Privacy Policy

Between :

1° The simplified joint stock company FEED. with a capital of 22,812.62 euros, registered in the Paris Trade and Companies Register under number 821 239 878, which registered office is located at 231 rue Saint Honoré 75001 Paris, and having as VAT number FR59821239878.

Hereinafter referred to as the “Data Controller”,

On the one hand,

And

2° Any individual browsing the website of the Controller;

Hereinafter referred as the “Data Subject” ,

On the other hand,

It has been stated and agreed as follows:

This Privacy Policy applies, without restriction nor reservation, between the Data Subject and the Data Controller.

Its purpose is to provide information on the way in which the Data Controller collects and processes personal data concerning the Data Subject, in accordance with the applicable laws and in particular European Regulation No 2016/679 (hereinafter referred as the “Legislation“), in connection with the use of the website www.feed.co (hereinafter referred as the “Site“) by the Data Subject.

This Privacy Policy is part of the Data Controller’s General Terms and Conditions of Sale.

• Browsing means the consultation, review, order and/or purchase of Products on the Site by the Data Subject.
• Consent means any freely given, specific, informed and unambiguous indication by which the Data Subject agrees, by a statement or by a clear affirmative action, to the Processing by the Data Controller of Personal Data relating to him or her.
• Cookie means a file that makes it possible to track the journey of the Data Subject on the Site.
• Data Controller means the simplified joint stock company FEED. with a capital of 22,812.62 euros, registered in the Paris Trade and Companies Register under number 821 239 878, which registered office is located at 231 rue Saint Honoré 75001 Paris, and having as VAT number FR59821239878, which alone or jointly with others, determines the purposes and means of the Processing.
• Data Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.
• Data Subject means any individual who browses the Site, provided that he or she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity.
• DPO means the data protection officer of the Data Controller, namely Cabinet Bouchara – Avocats (17 rue du Colisée – 75008 Paris – FRANCE, info@cabinetbouchara.com), responsible for assisting the Data Subject in the exercise of his or her rights to the Personal Data.
• File means any structured set of Data accessible according to specific requirements, whether centralized, decentralized or distributed in a functional or geographical manner.
• Legislation means any law and regulation relating to Personal Data protection, and in particular European Regulation No. 2016/679.
• Personal Data means any information relating to the Data Subject.
• Processing means any operation or set of operations which are performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Products means the products offered for sale on the Site by the Data Controller to the Data Subject.
• Pseudonymisation means the processing of Personal Data in such a way that it can no longer be attributed to the Data Subject without the use of additional information.
• Recipient means a natural or legal person, public authority, agency or another body, to which the Personal Data is disclosed, whether they are a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry shall not be regarded as Recipients.
• Site means the infrastructure developed by the Data Controller in accordance with the IT formats that can be used on the Internet, including data of various kinds, and in particular texts, sounds, static or moving images, videos, databases, intended to be consulted by the Data Subject to know, book, order and/or purchase Products (www.feed.co).
• Supervisory Authority means the independent public authority in charge of Data protection regulation;
• Third Party means a natural or legal person, public authority, agency or body other than the Data Subject, the Data Controller, the Data Processor and persons who, under the direct authority of the Data Controller or the Data Processor, are authorized to Process Personal Data, and in particular tour operators, travel agencies and booking systems.

In accordance with the Legislation, the Data Controller undertakes to respect the following principles for each Processing:

• Lawfulness;
• Fairness;
• Transparency;
• Purpose limitation;
• Data minimisation;
• Accuracy;
• Storage limitation;
• Integrity;
• Confidentiality;
• Accountability.

In the frame of Browsing, the Data Controller is required to collect and process a certain number of Personal Data, and in particular:

• Personal information (name, first name, gender, postal address, email address, telephone number, date of birth, age, date of registration and unsubscription to the Data Controller’s customer account and newsletter, messages exchanged with the Data Controller, telephone conversations with the Data Controller);
• Bank information (payment method, credit card number);
• Information on your order (Product ordered, delivery address, delivery tracking number, price of the order, etc.);
• Technical information (Browsing behaviour on the Site, IP address, products added to the cart, collection of Consent).

The Personal Data may be collected and processed by the Data Controller on various occasions, including:

• Purchase of Products on the Site;
• Contact with the Data Controller;
• Subscription to the newsletter;
• Creating a sponsorship link;
• Creating a customer account;
• Browsing on the Website.

The Data Controller reserves the right to anonymise the Personal Data processed before deleting it. The anonymized data may then be processed for statistical purposes.

As a matter of principle, the Data Controller is the sole Recipient of the Personal Data.

However, the Data Controller may transfer the Personal Data to Recipients, in particular in the context of the management of Product purchases by the Data Subject, and/or to any public authority that so requests, in particular in the context of an investigation mission.

The following Recipients may process your Personal Data, as Processor, on behalf of the Data Controller:

• OXEVA
  French company with share capital of 86 853 €
  RCS Paris 481 681 724
  Registered office : 5 rue de la Terrasse, 75017 Paris – France
  Email : info@oxeva.fr
  Tél. 01 80 05 97 30
• FACEBOOK FRANCE
  French company with share capital of 4 950 000 €
  RCS Paris 630 085 802
  Registered office: 6 rue Menars, 75002 Paris – France
• GOOGLE FRANCE
  French company with share capital of 7 500€
  RCS Paris 443 061 841
  Registered office : 8 rue de Londres, 75009 Paris – France
• CRITEO
  French company with share capital of 1 677 273€
  RCS Paris 484 786 249
  Registered office: 32 rue Blanche, 75009 Paris – France
• OUTBRAIN UK LIMITED
  Company incorporated in the UK
  RCS Paris 534 895 727
• REALYTICS
  French company with share capital of 18 129,42€
  RCS Paris 800 545 071
  Registered office: 73 rue d’Anjou, 75008 Paris – France
• AWIN SAS
  French company with share capital of 58 050€
  RCS Paris 432 845 964
  Registered office: 8 rue Saint Fiacre, 75002 Paris – France
• TWITTER FRANCE SAS
  French company with share capital of 37 000€
  RCS Paris 789 305 596
  Registered office : 10 rue de la Paix, 75002 Paris – France
• DIDUENJOY
  French company with share capital of 1 000€
  RCS Paris 801 901 273
  Registered office: 42 rue Jean Baptiste Pigalle, 75009 Paris – France
• EMARSYS
  French company with share capital of 25 000€
  RCS Nanterre 530 844 232
  Registered office : 67 rue Anatole France, 92300 Levallois Perret – France
• DATABILITY SOLUTIONS PVT LTD
  Company incorporated in the USA
  Registered office: 2035 Sunset Lake Road Suite B2, Newark New Jersey 19702 USA
• TRADEDOUBLER
  French company with share capital of 7 622,45€
  RCS Nanterre 431 573 716
  Registered office : 8 rue Barthélémy d’Anjou, 92100 Boulogne Billancourt – France
• MANDRILL
  French company with share capital of 3 000€
  RCS Paris 832 517 858
  Registered office : 26 rue d’Avron, 75020 Paris – France
• SHIPUP
  French company with share capital of 1 258€
  RCS Nanterre 822 856 068
  Registered office : 47 rue Marcel Dassault, 92100 Boulogne Billancourt – France
• ALPHA DIRECT SERVICES
  French company with share capital of 22 912 625€
  RCS Beauvais 533 296 240
  Registered office : rue Hyppolite Bayard, 60000 Beauvais – France
• LA POSTE
  French company with share capital of 3 800 000 000€
  RCS Paris 356 000 000
  Registered office : 9 rue du Colonel Pierra Avia, 75015 Paris – France
• ANAFORE PTE LTD.
  Company incorporated in Singapore
  Registered office : 10 Anson Road, #26-04, International Plaza, Singapore 07990, SINGAPORE
  Tél. 65 9179 1176
• AIRCALL
  French company with share capital of 4 110 000€
  RCS Paris 807 437 595
  Registered office : 42 rue du faubourg Poissonnière, 75010 Paris – France
• ZENDESK UK LTD
  Foreign company
  Registered office : 30 Eastbourne terrace, London UK
• BOTMIND
  French company with share capital of 1 000€
  RCS Melun 844 279 380
  Registered office : 54 passée des vaches, 77630 Arbonne-la-Forêt – France
• METAPHORA LLC
  Company incorporated in the USA
  Registered office: 347 Fifth Ave. Suite 1402, New York, NY, 10016 – USA
• STRIPE FRANCE
  French company with share capital of 1 000€
  RCS Paris 807 572 011
  Registered office : 10 Boulevard Haussmann, 75009 Paris – France
• SNAP GROUP SAS
  French company with share capital of 100€
  RCS Paris 820 920 056
  Registered office : 16 rue de la Rochefoucauld, 75009 Paris – France
• PERFMAKER
  French company with share capital of 30 000€
  RCS Paris 833 952 831
  Registered office: 24 Boulevard St Denis, 75010 Paris – France
• AB TASTY
  French company with share capital of 49 705,65€
  RCS Paris 518 685 540
  Registered office : 3 impasse de la Planchette, 75003 Paris – France
• MONDIAL RELAY
  French company with share capital of 500 400€
  RCS Lille 385 218 631
  Registered office: 5 Avenue Antoine Pinay, 59510 Hem – France
• CYBOT A/S
  Company incorporated in Denmark
  Number DK34624607
  Registered office: Havnegade 39, 1058 Copenhagen, Denmark
• BIRON
  French company with share capital of 12 000€
  RCS Paris 790 195 937
  Registered office : 21 place de la République, 75003 Paris – France
• MAGENTO
  Company incorporated in the USA
  Registered office: 54 North Central Avenue, CAMPBELL, CA 95008, USA

This list of the Data Controller’s Processors is subject to change at any time. The Data Controller undertakes to require its Processors to provide sufficient guarantees as to the implementation of appropriate technical and organisational measures so that the Processing complies with legal and regulatory requirements and guarantees the protection of the Data Subject’s rights, in particular in the event of transfer of the Personal Data outside the European Union. In addition, the Data Controller may share the Personal Data subject with any Recipient or Third Party for Processing when a legal obligation to do so is in force or when the Data Controller considers in good faith that this is necessary in order to:

• Respond to any claim against him;
• Comply with the requirements of the judiciary and/or administrative order and/or the Supervisory Authority;
• Enforce any contract to which the Data Subject is a party;
• Safeguard the vital interests of any individual;
• The performance of a public interest mission.

In the event of the purchase of the Data Controller by a Third Party, the Data Controller reserves the right to share the Personal Data with the Third Party purchaser, subject to compliance with this Privacy Policy by such Third Party.

The Data Subject has a number of rights over the Personal Data that he or she can exercise, unless there is an applicable legal exception, by submitting a request to the DPO at the following address:

CABINET BOUCHARA – AVOCATS
Service DPO
17 rue du Colisée – 75008 PARIS
FRANCE
info@cabinetbouchara.com

The DPO will assist the Data Subject in the exercise of his or her rights over the Personal Data before the Data Controller.

In case of reasonable doubt regarding the identity of the Data Subject exercising his or her rights over the Personal Data, the DPO may request a copy of an official identity document in support of the request.

Requests will be processed as soon as possible and at the latest in accordance with the deadlines set by the Legislation.

The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning him or her is being processed, and, where that is the case, access to the Personal Data and the following information:

• The purposes of the Processing
• The categories of Personal Data concerned
• The Recipients or categories of Recipient to whom the Personal Data have been or will be disclosed, in particular Recipients in third countries or international organisations
• Where possible, the foreseeable period for which the Personal Data will be stored, or, if not possible, the criteria used to determine this period
• The existence of the right to request from the Data Controller rectification or deletion of Personal Data or restriction of processing of Personal Data concerning the Data Subject or to object to such processing
• The right to lodge a complaint with the Supervisory Authority
• Where the Personal Data is not collected from the Data Subject, any available information as to its source
• The existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the foreseeable consequences of such Processing for the Data Subject.

The Data Controller shall provide a copy of the Personal Data being processed and reserves the right, in return for providing such a copy, to pay a reasonable fee based on the administrative costs for any additional copy requested by the Data Subject.

The Data Subject has the right to obtain from the Data Controller the rectification and/or deletion of inaccurate or obsolete Data as quickly as possible, unless otherwise hindered by a situation that prevents the exercise of this right, and in particular:

• The exercise of the freedom of expression and information;
• Compliance with a legal obligation;
• Public interest in the area of public health, archives, scientific or historical or statistical research;
• The establishment, exercise or defence of legal rights.

The Data Subject has the right to object at any time, for reasons relating to his or her particular situation, to Personal Data Processing based on the performance of a task in the public interest or the necessity of the legitimate interest of the Data Controller.

The Data Controller then undertakes not to further process the Personal Data, unless it can be demonstrated that there are legitimate and compelling reasons for the Processing that prevail over the interests and rights and freedoms of the Data Subject, or for the establishment, exercise or defence of legal rights.

In addition, the Data Subject has the right to object at any time to the Personal Data Processing carried out for the purpose of prospecting by the Data Controller, insofar as the Data Subject is linked to such prospecting.

Finally, when Personal Data is processed for scientific or historical research purposes or for statistical purposes, the Data Subject has the right to object, for reasons relating to his or her particular situation, to the processing of the Personal Data, unless the Processing is required for the performance of a public interest task.

The Data Subject has the right to obtain from the Data Controller restriction of Processing where one of the following applies:

• The accuracy of the Personal Data is challenged by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the Personal Data;
• The Processing is unlawful, and the Data Subject opposes the deletion of the Personal Data and requests the restriction of its use instead;
• The Data Controller no longer needs the Personal Data for the purposes of the Processing, but it is required by the Data Subject for the establishment, exercise or defence of legal claims;
• The Data Subject has objected to Processing pending the verification of whether the legitimate grounds of the Data Controller override those of the Data Subject.

The Data Subject who has obtained restriction of Processing shall be informed by the Data Controller before the restriction of Processing is lifted.

The Data Subject shall have the right to receive the Personal Data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit this Personal Data to another controller without hindrance from the Data Controller, where:

• The Processing is based on the Consent of the Data Subject or on the performance of a contract to which the Data Subject is a party;
• The Processing is carried out using automated processes.

The Data Subject, when exercising his or her right to the portability of the Personal Data, has the right to have the Personal Data transmitted directly from the Data Controller to another controller, when this is technically possible.

The Data Subject has the right to file a complaint before the Supervisory Authority if he/she considers that he/she is the subject of unlawful Personal Data Processing by the Data Controller.

The Data Subject has the right to file a complaint before the Supervisory Authority if he/she considers that he/she is the subject of unlawful Personal Data Processing by the Data Controller.

The Data Controller shall take appropriate technical and organisational measures to protect the Personal Data against destruction, loss, alteration, misuse and unauthorised access, modification or disclosure, whether such actions are voluntary or accidental.

These technical and organizational measures are intended to ensure the confidentiality, integrity, availability and resilience of the Site and the IT systems where the Files are stored.

In order to secure the Data Subject’ Browsing, the Site is encrypted SSL (Secure Socket Layer).

The Data Controller reserves the right to amend this Privacy Policy from time to time, in particular the list of Recipients set out in Article 8.

In the event of a material change to this Privacy Policy, the Data Subject will be informed personally of the new Privacy Policy.

The Data Subject is advised to consult this Privacy Policy regularly to be aware of any changes to it.

The Data Subject may send questions about this Privacy Policy to the DPO at the following address: info@cabinetbouchara.com.

If any provision of this Privacy Policy shall be deemed invalid under any applicable law or court decision that has been made final, it shall be deemed unwritten, without invalidating the entire Privacy Policy or altering the validity of any other provisions of this Privacy Policy.

When Browsing the Site, the Data Subject is required to consent to the installation of Cookies on his or her computer terminal.

Cookies generally record information relating to Browsing (pages viewed, date and time of viewing, etc.), which may be retrieved during the Data Subject’s subsequent Browsing with transmission of the Personal Data to the Data Controller. The installation of these Cookies requires the Consent of the Data Subject.

Some Cookies are essential to the proper functioning of the Site and do not require the Consent of the Data Subject before installation, we refer to them as functional Cookies.

In accordance with Article 7. of this Privacy Policy, Cookies are automatically deleted within thirteen (13) months from their installation if the Data Subject does not renew his/her Consent before the expiration of this period.

The Data Subject may refuse to give his Consent to the installation of non-functional Cookies, withdraw his Consent and/or set the Cookies at any time by using the Data Controller’s Cookies Manager below or by configuring his browser himself as follows:

For Mozilla Firefox:
– Choose the “tool” menu then “Options”.
– Click on the “privacy” icon
– Locate the “cookie” menu and select the options that suit you

For Microsoft Internet Explorer 6.0:
– Select the “Tools” menu, then “Internet Options”.
– Click on the “Confidentiality” tab
– Select the desired level with the cursor.

For Microsoft Internet Explorer 5:
– Choose the “Tools” menu, then “Internet Options”.
– Click on the “Privacy” tab
– Customize the level” with the cursor

For Netscape 6.X and 7. X:
– Choose the “Edit”> “Preferences” menu
– Confidentiality and Security
– Cookies

For Opera 6.0 and beyond:
– Choose the “File” menu > “Preferences”
– Privacy Policy