Who we are
Our website address is: http://cardinaldufour.com
1. INFORMATION WE COLLECT
Depending on the Services provided by the website and used by you, on your choices and configuration of your terminal (with respect in particular to cookies), personal data concerning you (your “Personal Data”) collected and processed by CARDINAL DU FOUR mainly includes:
- Your Identity and Contact Details such as your title, first name, surname, email address, mobile phone or WeChat ID, your living country (province, state and postal code), billing address, delivery addresses, language (which is prefilled depending on your country), if applicable, your day and month of birth (year is not mandatory), password and IP address, connexion logs (standard web information such as your browser type and the pages you access), information that you communicate while using our Live Chat as well as any other information that you may disclose when you contact us. Your image and voice may also be collected solely if you decide to record a personalised video or audio message in one of our boutiques;
- Data relating to your Habits or Preferences including browsing habits, notification preferences (WeChat / email / phone), or any request made to our Customer or Concierge service and the follow-up;
- Data relating to your Purchases such as quantity, price, membership level, location data and invoice data;
- Transaction Data such as information relating to the means of payment, the collected credit/debit card details which are transmitted to third parties who process and satisfy your user requests;
To the extent permitted by applicable law, we may combine the information collected. The Personal Data that is mandatory for CARDINAL DU FOUR to fulfill the purposes that are described below is marked with an asterisk on the various pages of the website. Should you not fill in these mandatory fields, CARDINAL DU FOUR may not be able to take care of your demands and/or to provide you the requested services. Other Personal Data is purely optional and allows us to know you better and to improve our communications and services accordingly.
2. PURPOSES OF PROCESSING
We collect and process your Personal Data with your consent and/or as necessary to perform a contract (e.g. to provide products ordered), meet our legal obligations, or fulfil our legitimate interests (notably for marketing purposes, to prevent fraud or to protect the security of our IT systems).
We use and process Personal Data about you for purposes described below:
- to control legal age;
- to create your account and manage your identification;
- to provide you with the products or services that you have requested, the processing and management of your order, its follow-up as well as the after-sales service;
- to reply to your requests, comments and manage your claims;
- to facilitate the use of our website and personalize your experience of our website and our products according to your interests and needs;
- to realize anonymous statistics concerning the website’s activity to measure in particular the satisfaction and quality of services and thus, allow the improvement and optimization of the website;
- to send promotional or commercial communication about products and services that may be of interest to you, provided that you have given your prior consent or previously ordered a similar product or service on the website;
- to save our users’ credit/debit card details when requested so by customers;
- to manage the security of the website and protect it against fraud, theft or any other illegal activity which can affect our services;
- to improve our website and provide technical support;
- to comply with legal obligations (for instance the maintaining of a transaction history and other business documents is necessary in order to meet legal and administrative requirements, the needs of our insurers, or for auditing purposes).
We will not process your Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you or collect any Personal Data that is not required for the mentioned purposes. For any new purpose of processing we will ask your separate consent. To the extent necessary, we take all reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. We also undertake to collect only the categories of Personal Data that are strictly required for the purposes mentioned above.
3. YOUR RIGHTS
In accordance with applicable data protection laws and regulations, you have a right to request access to, rectification or erasure of your Personal Data, or restriction of processing, and to object to said processing, as well as the right to data portability to the extent applicable, subject to any overriding legitimate grounds that CARDINAL DU FOUR might invoke to retain your Personal Data.
You may request at any time that we stop sending you information about our offers, news and events by using the opt-out link inserted in each e-mail that we send you.
If applicable, you may also give us specific instructions regarding your Personal Data after your death.
Moreover, you have the right to lodge a complaint with your local data protection authority about any of our activities that you deem are not compliant with the GDPR.
You can exercise your rights by using your account settings or by simply writing us at the following address: [email protected]. Please keep in mind that in case of a vague request we may engage a discussion to better understand the motivation for the request and require you to prove your identity (for example, by requesting an ID). This is made to ensure that no right of third parties are violated by your request.
4. DATA RECIPIENTS
i. Cardinal Du Four Group Affiliates, which may be based outside the United States for progression and fulfillment of local market user enquiries;
ii. our service providers, such as providers of delivery, IT and customer services;
iii. to third parties, in case of a change of control, if we sell or otherwise transfer part or the whole of CARDINAL DU FOUR or our assets to another company (e.g., in the course of a transaction like a merger, acquisition or liquidation);
iv. to law enforcement agencies, public authorities or other organisations if legally required to do so.
5. TRANSFER OF PERSONAL DATA & SECURITY MEASURES
CARDINAL DU FOUR, its Affiliates, or service providers may transfer information that we collect about you, across borders. If you are located in the United States, please note that we may transfer your Personal Data to a country that does not have the same data protection laws as your jurisdiction.
Most internal and external Recipients are located in the United States of America, or North America. However, certain Personal Data are transferred to or made accessible to Affiliates and third-party companies located in a country outside the United States which does not ensure a level of protection equivalent to that in force in the United States. In this case, any transfer of your Personal Data outside the United States shall only take place subject to appropriate safeguards being in place, such as standard contractual clauses and other legal safeguards. If you wish to obtain a copy of these safeguards, you can contact us by sending a request at the following address: [email protected].
We use reasonable and appropriate information security safeguards to help keep the information collected through the Services secure and take reasonable steps to verify your identity before granting you access to your account. Among others, we utilize the following security measures:
- Pseudonymization of certain categories of your Personal Data;
- Encryption of your Personal Data in transit and in rest;
- Regular vulnerability scanning and penetration testing;
- Organizational measures (access control, restriction of access);
- Conducting periodical data protection impact assessments and privacy audit.
6. DATA RETENTION
- Clients’ data (such as contact details) will be retained by CARDINAL DU FOUR for the duration strictly necessary for the management of the commercial relationship. However, at the end of the commercial relationship, these data may be archived during a period of 10 years, for the purposes of establishing the existence of a contract or a right. After that period, data are deleted or anonymised.
- Your private message related to a personal audio, video or text message you decided to record in one of our boutiques shall be kept within a period of three (3) months as of the date of the recording.
- Your data relating to credit/debit card numbers and payments will be deleted after the expiry of any applicable cancellation right. However, concerning your payments, the number and the expiry date of the debit/credit card can be temporarily archived for 13 months (or 15 months in case of deferred debit).
- Prospects’ data relating to contact details (such as name, address and e-mail) will be retained for a period of 3 years after the collection of the data or after the last contact received from the prospect. After that period, data shall be deleted or anonymized.
- The Personal Data that is collected and processed under the “Contact us”, “Live Chat” and/or or similar section shall only be kept throughout the duration of the processing of your request. It shall be deleted thereafter.
- The connexion logs that are collected, subject to your consent, using the cookies, tracers and other similar tracking technologies implemented on our website, shall be kept in accordance with applicable laws and regulations for a period of time that does not exceed thirteen (13) months.
- Following any request on your part to unsubscribe, your Personal Data will be destroyed within a maximum of 30 days.
7. CHILDREN’S PRIVACY
CARDINAL DU FOUR website is not directed to users under the legal age of drinking. If you are younger than this legal age, depending of your country, you may not use our Services. If you are a parent or guardian and believe we may have collected information about a child, please contact us.
8. CONTACT US