The opening of an online business in France implies respecting the obligations related to the protection of the personal data of Internet users.
A personal data refers to any information relating to a natural person identified or identifiable, directly or not, thanks to an identifier or to one or several elements specific to his identity.
Example:
It can be a name, a first name, an e-mail address, a location, an identity card number, an IP address, a photo, etc.
On your merchant site, you can collect this personal data to build up customer files, provided that you comply with the regulations in force.
Thus, beyond a general obligation of security and confidentiality of the collected personal data, you have 2 obligations to respect:
Inform the Internet user
Obtain his consent
✅
Inform the Internet user
✅
Obtain his consent
The collection of personal data must be carried out in a transparent manner.
Thus, you must inform the Internet user on your website at the time of the collection of data (when he fills in a contact form, for example) and in case of subsequent modification of their use.
You must indicate the following information:
Identity and contact details of the body responsible for the data processing of personal data : the Data Protection Officer (DPO), for example
Purpose of the processing : what the personal data collected will be used for
Legal basis justifying the processing : this may be the consent of the Internet user, compliance with an obligation provided for by a legal text, the execution of a contract, etc.
Mandatory or optional nature of the collection of personal data : the consequences for the Internet user in the event of non-provision of data
Recipients of personal data : who will receive and access the data
Duration of the storage of personal data
Rights of the user : right to refuse collection, right to access, rectify and delete data
Right of the Internet user to lodge a complaint with the Cnil
If necessary, the existence of a transfer of personal data to a country outside the European Union
✅
Identity and contact details of the body responsible for the data processing of personal data : the Data Protection Officer (DPO), for example
✅
Purpose of the processing : what the personal data collected will be used for
✅
Legal basis justifying the processing : this may be the consent of the Internet user, compliance with an obligation provided for by a legal text, the execution of a contract, etc.
✅
Mandatory or optional nature of the collection of personal data : the consequences for the Internet user in the event of non-provision of data
✅
Recipients of personal data : who will receive and access the data
✅
Duration of the storage of personal data
✅
Rights of the user : right to refuse collection, right to access, rectify and delete data
✅
Right of the Internet user to lodge a complaint with the Cnil
✅
If necessary, the existence of a transfer of personal data to a country outside the European Union
The information must be delivered in a concise, transparent, understandable and easily accessible manner, in clear and simple terms.
Attention
The absence of one of these pieces of information is punishable by a fine of €1 500.
On your website, you can use a link referring directly to the data protection policy, clearly visible on each page of the site, clearly titled (“Personal data” or “Privacy” for example).
This privacy policy should be separate from the website’s general terms and conditions of sale (GTC) or general terms and conditions of use (GTU).
There are situations in which informing the Internet user alone is not enough.
You must also obtain his consent when you proceed with one of the following steps:
Sending commercial emails (newsletter) : you must collect the explicit consent of the Internet user unless he has already purchased a similar product from your company or if he is a professional.
You must also give him the means to refuse the reception of new advertisements by proposing an unsubscription at the end of the email.
Use of cookies : these are tracers that analyze the navigation, the movements and the consultation or consumption habits of the Internet user to allow the display of targeted advertisements.
You must allow the user to consent by a clear positive act: a request for consent made by means of checkboxes is easily understandable by users.
✅
Sending commercial emails (newsletter) : you must collect the explicit consent of the Internet user unless he has already purchased a similar product from your company or if he is a professional.
You must also give him the means to refuse the reception of new advertisements by proposing an unsubscription at the end of the email.
✅
Use of cookies : these are tracers that analyze the navigation, the movements and the consultation or consumption habits of the Internet user to allow the display of targeted advertisements.
You must allow the user to consent by a clear positive act: a request for consent made by means of checkboxes is easily understandable by users.
The use of a pre-checked box presuming the individual’s consent is prohibited.
The silence of the persons, which can take the form of simply continuing to browse, must be interpreted as a refusal.
You must also allow the user to make a choice by purpose. It is recommended to allow the user to give his consent independently and specifically for each purpose (customer management, satisfaction survey, prospecting operation, etc.).
It is possible to propose to the user to give his consent in a global way to a set of purposes, by integrating buttons “Accept all” or “Refuse all”, but only if all the purposes are presented beforehand.
Attention
The computer processing of data collected without consent is punishable by 5 years imprisonment and a fine of €300,000.
To request a video call or a quote, please contact us and we will get back to you shortly!