POLICY ON THE CONFIDENTIALITY OF PERSONAL DATA :
DISRUPTOR, as data controller, complies with its obligations to comply with Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (RGPD) and with the amended Law n°78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties.
The data controller is the company DISRUPTOR, having its registered office at 6 Rue des Messiers, 93100 Montreuil - France. Phone : + 33 (9) 51 21 29 93
DATA COLLECTED :
DISRUPTOR directly and indirectly collects the following categories of data concerning its Users:
Data relating to the professional life of sellers who are natural persons (artist name, list of equipment and musical instruments used, rock/blues/jazz/electro/classical musical style, etc.).
Economic and financial data concerning the stores and the legal entities (professionals, associations, companies, conservatories, auto-entrepreneurs, stores, sales depots) which sell on line on the ZicPlace.com market place products or services (year of creation, registration number, turnover, URL of the site, civil status of the manager(s) and shareholders...).
Login and account data for buyers (IP addresses, event logs, civil status, Email, and any document requested to secure the business relationship or requested by our authorized payment providers).
Disruptor does not store any credit card numbers in its information systems. Authorized payment partners take care of this.
PURPOSE OF THE TREATMENTS :
Within the framework of the operation of the Site and our services, the purpose of processing personal data is the management of customers, the creation and management of accounts, the management of contracts, sales, orders, deliveries, returns and reimbursements, regulatory verifications in terms of the fight against money laundering, canvassing, the preparation of statistics, the management of requests for right of access, rectification and opposition.
RIGHTS OF INDIVIDUALS :
You have the following rights within the limits of the applicable regulations.
Right of access to the personal data you have provided ;
Right to rectify the personal data provided ;
Right to the deletion of your personal data ;
Right to request a limitation of the processing relating to your person ;
Right to object on legitimate grounds;
Right to data portability ;
Right to lodge a complaint with a supervisory authority (CNIL).
COMMUNICATION TO THIRD PARTIES :
Your personal data may be disclosed pursuant to a law, a regulation or a decision of a competent regulatory or judicial authority.
DATA RETENTION PERIOD :
The personal data that DISRUPTOR collects is kept for the time necessary for the purpose of processing and as long as the user's account is not closed. Beyond this retention period, they become intermediate archives or are anonymized and kept for statistical or historical purposes.
Purges concerning your personal data are put in place in order to verify the effective deletion as soon as the retention or archiving period necessary to achieve the determined or imposed purposes is reached.
A cookie is a text file that may be placed on your terminal when you consult a website. A cookie file enables its sender to identify the terminal in which it is stored.
DISRUPTOR undertakes to keep cookies for a maximum of 12 months after the first deposit in the User's terminal. The period of validity of the User's consent is also 12 months. The law provides for a maximum retention period for cookies of 13 months.
TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION :
DISRUPTOR does not transfer personal data outside the European Union. Where applicable, DISRUPTOR complies with European regulations and French law regarding data transfers to a third country. If necessary, DISRUPTOR shall inform and request the consent of its users.
DATA SECURITY :
DISRUPTOR implements the appropriate technical and organisational measures to guarantee an adequate level of security. The technical measures implemented by DISRUPTOR are detailed below.
If you have any questions regarding the policy for the protection of users' personal data, or to exercise your rights, you may contact DISRUPTOR at the following email address: firstname.lastname@example.org.
VIOLATION OF PERSONAL DATA :
We undertake to implement all appropriate technical and organisational measures to guarantee a level of security appropriate to the risks of accidental, unauthorised or illegal access, disclosure, alteration, loss or destruction of your personal data. In the event that we become aware of illegal access to your personal data stored on our servers or those of our subcontractors, or unauthorised access resulting in the realisation of the risks identified above, we undertake to :
Notify the incident as soon as possible;
Take the necessary measures within the limits of reasonableness to eliminate or reduce the negative effects and prejudice that may result from the said incident.
LIMITATION OF LIABILITY :
Under no circumstances can the commitments defined in the above point relating to the violation of personal data be assimilated to any admission of fault or liability for the occurrence of the incident in question.
TECHNICAL MEASURES PUT IN PLACE FOR RGPD COMPLIANCE :
In accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and in particular Article 32 thereof, as well as with the amended Law n°78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, DISRUPTOR ensures the security of your personal data through the following technical and organizational measures:
ENCRYPTION OF CONFIDENTIAL DATA :
All navigation on the site is in https. Including payment.
The payment page is not hosted by DISRUPTOR but by its PCI-DSS certified payment partner.
ACCESS RIGHTS MANAGEMENT :
Access rights are subject to compliance with internal allocation procedures and meet the following requirements:
Monitoring of groups and directories with a security policy reinforcing data control;
Reduction of access rights with an "a minima" principle, i.e. maintaining the principle of least privilege. If it is not really necessary, the right of access is not allowed;
Fine management of authorizations and revocation in the event of users leaving or being transferred.
The monitoring of access rights is subject to permanent internal control.
TOOLS TO FIGHT AGAINST EXTERNAL INTRUSIONS INTO THE NETWORK :
DISRUPTOR uses an antivirus and anti-malware solution.
The host has a secure infrastructure with firewall.
THE PASSWORD POLICY :
A robust password management policy is in place (unique identifier, complexity, size, regular changes, limitation of attempts, etc.), security policies have been defined and implemented. The correct application of these policies is regularly and automatically monitored on all the machines of the Information System.
Information on the online settlement of disputes in accordance with Art. 14 par. 1 of the RLL (Online Settlement of Disputes) :
The European Commission allows consumers to resolve disputes online on one of its platforms in accordance with Art. 14 para. 1 of the ODR. The platform (https://webgate.ec.europa.eu/odr/main/index.cfm?event=main.home.show&lng=FR) acts as a site where consumers can try to settle out of court disputes arising from online purchases of goods or services.