– 
1. Who are we?
The presentation of the LDLC group is available at the following address: https://www.groupe-ldlc.com/presentation-du-groupe/
The LDLC group is made up of several companies and merchant sites.
The purpose of GROUPE LDLC’s privacy policy is to:
- Send you information related to personal data that is processed by our services;
- Inform you of your rights and how you can exercise them.
This Policy has been drafted in compliance with the provisions of the General Data Protection Regulations (“GDPR”), the amended Data Protection Act of 1978. It is likely to evolve according to the regulations, the case law and the doctrine of the supervisory authorities.
2. Who is responsible for processing your data?
The LDLC GROUP and its subsidiaries (hereinafter “LDLC GROUP”), responsible for the processing of personal data carried out on their sites, collect information about you, in particular when creating your Customer Account or during your purchases.
As the person who determines the purposes and means of processing, the controller is GROUPE LDLC as well as the various companies in the group such as:
- THE LDLC SCHOOL
- DISTRIBUTION LDLC
- DLP CONNECT
- LDLC-EVENT
- OLYS
- LDLC VR STUDIO
Contact details for the head office of GROUPE LDLC and its subsidiaries:
Head office address: 2 rue des Érables, 69760
Telephone number: 04 72 52 37 77
E-mail address: dpo@groupe-ldlc.com
3. What type of data do we collect?
We collect the data necessary to meet a specific purpose.
The data we collect may have as a legal basis:
- Your consent, which can be withdrawn at any time;
- The performance of our contractual relationship or pre-contractual measures;
- Compliance with a legal obligation to which we are subject;
- The legitimate interest pursued by the controller, in respect of your interests and rights.
The following table presents the information to be provided when the data is collected from the data subject (Article 12 of the GDPR).
4. What are the treatments implemented?
| Types of treatments | Data concerned by the processing | Purposes of processing | Legal bases for processing | Recipients |
| Commercial prospecting and marketing actions | Identity; Contact details ; Exchanges related to the implementation of projects; Statistics |
The purpose of the processing is to enable prospecting operations, including:
|
Consent (article 6.1.a GDPR) Legitimate interest, namely information and promotion of similar products and services (Article 6.1.f GDPR) |
Internally: the departments responsible for communication and marketing. Externally, our IT and marketing service providers. |
| Recording of phone calls | Phone call |
The purpose of the processing is:
|
Legitimate interest, namely the carrying out of satisfaction surveys and customer studies, as well as the training of staff (Article 6.1.f GDPR) | Internally: the service in charge of customer relations. |
| Contact forms | Identification data; Date and subject of the request; Follow-up provided; Activity statistics |
The purpose of the processing is to respond to your requests. It allows:
|
Execution of a pre-contractual or contractual measure (Article 6.1.b GDPR) Legitimate interest in knowing how to meet the expectations of users of the site (Article 6.1.f GDPR) |
Internally: the departments responsible for processing your request. Externally, the IT service provider. |
| Customer management | Identification data |
The purpose of the processing is:
|
Consent (article 6.1.a GDPR) Execution of a contract (article 6.1.b of the GDPR) Compliance with a legal obligation (article 6.1.c GDPR) |
Internally: the Group entities in charge of processing your request, our service providers and subcontractors. Externally: partner sellers when purchasing a product on the ldlc.com Marketplace |
| Procurement management | Identification data; Payment data; Transaction data; |
The purpose of the processing is:
|
Execution of the contract (article 6.1.b GDPR) Compliance with a legal obligation (article 6.1.c GDPR) |
Internal: the service in charge of commercial management. External: partner sellers when purchasing a product on the Ldlc.com Marketplace |
| Reviews management | Identification data; Transaction data; |
The purpose of the processing is to enable:
|
Consent (article 6.1.a GDPR) Legitimate interest in knowing how the site works (Article 6.1.f). |
Internally: the departments responsible for communication, marketing, our IT service provider Externally: reviews are intended to be published “individually” but are subject to moderation |
| Management of people’s rights | Identification data | The purpose of the processing is to ensure the management of your rights as covered by the GDPR and the Data Protection Act (amended) | Compliance with a legal obligation (article 6.1.c GDPR) |
Internally, the DPO and the persons authorized to manage your rights. Externally certain regulated professions (lawyers) |
| Management of outstanding payments and disputes | Identification data; Payment data; Transaction data; |
The purpose of the processing is:
|
Execution of the contract (article 6.1.b GDPR); Compliance with a legal obligation (article 6.1.c GDPR) Legitimate interest in knowing the survival of the site (Article 6.1.f), |
Internal: the department in charge of accounting. External: authorized service providers which may include regulated professions (lawyers, auditors) |
| Fraud management | Identification data; Payment data; Transaction data; Navigation and connection data. |
The purpose of the processing is to:
|
Compliance with a legal obligation (article 6.1.c GDPR) Legitimate interest of the site (Article 6.1.f) |
Internally: Our accounting department Externally: financial, judicial or state agencies, public bodies on request and within the limits of what is permitted and justified by the regulations |
| Verification of compliance with the commercial conditions of the controller | Identification data; Payment data; Transaction data; Navigation and connection data. |
Check compliance with the commercial conditions of the data controller (for example during contests, purchasing restrictions, etc.) | Legitimate interest in compliance with the commercial conditions (article 6.1.f GDPR) | Internally: The department in charge of order verification |
| Marketplace management | Identification data; Navigation and connection data |
The purpose of the processing is to:
|
Compliance with a legal obligation (article 6.1.c GDPR) Legitimate interest of the site (Article 6.1.f) |
Within the limits of the respective needs: Internally: The departments in charge of managing the Marketplace Externally: service providers in charge of the Marketplace, financial, judicial authorities or State agencies, public bodies on request and within the limits of what is permitted and justified by the regulations |
| Management of promotional operations | Identification data |
The purpose of the processing is:
|
Consent (article 6.1.a GDPR) |
Internal: the department responsible for commercial management. External: the service providers authorized to process the data that you transmit to us and which allow us to offer you the services offered |
| Social media management | Identification data visible by default on the platforms | The purpose of the processing is: Interactions between our Group and subscribers (commercial management) Technical network administration The production of statistics |
Consent (article 6.1.a GDPR) Legitimate interest in knowing how the site works (Article 6.1.f). |
Internally, the department responsible for communication Externally, visitors to social media platforms |
|
360° customer program |
Identification data and data relating to customer orders (surname, first name, telephone, email address, postal address, order number, etc.). | Program aimed at offering a true multi-channel experience to customers of the various LDLC.COM brands (branches, franchises, subsidiaries) for commercial management | Legitimate interest, namely the multi-channel processing of customer requests (order tracking, after-sales service, complaints, etc.). Consent for the personalized customer area. | Stores under the LDLC.COM brand (branches, franchises, subsidiaries) and GROUPE LDLC |
|
Question/answer program |
Customer account data necessary for the management of the program. |
Allow Internet users (customers or prospects) authenticated on the GROUPE LDLC site to obtain additional information on the product sheet:
|
Legitimate interest, namely obtaining information on a product or service. Consent for the personalized customer area and the post of information(s) (questions, answer or vote). Execution of a contract (compliance with the terms of use of the program). |
LDLC GROUP, its branches, franchises, subsidiaries. |
| Online browsing (cookies) | Navigation data, Duration of your visit, Technical information (IP address, browser used, etc.) |
The purpose of the processing is:
|
Consent (Article 6.1.a of the GDPR) Legitimate interest in knowing the functioning of the site for functional cookies (Article 6.1.f). |
Internally: the departments responsible for communication. Externally, our IT service provider. |
| Newsletter | Identity; subscription date; statistics | Subscription management; Management of electronic shipments; Development of statistics relating to the service | Consent (article 6.1.a GDPR) |
Internally: the department responsible for communication; Externally, our IT and communication service providers. |
| Recruitment | Identification data and professional life appearing in particular in the CV and cover letters. | The purpose of the processing is to enable recruitment operations: processing of applications (CV and cover letter) and management of interviews |
Consent (Article 6.1.a GDPR) Execution of a pre-contractual measure (Article 6.1.b GDPR) |
Internally, the departments responsible for recruitment operations. Externally, any recruitment firms and temporary work agencies |
| Gift card | Identity (surname, first name), email and postal contact details (for sending physical cards) of the initiator, participant and beneficiary |
The purpose of the processing is to:
|
Execution of a pre-contractual or contractual measure (Article 6.1.b GDPR) |
Internally: the departments in charge of the gift card project, the participating shops. Externally, our IT and marketing service providers, the company BUYBOX in charge of the gift card solution. |
| Check management | Data relating to checks and their control | Control of checks; consultation of the national file of irregular checks (FNCI); fight against non-payment and fraud. |
Legitimate interest (article 6.1.f GDPR), namely the fight against non-payment and fraud The time of questioning the check guarantee company |
Internal accounting services. Externally, the check guarantee company |
5. Who are the recipients?
In addition to the recipients indicated above, and in order to accomplish the aforementioned purposes, we disclose your personal data only to:
- LDLC Group entities that need to know them to ensure their management;
- Service providers and subcontractors performing services on our behalf; They are rigorously selected and act according to our instructions;
- Partner sellers in the event of the purchase of a product on the Ldlc.com Marketplace;
- Stores under the LDLC banner for the 360° program
- Financial, judicial or state agencies, public bodies on request and within the limits of what is permitted by regulation;
- Credit reporting and collection agencies in the context of credit assessment or debt collection in the event of unpaid invoices;
- Certain regulated professions such as lawyers, notaries, auditors.
6. What are the retention periods?
GROUPE LDLC keeps personal data for a period that does not exceed the period necessary for the purposes for which they are collected in accordance with the provisions of the law of January 6, 1978 as amended and the GDPR.
The data may be retained later in the following cases when retention is necessary:
- To the exercise of the right to freedom of expression and information,
- To comply with a legal obligation,
- For the performance of a task in the public interest or in the exercise of official authority vested in the controller,
- For reasons of public interest in the field of public health,
- For archival purposes in the public interest,
- For scientific or historical research purposes or for statistical purposes,
- Or the establishment, exercise or defense of legal claims.
The criteria for determining retention periods are as follows:
- Legal or regulatory provisions
- The doctrine and case law of supervisory authorities
- Sector references
Bank cards are only recorded after an explicit request from the customer, on the payment page (if this option is offered to you). They are kept for a future order in order to improve your shopping experience on our sites. Cards saved for a future purchase are kept in a secure space with our payment provider. GROUPE LDLC does not keep this information. You have the possibility to delete your registered card at any time, on the payment page.
Cookies have a lifespan limited to thirteen months after their first deposit in the user’s terminal equipment (following the expression of consent), as recommended by the CNIL. You can change your preferences at any time via the cookie manager whose link is present at the bottom of the page of our sites. To find out more about cookies and how we are committed to using them, please visit this page .
Commercial management: Your data is kept for the duration of the contractual relationship and according to the limitation periods relating to the conservation or protection of the rights of the data controller.
Management of accounting and tax operations: Accounting and tax data are kept for a period of 10 years.
Management of commercial operations: The data is kept until the withdrawal of consent or 3 years from the last contact. They can also be stored:
– For a period of 3 years from the last contact that the persons to whom they relate had with our company;
– After the execution of the contract, in intermediate archiving, to meet accounting or tax obligations or to constitute evidence in the event of litigation and within the limit of the applicable limitation period.
The data of the customer account, created by the latter, are intended to be kept until the deletion of the account by the user. However, the account may be considered inactive if not used for 2 years and may be subject to deletion.
Management of the rights of persons: When a person exercises his right of opposition to receive prospecting, in order to guarantee its effectiveness, the information allowing this right to be taken into account is kept for a minimum of 3 years from the exercise of the right. right.
Management of reviews: At the request of an author of a review, GROUPE LDLC offers the possibility of unpublishing a review, while maintaining traceability for the purposes of later verification of the review. GROUPE LDLC may delete notices in the event of a change of ownership and/or complete renovation of an establishment, or a modification of the substantial characteristics of a product or service. GROUPE LDLC will keep a history of the opinions deleted, and all documents related to the opinions, from the site and the reason for their deletion for a maximum period of one rolling year from the date of deletion of the opinion.
Management of unpaid bills: In the case of unpaid bills, the data is erased from the file listing the people in a situation of unpaid bills at the latest, 48 hours from the moment when the unpaid bill has actually been settled. Exceptionally, and when necessary and proportionate circumstances justify it, data may be retained in order to prevent renewal. In case of non-regularization, the information is likely to be kept in the file listing the people within the limit of 3 years from the occurrence of the unpaid. They can then be archived to meet accounting and tax obligations or serve as evidence in the event of litigation within the limit of the applicable limitation period.
Recording of telephone calls: Recordings are kept for a maximum of 6 months.
Supporting documents sent to Customer Relations: the purpose of the processing linked to the request for supporting documents is to combat fraud and unpaid bills. The data is kept for 30 days from the month following its receipt and 24 months from the transaction date in the event of a dispute. Supporting documents containing copies of bank cards are immediately deleted.
Newsletters: You can unsubscribe from newsletters at any time from the link provided for this purpose in the email, or directly from your Customer Account.
7. Who has access to personal data?
The data controller does not sell or share your data with third-party business partners. Some of the employees may have access to the data which is necessary for them within the framework of their functions.
Our various service providers may have access to the data for the performance of their contract, in compliance with the purposes set out above and with the regulations.
Data may be transmitted in the context of business transactions (merger, acquisition, sale, restructuring, etc.).
“Authorized third parties” (public authorities or court officers) are organizations that can access certain data contained in public and private files, on the basis of a text authorizing them to do so.
As part of the 360° customer project, aimed at offering a true multi-channel experience to customers, data is shared between the various LDLC.COM brands (branches, franchises, subsidiaries): the customers resulting from this data transfer, who have a email address, will have a web account created following their migration to the new cash register software. However, the account will only be activated when the customer has changed his password on the site during his first connection. The data concerned comes from invoices for purchases made in shops under the LDLC brand, the list of which is available at the following address: https://www.groupe-ldlc.com/boutiques/ . The legal basis for this processing is Legitimate interest, namely the multi-channel processing of customer requests (order tracking, after-sales service, complaints, etc.) and consent for the personalized customer area.
Regarding the LDLC Marketplace, our company’s role is to connect sellers and buyers. The latter are informed that their data and personal information collected when placing an order via the Marketplace, are processed by Groupe LDLC and the service providers in charge of the marketplace. Only the information strictly necessary for the execution of the transactions will be transmitted to the seller, and this for the sole purpose of processing the transactions.
8. Do we transfer data abroad?
Your data is not transferred to third countries and remains hosted within the European Union.
Regarding the functionalities related to the use of social networks, your publications are likely to be accessible outside the European Union. We invite you to consult the data management policy of the networks concerned.
9. Security
We are committed to ensuring the security of your personal data through strict procedures within our company.
For data collected “online”, communications on the client side are encrypted between the user’s workstation and our servers (HTTPS secure zone). The LDLC GROUP undertakes to make every effort to protect your personal data. Within GROUPE LDLC, only those persons will have access to your information who, because of their functions, have a legitimate interest in accessing it. In the context of technical operations, your data may also be hosted by our subcontractors. These are rigorously selected and act in accordance with our instructions.
10. Rights of persons / your rights
Data subjects have the following rights, which they exercise under the conditions provided for by the GDPR:
- Right of opposition, to withdraw consent at any time. Where the processing of your personal data is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent made before its withdrawal.
- Right of access to personal data concerning you
GDPR Article 15 - Right to rectify data concerning them if they are inaccurate
Article 16 GDPR - Right to erasure of data concerning them subject to the conditions for exercising this right pursuant to the provisions of Article 17 of the GDPR
- Right to restriction of processing
GDPR Article 18 - Right to data portability
GDPR Article 20 - Right of objection
GDPR Article 21 - Right to define directives relating to the fate of your personal data (conservation, deletion and communication of data) after your death.
Article 85 of the Data Protection Act (amended)
- Right to lodge a complaint with a supervisory authority (the CNIL in France).
Article 104.4 of the Data Protection Act (modified) - Automated decision. The data subject has the right not to be the subject of a decision based exclusively on automated processing, including profiling, producing legal effects concerning him or significantly affecting him in a similar way. The data subject has the right to obtain human intervention from the controller, to express his or her point of view and to contest the decision.
Consult the cnil.fr website for more information on your rights.
These rights can be exercised directly with the data controller.
11. Exercise your rights
To exercise these rights or for any question about the processing of your personal data, we invite you to use the following forms depending on the site concerned:
You can also contact Groupe LDLC and its subsidiaries at the following coordinates, in particular for data relating to another site:
- Head office address: GROUPE LDLC – DPO – 2 rue des Érables, 69760
- Telephone number: 04 72 52 37 77
- E-mail address: dpo@groupe-ldlc.com
12. Complaint
If you believe, after contacting us, that your “Data Protection” rights have not been respected, you can file a complaint with a supervisory authority.
The French supervisory authority is the Commission Nationale de l’Informatique et des Libertés (CNIL).
Date of last update: 15.12.2021