Personal data protection policy / Cookie management (As of September 1st, 2018)

I. Personal Data

Personal data collected on the www.kinase-boutique.com website or during in-store purchases are processed by AUTHENTIC JAPAN, a single-person simplified joint stock company with a share capital of 100,000 euros, registered with the Paris Trade and Companies Register under number 839 581 303 and whose registered office is located at 28, rue du Dragon - 75006 Paris.

AUTHENTIC JAPAN is committed to protecting the personal information provided by its customers (the "Personal Information") and to ensuring the highest level of protection for them in accordance with the European and French regulations applicable to it in terms of personal data protection and in particular Law 78-17 of 6 January 1978 on information technology, to the amended files and freedoms and any new law, decrees issued for its application such as the Digital Republic Law n°2016-1321 of 7 October 2016 and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 known as "DGPS".

This document explains: (i) how, for how long and for what purposes Personal Information is used; (ii) how the Customer may access, correct, modify or delete Personal Information held by AUTHENTIC JAPAN; (iii) to whom AUTHENTIC JAPAN may, if necessary, disclose it; and (iv) the security measures put in place by AUTHENTIC JAPAN to protect the confidentiality of Personal Information.

1. Collected data and purpose of collection

AUTHENTIC JAPAN collects Personal Information that the customer voluntarily declares to it from the collection forms available either on the site or directly within its establishments.

The information that must be completed by the customer is marked with an asterisk on the collection form.

Personal Information is processed by AUTHENTIC JAPAN for the purposes of customer account management, marketing and statistical studies and service quality monitoring, in order to provide customers with the most appropriate services.

AUTHENTIC JAPAN only collects the data strictly necessary for the creation and follow-up of the customer's customer account (name, usage name, first names, gender, date of birth, e-mail address, telephone number, postal address, password), the management and follow-up of orders (payment, delivery), monitoring customer relations such as conducting satisfaction surveys, managing complaints and after-sales service, as well as carrying out AUTHENTIC JAPAN's loyalty, information and promotional activities (such as sending newsletters) when the customer has expressly requested them.

AUTHENTIC JAPAN collects Personal Information from the customer, particularly when it:
  • Creates his customer account on the Site or in store
  • Places an order on the Site or in store
  • Navigates on the Site and consults the Products
  • Contact customer service

REGARDING THE PAYMENT PROCESS
6.1. Purpose of the processing operation

The customer wishing to purchase Products on the Site must use payment services.

The payment services necessary for the site are provided by the French bank LCL

AUTHENTIC JAPAN uses the Sherlock's secure payment system managed by LCL Bank as well as the 3D Secure system.

The security of the transport of card data is ensured by 128-bit SSL (Secure Socket Layer) encryption and the payment page is hosted on a bank server that ensures the integrity and confidentiality of the data collected. Each payment systematically triggers an authorization request to your bank to verify the validity of the card details.

As part of the payment process, AUTHENTIC JAPAN's payment service providers will collect and process a certain number of data concerning the customer's means of payment (credit card number, expiry date of the credit card, visual cryptogram, the latter not being kept, etc.).

AUTHENTIC JAPAN processes the partial number of the customer's credit card composed of the first six (6) and last four (4) numbers and the expiry date as transmitted by the bank.

This payment ID does not allow for any bank transactions and is kept for fifteen (15) months, unless deleted by the customer from his account.

It is expressly reminded that AUTHENTIC JAPAN and its banking partner (subcontractor within the meaning of the DGPS):

- Will not process data in a way that is incompatible with the purposes defined
- Take all technical and organizational measures to ensure the security and confidentiality of customers' personal data.

2. Data Storage and Hosting

Personal Information is stored on encrypted computer files and stored on secure storage servers. These storage servers are installed in data centers that are located : OVH SAS : 2 rue Kellermann – BP 80157 59053 ROUBAIX CEDEX 1

In any event, AUTHENTIC JAPAN naturally takes appropriate measures to maintain an appropriate level of confidentiality and security of Personal Information during the transfer and receipt of Personal Information, including by contract requiring all its subcontractors and service providers to implement any appropriate technical and organizational measures, on an ongoing basis, to secure Personal Information and ensure the same level of protection as required by the DGPS, Law No. 78-17 of 6 January 1978 on data processing, files and freedoms as amended and any new law, decrees issued for its application such as the Digital Republic Law No. 2016-1321 of 7 October 2016.

3. Conservation

Personal Information will only be kept on an operational basis for as long as is strictly necessary for the purpose for which it was collected and processed.

Personal Information will then be archived with restricted access for an additional period of time for limited reasons authorised by law (payment, guarantee, disputes, accounting or archiving obligations, etc.). After this period, they will be deleted.

The storage periods are as follows:



4. Transmission of Personal Information

AUTHENTIC JAPAN will never disclose Personal Information to any third party who may use it for its own purposes, including commercial and/or direct advertising purposes, without the express prior consent of the customer.

AUTHENTIC JAPAN may disclose Customer Personal Information to legally authorized agencies and authorities to the extent required or permitted by law, or as AUTHENTIC JAPAN deems necessary or appropriate to comply with applicable laws and other authorities, or to protect or defend its rights or those of its employees, customers or any other person.

AUTHENTIC JAPAN may disclose Customer Personal Information to third parties in the event of a transfer, transfer of assets, reorganization or liquidation. AUTHENTIC JAPAN will then notify the customer if its Personal Information will be subject to a different privacy policy.

The Personal Information collected may be communicated to third parties linked to AUTHENTIC JAPAN by contract for the performance of subcontracted tasks necessary for the management of customer accounts or the execution of orders placed on the Site or in store.

Unless expressly agreed by the customer when collecting their Personal Information, AUTHENTIC JAPAN may not transmit the Personal Information to its partners (including the companies of the group to which it belongs) for the purpose of communication and/or prospecting, in particular by electronic, postal or telephone means.

Even after having given their consent, customers may object to the continuation of this communication by sending a letter to AUTHENTIC JAPAN at the following address: 28, rue du Dragon - 75006 Paris

The Customer is informed that data concerning him/her may be transmitted for the purposes mentioned above to companies located in countries outside the European Union that have a lower level of data protection than in the European Union. Prior to the transfer outside the European Union, AUTHENTIC JAPAN will take all necessary measures and guarantees to secure such transfers.

5.    Safety and security
   
In accordance with the DGPS, Law No. 2018-133 of 26 February 2018 "on various provisions for adapting to European Union law in the field of security and Law No. 78-17 of 6 January 1978 on information technology, files and freedoms as amended and any new law, decrees issued for its implementation such as Digital Republic Law No. 2016-1321 of 7 October 2016, AUTHENTIC JAPAN undertakes to take all necessary precautions, with regard to the nature of the data and the risks presented by the processing, to preserve the security of the personal data concerning the Customer and, in particular, to prevent his personal data from being distorted, damaged or accessed by unauthorised third parties.

6.    Responsible for processing and customer rights

6.1 Data controller

The controller is AUTHENTIC JAPAN, a single-person simplified joint stock company with a share capital of 100,000 euros, registered with the Paris Trade and Companies Register under number 839 581 303, with its registered office at 28, rue du Dragon - 75006 Paris.

6.2 Custromer’s rights

In accordance with the RGPD, Law No. 78-17 of 6 January 1978 on data processing, files and freedoms as amended and any new law, decrees issued for its application such as the Digital Republic Law No. 2016-1321 of 7 October 2016, the customer may:

- access to all their data: this right allows the customer to ask AUTHENTIC JAPAN questions about the nature of the processing operations concerning them and to request a copy of all the information concerning them. This right applies regardless of the legal basis of the processing operation (contract, legal obligation, consent, legitimate interest, etc.).
- object to the processing of their data: this is the right not to be included in a data processing operation or to no longer be included in it. This right applies when the processing is based on AUTHENTIC JAPAN's "legitimate interest";
- correct, update, complete and delete his/her declarative data;
- request the portability of his/her data;
- request a limitation of the processing operations carried out by AUTHENTIC JAPAN with respect to his/her data: this right may be exercised when one of the following grounds applies:

- the accuracy of the personal data is contested by the data subject for a period of time allowing the controller to verify the accuracy of the personal data;

- the processing is unlawful and the data subject objects to their deletion and instead demands that their use be limited;

- the controller no longer needs the personal data for the purposes of processing, but they are still necessary for the data subject to establish, exercise or defend legal rights;

- the data subject has objected to the processing operation during the check as to whether the legitimate grounds pursued by the controller take precedence over those of the data subject.

In addition, the customer has the option of providing AUTHENTIC JAPAN with instructions for storing, deleting and disclosing his or her Personal Data after death, which instructions may also be registered with a "certified digital trusted third party". These instructions, or a kind of "digital will", may designate a person responsible for their execution; failing this, their heirs will be designated.

In the absence of any instructions, the customer's heirs may contact AUTHENTIC JAPAN to:

- access processing operations allowing "the organisation and settlement of the deceased's estate";
- receive communication of "digital property" or "data similar to family memories, transmissible to heirs";
- have the customer's account closed and oppose the further processing of his Personal Information.

To exercise their rights, the customer may send their request (indicating their e-mail address, surname, first name, postal address and a copy of their identity document):

- By e-mail to the following address: support@kinase-boutique.com
- By post to the following address: 28, rue du Dragon - 75006 Paris

A response will be sent within a maximum of one (1) month following the date of receipt of the request.

The customer may at any time file a complaint with the competent supervisory authority (in France, the CNIL: www.cnil.fr)

7.    Social networks - Plug-in and social modules - Social Connect

The use of social networks and the Site in connection with these social networks may result in the collection and exchange of certain data between the social networks and AUTHENTIC JAPAN.

The Customer is invited to consult the personal data protection policies of the social networks in order to be precisely informed of the information that is collected by the social networks and that may be transmitted to AUTHENTIC JAPAN in connection with its site as well as the purposes for which its data are used, in particular for advertising purposes.

The Customer can set up access and confidentiality of his data directly on social networks. The information collected by AUTHENTIC JAPAN on its own behalf through the Site in connection with social networks is governed by these terms and conditions. However, AUTHENTIC JAPAN is not responsible for the use of Customer data by social networks on their own behalf.

The Site uses plug-ins or social modules. These include the small "I like" buttons, "share" third-party social networks such as Facebook, Instagram, Twitter, Google+… appearing on the Site. They allow the Customer to "like" and share information from the Site with his contacts on social networks.

When the Customer consults a page of the Site containing plug-ins or social modules, a connection is established with the servers of the social networks which are then informed that the Customer has accessed the corresponding page of the Site, even if he does not have a user account, and even if he is not connected to his account

If the Customer does not want social networks to publish his actions from plug-ins in his accounts on social networks, he must disconnect from his social networks before visiting the Site.

The Social Connect function allows the Customer to connect to the Site with their social network accounts to facilitate their purchases and access to AUTHENTIC JAPAN services.

When the Customer connects to the Site with these accounts, AUTHENTIC JAPAN may access certain information to provide a personalized and social experience.

AUTHENTIC JAPAN may request additional information from it in addition to that already included in its parent company financial statements for the purposes described above. The information collected by AUTHENTIC JAPAN on the Site is not transmitted to social networks without the customer's consent. It is the Customer's responsibility to manage their privacy settings on social networks when they wish to connect to AUTHENTIC JAPAN services with your social network credentials.

II- COOKIES

A "cookie" is a file installed on the User's terminal that stores information about his or her browsing on the AUTHENTIC JAPAN website in order to authenticate users, memorize their preferences and settings, determine the popularity of content, distribute advertising campaigns and measure their effectiveness, analyze site traffic and more generally understand the online behaviours and interests of people who interact with AUTHENTIC JAPAN services.

Cookies can have a variable lifetime. Session cookies" only persist if the User's browser is open. They are automatically deleted when the User closes his browser. Other cookies are "permanent cookies", which means that they continue to be active once the browser is closed. They can recognize, for example, the User's device when the User opens a new navigation session.

The purpose of the paragraphs below is to provide the User with information regarding the cookies used by AUTHENTIC JAPAN or its partners when the User uses the Site and to propose a solution to adapt his choice.

Cookies AUTHENTIC JAPAN

AUTHENTIC JAPAN uses cookies. The cookie is a computer file, stored on the hard disk of the User's computer. Its purpose is to report its previous visit to the Site, and therefore does not allow its identification or constitute Personal Information. Cookies are only used by AUTHENTIC JAPAN to personalize the Services offered to Users.

AUTHENTIC JAPAN also uses audience measurement cookies. These cookies make it possible to analyse the use of the site in order to measure and improve its performance and improve the quality of services.

Third-party cookies

When the User accesses the Site, one or more cookies from partner companies may be placed on his computer. The purpose of these third-party cookies is to identify the User's interests and to collect browsing data in order to personalise the advertising offer sent to him/her outside the Site.

AUTHENTIC JAPAN has no access to and cannot exercise any control over third-party cookies.

However, AUTHENTIC JAPAN ensures that partner companies agree to treat the information collected on the Site in accordance with the law and undertake to implement appropriate measures to secure and protect data confidentiality.

Cookie management

Several options are available to manage cookies. At any time, the User can express and modify his wishes regarding cookies, via the Help section of the toolbar of his browser. This indicates how to refuse new "cookies" or obtain a message indicating their receipt or how to deactivate "cookies" either systematically or according to their originator. The User can also delete cookies manually.

The User may also choose to disable or delete similar data used by software programs ancillary to his browser, such as Flash cookies, by modifying the settings of these programs or by visiting the website of the publisher of these programs.

Attention, it is possible that this browser configuration may deprive the User of access to certain content or significantly disrupt his navigation and the services he expects from the Site. If necessary, AUTHENTIC JAPAN declines all responsibility for the consequences related to the degraded behaviour of the Site resulting from the impossibility of using the cookies necessary for its operation.

For cookie management, each browser offers a configuration process. It is described in the browser's help menu which will allow the User to know how to express his willingness to accept cookies:

For Internet Explorer™ : open the "Tools" menu, then select "Internet Options"; click on the "Privacy" tab, then the "Advanced" tab choose the desired level or follow this link:
http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies

For Firefox™ : open the "Tools" menu, then select "Options"; click on the "Privacy" tab and choose the desired options or follow this link:
http://support.mozilla.org/fr/kb/Activer%20and%20d%C3%A9sactivate%20les%20cookies

For Chrome™: open the configuration menu (wrench logo), then select "Options"; click on "Advanced Options" then in the "Privacy" section, click on "Content Settings", and choose the desired options or follow the following link:
http://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647
 
For Safari™: choose "Safari > Preferences" then click on "Security"; In the "Accept cookies" section choose the desired options or follow this link:
http://docs.info.apple.com/article.html?path=Safari/3.0/en/9277.html

For Opera™: open the "Tools" or "Settings" menu, then select "Delete private data"; click on the "Detailed options" tab, then choose the desired options or follow this link:
http://help.opera.com/Windows/10.20/fr/cookies.html

On mobile :

To specify whether or not Safari™ accepts cookies:

1. From the main screen, choose Settings > Safari.
2. Touch Accept cookies and choose "Never", "Sites visited" or "Always".

To delete all cookies in Safari:

1. From the main screen, choose Settings > Safari.
2. Tap Delete cookies.

To delete cookies on Android:

1. Menu > Settings > Delete all cookies