PRIVACY POLICY
Effective date: 30 January 2024
- Collection of certain Personal Data
IZYLS, a simplified joint stock company with a capital of 10,000 €, whose registered office is located at 1 Rue de Stockholm – 75008 Paris, France, registered with the Paris Companies Register under registration number 919 398 305, and represented by Mr. Anas El Maskoune, its President (“IZYLS”) complies with the applicable regulations relating to Personal Data protection (the “Applicable Regulations”), and in particular all provisions defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the « General Data Protection Regulation » or « GDPR »), as well as provisions of French law No 78-17 of 6 February 1978 said “Informatique et Libertés” as amended (the “LIL”) and all other regulations relating to personal data where appliable, in particular the Data Protection Act 2018 (the “UK GDPR”).
IZYLS sells online handmade decoration and furnishing products (the "Products", as defined in IZYLS’ General Terms of Sale and Use, the “Terms”, all capitalised terms herein are defined in the Terms unless otherwise stated) on its website accessible under the following address: www.izyls.com (the “Site”).
The Customers (as defined in the Terms) and all visitors and users of the Site and persons concerned (the “Users”) acknowledge and agree that IZYLS processes certain of their personal data (“Personal Data”) in accordance with the Applicable Regulations in order to ensure to proper functioning of the Site, management of Customers and users, and the sale of its Products and processing of Orders, in accordance with the terms and conditions of this Privacy Policy (the "Privacy Policy" and alternatively the "Policy").
“Personal Data" refers to any information relating to an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
- Definitions
- "IZYLS": means company IZYLS, a simplified joint stock company with a capital of 10,000 €, whose registered office is located at 1 Rue de Stockholm – 75008 Paris, France, registered with the Paris Companies Register under registration number 919 398 305, intra-community VAT number: FR24919398305, and represented by Mr. Anas El Maskoune, its President. IZYLS is the holder of all rights pertaining to the Site.
- “Site”: means the IZYLS Site as defined herein, published and operated by IZYLS, and accessible at the address: izyls.com.
- “Products": means the products sold on the Site. The Product Orders are governed by IZYLS’ Terms.
- “User": means where appropriate Customers (as defined in the Terms) and/or all visitors and users of the Site, concerned in accordance with the present Policy.
- "Processing": any operation or set of operations carried out or not by means of automated processes and applied to Personal Data such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, erasure or destruction.
- General rules applicable to the collection and processing of personal data
It is reminded that, in accordance with the Applicable Regulations, Personal Data is:
- Processed in a lawful, fair and transparent manner with regard to the data subjects;
- Collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
- Adequate, relevant and limited to what is necessary for the purposes for which they are processed
- Accurate and, where necessary, kept up to date;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed
- Processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.
- Nature of the collected Personal Data
4.1 The data controller is IZYLS, the recipient of the concerned Personal Data.
The Personal Data which is processed is intended for the data controller. If the data subject where appropriate fails to provide such data, their request may not be processed.
For all intents and purposes, it is reminded that the data controller is the entity that defines and limits the data to be collected as well as the purposes of processing.
In any event, such Personal Data is collected and processed based on a legal obligation, a legitimate interest of IZYLS and/or the consent of the data subject.
4.2 The Personal Data of the data subjects which are collected by IZYLS in its capacity as data controller, are the following:
- Creation and use of a Customer account
- Last name;
- First name;
- Email address;
- Telephone number.
When creating a Customer account, a login (email address) and password (encrypted) is required.
- Orders :
- Last name;
- First name;
- Email address;
- Telephone number
- Billing address;
- Shipping address.
- Connection
In the course of using the Site, the Site may collect the User's connection data (IP address and browser type) and location data.
- Payment
In order to purchase a Product offered on the Site, financial data relating to the Customer's bank account or credit card is required.
It is specified that payments are made through IZYLS’ payment provider (Shopify).
All banking information is collected directly by IZYLS’ payment provider. IZYLS does not have access to the banking data of the Customers. IZYLS requires invoicing information.
4.3 In any event, and in general, it is reminded that IZYLS may process Personal Data of the following nature:
- Connection data when the User uses the Site;
- Details of correspondence with IZYLS;
- Cookies;
- Bank and transaction data.
It is also specified that certain data and information are collected through the interactivity that may be established between the Customer and/or the User and the Site, as follows:
- Statistics;
- Contact form.
- Origin and purpose of the Personal Data collected
5.1 The Personal Data of the Customers and/or Users of the Site are collected directly and solely from them.
IZYLS undertakes to obtain the express consent of the data subjects and to allow them to object to the use of their Personal Data for any other purpose, as soon as this is necessary.
It is specified that the information collected relating to the Product Orders may be used for targeting and/or analytical and statistical purposes. The information shall be anonymized for such purposes.
5.2 In any event, it is reminded that the Personal Data collected is necessary for the proper performance of IZYLS's services and to enable it to comply with its legal obligations.
The collection, storage and processing of this information and Personal Data have the following purposes:
- Access, visit and use of the Site by Customers and Users;
- Processing of Orders in view of the sale and delivery of Products;
- Organisation of the conditions for using payment services;
- Management and administration of Customer’s accounts;
- Management of the operation and optimisation of the Site;
- Verification, identification and authentication of data transmitted by the Customers and Users;
- Implementation of assistance for Customers;
- Prevention and detection of fraud, malicious software and management of security incidents;
- Management of possible disputes with Customers and/or Users;
- Sending of commercial and advertising information based on the user's preferences.
- Sharing of Personal Data
6.1 IZYLS undertakes not to commercialize the Personal Data collected from the Customers and Users.
6.2 Personal Data may be shared with third parties, subject to the express consent of the data subject, in the following cases:
- In view of the performance of the Order and delivery of the Products, the necessary information for delivery is transmitted to IZYLS’s designated carrier;
- When the Customer uses the payment services, for the implementation of these services, the Site is in relation with third party banking and financial companies with which it has contracted;
- When the User publishes, if applicable, publicly available information;
- To the authorized personnel of IZYLS which may be required to process the Personal Data;
- When the Site uses the services of service providers for a service related to the Site or the Services. These service providers have limited access to the User's data, in the context of the execution of these services, and have a contractual obligation to use them in accordance with the provisions of the applicable regulations on the protection of personal data;
- If required by law, the Site may transmit data to follow up on claims against the Platform and to comply with administrative and judicial proceedings.
6.3 When IZYLS's partners and/or processors are located outside the European Union, the Personal Data collected may be transferred to countries outside the European Union whose legislation on the protection of personal data differs from that of the European Union, it being specified that, in the event that the recipient country or countries do not ensure a level of data protection equivalent to that of the European Union, IZYLS undertakes to take all appropriate guarantees, either on the basis of an adequacy decision or, in the absence of such a decision, on the basis of appropriate guarantees, and to enter into specific contracts with the said processors and partners in order to supervise and secure the transfer of the Personal Data of the data subjects, in particular on the basis of the standard contractual clauses adopted, a copy of which may be requested from the contact details below.
6.4 The list of IZYLS's partners and processors may be provided to data subjects upon request sent to the following email address: contact@izyls.com.
- Duration of Data retention
IZYLS shall keep the Personal Data of data subjects for the period strictly necessary for the purposes pursued, and in particular for the provision of its Services, in accordance with legal and regulatory requirements.
Personal Data is retained three (3) years from the last incoming contact from the data subject with IZYLS.
This information may also be kept for an additional period of two (2) years, under restricted and exceptional access, for the purposes of proof in compliance to its legal and regulatory obligations.
Accounting documents and records shall be retained for ten (10) years as accounting evidence.
- Legal basis for the processing of Personal Data
IZYLS collects and uses the Personal Data of the Customers and Users if this processing meets at least one of the following bases:
- In accordance with the sales contracts entered into with the Customers under the Terms;
- In compliance with the consent of the data subjects, which can be revoked at any time;
- To the extent necessary to fulfil its legal obligations; and
- To the extent necessary to pursue its legitimate interests (or those of others), unless those interests are superseded by the interests or fundamental rights and freedoms of the data subjects requiring the protection of their Personal Data.
It is reminded that:
- Only Personal Data relevant to the purposes listed above are collected;
- The request to provide Personal Data is contractual in nature;
- The Personal Data shall not be used to make an automated decision within the meaning of the Applicable Regulations.
- Rights of data subjects
Pursuant to the Applicable Regulations, data subjects are reminded that they have the following rights:
- Right of access, including the right to obtain copies of all their Personal Data, as well as the essential details of how the Personal Data is processed;
- Right to have their Personal Data rectified as soon as possible and to have any incomplete, inaccurate, ambiguous or outdated Personal Data completed;
- Right to have their Personal Data erased if processing is no longer necessary, or if the data subject has withdrawn his or her consent or objected to the processing; or if the collection, use, disclosure or storage of the Personal Data is prohibited;
- Right to limit the processing of Personal Data;
- Right to portability of Personal Data; and
- Right to object to the processing of their Personal Data.
If the data subject wishes to know how IZYLS uses their Personal Data, to request rectification, to object to the processing thereof, to request deletion thereof, or to request a copy of all Personal Data in IZYLS's possession, he or she should send his or her request to IZYLS by mail, the request to be accompanied by a copy of valid ID documents, to the following address:
- By e-mail to the address: contact@izyls.com.
- By registered mail with acknowledgement of receipt addressed to:
In addition, the data subjects may lodge a complaint with the supervisory authorities, and in particular with the CNIL (https://www.cnil.fr/fr/plaintes) and/or any other competent supervisory authority where applicable.
- Security
IZYLS takes all necessary precautions, in view of the personal nature of the data collected and the risks presented by the processing, to protect the security of Personal Data relating to users of the Site and, in particular, to prevent such data from being distorted or damaged or from being accessed by unauthorised third parties.
IZYLS implements all technical and organisational measures to ensure the security of the processing of Personal Data and the confidentiality of Personal Data. Persons working for IZYLS are required to respect the confidentiality of the Personal Data of the data subjects.
- Cookies
IZYLS may collect certain information through cookies, subject to the choices expressed concerning cookies at the time of connection, and which can be modified at any time; it being specified that the prior consent of the concerned persons is required for any storage on their terminal or access to information already stored on it, cookies being deactivated by default with the exception of only those cookies that are strictly necessary for the proper functioning of the Site and the provision of its services.
The lifetime of these cookies does not exceed 13 months.
Cookies collected as managed by SHOPIFY are defined under this link:
https://www.shopify.com/ie/legal/cookies
Cookies placed by SHOPIFY as of the date of this Policy are the following:
Cookies Necessary for the Functioning of the Store:
|
NAME |
FUNCTION |
DURATION |
|
_ab |
Used in connection with access to admin. |
2y |
|
_customer_account_shop_sessions |
Used in combination with the _secure_account_session_id cookie to track a user's session for new customer accounts |
30d |
|
_secure_account_session_id |
Used to track a user's session for new customer accounts |
30d |
|
_secure_session_id |
Used to track a user's session through the multi-step checkout process and keep their order, payment and shipping details connected. |
24h |
|
_shopify_country |
For shops where pricing currency/country set from GeoIP, that cookie stores the country we've detected. This cookie helps avoid doing GeoIP lookups after the first request. |
session |
|
_shopify_m |
Used for managing customer privacy settings. |
1y |
|
_shopify_tm |
Used for managing customer privacy settings. |
30min |
|
_shopify_tw |
Used for managing customer privacy settings. |
2w |
|
_storefront_u |
Used to facilitate updating customer account information. |
1min |
|
_tracking_consent |
Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region. |
1y |
|
_cmp_a |
Used for managing customer privacy settings. |
1d |
|
c |
Used in connection with checkout. |
1y |
|
cart |
Used in connection with shopping cart. |
2w |
|
cart_currency |
Set after a checkout is completed to ensure that new carts are in the same currency as the last checkout. |
2w |
|
cart_sig |
A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations. |
2w |
|
cart_ts |
Used in connection with checkout. |
2w |
|
cart_ver |
Used in connection with shopping cart. |
2w |
|
checkout |
Used in connection with checkout. |
4w |
|
checkout_token |
Used in connection with checkout. |
1y |
|
customer_account_locale |
Used in connection with new customer accounts |
1y |
|
dynamic_checkout_shown_on_cart |
Used in connection with checkout. |
30min |
|
hide_shopify_pay_for_checkout |
Used in connection with checkout. |
session |
|
keep_alive |
Used in connection with buyer localization. |
2w |
|
master_device_id |
Used in connection with merchant login. |
2y |
|
previous_step |
Used in connection with checkout. |
1y |
|
discount_code |
Used in connection with checkout. |
session |
|
remember_me |
Used in connection with checkout. |
1y |
|
secure_customer_sig |
Used to identify a user after they sign into a shop as a customer so they do not need to log in again. |
1y |
|
shopify_pay |
Used in connection with checkout. |
1y |
|
shopify_pay_redirect |
Used in connection with checkout. |
1 hour, 3w or 1y depending on value |
|
shop_pay_accelerated |
Used in connection with checkout. |
1y |
|
source_name |
Used in combination with mobile apps to provide custom checkout behavior, when viewing a store from within a compatible mobile app. |
session |
|
storefront_digest |
Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected. |
2y |
|
tracked_start_checkout |
Used in connection with checkout. |
1y |
|
checkout_session_lookup |
Used in connection with checkout. |
3w |
|
checkout_prefill |
Used in connection with checkout. |
5m |
|
checkout_queue_token |
Used in connection with checkout. |
1y |
|
checkout_queue_checkout_token |
Used in connection with checkout. |
1y |
|
checkout_worker_session |
Used in connection with checkout. |
3d |
|
checkout_session_token |
Used in connection with checkout. |
3w |
|
checkout_session_token_<<token>> |
Used in connection with checkout. |
3w |
|
cookietest |
Used to ensure our systems are working correctly |
1m |
|
order |
Used in connection with order status page. |
3w |
|
identity-state |
Used in connection with customer authentication |
24h |
|
identity-state-<<token>> |
Used in connection with customer authentication |
24h |
|
identity_customer_account_number |
Used in connection with customer authentication |
12w |
|
card_update_verification_id |
Used in connection with checkout. |
20m |
|
customer_account_new_login |
Used in connection with customer authentication |
20m |
|
customer_account_preview |
Used in connection with customer authentication |
7d |
|
customer_payment_method |
Used in connection with checkout. |
1h |
|
customer_shop_pay_agreement |
Used in connection with checkout. |
20m |
|
pay_update_intent_id |
Used in connection with checkout. |
20m |
|
localization |
Used in connection with checkout. |
2w |
|
profile_preview_token |
Used in connection with checkout. |
5m |
|
login_with_shop_finalize |
Used in connection with customer authentication |
5m |
|
preview_theme |
Used in connection with the theme editor |
session |
|
shopify-editor-unconfirmed-settings |
Used in connection with the theme editor |
16h |
|
wpm-test-cookie |
Used to ensure our systems are working correctly. |
session |
Reporting and Analytics
|
NAME |
DESCRIPTION |
DURATION |
|
_landing_page |
Track landing pages. |
2w |
|
_orig_referrer |
Track landing pages. |
2w |
|
_s |
Shopify analytics. |
30min |
|
_shopify_d |
Shopify analytics. |
session |
|
_shopify_fs |
Shopify analytics. |
30min |
|
_shopify_s |
Shopify analytics. |
30min |
|
_shopify_sa_p |
Shopify analytics relating to marketing & referrals. |
30min |
|
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
30min |
|
_shopify_y |
Shopify analytics. |
1y |
|
_y |
Shopify analytics. |
1y |
|
_shopify_ga |
Shopify and Google Analytics. |
session |
|
customer_auth_provider |
Shopify analytics. |
session |
|
customer_auth_session_created_at |
Shopify analytics. |
session |
|
shop_analytics |
Shopify analytics. |
1y |
|
unique_interaction_id |
Shopify analytics. |
10min |
- Personal Data and minors
The Site is intended for people of legal age who are capable of entering into obligations in accordance with the legislation of the country in which the person concerned is located.
- Links to other websites and social networks
The Site may contain links to websites and platforms of IZYLS's partners or third parties.
These websites and platforms have their own policies on the use of personal data and IZYLS shall not be liable for the use made by these third-party websites and platforms of the information collected when users click on these links.
- Changes to the Privacy Policy
IZYLS reserves the right to make any changes to this Policy at any time in accordance with this clause.
If IZYLS makes a change to this Policy, it will publish the new version which will be accessible on the Site and any other media communicated by IZYLS and will update the date of the last update appearing at the top of this document.
IZYLS advises its Customers and Users to visit this page regularly.
- Contact IZYLS
If the Customer, User or any other data subject has any questions or complaints regarding IZYLS's compliance with these provisions, or if he or she wishes to make recommendations or comments to IZYLS, he or she may contact IZYLS in writing at the following address:
- By e-mail to the address: contact@izyls.com.
- By registered mail with acknowledgement of receipt addressed to: