menuMenu
contact
Contact us!Contact
basket
basket
My basketBasket
An extra -20% on City jackets, sweatshirts and fleeces CODE: JACKET20 Shop now!
gift
Free gift with all orders above £150.00
Our privacy policy

PRIVACY POLICY REGARDING CUSTOMERS/PROSPECTS

1. RECITALS

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on their free movement, otherwise known as the General Data Protection Regulation (hereinafter GDPR) sets out the legal framework applicable to the processing of personal data. 
The GDPR reinforces the rights and obligations of data processors, data controllers, data subjects and data recipients.

As part of its business, SNOWLEADER is required to process personal data of its customers and prospects. 
For a clear understanding of this policy, it is stated that: 
- the 'data controller’, i.e. SNOWLEADER

- the ‘processor': refers to any natural or legal person who processes personal data on behalf of SNOWLEADER

- the 'concerned persons': refers to customers and/or prospective customers of SNOWLEADER

- the ‘recipients': refers to natural or legal persons who receive personal data from SNOWLEADER

The recipients of the data may therefore be SNOWLEADER employees as well as external organisations (partners, banks, IT service providers, etc.)
Article 12 of the GDPR requires that data subjects be informed of their rights in a concise, transparent, comprehensible and easily accessible manner.

2. PURPOSE

The purpose of this policy is to meet SNOWLEADER's obligation to provide information and to formalise the rights and obligations of SNOWLEADER's customers and prospects with regard to the processing of their personal data.

3. SCOPE

This policy is to be applied within the framework of the implementation of all processing of personal data relating to customers and/or prospects of SNOWLEADER. 
SNOWLEADER does its utmost for data to be processed under a precise internal governance. This policy applies only to processing for which SNOWLEADER is the controller and therefore does not apply to processing that would be created or operated outside the rules of governance set by SNOWLEADER (processing known as ‘wild' or shadow IT).
The processing of personal data may be managed directly by SNOWLEADER or through a subcontractor specifically appointed by SNOWLEADER. 
This policy is unrelated to any other document that may apply within the contractual relationship between SNOWLEADER and customers and prospects.

4. GENERAL PRINCIPLES & DATA COLLECTION

No processing is carried out by SNOWLEADER regarding customer and prospects data if it does not concern personal data collected by or for its services or processed in relation to its services and if it does not comply with the general principles of the GDPR. 
SNOWLEADER may use it in the following ways:

 

Games & prize draws  Any game intended or not intended to win a prize for Snowleader's customers or prospects. It may be carried out online or offline. Directly by SNOWLEADER or its partners. The data collected are generally those necessary for the identification of participants and the granting of prizes.
Push media

Any commercial action, commercial follow-up. Marketing, generally by e-mail, SMS, telephone, etc. Data is collected on an opt-in or opt-out basis, depending on use. 

Events

Physical events organized by SNOWLEADER or in which SNOWLEADER participates or sponsors. The data is generally collected at the time of registration for the event (directly or via a partner) or during the event itself (newsletter, survey, business card, dedicated mobile applications, etc.). 

Social media

Any social selling operation, in particular the gathering of data relating to registrations, posts, likes, replies and forwards, comments, reviews, etc. 

Communities

 

Any social gathering organized by SNOWLEADER or on its behalf and dedicated to it. 

 

This list is intended to be as exhaustive as possible. Any new case of use, modification or deletion of an existing processing operation will be brought to the attention of customers and prospects by an amendment to this policy. 

5. TYPES OF DATA COLLECTED

 

NON-TECHNICAL DATA 

Identification data (last name, first name, etc.)

Contact details (postal address, e-mail address, telephone number, etc.)

Personal and/or professional life, when necessary (civil status, professional status)

Economic and financial information (bank details, etc.)

Transaction data (shopping basket, amount and date of transactions, etc.)

Photograph/image

TECHNICAL DATA 

Connection data (IP address, logs, etc.) 
Browsing data (cookies, tracers, audience measurement, clicks, etc.)

 

6. DATA ORIGINS

Data relating to customers or prospects is generally collected directly from them (direct collection) by Snowleader.
Data may also be collected indirectly:

- via specialised companies (purchase or rental of base) or via Snowleader's partners and suppliers. In this case, SNOWLEADER takes great care to ensure the quality of the data it receives

- via sponsorship. In this case, the sponsor ensures that they can communicate the person's data to SNOWLEADER

7. PURPOSES AND LEGAL BASES

Depending on the case, SNOWLEADER processes your data for the following purposes and on the following legal bases:

Purpose Comments Legal framework
Pre-contractual exchanges SNOWLEADER processes the data of individuals who interact with it before the signing of a contract. - Execution of pre-contractual measures 
Contract and contract follow-up SNOWLEADER processes the data of its customers in the context of monitoring contractual relations (eg. online shopping). - Execution of contractual measures 
Invoicing, payment and bookkeeping SNOWLEADER processes the data of its customers as part of the billing and payment of orders placed.  - Execution of contractual measures 
Management of customer and prospect directory SNOWLEADER maintains a directory of its customers and prospects.  - Legitimate interest 
Organisation of events SNOWLEADER processes the data of its customers and prospects when it invites them to events that it organizes.  - Legitimate interest 
Sending newsletters and managing requests to unsubscribe SNOWLEADER sends its customers and prospects newsletters to which they can unsubscribe. 

- Legitimate interest (customers)

- Consent (prospects)

Service improvement and satisfaction surveys SNOWLEADER may process the data of its customers and prospects in order to improve its services, including through customer satisfaction surveys.  - Legitimate interest 
Behavioural analysis and audience measurement SNOWLEADER may process data to analyse the behavior of its customers and prospects and monitor their online activity.  - Legitimate interest or consent where necessary 
Community management SNOWLEADER collects and processes the data of its customers and prospects in order to maintain its communities on the Internet, particularly on social media.  - Legitimate interest 
Video surveillance   Certain specific areas of SNOWLEADER's offices and shops are subject to video surveillance.  - Legitimate interest 
Production of statistics  SNOWLEADER is likely to make statistics regarding the data of its customers and prospects.  - Legitimate interest 

8. DATA RECIPIENTS - AUTHORISATION & TRACEABILITY

SNOWLEADER ensures that the data is only accessible to authorised internal or external recipients.

Internal recipients  External recipients 

- authorised personnel in the marketing department, sales department, departments responsible for customer relations and canvassing, administrative departments, logistics and IT departments and their line managers


- authorised staff in the departments responsible for auditing (statutory auditors, departments responsible for internal audit procedures, etc.)

 

- partners (including payment management partners), external companies or subsidiaries of the same group of companies


- organisations, court officers and public officials, as part of their debt collection duties


- authorised staff of subcontractors

 

The recipients of customer and prospective customer personal data within SNOWLEADER are subject to an obligation of confidentiality. 
SNOWLEADER decides which recipient may have access to which data according to an authorisation policy. 
All access to processing of personal data of customers and prospects is subject to a traceability measure. 
Personal data may also be communicated to any authority legally authorised to have access thereto. In this case, SNOWLEADER is not responsible for the conditions under which the staff of these authorities have access and use the data.

9. STORAGE PERIOD

The duration of data storage is defined by SNOWLEADER with regard to the legal and contractual constraints imposed on it and, if not, according to its needs and in particular according to the following principles:

Processing Storage period 

Contracts with customers 

5 years from the date of signing.
10 years for contracts over 120 euros signed electronically.

Commercial correspondence (order slips, delivery notes, invoices, etc.) 

10 years from the end of the financial year. 

Data processed for marketing purposes 

For customers: 3 years from the end of the commercial relationship (from the end of a contract) or from the last contact from the customer.
For prospects: 3 years from the date of collection or the last contact from the prospect (documentation request, clicking on a link in an email, etc.).

Images from video surveillance cameras 

For a maximum period of one month. 

Access to buildings 

For a maximum period of one month. 

Technical data 

1 year from the date of collection. 

Bank details 

Deleted as soon as the transaction is completed, unless the customer expressly agrees.

If the transaction is disputed: storage for 13 months following the debit date.

 

After the set deadlines, the data is either deleted or kept after being anonymised, in particular for statistical purposes. It may be kept for pre-litigation and litigation purposes.
Customers and prospects are reminded that deletion or anonymisation are irreversible operations and that SNOWLEADER is no longer able to restore them.

10. RIGHT OF CONFIRMATION AND RIGHT OF ACCESS

Customers and prospects have the right to ask SNOWLEADER to confirm whether or not data concerning them are processed. 
Customers and prospects also have a right of access, which is subject to compliance with the following rules:

- the request must come from the individual themselves

- be made in writing to the following address Snowleader, 4 Allée du Parmelan 74370 EPAGNY METZ TESSY or to the following email address, [email protected]


Customers and prospects have the right to request a copy of their personal data being processed from Snowleader. However, should a request for an additional copy be made, SNOWLEADER may require customers and prospects to bear the cost of this.
If customers and prospects submit their request for a copy of the data via email, the information requested will be provided in a commonly used electronic form, unless requested otherwise. 
Customers and prospective customers are informed that this right of access may not relate to information or data that is confidential or for which communication is not authorised by law. 
The right of access must not be applied in an abusive fashion, i.e. on a regular basis with the sole aim of disrupting the department concerned.

11. UPDATES AND CORRECTIONS

SNOWLEADER fulfils update requests:

- automatically for online modifications to fields which, technically or legally, can be updated

- upon written request from the user, who may be required to provide identification

12. RIGHT TO ERASURE

SNOWLEADER fulfils update requests:

- automatically for online modifications to fields which, technically or legally, can be updated

- upon written request from the user, who may be required to provide identification

13. RIGHT TO LIMITATION

Customers and prospects are informed that this right is not intended to apply insofar as the treatment operated by SNOWLEADER is lawful and that all personal data collected are necessary for the execution of the business contract. 

14. RIGHT TO DATA PROCESSING

SNOWLEADER gives the right to data processing in the particular case of data communicated by customers or prospects themselves, on online services offered by SNOWLEADER itself and for purposes based solely on the consent of individuals. In this case, the data will be communicated in a structured, commonly used and computer-readable format. 

15. AUTOMATED INDIVIDUAL DECISION

SNOWLEADER does not make individual automated decisions.

16. POST MORTEM RIGHTS

Customers and prospects are informed that they have the right to give instructions regarding the conservation, deletion and disclosure of their post-mortem data. Any specific post-mortem directives and the exercise of their rights may be submitted in writing to Snowleader, 4 Allée du Parmelan 74370 EPAGNY METZ TESSY or via e-mail to [email protected].

17. OPTIONAL OR COMPULSORY NATURE OF RESPONSES

Customers and prospects are informed on each personal data collection form whether responses are compulsory or optional by means of an asterisk. 
If answers are compulsory, SNOWLEADER shall explain to customers and prospects the consequences of a lack of response.

18. RIGHT OF USE

SNOWLEADER is granted by customers and prospects a right to use and process their personal data for the purposes set out above. 

However, the enhanced data, which are the result of processing and analytical work by Snowleader, remain the exclusive property of SNOWLEADER (analysis of use, statistics, etc.).

19. OUTSOURCING

SNOWLEADER informs its customers and prospects that it may involve any subcontractor of its choice in the processing of their personal data.

In this case, SNOWLEADER ensures that the subcontractors complies with its obligations under the GDPR. 

SNOWLEADER agrees to sign with all its subcontractors a written contract. SNOWLEADER also reserves the right to audit its subcontractors to ensure compliance with the GDPR.

20. SECURITY

It is the responsibility of SNOWLEADER to define and implement the technical, physical or logical security measures it deems appropriate to protect against the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of data.

These measures mainly include:

- management of access rights to data

- the use of a security protocol or solutions

21. DATA BREACH

In case of breach of personal data, SNOWLEADER will notify the CNIL, French Data Protection Agency, under the conditions prescribed by the GDPR. 
If the breach poses a high risk to customers and prospects and the data has not been protected, SNOWLEADER:

- will notify the customers and prospects concerned

- will provide the customers and prospects concerned with the necessary information and recommendations

22. CONTACT

If customers or prospective customers wish to obtain information or ask a specific question, they can do so by using the following contact details:  

- E-mail address: [email protected] 

- Tel: 08724 429028

In the event of a problem with the processing of personal data, customers and prospects may also contact Snowleader via the aforementioned contact details.

23. DATA PROCESSING REGISTER

As data controller, Snowleader undertakes to keep an up-to-date register of all processing activities carried out.
This register is a document or software that allows to list all the processing carried out by Snowleader, as data controller.
SNOWLEADER undertakes to provide to the supervisory authority, upon first request, the information enabling the said authority to verify the compliance of the processing with the applicable data protection regulations.

24. RIGHT TO LODGE A COMPLAINT WITH THE CNIL

Customers and prospects who wish to complain about the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely the CNIL, French Data Protection Agency, in France, if they consider that the processing of their personal data does not comply with European data protection regulations, at the following address: 
CNIL - Complaint Department
3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 
Tel: 01 53 73 22 22

25. EVOLUTION

The present policy may be amended or modified at any time in case of legal or jurisprudential evolution, decisions and recommendations of the CNIL or practices.
Any new version of the present policy will be brought to the attention of customers and prospects by any means defined by Snowleader, including electronic means (via e-mail or online for example).

26. FOR FURTHER INFORMATION

For further information, please contact the following departments: [email protected]
For any other general information on the protection of personal data, please consult the CNIL website www.cnil.fr