Tolteca is committed to ensuring the highest level of protection of your personal data.

The company that collects the personal data and implements the data processing is:
ALKYMYA SARL : Siret: 831 184 544 – RCS STRASBOURG – APE: 4645Z

9 Boulevard de Nancy 67000 STRASBOURG France
+ 33 (0) 6 98 30 95 60
team@tolteca.fr

ARTICLE 1 PREFACE

This privacy policy applies to https://tolteca.fr.

This Privacy Policy is intended to expose users of the site to:

The way in which their personal data are collected and processed. All data that could identify a user should be considered as personal data. This includes name, first name, email address or IP address.
What are the rights of users regarding this data;
Who is responsible for the processing of personal data and processed;
To whom these data are transmitted;
Possibly, the site’s policy regarding “cookies” files;
This privacy policy supplements the legal notices and the general conditions of use that users can consult at the following address: www.tolteca.fr/CGV and www.tolteca.fr/mentions-legales.fr

ARTICLE 2: GENERAL PRINCIPLES FOR DATA COLLECTION AND PROCESSING

In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of site users’ data complies with the following principles:

Liability, loyalty and transparency: data can only be collected and processed with the consent of the user who owns the data. Whenever personal data are collected, the user will be informed that his or her data is being collected, and for what reasons;
Limited Purposes: Data collection and processing is performed to meet one or more of the objectives set out in these Terms of Use;
Minimizing the collection and processing of data: only data necessary for the proper implementation of the objectives pursued by the site will be collected;
Conservation of data reduced in time: the data are kept for a limited time of which the user is informed;
Integrity and confidentiality of the data collected and processed: the data controller is committed to ensuring the integrity and confidentiality of the data collected.

ARTICLE 3: DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION

The personal data collected on the TOLTECA.FR website are the following:

Name, address, phone number, email address, payment information for billing purposes and purchase history.

This data is collected when the user performs one of the following operations on the site:

– When creating an account (personal space) on the site;

– When ordering, Buy on the site;

– When browsing and consulting the pages of the site;

– When participating in a game or contest proposed by the brand;

– By contacting the customer service;

– When registering for the newsletter;

– When writing a comment on the site.

When you leave a comment on our website, the data entered in the comment form, but also your IP address and the user agent of your browser are collected to help us detect unwanted comments. An anonymized channel created from your email address (also called hash) can be sent to the Gravatar service to check if you are using the service. The privacy clauses of the Gravatar service are available here: https://automattic.com/privacy/. After validation of your comment, your profile picture will be visible publicly next to your comment.

Moreover, during a payment on the site, it will be kept in the computer systems of the publisher of the site a proof of the transaction including the purchase order and the invoice.

The data controller will keep in his computer systems and under the reasonable conditions of security all data collected for a maximum of 3 years after the end of the commercial relationship.

A) The collection and processing of data serves the following purposes:

1) Provide the product (s) you ordered or the information you requested.

We use your name and your mailing address and e-mail to deliver products and track the transaction, ie send you an invoice, notify you of the shipment of your package or send you a satisfaction questionnaire. etc.

2) Process the payment

Your credit card number is only used to process payments and not for marketing purposes.

3) Inform you

From time to time we send news, news or promotional offers about our products or our company.

4) Understand your needs

Finally, we may use your personal information to understand your needs and preferences, to communicate with you, to compile sales statistics, to conduct commercial or promotional transactions.

B) Legal basis

The processing of your personal data is justified by different bases (legal basis) depending on the use we make of personal data.

Among the applicable legal bases:

• The contract: the processing of personal data is necessary for the execution of the contract to which you have agreed.

• The legitimate interest: TOLTECA has a commercial interest to treat your data which is justified and does not come to infringe on your private life. With exception, you can at any time object to a treatment based on the legitimate interest by notifying us.

1 data provided – Legal Basis Contract

•Last name – First Name

•E-mail

•Address

•Payment method

•Phone

2 The data we collect – Legal basis: Legitimate interest

• IP addresses

• Navigator

• Clicks

• Mapping

We store this data to improve our product, create services and generate reports.

B) Transmission of data to third parties

Some data can indeed be shared with:

• The payment gateway MONETICO, Crédit Mutuel’s service, used in the context of secure online payment.

The AXONAUT management application used for inventory management, sales management or customer relationship management (billing, service ticket, etc.)

C) Data Hosting

The TOLTECA.FR site is hosted by: OVH 2 rue Kellermann – 59100 Roubaix

ARTICLE 4: RESPONSIBLE FOR DATA PROCESSING

A) The Data Controller

The person responsible for the processing of personal data is Aurélie ANTENAT. She can be contacted by e-mail : aurelie@tolteca.fr or via the dedicated contact form: https://tolteca.fr/formulaire-gestion-donnees/

The person responsible for data processing is responsible for determining the purposes and means used for the processing of personal data.

B) Obligation of the Data Controller

The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user having been informed and to respect the purposes for which the data was collected.

The site has an SSL certificate to ensure that information and data transfer through the site is secure.

An SSL certificate aims to secure the data exchanged between the site and the users.

In addition, the data controller agrees to notify the user in case of rectification or deletion of data unless it entails disproportionate costs or steps.

Where the integrity, confidentiality or security of the data is compromised, the controller commits to inform the user.

ARTCLE 5: USER RIGHTS

In order for the manager to grant his request, the user is required to provide him with his last name, first name and e-mail address and, if applicable, his customer account number.

In accordance with the regulations, the user has the following rights:

A) The different rights of the user

• Right of access for rectification and erasure

The user can read, update or request the deletion of his data by: sending an e-mail to the person responsible for personal data mentioned above or via the following form https://tolteca.fr / form-data-management /

If he has one, the user has the right to request the removal of his personal space by contacting the person responsible for personal data as mentioned above. The deletion will be done within 10 days of the request. After closure of the personal space, the data are permanently deleted except those that may allow the site TOLTECA operated by the sarl Alkymya to justify its legal or contractual obligations. The data thus preserved are stored for a limited period of time and are not used during this period.

• Right to data portability

The user has the right to request the portability of his personal data by contacting the person responsible for personal data as mentioned above.

• Right to limitation and opposition of data processing

The user has the right to request the limitation or oppose the processing of his data without which the site can not refuse unless to demonstrate the existence of legitimate and compelling reasons.
In order to request the limitation or to make a request for opposition to the processing of his data, the user may send an e-mail to the person responsible for the personal data mentioned above.

• Right not to be the subject of a decision based exclusively on an automated process

In accordance with the provisions of Regulation 2016/679, the user has the right not to be the subject of a decision based exclusively on an automated process if the decision has legal effects concerning him or affects him significantly in a manner similar.

• Right to determine the fate of data after death

The user is reminded that he can organize what should be the future of his data collected and processed if he dies, in accordance with the law n ° 2016-1321 of October 7th, 2016.

• Right to seise the competent authority

In the event that the data controller decides not to respond to the request of the user, and the user wishes to challenge this decision, he is entitled to refer the CNIL or any competent judge.

B) Personal data of minors

In accordance with the provisions of Article 8 of European Regulation 2016-679 and the Data Protection Act, only minors aged 15 and over can consent to the processing of their personal data.

If the user is a minor under 15 years of age the agreement of a legal representative will be required so that his / her personal data can be collected and processed.

ARTICLE 6: USE OF COOKIE FILES

A cookie is a small file (less than 4KB) stored by the site on the user’s hard drive containing information about the user’s browsing habits.

These files allow it to process statistics and traffic information, facilitate navigation and improve service for the convenience of the user.

For the use of cookie files involving the backup and analysis of personal data, the consent of the user is necessarily requested.

This consent of the user is considered valid for a maximum duration of 13, (thirteen) months. At the end of this period, the site will request again the user’s permission to save cookie files on his hard drive.

A) Opposition of the user to the use of “cookies” files by the site

It is brought to the attention of the user that he can oppose the registration of these cookie files by configuring his browser software.
For Microsoft Internet Explorer:

1.Choose the “Tools” menu then “Internet Options”

2.Click on the “Privacy” tab

3.Select the desired level using the slider

For Chrome:

1.Choose the menu “Edit”> “Preferences”

2.Click on the option “Personal data”

3.Rubrique “Cookies”

For Mozilla Firefox:

1.Choose the “Tools”> “Options” menu

2.Click on the “Privacy” option

3.Rubrique “Cookies”

For Safari:

1.Choose the menu “Edit”> “Preferences”

2.Click on the option “Personal data”

3.Rubrique “Cookies”

In the case where the user decides to disable cookies, he can follow his navigation on the site. However, any dysfunction of the site caused by this manipulation could not be considered as being due to the editor of the site.

Description of the cookies used by the site:

If you post a comment on our site, you will be asked to save your name, e-mail address and website in cookies. It’s only for your comfort so you do not have to enter this information if you post another comment later. These cookies expire after one year.

If you have an account and log on to this site, a temporary cookie will be created to determine if your browser accepts cookies. It does not contain any personal data and will be deleted automatically when you close your browser.

When you sign in, we’ll set up a number of cookies to save your login information and screen preferences. The lifetime of a login cookie is two days, that of a screen option cookie is one year. If you check “remember me”, your cookie will be kept for two weeks. If you log out of your account, the login cookie will be deleted.

By modifying or publishing a publication, an additional cookie will be saved in your browser. This cookie does not include any personal data. It simply indicates the ID of the publication you just edited. It expires after one day.

By browsing the site, it is brought to the attention of the user that third-party cookies files can be saved. These are the following third parties:

In addition, the site includes social networking buttons allowing the user to share his activity on the site. Cookies files of these social networks are therefore likely to be stored on the user’s computer when using its features.
These include small buttons “I like”, “share” third-party social networks such as Facebook, Twitter, Google + …. that you can find on our sites and applications. They allow you to like and share information from our sites and apps with your friends on social networks. When you consult a tolteca page containing plug-ins or social modules, a connection is established with the servers of social networks (Facebook, Twitter …) who are then informed that you have accessed the corresponding page of the site consulted tolteca, even if you do not have a Facebook or Twitter user account, and even if you are not connected to your Facebook or Twitter account.

The user’s attention is drawn to the fact that these sites have their own privacy policy and general conditions of use probably different from the site.

The publisher of the website Tolteca.fr invites users to consult the privacy policies of these sites.

ARTICLE 7: DATA PROTECTION

We make every reasonable effort to prevent the loss, misuse and alteration of personal information under our control. Our security policies are periodically reviewed and improved as needed.

Only authorized employees and suppliers have access to your personal information. When personal information is sent to a third party for processing, we ensure, through contractual agreements with the third party, that your personal information remains secure. We operate secure data networks protected by industry-standard firewall and password protection systems.

ARTICLE 8: CONDITIONS OF AMENDMENT OF THE PRIVACY POLICY

This Privacy Policy may be consulted at any time at the following address: www.tolteca./fr/en/privacy-policy

The publisher of the site reserves the right to modify it to guarantee its conformity with the law in force. Therefore, the user is invited to regularly consult this privacy policy and to be kept informed of the changes made.

The latest update of this Privacy Policy is as of: August 31, 2018