interests (to suggest relevant content).
Measuring visitation to the site, carrying out marketing actions on and off the site. This is necessary to the pursuit of our own legitimate interests (to measure and improve our marketing actions and optimise the presentation and structure of our website).
Implementation of targeted competitions.  This use relies on your consent and is necessary for the pursuit of our own legitimate interests (to suggest relevant content).

 

2.3 – Cookies, what are they exactly?

A cookie is a mix of information given by your computer to a web server. The purpose of a cookie is mostly to ease your navigation or to make statistics. The cookies enable the server of the visited website, or another third-party server (such as an advert agency or analytics company) to recognize your device (thanks to your IP address) and not the person using it. Thanks to cookies, you can automatically access a personalized webpage without having to log in.

What cookies enable us to do at My Little Day:

- evaluate the traffic and measure the performance of specific content on our website, 
- adapt our website according to the technology (device, browser) and preferences of our customers,
- memorize the information previously filled (forms, access, basket…) and ease navigation for the users,
- allow social media sharing.

 

2.4 – What can I do if I don’t want to reveal information relating to cookies and tracers?

In compliance with the RGPD, all data received by My Little Day through cookies is subject to prior consent.
Each Internet user can manually modify the acceptation or refusal of cookies on all sites consulted or by a sorting method. To learn more, please visit the help page on your preferred Internet browser.
Please find underneath the help pages for the main internet browsers used by our customers:
-          With Chrome: https://support.google.com/chrome/answer/95647?hl=fr&hlrm=en
-          With Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
-          With Safari: https://support.apple.com/kb/PH21411?viewlocale=en_US&locale=en_US
-          With Firefox: https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences?redirectlocale=fr&redirectslug=Activer+et+d%C3%A9sactiver+les+cookies
 

3 – WHO CAN ACCESS DATA COLLECTED BY MY LITTLE DAY?

The majority of the data collected is processed internally by the different My Little Day departments, notably web marketing, communications, after-sales services and accounts.
They are equally given to subcontractors with whom we collaborate in order to carry out the execution of the contract (payment services or delivery services for example) or to improve the quality or our products, services, marketing actions and the presentation of our internet site (marketing assistance).
We only communicate information that is essential for the execution of their service. Our subcontractors are subject to the same obligations as My Little Day concerning the protection of personal data.
In addition, we work with external agencies (collection of statistical data, remarketing operations, free and paid search engine optimization etc …) who have access to certain site traffic data. These agencies only receive secondary data through statistical tools (Google Analytics, Facebook Business, Adroll…).
Secondary data refers to information about the visits and routes taken by users on the site. This data cannot in any case identify a specific person and so cannot be linked to a specific individual.
 With your consent, the opinions you express on our products are published on our website, and consequently are accessible to all visitors to our website. Only your surname and the first letter of your first name are visible.
Your personal data is equally transmitted if we have the legal obligation to do so or if we think, in good faith, that it is necessary for:
-Responding to any complaint against My Little Day
-Conforming to any legal request
-Executing all completed contracts with our members
-In case of emergency putting at risk public health or the physical integrity of a person
-In case of investigation or enquiry
-In order to guarantee the rights, goods and security of My Little Day, it’s members and more generally, all third parties
Finally, if My Little Day was to be purchased by a third party, the data in our possession would be transferred to the new owner.

4 – WHAT ARE YOUR RIGHTS CONCERNING PERSONAL DATA?

 Under law 2016/679 of 27th April 2016, any person can exercise his rights relating the protection of personal data upon simple request, namely:  These rights can be directly exercised to My Little Day either by emailing: donneespersonnelles@mylittleday.fr
or by writing to the following address:
My Little Day 
Personal data protection
40, rue de Cléry
75002 Paris
We will respond to any request within 15 days following the reception of the email or letter. If the given answer doesn’t satisfy the person concerned by the collected data, this person is free to contact the CNIL.
 

5 – FOR HOW LONG IS THE DATA RETAINED BY MY LITTLE DAY?

The personal data collected by My Little Day cannot be conserved beyond the period strictly necessary for the purposes for which they are collected and is conserved observing the legal requirements and regulations in force.
With the exception of certain categories of personal data, of which the length of retention is subject to change according to the legal requirements or regulations in force, we handle the data we collect during a period of 3 years from the end of commercial relations. In this way, if there has been no interaction with My Little Day for 3 years, this data is no longer used conforming to the simplified standard NS-048.
Data relating to the management of orders, deliveries, billing and client accounts must be conserved for a period of 10 years conforming to article L. 123-22 paragraph 2 of the business code and the simplified standard NS-048.
With regards to data relating to bank card payments recorded by our service provider, they can be retained, in temporary archives to use as proof in case of dispute regarding the transaction, for 13 months conforming to article L. 133-24 of the monetary and financial code. This can be extended to 15 months in order to account for the possible use of deferred debit cards, conforming to the simplified standard NS-048.
Finally, information stored in your device (example: cookies) or any other element used to identify users and allow for their traceability will not be retained beyond a period of 13 months.

6 – WHAT SECURITY MEASURES ARE IN PLACE FOR PROTECTING THE DATA?

The personal data collected by My Little Day is protected and will never be given to partners who cannot guarantee the same level of security as we demand.
The main measures taken for the security of your data are:
  • The use of encrypted passwords (to which we do not have access) containing at least one capital letter, one lower case letter and one special character.
  • The strict limitation of access to personal information to only people using it in order to carry out their jobs, with the help of a strictly personal username and password.
  • The definition of authorized profiles in order to limit user access to only data that is strictly necessary for completing their tasks.
  • The use of secure internal and external servers for the storage of data.
  • The use of TSL protocol (SSL for the moment?) on the whole site.
  • The use of our partner’s secure systems of payment : Paypal (to learn more, visit: https://www.paypal.com/fr/webapps/mpp/paypal-safety-and-security) and Stripe (to learn more, visit : https://stripe.com/docs/security/stripe)
NB: The CNIL recommends users to never :
  • Give your password to other people.
  • Store passwords in an unencrypted folder, on paper or in a place easily accessible by other people.
  • Save your passwords in your browser without having a master password.
  • Use passwords which have a link to you (name, date of birth etc.).
  • Use the same password for different accesses.
  • Keep passwords set by default.
  • Send your passwords by email to yourself or others. 

7 – WHO CAN I CONTACT FOR ANY QUESTIONS REGARDING DATA PROTECTION?

The personal data protection officer mentioned in the current data protection policy is Laia Guardia-Morin. Their representative is Dorothée Monestier. These people can be contacted at contact@mylittleday.com or by post at: My Little Day – Personal Data Protection – 40 rue de Cléry – 75002 PARIS.

We will respond to all your questions within 15 working days.

For any additional information relating to the data protection law, we invite you to visit the CNIL website.

8- REVISION OF THE DATA PROTECTION POLICY

The data protection policy is likely to be the subject of updates. To be aware of these, we invite you to consult this current policy regularly.