The website www.heristoria.com (the "Website") is published by Heristoria, which has its registered office at 24/32 rue Jean Goujon- 75008 Paris, and is registered with the Paris Trade and Companies Register under number 900 752 999 (hereinafter "Heristoria", "We" or “Us”).
Heristoria places the highest priority and takes the utmost care to protect the privacy and personal data of its Website users, customers and prospects.
The purpose of this Personal Data Protection Policy (hereinafter the "Privacy Policy" or “Policy”) is to inform you, as prospects, customers and/or visitors to our Website (hereinafter "You") about how We process your personal data, in particular when you use and place orders through the Website, and in connection with our prospecting and promotional events and after-sale services (hereinafter the "Personal Data" or "Data"). This Policy also provides information about your rights in relation to your Personal Data.
This Policy describes the processing of your Personal Data by Heristoria (hereinafter the "Processes") and your rights regarding the protection of your Personal Data.
For more information about how We handle your product orders placed through the Website (the "Orders"), please refer to the Heristoria General Terms and Conditions of Sale.
We may amend this Policy from time to time, in particular if there are changes to our use of your Personal Data. Please check this page regularly to ensure that you agree with any changes. You will be notified of these modifications, either through a special note on our Website or through a personal notification.
- What is Personal Data?
Personal Data refers to any information or pieces of information that could identify you either directly (e.g. your name, surname) or indirectly (e.g. such as your IP address or your Order reference). This means that Personal Data includes information such as email, home address, purchase history, personal preferences and shopping habits. It may also include unique identifiers like your computer’s IP address or your device’s MAC address or Data regarding your navigation on our Website.
- Who is responsible for protecting your Data?
The ‘Data Controller’ is the entity that determines the purposes and means of processing and is responsible to you for compliance with Data protection regulations (hereinafter “the Data Controller”).
As regards Website management, Heristoria (whose contact information is provided below) acts as the Controller.
Heristoria has dedicated personnel to handle any issues that may arise in relation to our processing of your Personal Data. If you have any concerns, questions or requests regarding our use of your Personal Data, you may contact us at:
- by e-mail at the following address: contact@heristoria.com, or
- by mail at the following address: 24-32 Rue Jean Goujon, 75008 Paris
- Why and how do We use your Data?
- How do We collect your Data?
We collect your Personal Data as follows:
- directly from you when you use our Website and our services (completion of various forms on the Website, placement of an Order, communication with Us directly, for after-sale services etc.)
- indirectly in an automated manner when you access or use the Website (cookies, technical details, browsing information, etc.)
- indirectly from third parties (social media, etc.)
- What Data do We collect?
Heristoria collects several types of Personal Data about you:
Data that We collect directly from You
The categories of Personal Data that We may collect directly from you include:
- Information needed to process your Order: items selected, delivery and billing address, contact information (see above), payment method, including your credit card number and expiry date, as well as the name of the cardholder when you make an online payment,
- Information for after-sale services: information about returns, exchanges, and repairs, including descriptions of any problems relating to your purchase,
- Information about your preferences: liked products and services, if you choose to provide US with this information (g. preferences displayed on your “mood board”),
- Your Order history: details of any transactions made by you (e. your purchases, any returns or exchanges, etc.),
- History and content of your exchanges with Us: We generate the history of our relationship when you contact us regarding a customer service issue or when you submit a complaint to Us,
- Recording of calls to our customer service department: when you contact Us or one of our advisers, your conversations may be recorded to ensure quality service. You will always be provided alternative ways to contact Us if you do not want your conversation to be recorded.
When populating a Data collection form, all mandatory information will be identified with an asterisk or an equivalent method. If you do not complete the mandatory fields, We will not be able to process the relevant request and/or Order.
Data that We collect automatically
We automatically collect certain Data about you when you access or use the Website, specifically:
- Technical information: We collect information about the device that you use to login, as well as your use of the Website (g., operating system, type of browser used, whether a proxy is used, location of the device inferred from your IP address that identifies your computer, access time, accessed pages and the link that enabled you to access our Website),
Data that We collect indirectly from third parties
We may also obtain Personal Data about you from social media networks you use through our Website, or from your activity on social media pages. Specifically, when You share your experience with Heristoria with other customers using social media, You provide Data about yourself to this social media network and to Us. These communications are governed by the social media's Personal Data protection policies, which We invite you to review.
Data about other Data subjects
In some limited cases, We may also collect Personal Data that you supply about other persons, such as when you decide to purchase and send products to someone. We only use this Personal Data to respond to your requests, and do not send marketing communications to your contacts unless they elect to receive communications from Us.
- On what legal grounds and for which purposes do We use the Data that We collect?
In accordance with applicable Personal Data protection law, We only collect Personal Data when We have a legal basis to do so.
Personal Data is collected either:
- based on your consent,
- as part of the performance of a contract,
- in our legitimate interest, or
- in accordance with a legal obligation.
- We collect Personal Data based on your consent, for the following purposes:
- To manage your requests and queries (other than related to an Order): We use your Data to send you the information you request,
- To send you commercial and marketing solicitations: We may use your Data to propose you new products and special offers, to invite you to upcoming events that may be of interest to you, and to send you our newsletters.
- We collect Personal Data based on the performance of a contract, for the following purposes:
- To process your Order: We use your Data to manage the purchase, delivery and invoicing of the products You Order, which includes any information provided for the creation of your customer account,
- After-sale services: We use your Data to handle any request You may have as part of our after-sale services, including returns, exchanges, and repairs. These services are provided with the support of the relevant LVMH brand(s) related to your particular Order(s).
- We collect Personal Data based on our legitimate interest, for the following purposes:
- To measure and improve the performance of our Website: We use performance cookies to allow Us to count visits and traffic sources. This helps Us to know which pages are the most and least popular and see how visitors move around the Website.
- To communicate with you about your account or our relationship (e.g., to ask you for feedback/to perform surveys, or inform you about changes to the Website or this Privacy Policy, along with any service updates),
- To prevent payment frauds and ensure the validity of payments We receive,
- To prevent acts of infringement or illicit resell in order to ensure the security of our assets and products,
- To defend our interests in the event of a dispute or court action,
- We collect Personal Data based on legal obligations, for the purpose of complying with applicable laws:
In this respect, We store transactions history and any other commercial documents for legal and administrative reasons (accountability, tax, legal or commercial warranties, insurance, audit, etc.).
- Who has access to your Data?
Your Data is processed by Heristoria for the purposes described above and are only accessible to Heristoria personnel on a need-to-know basis.
Certain third parties may also have access to your Data, specifically:
- our subcontractors and service providers for after-sale services, as well as for technical and logistical reasons (logistics specialists, carriers, Website hosting and maintenance providers, payment and fraud management service providers, technical service providers responsible for sending e-mails and newsletters, customer service department, relevant LVMH brands, etc.),
- LVMH brands linked to your Order(s), subject to your express consent, if you wish to become a client of the relevant brand,
- social media: when you use social media buttons, Data related to your identification is automatically sent to these social media. You may also share certain information or content from our Website on social media. Please consult the social media's terms of use which govern this issue,
- any third-party company which may, in the event of Heristoria’s restructuring, acquire all or part of Heristoria or merge with our company,
- any authority, court or other third party when disclosure is required by law, regulations or a judicial decision, or if such disclosure is necessary to protect and defend our rights.
- Is any Personal Data transferred outside of the European Union?
Given the international dimension of the LVMH Group, your Data may be processed outside the European Union ("EU") in countries whose regulations on Personal Data protection differ from those applicable within the EU.
Any transfer of your Data outside the European Union will be made subject to (i) strict measures to ensure the confidentiality and security of such transfers and (ii) appropriate safeguards that will comply with the applicable regulations on the protection of Personal Data, such as the signing of standard contractual clauses based on the European Commission's template, including any necessary supplementary measure, which are available upon request.
- How long do We store your Data?
Data is stored as long as required for the purpose for which it was collected and, in any case, will be destroyed at the end of such period.
In most cases, your Data is stored for the term of our relationship, then for a 3-year period following termination of our relationship (which typically corresponds to the date of your last Order via the Website, the date your customer account is closed or the date of our last contact with you). The Data is then either (i) archived when necessary for accounting or documentation purposes for the applicable statutory limitation period (generally up to 10 years) then destroyed or anonymized once the limitation periods have expired or (ii) if there is no archive, immediately deleted or anonymized.
By way of exception, We may store your Data for shorter or longer periods.
Please see the table below for additional details about these periods.
Purpose |
Applicable Data categories |
Period of storage before erasure |
Customer Orders management |
Identification and payment Data |
Identification and Order Data: duration of the processing of the Order until delivery + warranty period + Then purchase-related Data is archived for up to 10 years for accounting or documentation purposes.
Payment Data: Duration of transaction and any necessary verifications. In the event of a payment irregularity: for the duration of the payment irregularity, then for a 3 to 5-year period depending on the seriousness of the irregularity. |
Customer relationship management |
Purchase history, communications between you and Us, customer account |
Duration of relationship + 3 years + Then Purchase history Data is archived for up to 10 years for accounting or documentation purposes; other Data is either deleted or anonymized. |
Sending our newsletter/commercial solicitation |
Information concerning your e-mail address and your options regarding electronic solicitation |
3 years from the most recent Order or from last contact with you, or earlier if you wish to unsubscribe before the end of this period.
Then, the Data will be destroyed or anonymized, unless You reiterate your desire to receive our offers and newsletters. |
Measure and enhance performance of the Website |
Data collected using performance cookies category (count visits and traffic sources, various indicators to measure effectiveness of campaigns, etc…)
|
1 month and then the Data is anonymized |
Security of the Website and services |
Technical information of your device |
6 months then the Data is either deleted or anonymized. |
Disputes/complaints |
Data concerning the dispute/complaint |
If no court action is filed, based on the applicable statutory limitation period: up to 5 years from the event In the event of a court action: duration of proceedings through full enforcement of the legal decision or settlement agreement |
- What are your Data protection rights?
Access, rectification and portability
In accordance with current regulations, you have the right to access your Data. You may also request correction of your Personal Data should they be inaccurate. Depending on the type of processing, you may also have the right to request that the Personal Data in our possession be updated or corrected.
To respond to your request, We are required by law to verify your identity. If need be, We may ask you to provide Us with a proof of identity. We may need to ask you for additional information or supporting documents to respond to your request. We will make every effort to respond to your request as soon as possible.
You may, to the extent provided for by law, exercise your right to Data portability which allows you to retrieve, in an interoperable format, the Personal Data that you provided to Us in an automated manner when you created your account and/or enrolled in our customer loyalty program, as well as when you selected products (favorite products, etc.).
Right to erasure of Your Data and to limitation of the processing of your Data
You may request erasure of your Personal Data if:
- You believe that our processing of your Personal Data is no longer necessary for the purposes of the services subscribed for or your use of the Website, or it is no longer needed for the purposes described in this Privacy Policy, or its storage is unlawful,
- You have withdrawn your consent to the processing of your Data and Heristoria relies on consent for such processing (see above),
- You object to the processing of your Personal Data for reasons relating to your personal circumstances,
- You object to the use of your Data for commercial solicitation purposes or profiling,
- Your Data was collected on-line when you were a minor.
Alternatively, to the extent provided for by law, you may request the limitation of the processing of your Data.
Please note that despite the exercise of your right to erasure or processing limitation, We will store some of your Personal Data when the law requires or authorizes Us to do so, when We have a legitimate reason to do so (for example, to prove performance of a contract) or to exercise or defend our rights in court. For example, if We consider that you have violated our General Terms and Conditions of Use or our General Terms and Conditions of Sale.
Right to establish instructions for the management of your Personal Data after your death
For France and when mandatory local provisions so provide, you may determine how you want Us to handle your Personal Data upon your death.
Procedure to exercise your Data protection rights
To exercise your rights, You may contact Us directly at contact@heristoria.com.
Additionally, if you have a customer account, you may exercise your right to access, rectification and/or erasure of your Data by accessing your account.
When the processing of your Data is based on your consent (e.g., subscription to the newsletter, sending electronic commercial solicitations, the use of cookies and similar technologies on the Website), You may withdraw your consent at any time without justification. This right can be exercised by changing your options regarding commercial solicitation and subscriptions to our newsletters, and by withdrawing your consent to the use of cookies in accordance with the procedure set forth in the cookies section below.
For any questions related to your rights and the processing of your Data, please contact Us at contact@heristoria.com.
- How is your Personal Data secured?
Heristoria uses technical and organizational measures that comply with applicable legal and regulatory requirements, to keep your Data secure and confidential.
Under written agreements, Heristoria requires its service providers and processors to provide safeguards and implement sufficient security measures to protect the Personal Data they have agreed to process, in accordance with applicable requirements under Personal Data protection laws.
However, Heristoria does not control all risks related to the operation of the Internet and draws your attention to the inherent risks of using any website.
- Protection of minors
Our Website is not intended for children. We do not knowingly collect Data about children, unless it is permitted by law.
You must be at least eighteen (18) years of age to share your Data with Us. If We are notified that a minor under eighteen (18) years of age has submitted Data to Us, We reserve the right to immediately delete such Data and any associated account.
- Cookies
When you visit our Website, it may store or retrieve information on your browser, mostly in the form of cookies.
This information might be about you, your preferences or your device and is mostly used to make the Website works as you expect it to and to customise your user experience.
You can obtain more information about the types of cookies present on our Website and manage your cookies preferences at the following link: https://www.heristoria.com/account.
Please note that blocking some types of cookies may impact your experience of the Website and the services We are able to offer.
- Third party websites
Our Website may include links to third-party websites or services that We do not control, and which are governed by their own confidentiality and Personal Data protection policies (such as social media). This Privacy Policy does not apply to third-party websites. Please review the confidentiality and Personal Data protection policies of the third-party websites that you visit to understand how they process your Data. Heristoria shall not be liable for any use of your Data by any third parties.
- How can you contact us if you have queries or complaints?
For any questions concerning this Policy or for any queries or complaints regarding your Personal Data, please contact Us any time at the following address: contact@heristoria.com.
If you have a complaint about the way We collect and process your Data, you also have the right to lodge a complaint with the French data protection supervisory authority (the Commission Nationale de l’Informatique et des Libertés, located at 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, Tel: +33 (0)1 53 73 22 22) or if you live elsewhere within the European Economic Area, your local data protection supervisory authority.