Data Controller MONOLITH BOARD GAMES, a French Limited Liability Corporation (SARL) with a single shareholder, registered at the registry of Commerce of Paris under number 820 987 089, organized and existing under the laws of France, with a share capital of € 1 000 and having its registered offices at 153 boulevard Haussmann, 75008 Paris, FRANCE, (“MONOLITH BOARD GAMES”, “we”).
This Privacy Notice supplements the General Terms and Conditions of Use Terms of Service and the General Terms and Conditions of Sale Terms of Sales and explains how MONOLITH BOARD GAMES collects and handles your personal data. For the purposes of this Privacy Notice, “personal data” shall mean any information relating to the user (the ”User”, “you”).
- General principles regarding the collection and processing of data:
In accordance with the provisions of Article 5 of the European Regulation 2016-679, the collection and processing of website user data comply with the following principles:
Lawfulness, loyalty, and transparency: Personal data can only be collected and processed with the consent of the User who owns the data. Each time personal data are collected, the User is informed their data are collected and the reason(s) why they are collected,
Limited purposes: The collection and processing of personal data are carried out to meet one or more objectives determined in MONOLITH BOARD GAMES’ General Conditions of Use and the General Conditions of Sale,
Minimization of the collection and processing of data: Only the personal data necessary for the proper execution of the objectives pursued by www.monolithedition.com (the “Website”) are collected,
Retention of reduced data over time: Personal data are kept for a limited period, of which the User is informed. When this information cannot be communicated, the User is informed of the criteria used to determine the retention period,
Integrity and confidentiality of the personal data collected and processed: MONOLITH BOARD GAMES undertakes to guarantee the integrity and confidentiality of the collected personal data.
In accordance with the requirements of Article 6 of the European Regulation 2016-679, the collection and processing of personal data must comply with at least one of the conditions hereafter listed:
The User has expressly agreed to the collecting and processing of their personal data,
The processing is necessary for the proper performance of a contract,
The processing meets a legal obligation,
The processing is explained by a necessity linked to the safeguarding of the vital interests of the concerned person or of another natural person, The processing can be explained by a necessity linked to the performance of a task in the public interest or which comes under the exercise of public authority,
The processing and collection of personal data are necessary for the purposes of the legitimate and private interests pursued by MONOLITH BOARD GAMES or a third party.
- MONOLITH BOARD GAMES collects and processes the following personal data, which You voluntarily disclose when using our Website:
Your last name, first name, birth date, e-mail address, mailing address, and telephone number.
These personal data are collected when you purchase, pre-order, and/or sign up for our Newsletter.
When you leave a comment on our Website, the data entered in the comment form, but also your IP address and the user agent of your browser, are collected to help us detect unwanted comments, including but not limited to comments deemed illegal, obscene, threatening, defamatory, invasive of privacy, infringing of intellectual property rights (including publicity rights), or otherwise injurious to third parties or objectionable.
In addition, when paying on the Website, proof of the transaction, including the order form and invoice, will be kept in our computer systems.
MONOLITH BOARD GAMES will keep all the collected personal data in its computer systems and under reasonable security conditions for a period of six (6) years.
MONOLITH BOARD GAMES may share your personal data with, including but not limited to, third-party service providers (maintenance, storage, payment, logistics, marketing, etc.), our lawyers and accountants, auditors, government or regulatory authorities, tax authorities, and banks. In addition, we may transfer your personal data, in compliance with a legal obligation, outside the European Economic Area (EEA), to countries not offering a level of protection of personal data equivalent to that provided within the EEA, such as the USA, Canada, etc. In the absence of an adequacy decision of the European Commission, the transfer of your personal data will be made according to the standard contractual clauses adopted by the European Commission or any other legal protection mechanism under applicable laws and regulations.
- Transmission of User’s creations as images
If you use our contact form to transmit images for posting on our site, we advise you to avoid transmitting images containing EXIF data of GPS coordinates. People visiting your site can download and extract location data from these images.
- User’s rights
In accordance with the regulations regarding the processing of personal data, you have the following rights:
Withdrawal of consent: You can withdraw at any time your consent in respect of any processing of personal data based on your consent, without affecting the lawfulness of processing based on your consent before its withdrawal.
Access: You can request to confirm whether we process your personal data and inform you of the characteristics of such processing, allow you to access such data, and give you a copy of such.
Rectification: You can request that we rectify or complete personal data.
Erasure: You can request that we erase your personal data in the following cases: where they are no longer necessary for the purposes for which they were collected; you withdraw your consent; you object to the processing of your personal data; Your personal data have been unlawfully processed; or to comply with a legal obligation. We are not required to comply with your request if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
Restriction: You can request that we restrict the processing of your personal data (i.e., keep but not use your personal data) where the accuracy of your personal data is contested; the processing is unlawful, but you do not want them erased; it is still necessary to establish, exercise or defend legal claims; to verify the existence overriding grounds following the exercise of your right of objection. We can continue to use your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
Portability: You can request that we provide you with your personal data in a structured, commonly used, machine-readable format, or you can request to have them directly ‘ported’ to another data controller, but only where the processing is based on your consent or on the performance of a contract with you, and the processing is carried out by automated means
Digital legacy: You have the right to define (general or specific) directives regarding the fate of your personal data after your death..
Objection to phone solicitation: When you provide your phone number but do not wish to receive commercial phone calls, you can register on the opt-out list “Bloctel” at www.bloctel.gouv.fr.
Right to object to processing justified on legitimate interest grounds: Where we rely upon legitimate interest to process personal data, you have the right to object to that processing. If you object, we must stop such processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or where we need to process the data for establishing, exercising, or defending legal claims.
Right to object to processing for marketing purposes: Where we process personal data for direct marketing purposes, you have the right to object to that processing at any time.
You also have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes applicable laws. The supervisory authority for the protection of personal data in France is the CNIL (www.cnil.fr).
All requests must be sent to support@monolithedition.com
MONOLITH BOARD GAMES shall comply with or respond to User’s request within thirty (30) days.
- Security of your personal data
MONOLITH BOARD GAMES shall keep your personal data secure and has implemented appropriate information security policies, rules, and technical measures to protect them from unauthorized access, improper use or disclosure, unauthorized modification, and unlawful destruction or accidental loss.
MONOLITH BOARD GAMES partners, employees, consultants, workers, and data processors, who have access to and are associated with personal data processing, shall comply with all implemented security measures relating to your personal data.
- Modification of this Privacy Notice
MONOLITH BOARD GAMES may modify this Privacy Notice to comply with new requirements imposed by the applicable laws, technical requirements, or good commercial practices without prior notification. Consequently, please regularly read this Privacy Policy to keep informed of the latest changes that may be made to it.
As this Privacy Notice may be subject to change, the applicable Privacy Notice is the one in effect at the time you access the Website.
- Contact
For further information regarding your rights or if you have any questions regarding processing your personal data, please get in touch with support@monolithedition.com
