PRIVACY POLICY

Last update: July 1, 2022

 

The website www.two-notes.com (hereinafter referred to as the “Website”), is published by OROSYS, (hereinafter referred to as “TWO NOTES”), a French SAS company registered at the MONTPELLIER Business Registry under number 501 883 078, and whose registered address is 76 rue de la Mine, 34980 SAINT-GELY-DU-FESC, FRANCE. 

 

Contact details of the data controller

TWO NOTES is responsible for collecting and processing the personal data of its Customers. 

Should the Customer have any questions or concerns about how TWO NOTES collects and processes their personal data, or wishes to exercise any of the rights relating to their personal data, the Customer can contact TWO NOTES via the following contact details: 

OROSYS 
76, rue de la Mine
34980 SAINT-GELY-DU-FESC
FRANCE
Email: contact@orosys.fr
Phone number: +33 (0)4 84 25 09 10. 
From Monday to Friday (9:00 am – 6:00 pm), working days

 

Purpose of the Privacy Policy:

This Privacy Policy, (hereinafter referred to as the “Privacy Policy”), specifies the conditions under which TWO NOTES, collects and processes Customer’s personal data. 

The collected data concerns any user consulting or placing an order through the Website, (hereinafter referred to as the “Customer”). 

In order to provide the Customer with the products and services requested, and improve the Customer’s experience on the Website, TWO NOTES might collect or receive the Customer’s personal data, such as the Customer’s first & last names, mail & email addresses, phone number or product preferences. TWO NOTES can either collect data directly from the Customer, for example when the Customer creates a personal account or purchases products online, or indirectly through Cookies placed on the Customer’s electronic devices.  

The personal data is collected and processed by TWO NOTES in accordance with European laws and regulations, and in particular the General Data Protection Regulation (GDPR). 

 

Categories of Personal data collected: 

TWO NOTES collects and processes the following categories of personal data: 

  • Identification data: title, first name, last name, date of birth;

  • Contact data: email, mail address, phone number, delivery and invoice addresses; 

  • Payment data: type of credit card, bank details, PayPal account details; 

  • Transaction data: purchased products, product preferences, purchase history; 

  • Navigation data: pages and content looked at, duration of the visit, product(s) searched for or selected to create a cart; 

  • Personal account data: password, login details; 

  • Technical data: IP address, navigation Information, device information. 

If the Customer does not provide the personal data marked with an asterisk (*), this may affect the products and services provided by TWO NOTES. 

The Customer acknowledges that by voluntarily providing personal data, the Customer agrees that such data may be processed by TWO NOTES under the conditions, and for the purposes, set out below. 

 

Purposes and legal basis of personal data processing

Purposes

Legal basis

  • Management of enquiries (respond to questions, provide information and interact with the Customer) 

  • Consent: the Customer consents to the processing of his personal data for a specific purpose, namely to process their request.

 

  • Performance of a contract: data processing is necessary for the performance of a contract concluded between the Customer and TWO NOTES. 

  • Customer Account Management 

  • Legitimate Interest: data processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to improve and personalize the Customer’s experience, improve the quality of the products and services offered, evaluate Customer satisfaction, prevent fraud and ensure that the IT tools are reliable and secure

 

  • Performance of a contract: data processing is necessary for the performance of a contract concluded between the Customer and TWO NOTES, the Customer may create a personal account to purchase the products on the Website.

  • Management of orders 

  • Performance of a contract: data processing is necessary for the performance of the contract concluded between the Customer and TWO NOTES, to ensure the supply of the products requested, to facilitate the return process and manage possible cancellations.

  • Management of payments 

  • Definition of Customer preferences  

  • Legitimate Interest: data processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to anticipate and better meet the needs and expectations of the Customer.

 

  • Consent: the Customer has consented to the processing of its personal data for specific purpose(s), in particular Cookies placed on Customer’s devices to personalize their experience on the Website, the products and services offered and commercial prospecting messages. 

  • Newsletters and marketing communications

  • Consent: the Customer has agreed to receive newsletters and commercial prospecting messages. 

  • Management and removal of customer information 

  • Legal Obligation: TWO NOTES must maintain a list for the purpose of removing Customers who no longer wish to receive commercial prospecting messages. 

  • Evaluation of the quality of the products and services offered for sale (product ratings, reviews)

  • Legitimate Interest: data processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to improve the quality of its products and services and to meet the expectations and needs of the Customer. 

  • Audience & Statistical analysis

  • Legitimate Interest: data processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to evaluate the preferences of the Customer in order to improve and optimise the Website and to determine the products and services most requested by the Customer. 

 

  • Consent: the Customer has consented to the processing of their personal data for specific purpose(s) (e.g. analytics & statistics, surveys, website performance improvements, and improvements of the online experience for the Customer). 

  • Management of the rights of the Customer (right to be informed, right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object).  

  • Legal Obligation: TWO NOTES must comply with the legal obligation allowing the Customer to exercise their rights. 

  • Monitoring, improvement and security of the Website 

  • Legitimate Interest: the processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to maintain the security of the Website, to ensure its protection against fraud and cyberattacks, and to improve the experience of the Customer online. 

  • Social Media platforms

  • Legitimate Interest: the processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to improve the quality of the products and services offered, to interact with Customers, evaluate Customer satisfaction and promote business activity. 

 

Recipient of the personal data

All personal data is processed exclusively, within the limits of their respective tasks, (i) by TWO NOTES’ internal services, in particular customer service and marketing service, (ii) by external service providers, in particular IT service providers (e.g. web hosting), banking and accounting service providers (e.g. bank, accountant), legal service providers (e.g. lawyers, legal advisors), (iii) as well as partners or subcontractors (e.g. transportation company).

These service providers may need to contact the Customer directly from the contact details provided to TWO NOTES. TWO NOTES requires its service providers to use the Customer’s personal data only to perform and manage the services requested by the Customer and in accordance with European laws and regulations. 

TWO NOTES reserves the right, after express authorization from the Customer, to use directly or indirectly, the personal data collected for commercial prospecting purposes.

With the exception of the above-mentioned transfers, the Customer’s personal data is not sold, exchanged, transferred, or given to third-parties. However, TWO NOTES may be under a duty to disclose or share the Customer’s personal data in order to comply with a legal obligation or a request from an official authority. 

In the event that TWO NOTES sells any or part of the business or assets, it may disclose the Customer’s personal data to the prospective buyer of such business or assets. If TWO NOTES or a part of its assets are acquired by a third-party, personal data of the Customers will be one of the transferred assets. In such a case, the Customer’s personal data will be processed by the buyer acting as the new data controller and its privacy policy will govern the processing of Customer’s personal data. 

 

Data retention period

TWO NOTES retains the personal data only as long as necessary to provide the Customer with the products and services requested, or to comply with commercial or legal obligations.

To determine the retention period of the Customer’s personal data, TWO NOTES considers several criteria to ensure that it does not keep Customers personal data for longer than necessary or appropriate. These criteria include: 

  • The purpose for which TWO NOTES holds the Customer’s personal data; 

  • TWO NOTES’ legal and regulatory obligations in relation to that personal data, for example any financial reporting obligation;

  • Whether TWO NOTES’ relationship with the Customer is ongoing, for example, the Customer has an active account, subscribes to marketing communications, regularly browses or purchases on TWO NOTES’ Website; 

  • Whether the Customer is no longer actively participating or engaging with TWO NOTES’ products and services, for example, the Customer does not open TWO NOTES’ emails, visit TWO NOTES’ Website, or interact with TWO NOTES’ social media content. 

  • Any specific request from the Customer in relation to the deletion of Customer’s personal data;  

  • TWO NOTES’ legitimate business interest in relation to managing its own rights, for example the defense of any claims, or for statistical purposes. 

In particular, TWO NOTES retains the personal data for the following periods: 

  • If the Customer purchases products, TWO NOTES keeps Customer’s personal data for the duration of the contractual relationship. Being specified that, after this duration, the personal data will be kept for five (5) years in case of litigation, and financial and accounting information will be kept for ten (10) years to comply with legal obligations; 

  • If the Customer participates in a promotional offer, TWO NOTES keeps Customer’s personal data for the duration of the promotional offer; 

  • If the Customer has consented to receive marketing communications, TWO NOTES keeps  Customer’s personal data until the Customer: (i) requests the deletion of his personal data, or (ii) after a period of inactivity (when the Customer has not interacted with TWO NOTES for three (3) years);

  • If Cookies are placed on the Customer’s computer or electronic devices, they are stored for as long as necessary to achieve their purposes (e.g. for the duration of a session for shopping cart Cookies or session ID Cookies) (see hereunder). 

If TWO NOTES no longer needs to use the Customer’s personal data, the personal data is removed from TWO NOTES’ systems and records, in order that the Customer can no longer be identified from it. 

 

Data security and privacy

TWO NOTES is committed to keeping the Customer’s personal data secure and takes all reasonable precautions to do so. TWO NOTES does its best to protect the Customer’s personal data and uses strict procedures and security features to try to prevent unauthorized access. However, as no transmission of information via the internet is completely secure, TWO NOTES cannot guarantee the security of the Customer’s personal data transmitted to the Website. Any transmission is therefore at the Customer’s own risk. 

 

Social Media Content

The Website may allow the Customer to submit content on social media platforms. The Customer acknowledges that any content submitted to TWO NOTES’ social media accounts can be viewed by the public, and the Customer should be cautious about providing certain personal data (e.g. financial information or contact details). TWO NOTES is not responsible for any actions taken by other individuals if the Customer posts personal data on a social media platform and TWO NOTES recommends that the Customer does not share such information. 

 

Customer’s rights

Pursuant to articles 15 to 23 of the GDPR, the Customer can exercise the following rights: right to be informed, right of access, right to rectification, the right to erasure or right to be forgotten, the right to object to direct marketing, the right to withdraw consent at any time for personal data processing based on consent, the rights to object to processing based on legitimate interest, the right to lodge a complaint with a supervisory authority, the right to data portability, the right to restriction, and the right to turn on/off Cookies.

Redress against TWO NOTES should also be available to the data subject in relation with the processing data performed by TWO NOTES at the competent data protection authority:

 

Automatic decision making

Automatic decision making means the ability to make decisions using technology, without human involvement. TWO NOTES does not use automatic decision making technologies. 

 

Transfer of the personal data outside of the European Union

The personal data collected is not transferred outside the European Union. 

The personal data is stored within the European Union in secure databases owned by TWO NOTES and/or its service providers, in particular its web hosting service provider.

 

Cookies

TWO NOTES may use Cookies or similar technologies when the Customer browses the Website. Cookies are small text files stored on Customer’s electronic devices (computer, tablet, mobile), when the Customer is on the Internet, including the TWO NOTES Website. 

Cookies may enable TWO NOTES to access =technical data and data related to the Customer’s use of the Website, including but not limited to: Customer’s IP address, navigation information, device information, Customer’s unique ID which is given to each visitor, and the expiration date of the ID, location, login details, videos watched, pages/ads/content the Customer looked at, duration of the visit, and products searched and/or selected to create a cart. 

TWO NOTES only tracks the navigation of the Customer on the Website to ensure that the Website works properly and to improve and personalize Customer’s online experience. 

Cookies placed on Customer’s electronic devices are the following: 

Functional Cookies  

COOKIES

PURPOSE

RETENTION PERIOD 

lightbox_intro_pop

First visit popup closed

1 year

tn_token

Use to log in automatically to Two notes Exchange website

7 days

tn_token_refresh

Use to log in automatically to Two notes Exchange website

7 days

woocommerce_cart_hash

WordPress WooCommerce Plugin standard (cart management)

Session

woocommerce_items_in_cart

WordPress WooCommerce Plugin standard (cart management)

Session

wordpress_logged_in_xxxxxxx

WordPress WooCommerce Plugin standard (user logged management)

Session or 1 week later if checkbox “Remember me” is set on login

wordpress_sec_xxxxxxxx

WordPress WooCommerce Plugin standard

Session or 1 week later if checkbox “Remember me” is set on login

wp-wpml_current_admin_language_xxxxxxx

WordPress WPML Multilang Plugin standard

24h

wp-wpml_current_language

WordPress WPML Multilang Plugin standard

24h

wp_woocommerce_session_xxxxxxxxx

WordPress WooCommerce Plugin standard

48h

xlwcty_recently_viewed_product

WordPress Thank You Page Plugin standard

Session

 

Non-functional Cookies 

COOKIES

PURPOSE

RETENTION PERIOD 

fb.xxxxx

Facebook tracker

24h

_ga

Google analytics tracker

2 years

_gid

Google analytics tracker

24 hours

 

If the Customer no longer wishes to be tracked by such Cookies, the Customer can set their browser in order to block them (see links below). However, this may disrupt the operation of the Website.