Preamble

Site edited by:

Company name: off&away
Headquarters address: 6 RUE LOUIS FOREST - 78430 LOUVECIENNES - France
Phone: @offandaway.official
Email: offandaway @ bonkdo.com
Capital stock: 16142.50€
Director of publication: Hadrien Du Fayet de la Tour
Unique registration number: 84358864100012
VAT number: FR45843588641

We are committed to protecting the personal data and privacy of our customers. For this reason, and in accordance with the General Data Protection Regulation (hereinafter referred to as "GDPR"), we hereby inform you of the conditions under which your personal data will be processed by us.

This Charter concerns exclusively the data linked to our online shop accessible at this address (https://offandaway.bonkdo.com/privacy/), namely the data :

  • Visitors to our online shop;
  • Persons who have placed an order from our Online Shop;
  • Beneficiaries of the said online orders;
  • Participants in the online collection.

This Charter is subject to change: we therefore invite you to consult it regularly.

What personal data do we process ?

We process the following categories of personal data:

  • Identification data (e.g. first and last name, telephone, email, title, postal address)
  • Data related to professional life (e.g. name of the buyer's company);
  • Data related to personal life (e.g. characteristics of the product purchased or of which the person is a beneficiary, personal message for the beneficiary (specifically for vouchers/gift vouchers), delivery method and time slot chosen, delivery address, date of use of the voucher or gift voucher, comment for the chef, etc.);
  • Economic and financial data (e.g. bank details of the buyer, date of payment, confirmation, type of payment);
  • Internet data (e.g. IP address, browser, OS...).

We only process personal data that is strictly necessary to achieve the specified and legitimate purposes defined in the following sections

We do not process any sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. The same applies to any information on life or sexual orientation, genetic, biometric or health data.

Why and how do we process your personal data ?

  1. We may process personal data to administer sales and to meet our contractual obligations. This includes, for example, ensuring the delivery of products and services, communicating with buyers and recipients during their purchase or usage cycle (e.g., help with shopping cart abandonment, order confirmation, expiration of their gift certificates), and managing a gift certificate pool. The data attached to this purpose is kept in an active database for 1 month after use or, failing that, expiry of the voucher/gift certificate.
  2. We may process personal data to ensure payment and invoicing of our services and thus meet our contractual and legal obligations. The data necessary to carry out the invoicing and the customer credit notes are kept for 1 year and then deleted. Invoices are kept for 10 years after they are issued (legal time limit). Please note that only our secure payment providers have access to your bank details.
  3. We may process personal data in order to monitor our sales statistics and thus meet our legitimate interest. The data is anonymised in order to carry out these statistics.
  4. We may process personal data to prevent fraudulent payments in order to meet our legitimate interests.
  5. We may send you commercial offers promoting products and services similar to your purchases.

In view of the purpose of each processing operation, we take the necessary steps to ensure that personal data can only be accessed by our internal departments, third-party recipients designated by law or subcontractors who need to know it.

In application of the GDPR, your data may be kept by us until the time limits for legal action have been reached. In this case, only the persons in charge of the litigation within the company have access to it. At the end of these periods, your data is either deleted or irreversibly made anonymous.

What security measures do we put in place to protect your data ?

We put in place all organisational and technical measures to ensure an appropriate level of security for your personal data, and in particular to avoid any loss of confidentiality, integrity or accessibility.

To whom are your personal data transmitted ?

As a matter of principle, we do not sell or pass on your data to other companies. However, we would like to inform you that your data is processed by our service provider Mybeezbox (SAS My Selling Tools), which has created our e-commerce space.

In order to provide its services, Mybeezbox may have recourse to service providers selected by it. This is the case for the service providers necessary for the proper technical functioning of the site:

  • Secure payment providers: Only these providers have access to your bank details :
    MangoPay
  • The hosting providers of the e-commerce space :
    Amazon Web Services (Servers located in Europe)
    Hertzner (Servers located in Europe)
  • The service providers who developed and maintain the e-commerce space;
  • The service providers in charge of routing the service emails:
    Sparkpost (Servers located in Europe)

This is also the case for providers such as :

Technologies Use Privacy Policy
LOOM Displaying a video player https://www.loom.com/privacy-policy
GOOGLE Character library API (Google Font) https://policies.google.com/privacy
FONTAWESOME Character Library API
CLOUDFLARE Reverse Proxy Server (Security)

Do you use cookies?

We use «cookies» as well as third party technologies for 4 very distinct purposes :

  • «Technical» cookies: These tracers are essential for the proper technical functioning of the sites.
    Cookie publisher Use Privacy Policy
    Fonts Google Character library API (Google Font) https://www.loom.com/privacy-policy
    CLOUDFLARE Reverse proxy server (Security)

  • Cookies and so-called "Analytical" technologies: These tracers allow us to analyse the browsing patterns of Internet users on the site (visits, pages viewed, actions, browsers, OS, etc.). They are necessary to optimise the browsing experience. You may object to their storage and reading. The data collected is consultable by us in an aggregated manner and does not allow us to identify the information specific to each visitor. It is not cross-referenced at any time with a customer database or a navigation on other websites.
    Publisher Privacy Policy
    GOOGLE https://marketingplatform.google.com/about/analytics/terms/fr/

  • «Advertising» cookies: These tracers allow us to adapt the advertisements on third-party sites to your centres of interest. You may refuse to have them deposited and read.
    Publisher Use Privacy Policy
    FACEBOOK Datr, x-src, fr, lu, locale https://www.facebook.com/policy.php

  • Third-party technologies: You may object to their use.
    Technologies Use Privacy Policy
    LOOM Displaying a video player https://www.loom.com/privacy-policy

To accept or refuse cookies, we invite you to :

  • Either use the banner mechanism integrated on the sites for this purpose
  • Or set the parameters of the internet browser of your device (specific parameterization for each browser):
    • Chrome : https://support.google.com/chrome/answer/95647?hl=fr&ref_topic=14666
    • Chrome : Internet Explorer : http://windows.microsoft.com/fr-fr/windows7/block-enable-or-allow-cookies
    • Firefox : http://support.mozilla.org/fr/kb/activer-desactiver-cookies?redirectlocale=en-US&redirectslug=Enabling+and+disabling+cookies
    • Safari : http://support.apple.com/kb/HT1677?viewlocale=fr_FR&locale=fr_FR
    • Opera : http://www.opera.com/help/tutorials/security/cookies/

Where is your personal data processed ?

The processing of your personal data is carried out in principle within the European Union.

In exceptional cases, we may use solutions and service providers located outside the European Union. In this case, we will ensure that your data benefits from a high level of protection as provided for by the GDPR by using the services of :

  • Companies located in a country offering a level of data protection as high as that in force in the European Union (so-called "adequate right" countries designated by the European Commission);
  • Companies proposing in their contract Standard Contractual Clauses validated by the European Commission.

What are your rights regarding your personal data ?

You may exercise the following rights with respect to your Personal Data :

  • A right of rectification: you have the right to have inaccurate data about yourself rectified. You also have the right to complete incomplete data about yourself by providing a supplementary declaration. If you exercise this right, we undertake to communicate any rectification to all recipients of your data;
  • A right to erasure: in certain cases, you have the right to have your data erased. However, this is not an absolute right and we may for legal or legitimate reasons retain the data;
  • A right to restrict processing: in certain cases you have the right to restrict the processing of your data;
  • A right to data portability: you have the right to receive your data, which you have provided to us, in a structured, commonly used and machine-readable format, for your personal use or for transmission to a third party of your choice. This right only applies where the processing of your data is based on your consent, on a contract or is carried out by automated means;
  • A right to object to processing: you have the right to object at any time to the processing of your data for processing based on our legitimate interest, a public interest task and for marketing purposes. This is not an absolute right and we may for legal or legitimate reasons refuse your request to object,
  • The right to withdraw your consent at any time: you may withdraw your consent to the processing of your data where the processing is based on your consent. Withdrawal of consent does not affect the lawfulness of processing based on consent carried out prior to that withdrawal;
  • The right to lodge a complaint with a supervisory authority: you have the right to contact your data protection authority to complain about our personal data protection practices;
  • The right to give instructions about what to do with your data after your death: you have the right to give us instructions about the use of your data after your death.

Under the GDPR, the conditions for exercising these rights may vary depending on the lawfulness of the processing.

We will respond to any exercise of rights as soon as possible and in any event within 30 days of receipt of the request. We reserve the right to:

  • To request proof of the applicant's identity if there is reasonable doubt about it, in order to respect its obligation of confidentiality;
  • Extend the deadline for a response by two months, informing the applicant of the extension and the reasons for the postponement within one month of receiving the request;
  • To refuse to respond to an exercise of rights if it is considered abusive (in view of their number, repetitive or systematic nature).

How to exercise your rights to your personal data ?

To exercise your rights, you can contact our service provider mandated to handle these requests :

By post: My Selling Tools - 6 traverse Jules Guesde 92100 Boulogne-Billancourt
By internet : Email : contact@mybeezbox.com
By telephone : +33 (0)1 84 13 18 10

If, despite our efforts and commitments, you feel that your rights concerning your personal data have not been respected, you may submit a complaint to the Commission Nationale Informatique et Libertés :

CNIL
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07

Online complaint : https://www.cnil.fr/fr/plaintes/

Trust us!

Instant availability

Print directly your gift voucher upon purchase.

Best price guaranteed

Buy your gift without any intermediary.

Secure payment

100% secured by our bank partners