Privacy and Cookies Policy

PRIVACY AND COOKIES POLICY

 

1. INTRODUCTION

1.1.        The confidentiality of personal data is one of the main concerns within the company. As such, we want to ensure the highest standards of confidentiality and transparency regarding the personal data we process in our current business.

 

1.2.        Since in carrying out the activity it is necessary to process a series of personal data with predilection in relation to the specifics of our object of activity, we want to offer assurances that the processing will take place in compliance with the principles underlying the processing of personal data. This privacy policy is intended to help you understand what data we collect, why we collect it and what we do with it.

2. INFORMATION ON CONTROLLERSHIP

2.1.        The data controller of the personal data is DUPUYTRENSCO LLC, established in 296 Beauvoir Rd – Ste 100-281 – Biloxi, MS 39531, Mississippi, United States, registered with identification number 1371019 (hereinafter referred to as "Controller" or "Company").

 

2.2.        The Controller is in charge with the processing of personal data collected through the www.dupuytrensco.com website and the online systems. 

 

2.3.        The controller is required to manage safely and solely for specified purposes, the personal data that the users of the website are providing.

 

3. WHAT KIND OF DATA IS BEING PROCESSED, WHAT IS THE PURPOSE OF PROCESSING, THE STORAGE PERIOD AND THE LEGAL BASIS FOR PROCESSING FOR EACH CATEGORY OF DATA?

 

3.1. THE DATA IS BEING PROCESSED AS FOLLOWS:

3.1.1. For the purpose of purchasing products.

1. What data do we process?First name, last name, e-mail, phone number, country, city, state, full address, card details (number, name, date).
2. Storage period: Until the end of the general prescription period in which a consumer can claim a right regarding the delivered product or service, and statutory retention periods no longer require the receipt of the data.
3. Legal basis for processing: The processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

 

3.1.2. For the purpose of returning purchased products or solving a problem addressed to us through e-mail or contact form.

1. What data do we process? Name, surname, e-mail, telephone number, account number and name of the account holder, as well as other information provided by e-mail or on other platforms to describe the problem.
2. Storage period: Until the end of the general prescription period in which a consumer can claim a right regarding the delivered product or service, and statutory retention periods no longer require the receipt of the data.
3. Legal basis for processing: The processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

3.1.3. For internal purposes only, to carry out reports and surveys, create campaigns and dedicated activities, to respond to a request from public authorities, for complaints.

1. What data do we process? Country, town.
2. Storage period:These data are kept in the Company's archive without being associated with a natural person following the irreversible anonymization of personal data.
3. Legal basis for processing: The processing is necessary for the purposes of the legitimate interests pursued by the operator or a third party.

 

3.1.4. For marketing purposes:

3.1.4.1. For commercial purposes promoting products, offers and promotions.

1. What data do we process?Name, surname, email address, phone number.
2. Storage period:Data will be retained only as long as it is necessary for the intended marketing campaigns. However, data will be anonymized periodically if the data subject no longer reacts to commercial messages, if this was not previously requested.
3. Legal basis for processing: The processing is necessary for the purposes of the legitimate interests pursued by the operator or a third party.

 

3.1.4.2. For the purpose of subscribing to the Newsletter with the consent of the data subject.

1. What data do we process? Email address.
2. Storage period:The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored as long as the subscription to the newsletter is active. 
3. Legal basis for processing: The data subject has given his consent for the processing of his personal data for one or more specific purposes.

 

3.1.4.3. In order to carry out surveys to improve the quality of the services we offer, telephone calls may be recorded with the consent of the person concerned.

1. What data do we process? Voice of the subject.
2. Storage period: Recorded calls will be deleted within 30 days from the time of recording.
3. Legal basis for processing:The data subject has given his consent for the processing of his personal data for one or more specific purposes.

 

3.1.5.Photographs, videos or messages that can include personal data, received directly from the client and used as testimonials, journalistic, informational, commercial, marketing and promotion purposesof the products.

1. What data do we process?Image or voice of clients.
2. Storage period: Until the deletion request from the data subject or no more than 10 years from the moment of receiving them.
3. Legal basis for processing: The processing is necessary for the purposes of the legitimate interests pursued by the operator or a third party.

 

3.1.6. For the purpose of organising promotional campaigns and contests, as well as to ensure the sending of prizes.

1. What data do we process? Name, surname, e-mail, social media profile (if applicable), information included in comments in campaigns organised by the Organizer or in partnership with other partners.
2. Storage period: Until the end of the general prescription period in which a consumer can claim a right regarding the prize or campaign.
3. Legal basis for processing:The processing is necessary for the purposes of the legitimate interests pursued by the operator or a third party.

 

3.1.7. For the purpose of creating and accessing an account on thewww.dupuytrensco.com website.

1. What data do we process? Name, e-mail and the set of cryptographic hash values related to the password set by the user so that he can log into his account.
2. Storage period: We will store this data for as long as you have an account on the website or upon request of deleting your account.
3. Legal basis for processing:The processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract.

 

3.2         IN ADDITION TO THE AFOREMENTIONED PURPOSES, WE PROCESS THE PERSONAL DATA COLLECTED FOR THE FOLLOWING PURPOSES: 

1. For the fulfilment of legal obligations, as a result of the services provided (e.g. accounting, fiscal, audit, etc.), these are always compatible with the main purposes, for which the data was collected.
2. To the extent that the data subject has given their consent for the processing of their personal data for one or more specific purposes.
3. For any other purpose auxiliary to the above, or for any other purpose for which we have been provided with personal data, in compliance with the relevant legislation.
4. To protect our legitimate interests, overriding the interests or rights and fundamental freedoms of the data subject, taking into account their reasonable expectations based on the relationship with the operator:

• To conduct market research and analysis that helps improve and customize our products and services.
• For direct marketing purposes, to send communications of general interest or messages asking you to rate the quality of our services/products.
• To prevent or detect misuse of our intellectual property, fraud or other crimes.
• To ensure security, to resolve complaints related to fraud, criminal or contravention complaints, complaints related to the sale of products, cases where the Company needs to identify a client or to defend the company's rights in court.

 

3.3.        DATA RETENTION: We store your personal information for the duration required to offer the services you've asked for, meet legal requirements, settle disagreements, enforce agreements, and pursue legitimate and lawful business goals. The actual retention times can differ significantly depending on factors such as the type of data, the specific service, user consent, data sensitivity, the availability of automated data deletion controls, and our legal or contractual responsibilities. To illustrate, we might retain your personal information for extended periods, if necessary and in accordance with the law, to ensure security.

 

4. HOW ARE WE COLLECTING YOUR PERSONAL DATA?

4.1.        We collect your personal data either directly from you, for example, when you buy a product on our website, when you send an email to request an offer/information from us, you give your consent for the communication of commercial messages, etc., or indirectly, for example, when you transmit this information on the platforms of other collaborators of our company, in the process of purchasing a product.

For example, we may receive personal data from our clients, such as health-related information or other data that may be considered sensitive or special under applicable data protection laws. We are committed to protecting the confidentiality and security of this sensitive personal data. We will not use your sensitive personal data for any purpose other than what is explicitly disclosed in this Privacy Policy or as required by law. We do not provide medical or professional advice and recommend that you do not share sensitive personal data that you are uncomfortable disclosing. If you have any concerns or questions about the handling of your sensitive personal data, please contact us using the provided contact information.

 

4.2.        We collect your personal data automatically, when you use our services on the website we collect information through cookies and by logging your activity.

 

4.3.        If you choose to provide us with the personal data of other people, such as when you purchase products or services on behalf of others, you assume responsibility regarding the way in which you obtained this data and that you have a legal basis for processing it, we cannot be held responsible for violating the rights of the respective persons.

 

4.4.        The personal data of the data subject will be erased or restricted as soon as the purpose of its storage has been accomplished. Additional storage may occur if required by the data controller by virtue of a legal obligation.

5. HOW ARE WE STORING THE PERSONAL DATA? 

5.1.        Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

 

5.2.        Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall (for more details please click here: https://www.shopify.com/legal/privacy). We also use Bold for the checkout system (for more details please click here: https://boldcommerce.com/privacy-statement). 

 

5.3.        The website is hosted on GoDaddy. For more information on the host, please click here: https://uk.godaddy.com/help/firewall-server-locations-41650.

 

6. COOKIES

6.1.        Cookies are text files that are stored in the internet browser or the internet browser on the user’s computer system. If a user calls up a website, a cookie can be stored on the user’s operating system. These cookies contain a string of characters that allows the browser to be uniquely identified when the website is reopened. We use cookies to make our website more user-friendly. Some elements of our website require the calling browser to be identified even after a page break.

 

6.2.        The list below provides additional information about how we use different types of cookies:

• _session_id, unique token, sessional - Allows Shopify to store information about your session (referrer, landing page, etc).
• _shopify_visit, no data held - Persistent for 30 minutes from the last visit. Used by our website provider’s internal stats tracker to record the number of visits
• _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day. Counts the number of visits to a store by a single customer.
• cart, unique token, persistent for 2 weeks - Stores information about the contents of your cart.
• _secure_session_id, unique token, sessional
• storefront_digest, unique token, indefinite - If the shop has a password, this is used to determine if the current visitor has access.

 

6.3.        We use cookies to automatically log information about an individual's interactions with our services and communications, such as:

• Device information, such as computer or mobile device operating system type and version, IP address, unique identifiers and general location information such as city, state, or geographic area.
• Online activity information, such as pages or screens viewed, access times and duration of access, and whether individuals open our marketing emails or click links within them.

 

6.4.        We use both persistent cookies and session cookies. Persistent cookies stay on your device for a set period of time or until you delete them, while session cookies are deleted once you close your web browser. We use persistent cookies, for example, to record your choice of language and country location. The cookies placed through your use of our website are either set by us (first-party cookies) or by a third party at our request (third-party cookies).

 

6.5.       Cookie Types & Descriptions:

• Necessary. These cookies are necessary for you to interact with the Company's basic features. For example, they allow you to navigate the site, securely access important areas like your shopping cart, and more. Also, necessary cookies are used to maintain the website's security features.
• Customer Preferences. These cookies help us remember your actions so your site experience is tailored to your unique needs. This is how the site remembers items you viewed recently and makes certain interactions faster, like search. These cookies are also needed to preserve your preferences.
• Analytics. These cookies are designed to transmit data to our company with the purpose of analyzing customer behavior. This information allows us to gain insights from your interactions and enhance the website experience for all users. For instance, it helps us understand how users access information and identify the most valuable sections of the site. This data is instrumental in assessing site performance and functionality, enabling us to continually enhance and customize our services and offerings. We utilize Google Analytics to gather data on how users engage with our services, which we utilize to create reports revealing trends without identifying individual visitors. These insights aid in improving our services. The data they collect and cookies they may set are subject to their privacy policy and can be viewed here: https://policies.google.com/privacy. You can change your preferences about the adverts you see on Google by clicking here: www.google.com/settings/ads.
• Advertising. These cookies are needed to enable Wayfair advertisements published on our partners' websites to be tailored to your personal interests. These cookies track your browsing habits so that the advertisements you see are relevant to your needs.

6.6.        Third Party Cookies. Some web page can include content and services from other providers, which may also use cookies and active components. The Company has no control over how the personal data that may be collected by these providers are used. Please, inform yourself on the web pages of these services about the policy of collecting and processing your personal data.

 

6.7.        The User is informed that it will be understood that he grants his consent for the installation and use by the Company of cookies if he navigates through the website and does not configure his browser to avoid it. The User may refuse to accept cookies or withdraw their consent, activating the settings in their browser to reject cookies. However, this may affect the correct use and operation of the website, as well as implying that the user may not access certain parts of the website.

 

6.8.        How Can You Control the Use of Cookies?

Depending on where you access the services from, you may be presented with a cookie banner or other tool to provide permissions prior to non-necessary cookies being set. In this case, we only set these non-necessary cookies with your consent. You can also limit online tracking by:

• Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit https://www.allaboutcookies.org. 
• Blocking advertising ID use in your mobile settings. Your mobile device settings can provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
• Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers.

 

7.             USE OF COMPANY PRESENCE IN SOCIAL AND PROFESSIONAL NETWORKS

7.1.        We maintain a corporate presence on the following social networks: Youtube, Facebook, Instagram and Twitter.

 

7.2.        On our company profile we provide information and offer social and professional users the possibility of communication. If the User carries out an action on our social network company profile (e.g., comments, contributions, likes etc.), it is acknowledged that this action may make personal data (e.g., clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of the personal data by these companies, which is jointly responsible for the Company’s corporate presence, we cannot provide any binding information on the purpose and scope of the processing of the data.

 

7.3.        Our corporate profile in social networks is used for communication and information exchange with (potential) customers. We use the company's profile to provide Information about products and services.

 

7.4.        The User can object at any time to the processing of the personal data that we collect within the framework of using our social network corporate web profile and assert certain rights as a data subject.

 

8.               USAGE OF PLUGINS AND TOOLS

8.1.        We may utilize various c-party plugins, tools, or services on our website to enhance user experience and functionality. These may include, but are not limited to, analytics services, social media sharing buttons, advertising networks, and embedded content from external sources such as: Google Ads, Google Merchant, Bold, Klaviyo.

 

8.2.        These plugins and tools may collect data directly from your device or browser when you interact with them. Please note that the use of these third-party plugins and tools is subject to their respective privacy policies and terms of use.

 

8.3.        We would like to point out that data transfer without an adequacy decision entails certain risks. We recommend reviewing the privacy policies of these third-party providers to understand how they collect, use, and share your data. We do not control the data collected by these third-party plugins and tools, and we are not responsible for their practices.

 

9. 9. TO WHOM WE’RE DISCLOSING YOUR PERSONAL DATA?

9.1         In order to fulfill the processing purposes, the Operator discloses your personal data to partners, to third parties or entities that support the Operator in carrying out their activities, or to central/local public authorities, in the following examples listed:

1. a. To our service providers and contractual partners, for example: providers of marketing (including surveys) and advertising services; the IT service provider; courier services, payment services, banking services, payment services, ticket sales, etc. These data will be provided to the extent necessary and only under a confidentiality commitment from the contractual partners, guaranteeing that these data are kept safe and that their processing is done in accordance with the legislation in force;
2. b. To accountants, auditors, lawyers, insurers or other such external advisers. These data will be provided to the extent necessary and only under a confidentiality commitment from the contractual partners, guaranteeing that these data are kept safe and that their processing is done in accordance with the legislation in force;
3. c. Authorities, institutions and public bodies, if there is a legal request from them or to the extent there is a legal obligation from us;
4. d. The operator will be able to disclose this data whenever the law requires it, or in the situation where this step is necessary to allow the exercise of the rights provided by the law and/or to be able to take legal action against any illegal activity.

 

10. THIRD-PARTY SERVICES

10.1.      In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

 

10.2.      As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation.

 

10.3.      Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service. We recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

 

11. INTERNATIONAL DATA TRANSFERS

11.1.      The Company is headquartered in the United States, and we may transfer your personal information to our affiliates and service providers in both the United States and other jurisdictions. It's important to be aware that data protection laws in the United States and other jurisdictions may not offer the same level of comprehensive protection as the laws and regulations in your home country, or they may differ in other ways.

 

11.2.      When we engage in international data transfers, we take steps to ensure that appropriate safeguards are in place to provide adequate protection for your personal information. We also adhere to the relevant data protection laws. For instance, if our services are aimed at individuals in the European Economic Area, Switzerland, or the United Kingdom, we may rely on an adequacy decision from the EU Commission or the UK government, or we may use contractual measures to protect the transfer of personal data.

 

11.3.      If you are a resident of the European Economic Area (EEA), please be assured that we will handle your personal data in accordance with the General Data Protection Regulation (GDPR) and any other applicable data protection laws.

 

12. EUROPEAN DATA PROTECTION RIGHTS

12.1.      If you are located in the European Economic Area, we handle your personal data in compliance with applicable laws, and the processing of your personal data is subject to European Union data protection regulations. You possess specific rights regarding your data:

1. You have the right to information, to request access to, rectification or deletion of your personal data.
2. If any automated processing of your personal data relies on your consent or a contractual agreement, you have the right to obtain a usable and portable copy of the data.
3. If your data processing is based on your consent, you can withdraw your consent at any time, affecting future processing.
4. Under certain circumstances, you can object to the processing of your personal data or request limitations on its processing.
5. You have the right to file a complaint to a supervisory authority.
6. For residents of France, you have the option to provide specific instructions concerning the use of your data after your passing.

 

12.2.   To initiate such requests, please use the contact information provided at the end of this statement. In cases where we process data on behalf of another party please direct your requests to that party. We encourage you to reach out to us first with any questions or concerns. If you are not happy with our response to a request and if you are located in the EEA or UK, you also have the right to lodge a complaint with your local data protection or privacy authority at any time.

 

12.3.      We rely on various legal grounds for the collection and processing of your personal data. These may include obtaining your consent and/or processing data as necessary to provide the services you use, manage our business, fulfill contractual and legal obligations, safeguard our system's security and our customers, or meet other legitimate interests.

 

13. S. STATE DATA PRIVACY

13.1.       If you are a resident of the United States, we handle your personal data in line with the relevant U.S. state data privacy regulations, including the California Consumer Privacy Act (CCPA). This section of our Privacy Statement includes information mandated by the CCPA and other U.S. state data privacy laws, serving as an extension of our Privacy Statement.

1. Sale: We do not sell your personal data, which means we do not provide an option to opt out of the sale of personal data.
2. Share: We may "share" your personal data for targeted advertising purposes. You can choose not to share your data for cross-contextual advertising purposes and make additional privacy decisions on our marketing pages by managing your cookie p
3. Rights: You have the following rights regarding your personal data: (i) the right to know what personal data we collect, use, disclose, share, and sell, (ii) the right to have your personal data deleted, (iii) the right to correct your personal data, (iv) the right to limit the use and disclosure of your sensitive data, and (v) the right to opt out of future "sharing" of personal data for targeted advertising. You can make these requests on your own or through an authorized agent. If you have an account on the website, you must exercise your rights through the provided tools, requiring you to log in. If you have additional requests or questions after logging in, you can contact us using the contact details in the "Contact us" section, including through our web form. If you do not have an account, you can exercise your rights by contacting us as described above. We may request additional information to validate your request before honoring it. To submit a request based on these rights, you can also contact us via our contact form.
4. Opt-Out: You have the right to opt out of "sharing" information for cross-contextual behavioral advertising purposes and make additional privacy choices. We will not treat you unfairly if you choose to exercise your privacy rights.
5. California "Shine the Light" Law: Under California Civil Code Section 1798.83, California customers who have provided personal information for personal, family, or household purposes may inquire whether their information has been disclosed to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes as defined by this law. California customers seeking further information can email us at support@dupuytrensco.com.
6. Removal of Content by Minors: California residents under the age of 18 who are registered users of online sites, services, or applications have the right under California Business and Professions Code Section 22581 to remove or request the removal of content or information they have publicly posted. To do so, please submit a Private Information Removal request. If you wish to request the removal of specific content or information, please provide a detailed description of what you want to have removed. Please be aware that your request does not guarantee complete removal of content or information posted online, and the law may not mandate removal in certain circumstances.

 

14. 14. INFORMATION SECURITY

14.1       To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

 

14.2.      When you browse our store, we also automatically receive your computer’s internet protocol (IP and geographic location) address in order to provide us with information that helps us learn about your browser and operating system.

 

14.3.      We are working hard to protect our website, users, as well as all personal data collected in accordance with this Policy, from any unauthorized access or from the modification, unauthorized disclosure or destruction of the information we hold.

 

14.4.      The Controler guarantese that he has implemented technical and organizational measures appropriate to the processing activities they perform, in order to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access to, transmission, storage or processing in any other illegal ways.

 

 

 

14.5.      In this regard:

1. The Controller certifies that he meets the minimum requirements for the security of personal data, the data being processed in a way that provides protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures;
2. The used data storage systems have implemented back-up mechanisms to ensure the redundancy of the stored data.
3. We are regularly reviewing the practices for collecting, storing and processing information, including physical information, as well as security measures, to prevent unauthorized access to the systems.
4. We are restricting the access of our employees and contractors to your personal information, and the contractual relations with these persons are subject to strict rules regarding contractual confidentiality obligations, including under the sanction of termination of contracts.

 

15. 15. WHEN DOES THIS PRIVACY POLICY APPLY? 

15.1.      Our privacy policy applies to all services offered by our company and excludes services that have separate privacy policies and do not contain the provisions of this privacy policy.

 

16. 16. AMENDMENTS

16.1       We will post any privacy policy changes on our website and, if the changes are significant, we will provide more prominent notice (through one or more of the following methods: email notification of policy changes, a detailed notice on our website or requesting your consent before certain changes).

 

16.2.      If you do not agree with any changes to this Privacy Policy, you may choose to discontinue your use of our services and website. Your use of our services after the effective date of any changes indicates your acceptance of the revised Privacy Policy.

 

16.3.      We will also keep previous versions of this Privacy Policy on file for your review at any time.

 

16.4.      If you have questions or concerns about this Privacy Policy or our data practices, please contact us at support@dupuytrensco.com.

 

 

The most recent update of this policy was made onthe 15^nd of October 2023.