General Data Protection Regulation


From the 25th of may 2018, the General Data Protection Regulation (GDPR) applies to all companies in the European Union.

These new European rules are in continuity with the French law “Informatics and Freedom” of 1978 and reinforces the citizens control of the use of information concerning them. These regulations harmonize the rules in Europe and offer a juridical framework unique to professionals. They allow a more efficient development of numerical activities in the European Union by basing themselves on the trust of the users.

To stay conform to the new regulations, SARL ATOLL has decided to draft this page of Data Protection and Privacy Policy to explain in all transparency how we use, treat and protect all your personal data.

You can rest assured that we place enormous importance to the protection of your personal information and we put everything in place to conserve and use them in all reliability.

Firstly, let us define “Personal data”

Personal data is anything and everything that relates or belongs to a physical and identifiable person. This would for instance be: name, surname, address, phone number, IP address, email address, birth date, etc.

Why do we need some of your Personal data?

In order to make a sale’s transaction (= a contract), our internet site needs you to communicate a series of details about yourself.

This also applies to out means of communicating with you through different medias (to present new products, the direct communication line via emails, etc.)

The mission of the new European regulations GDPR is to reinforce the rights you own over your own data: permission to access, rectify, oppose, delete to the portability and to the limitation of the processing.

We will explain to you what data we collect, why and how we use, treat and protect them; and especially, what your rights are concerning them!

The Data Protection and Privacy Policies shows our engagement – of SARL ATOLL, Society with limited responsibilities registered in the Trade and Compagnies Register of Bordeaux, found under the following number 421 130 055 00047, and of which the offices are situated at 76 Boulevard Jean-Jacques Bosc, 33130 BEGLES - (“THE SOCIETY”) as being responsible of the treatment and protection of the personal data of their clients, in all respect of their private lives.

The person responsible of your personal data in our society is Mister Christophe Espeut.

We will now describe all the data we collect and treat when you use our website (The “site”)

If one or several of the following clauses should be declared null or contradictory with the regulations in place now, it will be seen as “none written” and not lead to the nullification of the other clauses of the present Policy.

This Policy applies to all personal data collected via our website, when you create a user account, when you subscribe to our newsletter or for any exchange between yourself and THE SOCIETY (via the telephone, email, the contact formula, postal mail, social media, etc.)

What Data do we collect?

When you use and/or consult our website, here is the list of Personal data that we collect:

All data concerning your identity (like your name, surname, birth date, gender, postal address, home phone number, mobile phone number, etc.)

Your email address that will serve as “key”, allowing you to create your user account on our website, and also to communicate with us.

All data relative to your navigation on our website; i.e. your IP address, your search history, the navigator and system used, etc.

Your order details, such as your payment history, your means of payment, etc.

All data concerning your visits to our website, I.e. the dates you have visited, the number of pages you have read, the traffic data, the opening of the emails, etc.

We would like to remind you that no bank coordinates (Credit card number, expiration date, cryptogram, address or PayPal password) go through our site and are thus not saved on the website. That data is collected directly by professional providers used for online payment (via their own website.)

How do we collect your Data?

During your visit and during the creation/consultation/modification of your user account, your personal data is collected by our website, for instance:

But our site also collects your data in an “indirect” manner, through the use of Cookies.

A Cookie (also known as a tracer) is a little file composed of numbers and letters that is stocked in your navigators and/or your device’s memory when you visit our website. These Cookies allow our site to stock information that we can use to offer you a better visiting and buying experience, faster and more secure. These little files of saved data on your device speeds up the layout, all the while allowing our site to save some information when you visit and when you use our services, our applications or our messaging system.

You can refuse that these Cookies be saved and even configure your navigator to warn you before accepting new Cookies.

To do this, you can access your navigator’s settings.

In any case, we commit ourselves to never communicate the contents of these Cookies to a third party, except in the case of a legal requisition and/or judiciary injunction.

To know more about the use of Cookies on our website, please visit our Policy on Cookie usage.

Collect your Data, what for?

As a user and client of our website, we collect “direct” Data (that is to say, the ones you have allowed us to save) in order to use them for different reasons:

But we also use part of your “indirect” data (collected as Cookies) for the following reasons:

Who manages your data?

The personal Data you have entrusted us are treated internally exclusively by THE SOCIETY are not and never will be communicated to a third party.

However, in our commercial activities and to create our sales contract (treatment and sending of your product), your Data is likely to be communicated to our services providers, namely:

For the payment: Our site offers different payment options

We would also like to remind you that we never have access to your bank coordinates, card number, PayPal password, etc. All transactions are made secure by an SSL crypting, that guarantees extreme confidentiality of all this data.

Link to external sites: our Site contains some links directing to different sites that are not a party of THE SOCIETY, such as social media (Facebook, etc.). Naturally, THE SOCIETY does not have any control over these external sites and can by no means be taken accountable for the way your Data is collected, used and protected on their servers. We would recommend you to read up on their policy regarding personal Data.

How long do we keep your Data?

THE SOCIETY has decided to keep your Data only for the necessary duration of the operation for which they have been collected. But of course, that duration is not the same in every operation, and some may fall under legal conservation obligations.

Here is a preview of the conservation durations of some of your Data:

Concerning your user account: the conservation of all data lasts 10 years from the date of purchase. Should you ask for a deactivation and/or deletion of your user account, then your data will be conserved for 5 years following your termination (except for your invoice data).

For all contact with THE SOCIETY (via the contact form or email to our address), your Data will be conserved for 5 years following the last contact

For all subscription to our newsletter and presentations of new products, we conserve your Data until the moment you asked to be unsubscribed.

The “indirect” information collected with the Cookies will be conserved for 5 years. Past this time, we can anonymize your Data (make them completely anonymous), which will allow us to keep them for statistical and commercial purposes.

How do we protect your data?

Naturally, the protection of your personal data is one of our top priorities. This Data is conserved on a secure server and is protected from all risk (internal or external) thanks to antiviruses, firewalls and other technical means.

We use SSL (Secure Sockets Layer) technology; a technology that ciphers links between web servers and navigators. That type of link guarantees confidentiality of all exchanges between your PC and our web server. When consulting our website, your navigator will authenticate our SSL certificate before establishing a secure connection.

This type of connection ensures that no one other than you and us can see or access the information you put in your navigator. This SSL method can be recognized by an address starting with “https://" and by the appearance of a lock in the address bar.

Thus we do our level best to protect your Data, but we cannot guarantee full security of the information transmitted to our site. We cannot be held accountable for the failure to respect confidentiality settings and security put in place on our site.

On this basis, you consent that you convey your Data at your own risk, and that the security of your information is also your responsibility. Never divulge your password to others and never share your personal information in a public part of the site that can be seen by other visitors.

Here is an interesting article from the CNIL: How to generate a strong solid password

What are your rights?

The setting up of the GDPR new regulations reinforces your rights regarding the personal Data that you have shared with us. The strongest pillar of these regulations is that you are able to choose how your data is used, namely:

You can navigate through our site without giving any personal Data.

Sadly, you would then not be able to complete a purchase or use some functions of the site

You can manage your subscription to our newsletter and our commercial letters at all times by clicking on the “unsubscribe” link at the bottom of every email

You can ask us to permanently delete your user account if you desire it gone from our site. This however is irreversible and will permanently delete your complete purchase history and all advantages you may have had.

In accordance with the dispositions of the regulations concerning your personal Data (the European Regulation 2016/679 on the data protection - GDPR) but also with the law of 6th January 1978, also called “Informatics and Freedom” and all its modifications, you have a right to access and rectify your Data.

The rights that you have following these new regulations are as follows:

To put in place your rights concerning your personal Data and in accordance with article 12.6 of GDPR, THE SOCIETY (as responsible for the treatment) reserves the right to ask you about your identity. This identity justification information will be deleted as soon as you have answered our request.

A DPO (Data Protection Officer) has been appointed in the society, it is Christophe Espeut.

You can practice your rights by addressing a letter in French or English (while indicating your name, surname, postal address, email address and accompanied by a copy of your identity card, front and back)

By email: at the following address

By post:

76 Boulevard Jean-Jacques Bosc
33130 Bègles (France)
And we will answer in no longer than a month.

Is your Data transferred outside of the European Union?

The Data we collect on our website is housed by OVH Society (In France), of which the servers are present exclusively in France.

Of course, the usage of different services on our site automatically leads to the acceptance of the present policy. In case you do not agree with this policy, then we invite you not to use the site or to use it anonymously (that is to say without introducing Personal Data, which will limit the possible services we offer and will mean you cannot make a purchase).

The last update of this “Data and Privacy Protection” Policy dates back to the 27th of July 2019, in accordance to the European Regulations concerning Personal Data (GDPR).

Terms & Conditions