POLITIQUE DE CONFIDENTIALITÉ
The User is hereby informed of the regulations governing marketing communications, the Law of 21 June 2004 on Confidence in the Digital Economy, the Data Protection Act of 6 August 2004, and the General Data Protection Regulation of 27 April 2016 (GDPR No. 2016-679).
Data Controller
With regard to Personal Data collected in connection with the creation of the User’s personal account and the User’s browsing activity on the Website, the data controller responsible for processing Personal Data is FIRN.
As the controller of the data it collects, FIRN is committed to complying with applicable legal requirements. In particular, it is the responsibility of FIRN to determine the purposes of its data processing, to provide its prospects and Users – based on the consent it has obtained from them – with comprehensive information regarding the processing of their personal data, and to maintain a record of processing activities that accurately reflects the actual situation. Whenever the website www.firn.com processes Personal Data, FIRN takes all reasonable measures to ensure that the Personal Data is accurate and relevant to the purposes for which the website www.firn.com processes it.
Data collected
The website www.firn.com may process all or part of the following data:
- Last name, first name, postal address, email address, phone number, order history;
- Login credentials;
- Payment information (via secure payment providers); and
- Skin types, concerns.
Most of the personal information we process comes directly from you, for example when you make a purchase, use our Services, or contact us (contact form, newsletter sign-up).
The personal data mentioned in this policy is generally required, unless otherwise specified. If you do not provide this information, we may not be able to grant you access to all or part of our products or Services, or enter into or perform a contract with you.
Purposes of processing and legal basis
FIRN collects your personal data for the following purposes:
| Purposes of processing | Legal basis |
|---|---|
| Creation and management of the customer account | Contract fulfilment |
| Order fulfilment (billing and delivery) | Contract fulfilment |
| Customer Communication | Consent |
| Marketing / personalisation of the user experience | Consent when required by law. |
| Security of the website | Legitimate interest |
| Fraud prevention | Legitimate interest |
| Audience analysis and UX improvement | Legitimate interest |
| Payment processing and execution | Contract fulfilment |
| Accounting and tax services | Legal requirement |
| Customising product recommendations | Consent |
| Tracking skincare routines | Legitimate interest |
Data retention period
Information regarding customers and prospects is retained for a maximum of three years from the date of collection, the last interaction, or the end of the business relationship, unless you exercise your right to object or request its deletion. After this period, we may contact you again to confirm whether you wish to continue receiving our marketing communications. Unless we receive an explicit and affirmative response from you, your data will be deleted or archived in accordance with applicable legal requirements.
Banking information, on the other hand, is deleted once the transaction is completed, or retained as evidence in accordance with legal requirements. However, with your explicit consent, it may be retained until your credit card expires. Under no circumstances do we store the visual cryptogram.
Data used for analytical or business statistical purposes may be retained for up to five years.
Finally, data used to establish the existence of a right or a contract, or data necessary to comply with a legal obligation, are archived in accordance with applicable regulatory requirements.
Recipient of the data:
We do not sell or rent your personal data to third parties for commercial purposes.
However, they may be shared, if necessary, with:
- Our authorised employees: strictly within the scope of their duties.
- Our service providers: carefully selected to handle, among other things, order processing, secure payments, customer service management, technical maintenance, marketing campaigns, fraud prevention, and statistical analysis. They use your data only to provide their services or to comply with the law.
Our external advisors, such as lawyers or auditors, when necessary to protect our legitimate interests or comply with our legal obligations. - Public authorities: if required by law or in connection with official investigations.
- Other third parties: in the event of a merger, acquisition, reorganisation, or sale of a business.
Right of access, rectification, and objection
In accordance with applicable European regulations, users of the website www.firn.com have the following rights:
- the right of access (Article 15 of the GDPR) and rectification (Article 16 of the GDPR), as well as the right to have Users’ data updated and made complete; the right to have Users’ personal data restricted or erased (Article 17 of the GDPR) when such data is inaccurate, incomplete, ambiguous, outdated, or where the collection, use, disclosure, or retention is prohibited
- the right to withdraw consent at any time (Article 13(2)(c) of the GDPR)
- the right to restrict the processing of User data (Article 18 of the GDPR)
- the right to object to the processing of Users' data (Article 21 of the GDPR)
- the right to data portability for data provided by Users, where such data is subject to automated processing based on their consent or on a contract (Article 20 of the GDPR)
- the right to determine the fate of Users’ data after their death and to choose whether www.firn.com should disclose such data to a third party previously designated by the User, in accordance with Article 85 of the amended Act of January 6, 1978.
As soon as FIRN becomes aware of a User’s death and in the absence of instructions from the User, FIRN undertakes to destroy the User’s data, unless retaining such data is necessary for evidential purposes or to comply with a legal obligation.
If the User wishes to know how the website www.firn.com uses their Personal Data, requests that it be corrected, or objects to its processing, the User may contact www.firn.com in writing at the following address:
FIRN
35 Rue de Courcelles
75008 Paris
Email: contact@firn.com
In this case, the User must specify the Personal Data that they would like www.firn.com to correct, update, or delete, and must provide proof of identity by submitting a copy of a valid form of ID (such as an ID card or passport).
Requests to delete Personal Data will be subject to the legal obligations imposed on www.firn.com, particularly with regard to the retention or archiving of documents. Finally, users of www.firn.com may file a complaint with the relevant regulatory authorities, including the CNIL.
Non-disclosure of personal data
FIRN undertakes not to process, host, or transfer the information collected about its users to a country located outside the European Union or deemed “inadequate” by the European Commission without first informing the user. However, FIRN remains free to choose its technical and commercial subcontractors, provided that they offer sufficient guarantees with regard to the requirements of the General Data Protection Regulation of 27 April 2016, No. 2016-679.
FIRN is committed to taking all necessary precautions to ensure the security of the Information and, in particular, to prevent it from being disclosed to unauthorised persons. However, if FIRN becomes aware of an incident that affects the integrity or confidentiality of the User’s Information, it must notify the User as soon as possible and inform the User of the corrective measures taken. Furthermore, FIRN does not collect any “sensitive data” as defined by the GDPR.
The User’s Personal Data may be processed by subsidiaries of www.firn.com and by subcontractors (service providers), solely for the purposes set out in this policy, where applicable.
Within the scope of their respective responsibilities and for the purposes outlined above, the primary individuals who may have access to the data of www.firn.com users are primarily employees of FIRN.
Incident reporting
No matter how much effort is made, no method of transmission over the Internet or electronic storage is completely secure. We cannot, therefore, guarantee absolute security. If we become aware of a security breach, we will notify the affected Users so that they can take appropriate action. Our incident reporting procedures take into account our legal obligations, whether at the national or European level. We are committed to keeping our Users fully informed about all matters related to the security of their accounts and to providing them with all the information they need to help them meet their own regulatory reporting obligations.
No personal information about users of the www.firn.com website is published without their knowledge, nor is it exchanged, transferred, disclosed, or sold to third parties in any form. Only in the event of the acquisition of the website www.firn.com and its associated rights would such information be transferred to the prospective purchaser, who would in turn be subject to the same obligations regarding the retention and modification of data with respect to the website’s Users.
Security
To ensure the security and confidentiality of Personal Data, FIRN uses networks protected by standard security measures such as firewalls, pseudonymisation, encryption and passwords.
When processing Personal Data, FIRN takes all reasonable measures to protect it against loss, misuse, unauthorised access, disclosure, alteration or destruction.
Cookie policy
Introduction
Our website,https://www.firn.com (hereinafter referred to as “the website”), uses cookies and other related technologies (for simplicity, all these technologies are referred to as “cookies”). Cookies are also placed by third parties engaged by us. In the document below, we outline the various purposes of these cookies and explain how to manage them.
What are cookies?
A cookie is a small, simple file sent along with the pages of this website and stored by your browser on the hard drive of your computer or other device. The information stored there may be sent back to our servers or to the servers of the relevant third parties during a subsequent visit.
What are scripts?
A script is a piece of code used to ensure that our website functions properly and interactively. This code runs on our server or on your device.
What is an invisible tag?
A hidden tag (or web beacon) is a small piece of text or an invisible image on a website used to track website traffic. To do this, various pieces of data about you are stored using invisible tags.
Cookies
Technical or functional cookies
Some cookies ensure that certain parts of the website function properly and that your user preferences are taken into account. By using functional cookies, we make it easier for you to browse our website. We may place these cookies without your consent.
Third-party analytics cookies
These cookies are used to analyse how the Website is used by collecting information about your browsing activity. This information is collected to track website traffic and compile statistics, with the aim of improving the quality of the services provided by the Website:
Social media cookies
These cookies are placed on the Website by third parties and allow you to follow us on our social media pages: Instagram, Facebook, TikTok.
Cookies and browsers
In addition, most browsers are configured by default to allow cookies. Your browser allows you to change these default settings, as well as to delete existing cookies stored on your device, or to receive a notification if new cookies are likely to be stored on your device. However, if you choose to disable cookies through your browser, you may no longer be able to access all the features we offer on the Website. For more information on cookie settings, please visit the following websites:
- The CNIL website: https://www.cnil.fr/fr/cookies-et-autres-traceurs/comment-se-proteger/maitriser-votre-navigateur
- For Internet Explorer™: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies
- For Safari™: http://support.apple.com/kb/ht1677?viewlocale=fr_FR
- For Chrome™: https://support.google.com/chrome/answer/95647?hl=fr
- For Firefox™: https://support.mozilla.org/fr/kb/activer-desactiver-cookies
- For Opera™: http://help.opera.com/Windows/10.20/fr/cookies.html
Consent
When you visit our website for the first time, we will display a pop-up window explaining how cookies work. By clicking “Save Preferences,” you consent to our use of the categories of cookies and extensions you selected in the pop-up window, as described in this Cookie Policy. You can disable cookies in your browser, but please note that our website may no longer function properly.
Your rights regarding personal data
You have the following rights regarding your personal data:
You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained.
- Right of access: You have the right to access the personal data we hold about you.
- Right to rectification: You have the right to supplement, correct, delete, or block your personal data at any time.
If you give us your consent to process your data, you have the right to withdraw that consent and request that your personal data be deleted.
- Right to data portability: you have the right to request all of your personal data from the data controller and to have it transferred in its entirety to another data controller.
- Right to object: You have the right to object to the processing of your data. We will comply, unless there are valid reasons not to do so.
To exercise these rights, please contact us. Please refer to the contact information at the bottom of this Cookie Policy. If you have a complaint about how we handle your data, we would like to hear from you, but you also have the right to file a complaint with the supervisory authority (the data protection authority, such as the CNIL).
Enabling/disabling and deleting cookies
You can use your web browser to delete cookies automatically or manually.
You can also specify that certain cookies cannot be placed. Another option is to change your web browser settings so that you receive a notification every time a cookie is placed. For more information about these options, see the instructions in your browser's Help section.
Please note that our website may not function properly if all cookies are disabled. If you delete cookies from your browser, they will be set again after you give your consent when you revisit our websites.
Contact details
If you have any questions or comments about our cookie policy and this statement, please contact us using the following contact details:
FIRN
35 Rue de Courcelles
75008 Paris
Email: contact@firn.com
