1. Who are we?
The LDLC group presentation is available in the following link: https://www.groupe-ldlc.com/presentation-du-groupe/
The LDLC group is composed of several companies and merchant websites.
- Inform you about the personal data processed by our services;
- Inform you of your rights and how you can exercise them.
This policy has been drawn up in compliance with the provisions of the General Data Protection Regulation ("RGPD") and the amended 1978 Data Protection Act. It is likely to evolve according to the regulations, the jurisprudence and the doctrine of the control authorities.
2. Who is responsible for processing your data?
GROUPE LDLC and its subsidiaries (hereinafter "GROUPE LDLC"), which are responsible for processing personal data on their websites, collect information about you, particularly when creating a Customer Account or making purchases.
As the person who determines the purposes and means of the processing, the person responsible for the processing is GROUPE LDLC as well as the various companies in the group such as :
- L’ECOLE LDLC
- LDLC DISTRIBUTION
- DLP CONNECT
- LDLC EVENT
Contact details of GROUPE LDLC's head office and its subsidiaries:
Head office address: 2 rue des Érables, 69760 Limonest (France)
Phone number: +33 (0)4 72 52 37 77
E-mail address: firstname.lastname@example.org
3. What type of data do we collect?
We collect the data necessary to fulfil a specific purpose.
The following data collected may be used as a legal basis:
- Your consent, which can be withdrawn at any time;
- The performance of our contractual relationship or pre-contractual measures;
- Compliance with a legal obligation to which we are subject;
- The legitimate interest pursued by the data controller, with due regard to your interests and rights.
The following table sets out all the information provided when data is collected from a person (Article 12 of the GDPR).
4. What kind of operations are carried out?
|Types of operations||Data concerned||Purpose||Legal basis||Recipients|
|Commercial and marketing activities||Identity; Contact details; Commercial exchanges linked to the implementation of projects; Statistics||The purpose of this processing is to enable commercial operations, including:||Consent (article 6.1.a of the GDPR)|
Legitimate interest, i.e. information and promotion on similar products and services (Article 6.1.f og the GDPR)
|Internally: communication and marketing departments|
Externally: our IT and marketing services providers
|Phone calls recording||Telephone conversation||The purpose of this processing is to:||Legitimate interest, i.e. carrying out satisfaction surveys and customer studies, as well as staff training (Article 6.1.f of the GDPR)||Internally: the department in charge of customer relations|
|Contact forms||Identification data;|
Date and subject of the request;
|The purpose of this processing is to respond to your requests. It allows:||Execution of a pre-contractual or contractual measure (article 6.1.b of the GDPR)|
Legitimate interest in meeting the expectations of users of the website (Article 6.1.f of the GDPR)
|Internally: departments in charge of processing your request|
Externally: the IT services provider
|Customer management||Identification data||The purpose of this processing is to:||Consent (article 6.1.a of the GDPR)|
Performance of a contract (article 6.1.b of the GDPR)
Compliance with a legal obligation (article 6.1.c of the GDPR)
|Internally: Group entities in charge of processing your request, our services providers and subcontractors|
|Purchases management||Identification data;|
|The purpose of this processing is to:||Performance of the contract (article 6.1.b of the GDPR)|
Compliance with a legal obligation (article 6.1.c of the GDPR)
|The department in charge of sales management|
|Reviews management||Identification data; Transactions data;||The purpose of this processing is to:||Consent (article 6.1.a of the GDPR)|
Legitimate interest, namely the smooth operation of the website (Article 6.1.f of the GDPR).
|Internally: communication and marketing departments, our IT services provider|
Externally: reviews are intended to be published "individually" but are subject to moderation
|Rights management||Identification data||The purpose of the processing is to ensure the management of your rights as covered by the GDPR and the French Data Protection Act (amended)||Compliance with a legal obligation (article 6.1.c of the GDPR)||Internally: the DPO and the persons authorised to ensure the management of your rights|
Externally: certain regulated professions (lawyers)
|Management of outstanding bills and complaints||Identification data;|
|The purpose of this processing is to:||Performance of the contract (Article 6.1.b of the GDPR)|
Compliance with a legal obligation (Article 6.1.c of the GDPR)
Legitimate interest namely the smooth operation of the website (Article 6.1.f of the GDPR)
|Internally: accounting department|
Externally: authorised service providers which may include regulated professions (lawyers, auditors)
|Fraud management||Identification data;|
Navigation and sign-in data.
|The purpose of this processing is to:||Compliance with a legal obligation (Article 6.1.c of the GDPR)|
Legitimate interest of the website (Article 6.1.f of the GDPR)
|Internally: accounting department|
Externally: financial authorities, judicial or state agencies, public bodies on request and to the extent permitted and justified by the regulations
|Verification of compliance with the controller's business conditions||Identification data;|
Navigation and sign-in data.
|Verifying compliance with the controller's business conditions (e.g. during contests, purchase restrictions, etc.)||Legitimate interest in complying with business conditions (Article 6.1.f of the GDPR)||Internally: the department in charge of the orders verification|
|Promotional campaigns management||Identification data||The purpose of this processing is to:||Consent (article 6.1.a of the GDPR)|
Internally: the department in charge of the sales management
|Social network management||Identification data visible by default on the platforms||The purpose of this processing is to:||Consent (article 6.1.a of the GDPR)|
Legitimate interest, namely the smooth operation of the website (Article 6.1.f).
|Internally: communication department|
Externally: social network platforms' visitors
|Customer 360 program||Identification data and data relating to customer orders (surname, first name, telephone number, email address, postal address, order number, etc.).||This program aims to offer a real multi-channel experience to the customers of the various LDLC.COM brands (branches, franchises, subsidiaries) for sales management||Legitimate interest, i.e. multi-channel processing of customer requests (order tracking, after-sales service, complaints, etc.) Consent for the personalised customer area.||GROUPE LDLC, its franchises, subsidiaries and branches|
|Questions/answers program||Customer account data required to manage the program.||To allow Internet users (customers or prospects) authenticated on the GROUPE LDLC website, to obtain additional information on the product sheet:|
Legitimate interest, i.e. obtaining information about a product or service.
Consent for a personalised customer account and the posting of information (questions, answers or votes).
|GROUPE LDLC, its franchises, subsidiaries and branches|
|Online browsing (cookies)||Browsing data, Duration of your visit, Technical information (IP address, browser used, etc.)||The purpose of this processing is to:|
Legitimate interest, i.e. the smooth operation of the website for functional cookies (Article 6.1.f of the GDPR).
|Internally: communication department|
Externally: our IT services provider
|Newsletter||Identity; date of subscription; statistics||Management of subscriptions; Management of emailings; Statistics related||Consent (Article 6.1.a of the GDPR)|
Internally: communication department
|Hiring||Identification data and professional data appearing in particular in the CV and the cover letters.||The purpose of this processing is to enable hiring operations: processing of applications (CV and covering letter) and management of interviews.|
Consent (Article 6.1.a of the GDPR)
Internally: departments in charge of hiring operations.
5. Who are the recipients?
In addition to the recipients indicated above, and in order to accomplish the above-mentioned purposes, we disclose your personal data only to:
- GROUPE LDLC entities that need to know your personal data to ensure their management;
- Service providers and subcontractors performing services on our behalf; they are rigorously selected and act in accordance with our instructions;
- Shops under the LDLC brand for the customer 360 program
- Financial authorities, judicial or state agencies, public organisations on request and to the extent permitted by regulation;
- Credit and collection agencies for credit assessment or debt collection in case of unpaid invoices;
- Certain regulated professions such as lawyers, notaries, auditors.
6. What are the retention periods?
GROUPE LDLC keeps personal data for a period that does not exceed the time required for the purposes for which they are collected in accordance with the provisions of the amended law of 6 January 1978 and the RGPD.
The data may be stored at a later date in the following cases where retention is necessary:
- To exercise the right to freedom of speech and information,
- To comply with a legal obligation,
- For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
- For reasons of public interest in the field of public health,
- For archival purposes in the public interest,
- For scientific or historical research or statistical purposes,
- For the establishment, exercise or defence of legal claims.
The criteria for determining retention periods are as follows:
- Legal or regulatory provisions
- The doctrine and case law of the supervisory authorities
- Sectoral references
Credit cards are only saved after an explicit request from the customer, on the payment page (if this option is suggested). They are kept for future orders in order to improve your shopping experience on our sites. The cards saved for future purchases are kept in a secure area by our payment provider. GROUPE LDLC does not keep this information. You can delete your saved card at any time on the payment page.
Cookies have a limited lifespan of thirteen months after their first deposit in the user's terminal equipment (following the expression of consent), as recommended by the CNIL (Commission Nationale Informatique & Libertés, the French Data Protection Agency). You can change your preferences at any time via the cookie manager, the link to which can be found at the bottom of our websites. To find out more about cookies and how we are committed to using them, please visit this page.
Sales management: Your data is kept for the duration of the contractual relationship and in accordance with the statute of limitations relating to the conservation or protection of the rights of the data controller.
Accounting and tax operations management: Accounting and tax data are kept for a period of 10 years.
Sales operations management: The data is kept until the withdrawal of consent or 3 years from the last contact. It may also be kept :
– For a period of 3 years from the last contact that the persons to whom they relate had with our company;
– After the execution of the contract, for intermediate archiving, to meet accounting or fiscal obligations or to constitute evidence in the event of dispute and within the limit of the applicable retention period.
The data of the customer account, created by the latter, are intended to be kept until the account is deleted by the user. However, the account may be considered inactive if it is not used for 2 years and may be deleted.
Sales operations management: When a person exercises his or her right to object prospection, in order to guarantee its effectiveness, the information enabling this right to be taken into account is kept for a minimum of 3 years from the exercise of the right.
Reviews management: Upon request of the author of a review, GROUPE LDLC offers the possibility of unpublishing a review, while retaining traceability for the purpose of subsequent verification of the review. GROUPE LDLC may delete reviews in the event of a change of owner and/or complete renovation of an establishment, or a change in the substantial characteristics of a product or service. GROUPE LDLC will keep a history of deleted reviews, and all documents attached to the reviews, on the site and the reason for their deletion for a maximum period of one year from the date of deletion of the review.
Unpaid invoices management: In cases of non-payment, the data are deleted from the file of persons in a situation of non-payment no later than 48 hours from the time when the non-payment is effectively settled. Exceptionally, and when necessary and proportionate circumstances justify it, the data may be kept in order to prevent recurrence. In the event of non-compliance, the information may be kept in the file listing the persons concerned for up to 3 years from the date of the non-payment. It may then be archived to meet accounting and tax obligations or serve as evidence in the event of litigation within the applicable limitation period.
Telephone conversation recording: recordings are kept for a maximum of 6 months.
Supporting documents sent to the Customer Service: the purpose of processing supporting documents is to fight fraud and unpaid invoices. The data is kept for 30 days from the month following their receipt and 24 months from the date of the transaction in the event of a dispute. Copies of credit cards are immediately deleted.
Newsletters : You can unsubscribe from newsletters at any time by clicking on the link provided in the email or directly from your Customer Account.
7. Who has access to personal data?
The data controller does not sell or share your data with third party business partners. Some of our employees may have access to data that is necessary for the performance of their duties.
Our various service providers may have access to data for the performance of their contracts, in accordance with the purposes set out above and the regulations.
Data may be transferred in the context of corporate transactions (mergers, acquisitions, disposals, restructuring, etc.).
Authorised third parties" (public authorities or judicial officers) are bodies that can access certain data contained in public and private files, on the basis of a text authorising them to do so.
As part of the 360 customer program, which aims to offer a real multi-channel experience to customers, data is shared between the various LDLC.COM brands (branches, franchises, subsidiaries): customers who have an email address and who are the result of this data transfer will have a web account created following their migration to the new checkout software. However, the account will only be activated when the customer has changed their password on the website at the time of their first connection. The legal basis for this processing is the legitimate interest, namely the multi-channel processing of customer requests (order tracking, after-sales service, complaints, etc.) and the consent for the personalised customer area.
8. Do we transfer data abroad?
Your data is not transferred to third countries and remains hosted within the European Union.
For features related to the use of social networks, your posts may be accessible outside the European Union. We invite you to consult the data management policy of the networks concerned.
We are committed to ensuring the security of your personal data through strict procedures within our company.
For data collected "online", communications are encrypted between the Internet user's computer and our servers (HTTPS secure zone). GROUPE LDLC undertakes to make every effort to protect your personal data. Within GROUPE LDLC, only those persons who, due to their functions, have a legitimate interest in accessing your information will have access to it. In the context of technical operations, your data may also be hosted by our subcontractors. These subcontractors are rigorously selected and act in accordance with our instructions.
10. Rights of individuals / your rights
Individuals have the following rights, which they can exercise under the conditions set out in the GDPR:
- Right to object, to withdraw their consent at any time. Where the processing of your personal data is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent carried out prior to the withdrawal of consent
- Right of access to your personal data
Article 15 of the GDPR
- Right to rectify your personal data if it is inaccurate
Article 16 of the GDPR
- Right to erasure your data subject to the conditions for exercising this right under the provisions of Article 17 of the RGPD
- Right to restriction of processing
Article 18 of the GDPR
- Right to data portability
Article 20 of the RGPD
- Right to object
Article 21 of the GDPR
- Right to define directives concerning the fate of your personal data (storage, deletion and communication of data) after your death.
Article 85 of the Data Protection Act (amended)
- Right to lodge a complaint with a supervisory authority (the CNIL in France)
Article 104.4 of the Data Protection Act (amended)
11. Exercising your rights
To exercise these rights or if you have any questions about how you personal data is processed, we invite you to use the following for: LDLC.com.
Vous pouvez également contacter Groupe LDLC et ses filiales aux coordonnées suivantes, notamment pour les données relatives à un autre site :
- Head office address: GROUPE LDLC – DPO – 2 rue des Érables, 69760 Limonest (France)
- Phone number: +33(0)4 72 52 37 77
- Email: email@example.com
If, after having contacted us, you believe that your rights have not been respected, you may submit a complaint to a control authority.
The French Data Protection Agency is the Commission Nationale de l’Informatique et des Libertés (CNIL).
Date of last update: 28.04.2022