Privacy Policy

Confidentiality

Miss Diana is concerned about the privacy and protection of the personal data of the users of her website. For the sake of transparency, Miss Diana has adopted a "Privacy Policy" relating to the personal data of its users collected by Miss Diana on the website it publishes: https://miss-diana.com/ (hereinafter the "Site").

Miss Diana has updated its Privacy Policy in accordance with applicable regulations and in particular Regulation (EU) 2016/679 of 27 April 2016 ("GDPR") and Law No. 78-17 of 6 January 1978 as amended, relating to data processing, files and freedoms ("LIL") and its implementing decree.

Users of the Site acknowledge that they have read and accepted this Privacy Policy at the same time as they have read and accepted the General Terms and Conditions of Use. In the event that users do not agree with the provisions of this Privacy Policy, users remain free not to use the Site and not to provide any personal data.

 

  • Definitions

 

"Supervisory Authority": refers to the Commission Nationale de l'Informatique et des Libertés (CNIL).

"Consent": of the data subject, means any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject agrees, by a statement or by a clear affirmative action, to the processing of personal data concerning him or her.

"Recipient" means the natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party.

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "Data Subject")

"Identifiable natural person" means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Purpose": refers to the purpose pursued by the implementation of the processing (e.g. order management, subscription to newsletters, etc.).

"Restriction of processing": means the marking of stored personal data, with a view to restricting their future processing;

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing.

"Site": refers to the https://miss-diana.com/ website  on which Miss Diana offers its products and services to users.

"Processor" means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

"Third party": means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process personal data.

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available,  alignment or interconnection, restriction, erasure or destruction.

"User": refers to any Internet user visiting the Site and/or benefiting from the Products and/or Services offered on the Site, whose personal data may be processed by Miss Diana under the conditions set out below. One or more Users may be referred to as the Data Subject.

 

  • What data is collected?

 

As a User, when you browse the Site and/or use services offered on the Site, Miss Diana may collect the following Personal Data about you:

  • Identification data: surname, first name, copies of identity card and/or passport, IP address, real or supposed interests and/or personal needs, data relating to the device used
  • Contact data: email address, postal address (delivery and invoicing), telephone number
  • Payment and billing data: payment method used, bank details, billing information
  • Data relating to interactions between the User and Miss Diana: content of the contact message sent to Miss Diana through the Site
  • Data relating to the follow-up of the commercial relationship and the management of orders: requests for information between the User and Miss Diana, history of exchanges with Miss Diana's services, details and follow-up of orders, subscription to Miss Diana newsletters, validation or abandonment of the shopping cart, etc.

Miss Diana informs its Users that it is likely to collect their Personal Data:

  • During their visit to the Site;
  • When creating their User account (optional);
  • When purchasing a product on the Site;
  • When subscribing to Miss Diana newsletters
  • When a contact request is made to Miss Diana through the form offered on the Site;
  • During any exchange with Miss Diana via the Site.

Regardless of the method of collection envisaged, Miss Diana undertakes to inform its Users:

  • The purposes of the processing carried out;
  • The mandatory or optional nature of the information requested and the possible consequences of failure to respond;
  • Recipients of the data;
  • The existence and methods of exercising your rights (including in particular the rights of access, rectification and opposition to the processing of your Personal Data).

 

  • For what purposes and on what grounds is the processing of this data carried out?

 

Miss Diana collects your Personal Data directly from you, when you browse the Site, use the various services offered on the Site, make a contact request to Miss Diana through the form offered on the Site, or during any exchange with Miss Diana via the Site.

Miss Diana collects and processes your Personal Data for the following explicit, legitimate and specific purposes:

  • Manage the proper functioning and continuous improvement of the Site, the services and functionalities offered;
  • Manage and track your product orders placed on the Site;
  • Manage and track your subscriptions to Miss Diana's newsletters;
  • Offer commercial prospecting and targeted advertising services;
  • Respond to all your requests and communicate with you when you contact us through the form offered on the Site
  • Respond to your requests for the right of access, rectification and opposition, deletion, limitation, portability, right to digital death and the right to lodge a complaint with the CNIL;
  • To meet the legal or administrative obligations imposed by the legislator.

Miss Diana undertakes to inform its Users in the event that their Personal Data is processed for different purposes.

Miss Diana collects and processes your Personal Data, according to the processing envisaged, on the following basis:

  • Management of the proper functioning and continuous improvement of the Site: legitimate interest;
  • Management and follow-up of orders: execution of the contract concluded between the User and Miss Diana;
  • Management and follow-up of subscriptions to Miss Diana newsletters: consent of the User;
  • Sending commercial prospecting and targeted advertising: consent of the User;
  • Management of User requests sent via the Site's contact form;
  • Management of requests to exercise Users' rights: legal obligation.

Miss Diana informs you that during the use of the services offered on the Site, you may be required to fill in various forms and communicate different Personal Data about yourself in order to benefit from some of the services offered by Miss Diana.

When it is necessary with regard to the GDPR and the Data Protection Act, Miss Diana undertakes to obtain your consent and/or to allow you to object to the use of your Personal Data for certain purposes.

This way, you have the opportunity to sign up for Miss Diana's nutrition programs and newsletters. However, if you no longer wish to receive them, you have the option of unsubscribing by clicking on the link provided for this purpose, mentioned in the body of the email containing the nutrition program or newsletter.

Kitchen Wel may also send solicitations of a commercial nature to Users who have accepted it. In the event that you no longer wish to receive such solicitations by email, you may request them at any time and free of charge, by email and without providing any other reason on the Site's contact.

 

 

  • How long is the data stored?

 

Personal Data is kept in accordance with the legal provisions for no longer than is necessary for the purposes for which it is collected and processed by Miss Diana.

However, the processing of Personal Data is possible for the purpose of proving a right or a contract. This Personal Data may also be retained by Miss Diana in order to comply with a legal obligation, or may be kept in files in accordance with applicable regulations and laws.

By way of exception, the Personal Data necessary for the creation and management of the User account is deleted by Miss Dianpuis from the deletion of its account by the User.

Personal Data processed in the context of the management of the commercial relationship between Miss Diana and you, as the purchaser of a Miss Diana product, may not be kept beyond the period strictly necessary for the management of this commercial relationship, to which is added the applicable legal limitation period.

The Personal Data processed in the context of the management and monitoring of subscriptions to Miss Diana newsletters as well as in the context of commercial prospecting and targeted advertising are kept for three (3) years from the end of the commercial relationship if you are engaged in a contractual relationship with Miss Diana,  and three (3) years from the last contact with you if you are not engaged in a business relationship with Miss Diana.

The Personal Data processed in the context of the management and follow-up of your requests made on the Site are kept for three (3) years from the end of the commercial relationship if you are engaged in a contractual relationship with Miss Diana, and three (3) years from the last contact with you if you are not engaged in a commercial relationship with Miss Diana.

For the purpose of managing your requests for rights over your Personal Data, your Personal Data is retained for the calendar year of the request plus five (5) years.

However, Miss Diana reminds that Personal Data that can be used to establish proof of a right or a contract, or retained in compliance with a legal obligation, may be subject to an intermediate archiving policy for a period not exceeding the time necessary for the purposes for which it is kept, in accordance with the provisions in force.

 

  • Will the data be passed on to third parties?

 

Only the persons authorized by Miss Diana mentioned below will have access to your Personal Data:

  • The authorised staff of the various departments of Miss Diana (the authorised staff of the communication, administrative, logistics and IT departments, responsible for handling customer relations and in charge of control);
  • Miss Diana's subcontractors who act in the name and on behalf of Miss Diana, including in particular the host of the Site, the service provider in charge of processing Miss Diana's customer support service, the service provider in charge of sending newsletters and emails for commercial prospecting and advertising, the service provider in charge of sending commercial prospecting SMS,  the service provider in charge of payment processing, order tracking and invoicing;
  • The courts concerned, mediators, lawyers, bailiffs, etc. ;
  • Third-party social networks. Miss Diana informs the User that the Site may use social plugins provided and operated by third-party companies, such as the Facebook, Instagram, Pinterest or Youtube button. By clicking on these buttons, you can send these third parties the information you view on a page of the Site. However, Miss Diana informs the User that if he/she is not logged into the account he/she has opened with the third party concerned, the latter will not be able to know the identity of the User. On the other hand, if the User logs in to the account he has opened with the third party concerned, then the latter will be able to link the information or actions relating to the User's interactions with the Site to the account he has opened with this third party. Miss Diana refers the User to consult the privacy policies of each of the third parties concerned in order to be aware of their practices regarding the processing of Personal Data.

As part of her customer support service, Miss Diana uses a service provider.

This is Stripe Payments Europe Ltd., whose registered office is at Block 4, Harcourt Center, Harcourt Road, Dublin 2, Ireland.

This service provider processes on behalf of Miss Diana the Personal Data used to carry out payment and invoicing operations for orders placed on the Site.

As such, Miss Diana informs Users that identification, contact and payment data are directly transmitted to Stripe Payments Europe Ltd. from the Users' browser at the time of placing an order. Personal Data is used exclusively by Stripe Payments Europe Ltd. for the execution and fulfillment of payments and transmitted securely via the "SSL" encryption method. Stripe Payments Europe Ltd. is PCI DSS certified.

Users can access additional information regarding Stripe Payments Europe Ltd.'s Personal Data Protection Policy by visiting the following link: https://stripe.com/fr/legal 

 

 

  • Order Tracking & Invoicing

 

As part of her order tracking and invoicing, Miss Diana uses the Shopify system.

This is Shopify Inc., whose registered office is located at 150 Elgin Street, Suite 800 Ottawa, ON K2P 1L4 Canada.

This service provider processes on behalf of Miss Diana the follow-up of orders and the invoicing of Users.

As such, Miss Diana informs its Users that by placing an order on the Site, Shopify Inc. may collect and process the following Personal Data:

  • User's identification data;
  • Billing Data.

Users can access additional information regarding Shopify Inc.'s Personal Data Protection Policy by visiting Shopify Inc.'s Privacy Policy available at: https://www.shopify.com/legal/privacy 

If Users have any questions, they may also contact Shopify Inc.'s Data Protection Officer directly by email at the following address: privacy@shopify.com 

 

  • Customer Support

 

As part of its customer support service, Miss Diana uses a service provider's ticketing system for the purpose of technical and qualitative monitoring of customer satisfaction, and its continuous improvement, for the benefit of Users.

This is Gorgias, whose registered office is at 768 Harrison St, San Francisco, CA 94107, USA.

This service provider processes requests for service, assistance and any other requests from Users on behalf of Miss Diana.

As such, Miss Diana informs its Users that by submitting a request through one of the contact channels offered by Miss Diana (such as: the contact form on the Site, the live chat system, an email to Miss Diana's contact addresses), Gorgias may collect and process the following Personal Data (depending on the content and the contact channel selected):

  • User's identification data
  • Contact details
  • Data entered by the User as part of his request.

Users can access additional information regarding Gorgias' Personal Data protection policy by visiting Gorgias' privacy policy available at: https://www.gorgias.io/privacy/gdpr 

For any questions, Users also have the option of contacting Gorgias' Data Protection Officer directly by email at the following address: support@gorgias.io 

 

  • Sending newsletters, commercial prospecting and advertising

 

As part of its services for sending newsletters, commercial prospecting emails and advertising, Miss Diana uses the email marketing platform of a service provider.

This is the company Klaviyo, whose registered office is at 225 Franklin St, Floor 10, Boston, MA 02110, USA.

This service provider processes on behalf of Miss Diana its email marketing campaigns (sending newsletters, commercial prospecting and advertising) to Users.

As such, Miss Diana informs its Users that by subscribing to Miss Diana newsletters, or by agreeing to receive commercial and advertising offers from Miss Diana, Miss Diana may transfer to Klaviyo the following Personal Data of the User:

  • User's identification data
  • Contact details
  • Data about the device used: time zone, screen resolution, information about the browser and operating system, location and language used.

Miss Diana reminds the User that these transfers of Personal Data are necessary for the following processing:

  • Management and follow-up of subscriptions to Miss Diana newsletters;
  • Sending commercial prospecting and targeted advertising.

This processing is based on the User's consent. Thus, if the User no longer wishes Miss Diana to make such transfers, he/she may withdraw his/her consent at any time by clicking on the unsubscribe link present in each email containing Miss Diana's newsletters, commercial offers or advertisements.

 

  • Google Tag Manager

 

Miss Diana informs its Users that it uses the Google Tag Manager tool. This tool allows Miss Diana to manage the tags of her Site (Site code). These facilitate the management and development of the products and services offered on the Site, and reduce the loading time of the Site.

Google Tag Manager implements only the Site's code. Google Tag Manager does not set cookies or collect any Personal Data. The tool only integrates the code of the Site, and facilitates the modulation of the code without accessing the Personal Data processed by the code.

However, Miss Diana would like to inform its Users of the existence of any tags incorporated into this Privacy Policy.

Users can find more information about Google Tag Manager as well as their terms of use on Google's pages.

 

  • What are your rights as Users?

 

As a User, you have the right to access, rectify, port, limit, oppose and delete your Personal Data.

Miss Diana also informs you that you can set guidelines for the retention, deletion and communication of your Personal Data after your death.

In addition, with regard to processing requiring the collection of your consent, Miss Diana informs you that you can revoke your consent to the processing and use of data to which you have previously consented, with effect for the future, at any time.

If you have any questions about this matter or wish to exercise the rights mentioned above, you can contact Miss Diana through the contact page on our website.

Miss Diana informs you that if you wish to exercise your rights, you must provide Miss Diana with your contact details (surname, first name, address and a copy of a signed identity document) as well as a legitimate reason when this is required by law (in particular in the event of opposition to processing).

When you provide a copy of an identity document to prove your identity, Miss Diana will keep it for the calendar year of the request plus five (5) years, in particular when this communication is made in the context of exercising a right of opposition.

Miss Diana informs you that you have the right to lodge a complaint with a supervisory authority. In France, this supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL) whose contact details are as follows:

Miss Diana informs you that its products and services available on the Site are intended for adults and minors over 16 years of age only. As such, Miss Diana does not process Personal Data of minors under the age of 16 without the prior consent of their legal representatives.

Miss Diana reminds any Internet user visiting her Site that if they are under 16 years of age, they must not send her any information about themselves and in particular Personal Data, without the prior consent of their legal representatives.

 

  • Does the Site use cookies?

 

Miss Diana informs its Users that Cookies consist of a series of information, a small text file, installed by their browser on the hard drive of their terminal when they visit a website.

Thus, Users' browsing on the Site may result in the deposit of "Cookies" on their terminal, if they continue to browse the Site without modifying their browser settings.

Miss Diana uses several types of Cookies.

 

  • What security measures are in place?

 

Miss Diana takes all necessary precautions, as well as appropriate technical and organizational measures, regularly updated according to technological progress, to preserve the security of Users' Personal Data and, in particular, to prevent it from being distorted, damaged, or accessed by unauthorized third parties.

As such, Miss Diana uses firewalls and encryption systems for Personal Data. Miss Diana's buildings are subject to physical access controls. Only Miss Diana's employees who need access to Personal Data due to the functions they perform and in order to carry out their activities, are entitled to have access to Personal Data.

All Personal Data transmitted by Users, including information relating to the payment of orders placed on the Site, is transmitted via the SSL (Secure Socket Layer) standard.

 

  • What about links to third-party websites?

 

The Site may offer Users links to third-party websites such as Facebook, Instagram, Pinterest or Youtube.

Miss Diana informs Users that it has no control over the content of third-party websites or the practices of such third parties with respect to the protection of Personal Data that they may collect.

Consequently, Miss Diana declines all responsibility for the processing by these third parties of the Users' Personal Data.