When browsing our website and/or ordering some products, we may collect and process certain of your personal data, acting as a data controller in the meaning of the Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR").
In this regard, as data controller, we are particularly aware and sensitive with regard to the respect of our clients’ privacy and personal data protection. Air up commits to ensure the compliance of the processing it carries out as data controller in accordance with the applicable provisions of the French Loi n°78-17 dated January 6, 1978, relative à l’informatique, aux fichiers et aux libertés” and the GDPR.
ARTICLE 1 - PERSONAL DATA WE COLLECT AND PROCESS
I.1 When you contact us
When you contact us via contact form or e-mail, we collect certain of your personal data, such as email address, name, surname (and any other personal data which is apparent from the contact form). These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request pursuant to Art. 6.1 (f) of the GDPR.
If you contact us in relation to the processing of an order on our online shop, the additional legal basis for the processing is Art. 6.1 (b) of the GDPR. Your personal data will be deleted after final processing of your request, unless we have a legal obligation to further store.
You may also contact us using our live chat system. On this website, for the purpose of operating a live chat system to answer requests, your communicated chat name and chat content is collected as data and stored for the course of the chat.
Insofar as the information collected in this way contains a personal reference, processing is carried out in accordance with Art. 6.1 (f) of the GDPR on the basis of our legitimate interest in effective customer service and the statistical analysis of user behaviour for optimisation purposes.
I.2 When you create a customer account
When you create a customer account on our online shop in order to purchase our products, we collect and process certain of your personal data such as: name, postal address, email address, social network details, phone number, login ID, password in unrecoverable form, or any other information you provide to us.
The legal basis for the processing of this data is the conclusion of a contract with the data subject, pursuant to Art. 6.1 (b) of the GDPR. We store and use the data provided by you for contract processing. After complete completion of the contract or deletion of your customer account, your data will be further stored during five years with regard to tax and commercial retention periods and deleted after this period.
I.3 When you place an order on our online shop
When you place an order on our online shop, we collect and process any information that we need in order to process and ship your order, inform you about the status of your orders, correct addresses and conduct identity verification and other fraud detection activities. Personal data processed include your customer account information, debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment. In any case, we or our payment processing provider(s) handle payment and financial information in a manner compliant with applicable laws.
The legal basis for the processing is the fulfilment of our contractual obligations, pursuant to Art. 6.1(b) of the GDPR.
After you purchased a product on our online shop, we may also send you promotional communications on similar products or services by postal mail and/or email. Such personal data processing is based on our legitimate interest in the meaning of Article 6.1(f) of the GDPR, and we do not have to obtain your separate consent for this. If you decide that you no longer wish to receive such communications, you can subsequently unsubscribe from receiving marketing-related communications at any time, by following the instructions provided in each such communication. Upon receipt of your objection, the use of your postal address and/or e-mail address for advertising purposes will be discontinued immediately.
Furthermore, we work with Google as part of the Google Customer Reviews program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This program gives us the opportunity to obtain customer reviews from users of our website. After making a purchase on our website, you will be asked whether you would like to participate in an e-mail survey from Google. If you give your consent in accordance with Art. 6.1(a) of the GDPR, we will send your e-mail address to Google. You will receive an email from Google Customer Reviews asking you to rate the buying experience on our website. Your review will then be combined with our other reviews and displayed in our Google Customer Reviews logo and our Merchant Center dashboard. Your rating will also be used for Google seller ratings. The use of Google customer reviews may also involve the transmission of personal data to the servers of Google LLC. in the USA.
You can revoke your consent at any time by sending a message to the person responsible for data processing or to Google.
I.4 When you register to our newsletter
If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. Your e-mail address is the only personal data we need to process for that purpose. The provision of further personal data (gender, name, surname) is voluntary and is used to address you personally.
The data collected by us when you register for the newsletter will be used exclusively for sending you our newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to our data protection officer. After you have unsubscribed, your e-mail address will be immediately deleted from our newsletter distribution list.
When you register for the newsletter, we store your IP address as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later point in time, and to prove that you actually registered for the newsletter.
The legal basis for the processing is your consent, pursuant to Art. 6.1(a) of the GDPR.
I.5 When you register to our CleverPush service
You can register to receive our push notifications. To send our push notifications we use the "CleverPush" shipping service, which is operated by CleverPush UG (haftungsbeschränkt), Tondernstr. 1, 22049 Hamburg. Through our push notifications you will receive regular information about our offered goods.
To register, you must confirm your browser's request to receive notifications. This process is documented and stored by CleverPush. This includes the storage of the registration time and your browser ID or device ID. The collection of this data is necessary so that we can trace the processes in the event of misuse. In order to be able to display the push notifications to you, CleverPush collects and processes your browser ID and, in case of mobile access, your device ID.
The legal basis for the processing of your data is your consent in the meaning of Art. 6.1(a) of the GDPR.
CleverPush also evaluates our push notifications statistically. This allows CleverPush to recognize if and when our push notifications have been displayed and clicked by you.
You can revoke your consent to the storage and use of your personal data for the purpose of receiving our push notifications and the statistical survey described above at any time. For the purpose of revoking your consent, you can change the setting in your browser for receiving push notifications.
I.6 When you browse our website
If you only use our website for information purposes (i.e. if you do not create a customer account nor otherwise provide us with your personal data via email or contact form), we only collect personal data that your browser transmits to our server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:
- Browser used;
- Operating system used;
- IP address.
- Date and time of access;
- Amount of data sent in bytes;
- Source from which you came to the page;
These personal data processing is carried out in accordance with Art. 6.1(f) of the GDPR on the basis of our legitimate interests in improving the stability and functionality of our website, and to prevent fraud or unauthorized access. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use or fraudulent access to our website.
Please refer to our cookie notice to learn how you can manage your cookie settings and for detailed information on the cookies we use and the purposes for which we use them.
On this website we also use the reCAPTCHA feature of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This function is mainly used to differentiate whether an entry is made by a natural person or whether it is misused by mechanical and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service and is carried out in accordance with Art. 6.1(f) of the GDPR on the basis of our legitimate interest in establishing individual responsibility on the Internet and avoiding abuse and spam. The use of Google reCAPTCHA may also involve the transmission of personal data to the servers of Google LLC. in the USA.
I.7 When you apply to a job at Air up, via Bamboo HR or e-mail
On our website, we advertise current vacancies in a separate section. Interested parties can apply by Bamboo HR or by sending an email to the contact address provided.
In order to be included in the application process, applicants must provide us with all personal data required for our assessment by e-mail.
The information required includes general personal information (name, address, telephone or electronic contact details) and evidence of the qualifications required for a specific job. Where appropriate, it may also be necessary to include health-related information which, in the interests of social protection, must be given special consideration in the person of the applicant under labour and social law.
Please refer to the respective job advertisement to find out which elements an application must contain in order to be considered and in what form these elements must be sent via Bamboo HR or email.
After receipt of the application sent using the e-mail contact address provided, the applicant data will be stored by us and evaluated exclusively for the purpose of processing the application. In the event of queries arising in the course of processing the application, we will either use the e-mail address provided by the applicant with his/her application or a telephone number provided.
The legal basis for these processing operations is in principle Article 6.1(b) of the GDPR, in the sense of which the passing through of the application procedure is regarded as the initiation of an employment contract.
Insofar as special categories of personal data within the meaning of Art. 9.1 of the GDPR (e.g. health data such as information on the status of severely disabled persons) are requested from applicants in the course of the application procedure, processing is carried out in accordance with Art. 9.2(b) of the GDPR so that we can exercise the rights arising from labor law and social security and social protection law and fulfil our obligations in this respect.
The processing of special categories of data may also be based on Art. 9.1(h) of the GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's ability to work, for medical diagnostics, for health or social care or for the administration of health or social care systems and services.
ARTICLE 2 – PERSONAL DATA STORAGE PERIOD
In accordance with applicable laws, we will use your personal data for as long as necessary to satisfy the purposes for which your personal data was collected (as described in Article 1 above) or to comply with applicable legal requirements (e.g. commercial and tax-related obligations).
The following table provides examples of applicable data retention periods:
Type of personal data
Order-related personal data
5 years as of the fulfilment of the order
Marketing-related personal data (e.g. your email address for shipping our newsletter or sending you other marketing communications)
3 years as of the last active contact from the client/prospect.
Cookies and server logs
Debit or credit card-related personal data
Until the order is fulfilled, or if you consented until debit or credit card expiration date
Job applicants-related data
2 years as of the end of the last contact with the candidate
Live chat-related cookies
2 hours as of the end of the chat conversation
Furthermore, unless otherwise indicated in the other information contained in this statement on specific processing situations, we will erase any personal data stored when they are no longer necessary for the purposes for which they were collected or otherwise processed.
ARTICLE 3 - OUR OBLIGATIONS
For the personal data processing listed above, we act as data controller in the meaning of the GDPR and any other applicable data protection legislation and regulations. As a data controller, we commit to:
- Put in place all necessary technical and organizational appropriate measures in order to ensure the security, confidentiality, integrity, availability and the resilience of the process systems and services. Please note that our website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content
- Limit the access to your personal data to the persons duly authorized to this effect;
- Increase awareness and train staff members regarding the processing of personal data;
- Notify the competent supervisory authority of any security breach presenting a serious risk regarding the rights and liberties of our website users within 72 hours of the occurrence of such a breach;
- Ensure that our data processors (in the meaning of the GDPR), has put all necessary technical and organizational measures in order to guarantee the security, confidentiality, integrity, availability and resilience of the processing systems and services.
Measures we expect you to take. It is important that you also play a role in keeping your personal data safe and secure. When signing up for an online shop account, please be sure to choose an account password that would be difficult for others to guess and never reveal your password to anyone else. You are responsible for keeping this password confidential and for any use of your account. If you use a shared or public computer, never choose to have your login ID/email address or password remembered and make sure to log out of your account every time you leave the computer.
ARTICLE 4 - PERSONAL DATA RECIPIENTS
The personal data processed by Air up is only accessed by duly authorized persons at Air up, for administrative, commercial or website maintenance purposes, and by our service providers.
Our service providers are external companies that we use to help us run our business (e.g. order fulfilment, payment processing, fraud detection and identity verification, website operation, market research companies, support services, promotions, website development, data analysis, etc.). Service providers, and their staff, are only allowed to access and use your personal data on our behalf for the specific tasks that they’ve been requested to carry out, based on our instructions, and are required to keep your personal data confidential and secure. Our service providers are:
- For newsletter shipping: MailChimp, which has its registered office at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to whom we pass on the data you provided when you registered for the newsletter. This disclosure is made in accordance with Art. 6.1(f) of the GDPR and serves our legitimate interest in the use of an effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a server of MailChimp in the USA and stored there.
- For the processing of your payment: Where applicable, we pass on to payment services providers you chose payment data and the information about your order you provided us during the ordering process, insofar as this is strictly necessary for payment processing. Payment services providers available on our website are:
MailChimp uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on, if applicable. With the help of web beacons, MailChimp automatically generates general, non-personal statistics about the reaction behavior to newsletter campaigns. On the basis of our legitimate interest in the statistical evaluation of the newsletter campaigns to optimize advertising communication and better focus on recipient interests, the web beacons also collect and utilize data of the respective newsletter recipient (e-mail address, time of retrieval, IP address, browser type and operating system) in accordance with Art. 6.1(f) of the GDPR.
If you wish to deactivate data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
- Amazon Pay, provided by Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxemburg. For more information, please refer to https://pay.amazon.com/de/help/201751600
- Apple Pay, provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. For more information , please refer to https://support.apple.com/fr-fr/HT201239
- Google Pay, provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. For more information, please refer to https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=fr
- Klarma, provided by Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden. For more information, please refer to https://www.klarna.com/international/privacy-policy/
- PayPal, provided by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. For more information please refer to https://www.paypal.com/fr/webapps/mpp/ua/privacy-full.
- Shopify Payments, provided by Shopify 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. For more information, please refer to https://www.shopify.com/legal/privacy
- Sofort, provided by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. For more information, please refer to https://www.klarna.com/pay-now/privacy-policy/
In the event that Air up or its assets are acquired by, or merged with, another company including through bankruptcy, we will share your personal data with any of our legal successors. We will also disclose your personal data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency; (iv) to protect our rights, safety or property, or the public; or (v) to enforce the terms of any agreement or the terms of our website.
ARTICLE 5 - YOUR DATA PROTECTION RIGHTS
We would like to make sure you are fully aware of all of your data protection rights.
Where provided by law, you, your successors, representatives and/or proxies have the right to access, review and request a physical or electronic copy of information held about you. You also have the right to request information on the source of your personal data.
Where provided by law, you, your successors, representatives and/or proxies can (i) request deletion, the portability, correction or revision of your personal data; (ii) oppose the personal data processing; (iii) limit the use and disclosure of your personal data; and (iv) revoke consent to any of our data processing activities.
Please note that, in certain circumstances, we will not be able to delete your personal data without also deleting your user account. We may be required to retain some of your personal data after you have requested deletion, to satisfy our legal or contractual obligations.
ARTICLE 6 - CONTACT
You can exercise your data protection rights by sending an email to our data protection officer, provided that you justify your identity.
In addition, in the event you consider that your rights have not been respected, you can lodge a complaint with the competent supervisory authority (in France the “CNIL”). For any additional information, you can consult the CNIL’s website: www.cnil.fr.