This section is dedicated to our Privacy Policy. It helps you to know more about the origin and use of browsing information processed when you visit our site, and your rights as required by the data protection laws in force in the countries where we operate, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") implemented on May 25, 2018

This Policy is therefore important for you if you wish to have a positive and secure experience of our Services. It is also important for us, since we wish to accurately and fully answer your questions about your experience on our site, and take your wishes into account.

1 - Nature of personal data collected

JRSA collects the following categories of data directly or indirectly: - Identity and contact information (including username, password, surname, first name, date of birth, e-mail addresses, usual place of residence, delivery address, phone number) that users may provide to JRSA as part of any message sent to the Site via the “My Account” and “Contact” sections, or when you make an online purchase; - Demographic information such as your gender and date of birth; - Payment information such as: bank account number, credit card number, PayPal account information;

- Technical information such as the IP address and cookies related to browsing our websites, for connection and identification of your country/city through geolocation.

2 - For what purposes is the data used?

The data allows JRSA to: - Process the order placed by the user on our site and prevent fraud attempts with regard to the means of payment online; - Directly or indirectly identify and understand the users and send them newsletters; - Process user requests manage complaints, answer questions; - Use this data in relation to direct marketing operations by sending to the customer by any medium whatsoever and in particular by e-mail, information on similar products or services, or information on complementary products or services offered by Atelier JR.

When the user provides personal data, he undertakes to respond to the questions asked as well as to provide JRSA with information that is full, accurate, up-to-date and not prejudicial to the interests or rights of third parties.

3 - Consent

No personal data is collected without the consent of the users. The optional or mandatory nature of the information that must be provided to JRSA as part of the data collection performed on the Site will be previously indicated to users. The latter are in no way obliged to transmit personal data to JRSA.

4 - Identity of the person in charge of the processing of personal data

JRSA is responsible for the collection and processing of personal data on the Site.

5 - Recipient(s) of personal data

JRSA is the sole recipient of the personal data collected on the Site. JRSA only transmits your personal data to a third party when: - You have given us your prior consent for the sharing of this information; - JRSA must share this information with third parties to provide you with the service you requested, or to operate our website, including service providers for maintenance, security, technical support, hosting and payment services; - JRSA is called upon by a judicial authority or any other administrative authority to communicate the information;

- JRSA may send your financial information to an external service provider with an online fraud detection tool to authenticate a payment.

6 - Transfer of data abroad

When some of your data is transferred abroad to countries that do not guarantee the same level of protection as the European Union, data transfer agreements are signed that comply with applicable laws and regulations.

7 - Data retention period

Your data is only kept for the period necessary to accomplish the purposes described above, or for the period of retention authorised by law: - 3 years from the last contact with JRSA if you are a prospect (i.e. if you have not made any purchases from JRSA but are interested in JRSA’s news and updates); - 10 years from the end of the business relationship.

You can send an e-mail to JRSA to request the deletion of your personal data, only from the time of processing your order in the event of an online purchase.

All phases of payment by credit card between you and Atelier JR via Verona Paybox are fully encrypted and protected (the protocol used is SSL coupled with the online payment system). This means that the information related to the order and the credit card number will not circulate in decrypted form on the Internet. More concretely : o The credit card number is not printed on any paper, invoice, slip or other listing, o Atelier JR does not retain any credit card numbers, o Verifies Paybox does not retain card numbers after submitting the payment transaction.

Thus, no person has access to the credit card details of the buyers, either in electronic or in printed form. There is absolutely no risk of having one’s credit card “hacked” when making a purchase on a website with Paybox.

Important: You are in secure mode when making a payment online: a closed padlock appears at the bottom of the browser window and at the beginning of the address you can see “https://www” (the “S” which follows “http” indicates that the communication is secure).

8 - User rights

Each user: - has the right of access and information on how their personal data is processed, namely the purposes of the processing, the categories of data processed, the categories of recipients, the retention period of your data; - has the right to obtain a copy of their personal information in our possession. The user may recover the data provided on our site at any time. Go to the “My Account” tab and click on “Export my data” to automatically download a copy of your personal data as a pdf or csv file. - has the right to rectify, supplement or update their personal data; - has the right to object to the processing of their personal data, especially for purposes of direct marketing; - has the right to restrict the processing of their personal data;; - has the right to data portability of their personal data;

- has the right to delete their personal data.

To exercise these rights, the user can contact JRSA by sending an e-mail to the following address:

The user can also make a complaint to a supervisory authority, such as the CNIL for France, in case of violation of these rights.

When the processing of the user's data is based on consent, this consent may be withdrawn without affecting the legitimacy of the processing operations performed prior to the withdrawal of this consent.

9 - Data protection

JRSA has implemented security measures to protect the personal data provided by the user against unauthorised access and use.

Since the Internet is not entirely secure, JRSA cannot guarantee that the users’ personal data that is stored or transmitted will be totally secure.