GDPR

Kumiko Matcha’s personal data protection principles (VALICOM & DECO)

Introduction

On this page, we present the principles by which C/O VALICOM & DECO Kumiko Matcha collects different types of data about its customers, as well as our commitments regarding the security and data protection policy of C/O VALICOM & DECO Kumiko Matcha. 

Definitions

In order to avoid an imprecise interpretation, here are some elements to help understand the terms used:

  • Personal data: any information relating to an identified or identifiable natural person. A natural person is deemed to be “an identifiable natural person” if they can be identified, directly or indirectly.
  • Processing: any operation or set of operations performed, whether or not using automated processes, and applied to personal data or sets of personal data (collection, recording, transmission, storage, retention, extraction, consultation, use, interconnection, segmentation, etc.).

Data controller

Any processing of personal information communicated to C/O VALICOM & DECO Kumiko Matcha is carried out under the responsibility of the company C/O VALICOM & DECO Kumiko Matcha, 38 Rue le Laboureur, 95160, Montmorency, SIRET No. 794 117 051 00019.

For any questions about the processing of personal data, or any request for access, obtaining, portability, rectification or erasure of your personal data, we invite you to contact our data controller and data protection representative Mr NGUYEN VAN NHUT Valentin at the following address: val@kumikomatcha.fr

Request to modify your personal data 

  • As a user of the services of the company Kumiko Matcha, you can modify your personal data from your customer account
  • For any other request for access, obtaining, portability, rectification or erasure of your personal data, we invite you to contact our data controller and data protection representative Mr NGUYEN VAN NHUT Valentin at the following address: val@kumikomatcha.fr

How do we collect data about you?

The collection of your personal data (such as your email address) is most often based on your customer relationship, prospect relationship, or another relevant relationship with us. For example, we collect data when you take actions on our services, by subscribing to our website newsletter, by using the services on our website, or by providing us with other information.

When you use Kumiko Matcha’s network and communication services, for example by sending an email, identification data is stored in our systems for the use of the services. When you visit the website or load pages, you leave us various types of anonymous browsing data, such as your IP address and browsing history. The operation of the services is based on the use of cookies. We may collect data based on your consent. 

What data do we collect?

When you make a purchase on our shop, as part of our buying and selling process, we collect the personal information you provide to us, such as your name, your address and your email address. When you browse our shop, we also automatically receive your computer’s Internet Protocol address (IP address), which allows us to obtain more details about the browser and operating system you use.

We store what can be linked to you. The data created and collected during communication includes information about the communicating parties, the time of the connection, routing information, the data transfer protocol, the connection format and location information. When browsing the Internet, “measurement data” is collected using cookies. This data cannot be associated with a person. The customer information we collect helps us to personalise and continuously improve your experience on our site. We use this information to process orders, deliver products and services, process payments and communicate with you about your orders, products, services and weekly articles, maintain and update our records, make content available to you such as blog articles and customer reviews, and recommend products and services that may interest you. We also use this information to improve our shops and websites, prevent or detect fraud or abuse on our website, and enable third parties to provide technical, logistical or other functions on our behalf.

List of the types of information we collect 

Information you provide to us

We collect and record all the information that you provide to us via our website or through other means. You can choose not to provide us with certain information; however, this decision may limit your use of our services. We use the information you provide to us, in particular to respond to your requests, improve our services and communicate with you.

Information collected automatically

Each time you get in touch with us, we receive and record certain types of information. Like many other websites, we use “cookies” in particular and obtain certain types of information when your browser accesses the Kumiko Matcha site.

Email information

To optimise the usefulness and relevance of our emails, we frequently receive confirmation that you have opened the emails sent. If you do not wish to receive emails from us, simply unsubscribe at the bottom of the email. With your permission, we may send you emails about our shop, new products and other updates. Kumiko Matcha sends customer messages about its products and services to its customers via the consent available when signing up to the newsletter or after ordering on the site. You have the right to prohibit Kumiko Matcha from sending you messages. You can opt out of marketing by following the instructions included in the messages.

How do we manage your information?

Please note that Kumiko Matcha and its subcontractors act under an obligation of confidentiality when they process data concerning you. We maintain the confidentiality of data concerning you and ensure that it is used only for predefined purposes.

Your data is processed for the purpose of producing and delivering communication services and other content, developing the services, billing, providing you with the best and most comprehensive services possible, and informing you about our services.

We also use your data for customer communications, such as sending information about our services and for direct marketing purposes.

We process the data of our potential customers for direct marketing purposes.

We strive to ensure that customer data is up to date and correct.

We delete outdated and unnecessary data where possible.

We protect all data concerning you through personal, task-based access rights and prevent third-party access to the data.

Where do we send your data? 

We only submit your data to the extent permitted by applicable legislation and as stated in the file description to authorities and other telecommunications companies.

When we use subcontractors, we will sign a security agreement with them that also covers the use of your data. We are also responsible for this kind of handling for you.

Kumiko Matcha’s data protection principles

The purpose of this data protection policy is to describe the principles and practices that we observe at Kumiko Matcha to ensure the protection of privacy, the confidentiality of communications and the legal protection of our customers. Kumiko Matcha regularly updates this policy as operations or services change or develop. For this reason, we encourage you to consult the latest statement regularly. Important core values for Kumiko Matcha include the confidentiality of customer data and communications, as well as the protection of customers’ privacy in all company operations. When handling our customers’ personal data, we comply with French legislation, orders and instructions from the authorities, and good data processing practices. Kumiko Matcha implements a high level of data protection. Personal data, as well as location-related data, is collected only for specific, predefined and lawful purposes and is not processed in a manner incompatible with those purposes. We maintain physical and electronic security measures and back-up procedures relating to the collection, retention and communication of customers’ personal information. 

The general principles of customer data management 

The processing of personal data must always be justified for Kumiko Matcha’s operations. Kumiko Matcha has defined the purpose of collecting, handling and submitting personal data in the following section. Kumiko Matcha processes only the customer data necessary for its operations, as defined in the purpose of use indicated in the file description for the customer register. We strive not to process incorrect, incomplete or outdated data. The processing of customer data is generally based on a relevant relationship, information received when using or registering for a service, or your consent. We may also process your data on other grounds, for example at your request or where required by law. Your information may be processed within Kumiko Matcha. We encourage our customers who have created an account to regularly update their contact details. Please note that, as a Kumiko Matcha customer, you have the right to check what data concerning you has been stored in our information systems, or that there is no data concerning you in our file. You may also refuse the use of your data in accordance with the relevant legislation. The inspection can be carried out once a year free of charge. The request to inspect the data must be made with a document signed between Kumiko Matcha and you.

Collection, retention, extraction and processing of personal data  

Register of subcontractors who collect personal data transmitted via Kumiko Matcha services: 

Shopify :

  • Data collected: Surname; First name; Address; Telephone number; Email address; direct marketing information and consent; information about the company contact person, company name, information provided by yourself, customer classification information, order, delivery, agreement and billing
  • Provider information: https://www.shopify.fr
  • Provider location: Canada 
  • Purpose: Site management and sale of products online 
  • Are the data stored or processed outside the EU: Yes 
  • GDPR provider charter: https://www.shopify.com.au/legal/dpa
  • Retention period: 3 years after the last aperson’s activity 
  • Access to data: Kumiko Matcha internal services; Logistics subcontractors

Our shop is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell you our services and products.

Your data is stored in Shopify’s data storage system and databases, and in Shopify’s general application. Your data is kept on a secure server protected by a firewall.

Klaviyo :

  • Data collected:  Email address; direct marketing information and consent
  • Provider information: https://www.klaviyo.com
  • Provider location: United States
  • Purpose: External communication of the site; Newsletter
  • Are the data stored or processed outside the EU: Yes 
  • GDPR provider charter: https://www.klaviyo.com/privacy/dpa
  • Retention period: 3 years after the person’s last activity
  • Data access: Kumiko Matcha internal services

Helpscout

  • Data collected: Surname; First name; Telephone number; Email address; Information about the person; Company name, Information provided by yourself
  • Provider information: https://www.helpscout.com
  • Provider location: United States
  • Purpose: Customer support and messaging with the company’s stakeholders 
  • Are the data stored or processed outside the EU: Yes 
  • GDPR provider charter: https://www.helpscout.com/company/legal/dpa/
  • Retention period: 3 years after the person’s last activity 
  • Data access: Kumiko Matcha internal services 

Register of providers that collect personal data transmitted via the subcontractors mentioned above:

Google Analytics :

 Sympl :

 Order desk :

 Stripe :

 Paypal :

If you make your purchase via a direct payment gateway, then Shopify will store your credit card information. This information is encrypted in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). Information relating to your purchase transaction is kept for as long as necessary to finalise your order. Once your order is finalised, information relating to the purchase transaction is deleted.

All direct payment gateways comply with the PCI-DSS standard, managed by the PCI Security Standards Council, which results from the joint effort of companies such as Visa, MasterCard, American Express and Discover.

The requirements of the PCI-DSS standard help ensure the secure processing of credit card data by our shop and by its service providers.

 Typeform :

  • Provider information: https://www.typeform.com
  • Provider location: Spain
  • Purpose: Collection of customer feedback 
  • Are the data stored or processed outside the EU: No 
  • GDPR provider charter: https://www.typeform.com/blog/news/gdpr/ 

 Stamped :

  • Provider information: https://stamped.io
  • Provider location: United States
  • Purpose: Generation of customer reviews 
  • Are the data stored or processed outside the EU: Yes 
  • GDPR provider charter: https://stamped.io/privacy

 Disqus :

 In general, the third-party providers we use will only collect, use and disclose your information to the extent necessary to be able to perform the services they provide to us.


However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information that we are required to provide to them for your purchase transactions.

With regard to these providers, we recommend that you read their privacy policies carefully so that you can understand how they will handle your personal information.

Please remember that certain providers may be located, or have facilities located, in a jurisdiction different from yours or ours. So if you decide to proceed with a transaction that requires the services of a third-party provider, your information may then be governed by the laws of the jurisdiction in which that provider is located or those of the jurisdiction in which its facilities are located.

For example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, your information that was used to complete the transaction could be disclosed under United States legislation, including the Patriot Act.

Once you leave our shop’s website or are redirected to a third party’s website or application, you are no longer governed by this Privacy Policy or by the General Terms and Conditions of Sale and Use of our website.

Sending and sharing of data 

Kumiko Matcha may submit your data to third parties only in accordance with applicable legislation. We provide information upon request to authorities, for example the police and security authorities, as well as other authorities for the reasons specified by legislation. Information relating to our customers represents an important part of our business and our business is not to trade in it. We share this information only in the cases previously stated and for the purposes described in this privacy policy with Kumiko Matcha and which are either subject to this privacy policy or apply rules at least as protective as those described in this privacy policy. In addition, we may submit your data to subcontractors, in which case we will ensure that data confidentiality is maintained, and we will also be responsible for data management in this case. If we process your data outside the EU region, we will protect your data by ensuring that the subcontractor guarantees appropriate data processing.

Processing of identification and location data related to electronic communication

Kumiko Matcha treats all data and all messages created during communication as confidential. We are bound by an obligation of secrecy and a prohibition on using messages or other confidential information. When communication takes place via a network, it always leaves a trace. These network traces are called identification data if they can be connected to a person. Network traces are created, for example, during telephone calls, sending emails and SMS messages, and browsing the Internet, and may contain information about the correspondents, the connection route or routing, the data transfer protocol used, the event, and the terminals used or their location. Our service providers handle identification and location information related to communication in accordance with applicable law for purposes such as the provision and use of services, billing, and technical development. Our subcontractors may also handle identification data in cases of misuse, data security breaches, and fault repair. In all the situations above, we process identification and location data only to the extent necessary to carry out a specific task.

Persons authorised to manage identification and location data 

Only specific persons at our service providers whose work requires access to identification and location data may process this data. In practice, authorisation is granted only to persons performing tasks related to billing, maintenance or development of networks or communication services, prevention and investigation of abuse, customer service and marketing. Persons who have the right to handle the data may only manage it to the extent required to perform individual tasks.

Duration of processing of identification and location data and data storage 

We process identification and location data for as long as necessary for billing, technical development, fault repair, marketing, investigation of misuse, or data security purposes. However, handling takes place only to the extent required by the actions and without unduly compromising the confidentiality of a message and the protection of privacy. We store the billing data required for at least one year from the invoice due date and for a period not exceeding three years from the invoice due date, unless it is necessary to retain the data for a longer period in connection with the collection of the invoice. Otherwise, the data is stored to the extent permitted and required by the relevant legislation.

Website, visit tracking  

We also collect data concerning website visits. This data includes the IP address and the corresponding DNS name, the organisation that registered the IP address, the name and address of the page visited, the page load time and the browser type. Please note that the IP address is an identification required for the operation of the Internet, used to direct messages transmitted on the Internet to the appropriate locations. As a general rule, the IP address is not connected to the person using the computer, but it may be connected to the organisation that registered the IP address. The IP address connection may be established at the request of the authorities.

Cookies 

This website also uses cookies. The purpose of the cookie is to indicate the visitor’s passage on the website. Cookies are used by VALICOM & DECO only for the purpose of improving the personalised service intended for the visitor.

Under no circumstances do we collect visitors’ email addresses unless they deliberately provide them to us.

The data collected is our customers’ contact details (surname, first name, address, telephone number, email address). As a Kumiko Matcha customer, you can browse our websites anonymously. However, like most websites, we use cookie technology. When you view our website, the cookie sets a random number for the browser that does not indicate your identity. Cookies help Kumiko Matcha determine which sections of its websites are the most popular, where visitors go and how long they stay there. The data is used to implement and develop services and to target advertisements on the websites. You can prevent the cookie from being stored by changing your browser settings. In some cases, prevention may slow down or make it impossible to browse pages or the website.

Here is a list of cookies that we use. We have listed them here so that you have the option to choose whether you wish to allow them or not.


_session_id, unique session identifier, allows Shopify to store information relating to your session (referrer, landing page, etc.).

_shopify_visit, no data held, persists for 30 minutes since the last visit. Used by the internal statistics tracking system of our website provider to record the number of visits.

_shopify_uniq, no data held, expires at midnight (depending on the visitor’s location) the following day. Calculates the number of visits to a shop per unique customer.

cart, unique identifier, persists for 2 weeks, stores information relating to your shopping basket.

_secure_session_id, unique session identifier

storefront_digest, unique identifier, indefinite if the shop has a password, used to know whether the current visitor has access.

When browsing Kumiko Matcha, advertising cookies will be placed on your computer so that we can understand what interests you. Our advertising partners then allow us to show you retargeting adverts on other sites based on your previous interaction with Kumiko Matcha. The techniques our partner uses do not collect personal information such as surname, first name, address, telephone number, email address. 

You may be required to leave our website by clicking on certain links on our site. We assume no responsibility for the privacy practices of these other sites and recommend that you read their privacy policies carefully.

Consent

When you provide us with your personal information to complete a transaction, verify your credit card, place an order, arrange delivery or return a purchase, we assume that you consent to us collecting your information and using it for that purpose only.


If we ask you to provide us with your personal information for another reason, for marketing purposes for example, we will ask you directly for your explicit consent, or we will give you the option to refuse.

If, after giving us your consent, you change your mind and no longer consent to us contacting you, collecting your information or disclosing it, you can let us know by contacting us at val@kumikomatcha.fr or by post at the following address:

VALICOM & DECO
38 rue Le Laboureur
95160 Montmorency
France

As mentioned previously, we may be required to collect your telephone data (telephone number). You have the right to object to telephone canvassing by registering with the BLOCTEL scheme: https://www.bloctel.gouv.fr/

By using this site, you declare that you are at least the age of majority in your state or province of residence, and that you have given us your consent to allow any minor dependants in your care to use this website.

Data security 

We ensure the security of the data of our services by using methods proportionate to the severity and sophistication of the threats as well as the cost. Kumiko Matcha takes care to carry out actions aimed at preventing data security breaches or eliminating disruptions that affect data security. In addition, we use all means to ensure that the confidentiality of messages or the protection of privacy is not unduly compromised when carrying out the above actions. We provide information on actions related to the data security of our services and other matters concerning data security through appropriate channels. In order to prevent data security breaches and eliminate disruptions affecting data security, we may, among other things, monitor our service providers. They, for example, prevent the receipt of electronic messages, remove viruses and other malware from messages, and take other comparable technical measures. These measures are necessary within the permitted limits. Our service providers use physical, administrative, and technical safeguards to keep secret the messages and identification data transmitted over the communications network. These actions reduce the risk that data concerning you is disclosed to third parties and prevent any misuse or other unauthorised access. Some of our services also use standardised encryption methods. Please note that, as a user of Kumiko Matcha services, you must also use the most appropriate methods to ensure your own data security. We encourage you to store and use our services and your devices carefully and to control their use, for example by using secure codes and unique passwords, and to use sufficient antivirus and firewall services and keep them, as well as the operating system, up to date.

To protect your personal data, we take reasonable precautions and follow industry best practices to ensure that it is not lost, misused, accessed, disclosed, altered, or destroyed inappropriately.

If you provide us with your credit card information, it will be encrypted through the use of the SSL security protocol and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we comply with all requirements of the PCI-DSS standard and implement additional standards generally recognised by the industry.

Intellectual and industrial property rights 

All elements published on the Kumiko Matcha website, such as sounds, images, photographs, videos, writings, animations, programs, graphic charter, utilities, databases, software, and other underlying technology, are protected by the provisions of the Intellectual Property Code and belong to VALICOM & DECO.

The Kumiko Matcha trademark, as well as all figurative or non-figurative trademarks and, more generally, all other trademarks, illustrations, images and logos appearing on the products, their accessories or their packaging, whether registered or not, are and shall remain the exclusive property of the company VALICOM & DECO, with the exception of the rights held over the product visuals, brands and logos of the suppliers of the products presented on the website kumikomatcha.fr.

Any total or partial reproduction, modification or use of these trademarks, illustrations, images and logos, for any reason and on any medium whatsoever, without the express prior agreement of the company VALICOM & DECO, is strictly prohibited. The same applies to any combination or conjunction with any other trademark, symbol, logo and, more generally, any distinctive sign intended to form a composite logo, with the exception of logos and descriptive signs belonging to the brands present on the website. The same will apply to all copyrights, designs and models, and patents that are the property of the company VALICOM & DECO.

Liability

VALICOM & DECO is not responsible for the content and operation of the websites linked to this website, nor for damage of any kind that may be suffered by the visitor when visiting these websites.

Use of this website implies that the visitor is aware of and accepts the characteristics and limitations of the Internet and the technologies related to it, the lack of protection of certain data against possible misappropriation or hacking, and the risk of contamination by possible viruses circulating on the network. VALICOM & DECO declines all liability in the event of misuse or an incident related to the use of the computer, Internet access, maintenance or server malfunction, the telephone line or any other technical connection, and the sending of forms to an incorrect or incomplete address, any computer errors whatsoever or defects noted on the website.

Applicable law

This website is subject to French law.