Privacy Policy

We attach great importance to the protection and respect of your privacy. This policy aims to inform you of our practices regarding the collection, use and sharing of information that you provide to us through our website.

Article 1. Identity and contact details of the data controller

In accordance with Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("GDPR"), this Privacy Policy is offered to the user by Novoma SARL in its capacity as controller of your data.

Novoma is a limited liability company with capital of €20,000, registered with the TOULOUSE RCS under number 844 909 820, with NAF code 4791B, whose head office is located at 3, avenue Bernard Maris, 31400 Toulouse, FRANCE.

The Novoma company is the publisher of the website www.novoma.com.

If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information you can contact our data controller by contacting us:

• Either via the contact form available on our website; - Or by email to the data protection officer, Mr Alexandre GARNIER, co-manager of Novoma, at hello@novoma.com;
• Either by mail to Novoma SARL, 3, avenue Bernard Maris, 31400 TOULOUSE, France;
• Either by telephone on 05 61 83 62 43 (non-premium number) from Monday to Friday from 9 a.m. to 6 p.m.

Article 2. Personal information collected

When you make a purchase on our site, as part of our sales process, we collect the following personal information:

• First and last name,
• E-mail address,
• Billing address,
• Delivery address,
• Phone number.

If you refuse to provide the requested personal data, we will not be able to execute your order.

When you browse our site, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

With your permission, we may send you emails about our news, new products and promotional offers.

Article 3. Purposes of processing

As part of our activity of sale and delivery of products and services, we implement a processing of personal data which has the purposes of:

• process payments, manage invoicing and accounting;
• process and track orders and deliver products;
• respond to requests and solicitations from Customers and communicate with them;
• promote its services.

The treatments implemented are for some:

• necessary for the execution of the Contract or the execution of pre-contractual measures: management of orders and their deliveries, processing of payments, response to requests for information;
• necessary for commercial prospecting operations such as sending information by email;
• necessary to comply with a legal obligation: this includes processing for the purpose of managing invoicing and accounting.

Article 4. Recipients of the data collected

The data collected is mainly intended for processing by the Data Controller, the hosting provider, the delivery provider, the payment provider, the departments responsible for marketing, the departments responsible for IT security, the department responsible for sales, delivery and ordering, the subcontractors involved in the delivery and sales operations as well as any authority legally authorized to access the personal data in question.

Article 5. Retention period

We only keep the collected data for the time necessary to meet the purposes of the processing, without exceeding a period of two (2) years from our last interaction with the user.

However, we may retain certain data necessary for the purposes of complying with legal, regulatory, judicial or administrative obligations for the duration set by the applicable legal obligations.

Article 6. Consent

How do you get my consent?

When you provide us with personal information to verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

Article 7. User Rights

In accordance with the GDPR, the Client benefits from the following rights over his personal data:

• right of access, rectification, updating and deletion of information concerning him/her;
• right to object to the processing of personal data concerning him/her for legitimate reasons, without giving reasons and without charge, to this data being used for commercial prospecting purposes;
• right to restriction of processing allowing, in certain circumstances, to temporarily freeze processing;
• right to question the controller of data concerning him/her;
• defining guidelines relating to the fate of his personal data after his death;
• right to data portability from one automated system to another, without the data controller being able to prevent this;
• right to information by notification in the event of a security breach and unlawful access to its information;
• right to withdraw consent at any time to the processing of data;
• right to lodge a complaint with a supervisory authority in the event of a violation by the controller of these rights.

The Customer may exercise these rights described above by contacting us at hello@novoma.com or by mail to Novoma SARL 3, avenue Bernard Maris, 31400 Toulouse, FRANCE.

Article 8. Disclosure

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

Article 9. Shopify

Our store is hosted on Shopify Inc. Shopify provides us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Shopify's data storage, databases, and the general Shopify application. Your data is stored on a secure server behind a firewall.

Payment :

If you choose a direct payment gateway to complete your purchase (like Stripe and Mollie), then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your order. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard and American Express. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more information, please see Shopify's Terms of Service or Privacy Policy.

Article 10. Transmission of your personal data

In general, we may share your personal data with the service providers we use. They will only collect, use and disclose your information to the extent necessary to perform the services they provide to us and we undertake to ensure that they strictly comply with the same obligations as we do under this Agreement. We may share your personal data with these service providers, including:

• Shopify: e-commerce solution used by Novoma, whose personal data processing policy, which the Client hereby declares to accept, is accessible here ;
• Klaviyo: email sending service provider. The data is used to personalize and send communications, whose personal data processing policy, which the Customer hereby declares to accept, is accessible here ;
• Smile: publisher of our Loyalty Program tool and our Sponsorship Program whose personal data processing policy, which the Customer hereby declares to accept, is accessible here ;
• Gorgias: publisher of the chat tool available on our site, whose personal data processing policy, which the Client hereby declares to accept, is accessible here ;
• Social networks: we use different social network cookies (e.g. Facebook, Instagram, YouTube). When browsing our site, browsing data may be transferred directly to the social networks concerned, even without direct interaction on your part.

Once you leave our site or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our site's Terms of Service.

Links:

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

Article 11. Security

To maintain the security of your personal information, we implement a variety of security measures and follow industry best practices.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

We also protect your personal information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers and servers used to store personally identifiable information are kept in a secure environment.

Article 12. Cookies

A cookie is a small computer file, placed and read when consulting a website. There are several categories of cookies:

• Technical cookies (including audience measurement cookies): they allow us to know whether or not you are connected to your customer area or reserved area, to manage your selection of products or services, etc. The site may also use statistical and audience measurement cookies intended to determine the number of visitors and the sections visited;
• Third-party application cookies: they are used in accordance with the previous articles by Google and social networks;
• Optional cookies: they are intended to improve the user experience and facilitate your searches by offering products and offers related to your interests.

Here is a list of cookies we use:

• _session_id, unique sessional token, Allows Shopify to store information about your session (referrer, landing page, etc).
• _shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider's internal stats tracker to record the number of visits.
• _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Calculates the number of visits to a store by a unique customer.
• _cart, unique token, persistent for 2 weeks, Stores information about your shopping cart.
• _secure_session_id, unique token, sessional storefront_digest, unique token, indefinite If the store has a password, this is used to determine if the current visitor has access.

Some cookies, such as technical cookies, are necessary for the operation of the site and cannot be placed without your consent. All other cookies require your consent.

You can accept or refuse, partially or totally, these cookies when you first browse the site. These cookies expire after thirteen (13) months. You are free to withdraw your consent and change your preferences at any time.

It is also possible to configure your browser to accept or refuse certain cookies by following the following links:

• Microsoft Internet Explorer
• Microsoft Edge
• Apple Safari
• Google Chrome
• Mozilla Firefox
• Opera

Article 13. Changes to this Privacy Policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on our website.