It appears that your cart is currently empty!
sessùn's privacy and personal data processing policy
What is the purpose of our privacy policy?
The website accessible at www.sessun.com (the "Site") is operated and published by SESSUN SAS, a simplified joint-stock company with registered office at 1 rue Capitaine Dessemond 13007 Marseille, registered in the Marseille Trade and Companies Register under number 429 204 282. SESSUN SAS considers the protection and confidentiality of your personal data to be of the utmost importance.
As such, our Personal Data Privacy Policy ("privacy policy") clearly demonstrates our commitment to ensuring compliance with the applicable rules on personal data protection, and in particular those of the General Data Protection Regulation ("GDPR").
In particular, our privacy policy aims to inform you about how and why we process your personal data in the context of the services we provide to you.
Who does our privacy policy apply to?
Our privacy policy applies to natural persons who browse our Site and/or use our services.
If you are under the legal age, i.e. under 15 years of age, you are not authorised to use our services without the express prior consent of one of your parents or the holder of parental authority, which must be sent to us by email to privacy@sessun.fr.
If you believe that we hold personal data about your children without your consent, please contact us at the dedicated address detailed above.
Why do we process your personal data and on what basis?
We process your personal data primarily for the following reasons:
● to browse our site, benefit from our services (e.g. search for products, add them to your cart, make purchases, etc.) and enable us to respond to your requests (e.g. requests for information, complaints, etc.), on the basis of our general terms and conditions of use and sale and our legitimate interest in providing you with the best possible service.
● to manage our customer service, on the basis of the performance of the contract and our legitimate interest in responding to your requests and complaints in the best way, whether you are an online or in-store customer.
● to keep you informed of our latest offers and events by email, on the basis of our legitimate interest in retaining our customers or, where you are not yet a customer of our services, on the basis of your consent.
● to keep you informed about our latest offers and events by SMS, on the basis of our legitimate interest in retaining our customers or, where you are not yet a customer of our services, on the basis of your consent.
● to manage invoicing and outstanding payments, on the basis of our legitimate interest in obtaining payment for the provision of our services and on the basis of our general terms and conditions, for both online and in-store purchases.
● to follow and comment on our social media posts, on the basis of our legitimate interest in having a dedicated page on social media.
● to send satisfaction surveys, on the basis of our legitimate interest in improving our services and customer experience, both online and in store.
● to monitor footfall and the use of space in stores in order to improve customer experience and optimise store management, on the basis of our legitimate interest.
● to provide personalised alerts and reminders (e.g. availability of a reserved item or return to stock), on the basis of the performance of the contract and our legitimate interest in informing our customers.
● to manage user accounts (e.g. account creation, access to services and account deletion), on the basis of the performance of the contract.
● to manage instances of fraud on our e-commerce site www.sessun.com, on the basis of our legal obligation to do so. We would like to emphasise that this does not involve profiling within the meaning of the GDPR, since validation of the blocking of your account in the event of suspected fraud is always carried out by our teams and is never done automatically.
● to pay online, on the basis of the performance of the contract.
● to receive technical emails from us (e.g. change of password, etc.),which are essential for the proper functioning of our service, on the basis of the performance of the contract.
● to ensure your safety in our premises and stores, including through the use of CCTV cameras, on the basis of our legitimate interest in protecting people and property.
● to conduct statistical analyses and monitor the performance of our services and stores, on the basis of our legitimate interest in improving our products, offers and services.
● to integrate targeted advertising, on the basis of our legitimate interest in promoting our offers and limiting advertising pressure, in particular by excluding existing customers from acquisition campaigns and implementing non-personalised retargeting campaigns, and, where applicable, on the basis of your consent where such campaigns involve the use of advertising trackers.
How did we obtain your personal data?
Your data is collected directly from you when you are a customer of our services or a "simple" visitor to our Site, and we undertake to process your data only for the reasons described above.
However, when you voluntarily publish content on the pages we edit on social media, you acknowledge that you are entirely responsible for any personal information you may disclose, regardless of the nature and origin of the information provided.
What personal data do we process and for how long?
We have summarised the categories of personal data and their respective retention periods below:
● Personal identification data (e.g. surname, first name, postal address, etc.), kept for the entire duration of use of the Site when creating an account or making a purchase, plus statutory limitation periods, which are generally 5 years.
● Telephone numbers collected as part of our SMS marketing campaigns, kept for a maximum period of 3 years from the date of our last contact with you.
● Identity documents (e.g. national identity card or passport), kept for the duration of the processing of your request when applying for a tax refund, plus statutory limitation periods, which are generally 5 years.
● Economic and financial data (e.g. bank account number, verification code, etc.), kept for the period necessary for the transaction and for the management of invoicing and payments, plus statutory limitation periods, which are generally between 5 and 10 years. This data is stored directly by our payment providers.
● Email address for receiving technical messages from us, kept until you delete your account.
● Email address for receiving marketing communications from us (including our newsletter), kept until you unsubscribe from these emails or for up to 3 years from the date of our last contact with you.
● Purchase invoices, kept for 10 years, even if the person concerned is no longer a customer.
● Purchase history, kept for as long as your account is active, until you request that your account be deleted or after 36 months of inactivity on the account.
● CCTV images collected by our video surveillance cameras, stored for a maximum period of 1 month.
● Connection data (e.g. logs, IP address, etc.), stored for a period of 1 year.
When personal data is collected, certain personal data denoted by an asterisk (*) must be provided. If you do not wish to provide this data, the request will not be processed or SESSUN SAS will not be able to perform the services.
Once the applicable retention periods have expired, the deletion of your personal data is irreversible and, after this period, we will no longer be able to provide you with this information. At most, we can only store anonymous data for statistical purposes.
Please also note that in the event of a dispute, we are obliged to retain all personal data concerning you for the entire duration of the case, even after the expiry of the retention periods described above.
What rights do you have to control the use of your personal data?
The applicable data protection regulations give you specific rights which you may exercise, at any time and free of charge, to control the use we make of your personal data.
● The right to access and obtain a copy of your personal data, provided that this request does not conflict with business secrecy, confidentiality or the confidentiality of correspondence.
● The right to rectify any personal data that is incorrect, obsolete or incomplete.
● The right to object to the processing of your personal data for commercial prospecting purposes or to processing based on our legitimate interest, unless there are compelling legitimate grounds for such processing that override your interests, rights and freedoms.
● The right to request the erasure ("right to be forgotten") of your personal data that is not essential for the proper functioning of our services, subject to compliance with legal and regulatory obligations.
● The right to restrict the processing of your personal data, which allows you to have such processing suspended while checks are carried out in the event of a dispute regarding the legitimacy of the processing.
● The right to data portability, which allows you to retrieve some of your personal data in order to store it or easily transfer it from one information system to another.
● The right to give instructions on what should happen to your data in the event of your death, either through you, a trusted third party or a beneficiary.
For any such request to be considered, it must be submitted directly by you or your representative to privacy@sessun.fr.
Such requests may not be made by anyone other than you or your representative. We may therefore ask you to provide proof of identity in case of any doubt concerning the identity of the person making the request or proof of representation.
We will respond to your request as soon as possible, within a maximum of one month from the date the request is received, unless such request is technically complex or we receive numerous requests at the same time. In this case, the response time may be up to three months.
Please note that we may still refuse to respond to any excessive or unfounded requests, particularly if they are repetitive in nature.
Who can access your personal data?
We never transfer or sell your data to third parties or business partners. All of your personal data is used exclusively by our teams or by our subcontractors, who need access to it for the purposes mentioned above.
More specifically, we only share your personal data with persons who are duly authorised to use it in order to provide you with our services, such as our IT department or our customer relations department.
Your personal data is also transferred to our IT service providers, who only use it to operate our Site (hosting, technical email sending tool, etc.) or manage our targeted advertising campaigns.
For advertising campaigns, only the following data is transferred to the platforms: email address, surname and first name.
When these campaigns involve the use of advertising trackers (cookies or similar technologies), the data is only processed after your consent has been obtained. Data processing carried out for the purposes of targeted advertising is also based on our legitimate interest, under the conditions described above.
We would like to point out that we carry out checks on all our subcontractors before recruiting them to ensure that they comply strictly with the applicable rules on personal data protection.
We may also disclose your personal data to relevant administrative, judicial or public authorities in order to comply with a legal, regulatory or judicial obligation.
Can your personal data be transferred outside the European Union?
The personal data processed by our Site is hosted exclusively on servers located within the European Union.
Furthermore, we do our utmost to only use technical tools whose servers are also located within the European Union. If this is not the case, however, we take great care to ensure that they implement the appropriate safeguards required to ensure the confidentiality and protection of your personal data.
In addition, we undertake to always enter into contractual standard clauses with them, drawn up by the European Commission, in order to provide a framework for such transfers.
How do we protect your personal data?
We implement all the technical and organisational measures necessary to ensure the security and confidentiality of your personal data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration or disclosure.
Do we use cookies when you browse our Site?
We do use cookies when you browse our Site. For more information, please consult our Cookie Policy.
You can also directly modify your choices at any time via our cookie banner, which appears when you click on "Cookies" at the bottom of all our pages on the Site.
Who can you contact for more information about how your personal data is used?
To best ensure the protection and integrity of your data, we have officially appointed an independent Data Protection Officer ("DPO") to our supervisory authority.
You may contact our DPO at any time and free of charge at privacy@sessun.fr for more information or details on how we process your personal data.
How can you contact the CNIL?
You can contact the French Data Protection Authority (Commission nationale de l'informatique et des libertés or CNIL) at any time via the following contact details: Service des plaintes de la CNIL, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07, or by phone at +33 1-53-73-22-22.
Can the privacy policy be amended?
We may amend our privacy policy at any time to adapt it to new legal requirements and to new processing methods that we may implement in the future. Please refer to the latest version of the privacy policy before browsing.
SESSUN SAS undertakes to ensure that you are informed of any significant changes. In any case, we encourage you to consult the applicable privacy policy on a regular basis.
Certified compliant by Dipeeo®