Français
English
Deutsch
Italiano
Español
The General Data Protection Regulation is a regulation implemented by the European Commission starting on May 25, 2018, for all companies operating in Europe. Below are some definitions that will help you understand Toutacoo’s commitments outlined below:
• Personal Data: refers to any information relating to an identified or identifiable natural person, directly or indirectly.
• DPO: The Data Protection Officer (DPO) is responsible for ensuring compliance with the European data protection regulation within the organization that has appointed them, concerning all processing carried out by that organization. Here, it refers to the company’s legal representative.
• Data Controller: The data controller is the legal entity or individual who determines the purposes and means of processing. In practice and generally, it refers to the legal entity represented by its legal representative. The data controller is the company Tissaya.
• For the sake of simplicity, the Société à actions simplifiées Tissaya, operator of the Toutacoo brand whose website toutacoo.com is its showcase, will hereinafter be referred to as "We" and "Toutacoo" (see the company’s legal information on the Terms & Conditions page).
To protect internet users from data leaks or misuse of personal data, companies are now required to inform visitors of all data processing carried out based on collected data. Like all e-merchants, we collect data about our visitors and work with several third-party providers who therefore have access to some of our data. These data are essential to provide you with the best possible experience on our site and to ensure your order is processed smoothly.
Where are Toutacoo’s servers located?
To ensure maximum sovereignty and remain a committed actor, Toutacoo’s website servers are located in France and hosted by Pulseheberg, a French player in the field. These servers contain our database necessary for the operation of the site. Information about customer accounts and your orders are stored there.
What data are processed by Toutacoo?
Toutacoo, as the data controller, collects and processes the following personal data:
Privacy Policy
| Personal Data Collected | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Data collected during order placement / account creation | |||
| • Email address • Last name • First name • Postal address • Phone number • Date of birth • Title |
To process your order and create your account | Contract performance (order) | 5 years for your order data |
| Consent (Account creation) | 3 years for your account, unless inactive for more than 2 years | ||
| Data collected via the "Contact Us" form | |||
| • Email address • Message content |
Management of the "Contact Us" form | Legitimate interest | 3 years |
| Data collected via the "Return" form | |||
| • Order number • Email address and/or tracking number |
To handle your return request | Legitimate interest | 3 years |
| Data collected via the "Guest Order Tracking" form | |||
| • Email address • Postal code |
To allow you to track your delivery | Legitimate interest | 3 years |
| Data collected when subscribing to the newsletter | |||
| • Email address | Send the newsletter upon your request | Consent | Data retained until withdrawal of consent or 3 years after our last contact |
| Offer you similar products to those already ordered | Legitimate interest | ||
| Data collected when browsing our site | |||
| IP address | Management of visitor browsing information | Legitimate interest | 3 years |
Cookies
| Domain | Cookie Name | Purpose |
|---|---|---|
| Mandatory Cookies (functional) | ||
| toutacoo.com | PHPSESSID | PHP session cookie associated with content included from the domain (manages sessions). |
| .toutacoo.com | PrestaShop-xxxxxxxxxxxxxxxxxxxxxxxxxxxxx | Cookie from the Prestashop e-commerce solution (French open-source). Links your session to your cart and account. |
| Mandatory Cookies (functional, depending on your purchase path) | ||
| www.paypal.com | _iidt cookie_check cookie_prefs d_id datadome ddi enforce_policy rmuc sc_f ts ts_c X-PP-ADS |
Functional cookies set by PayPal when you select this payment method. |
| Optional Cookies (Statistics) | ||
| .toutacoo.com | _ga_XXXXXXXXXX | Google Analytics cookie |
| .toutacoo.com | _ga | Google Analytics cookie |
Are my data safe with Toutacoo?
Toutacoo is committed to protecting your personal data. Only our authorized staff, trained in confidentiality rules, are involved in operating the site. In addition, Toutacoo implements appropriate technical and organizational measures to prevent the loss, misuse, alteration, and deletion of your personal data. These measures are adapted according to the sensitivity level of the processed data and the level of risk posed by the processing or its implementation. If a security breach concerning your data occurs, Toutacoo will notify the User within the timeframes and according to the procedures specified by the applicable legal and regulatory provisions. Regarding your passwords, they are stored encrypted and cannot be decrypted on our side. To best protect your account and data, you must use a secure password. We recommend following the official French government guidelines via cybermalveillance.gouv.fr: Password Security Practical Guide
Are payment details protected?
For credit card payments, we work with Crédit Agricole, a recognized French bank, and its online payment service Up2Pay, which guarantees the security of your data. At no time do we have access to your credit card number.
You can also use PayPal, a global online payment provider with all necessary certifications, available on their website.
With whom does Toutacoo share data?
Personal data collected on the https://www.toutacoo.com website are primarily intended for the company, but may also be shared with our partners and/or service providers (for example, our carriers to ensure delivery). Toutacoo ensures that all potential partners, providers, and subcontractors are subject to adequate personal data protection mechanisms in compliance with the GDPR. You can obtain the list of our partners by contacting serviceclients@toutacoo.com. We will respond as soon as possible.
Respecting your rights
Toutacoo is responsible for ensuring the proper application of the General Data Protection Regulation. We make sure that you can exercise the following rights under this regulation:
• Right of access and rectification of your data: You have the right to obtain from the data controller confirmation of whether or not personal data concerning you are being processed, and, where they are, the right to access them and/or have them rectified. (See Articles 15 and 16 of the GDPR.)
• Right to erasure of your data: In accordance with Article 17 of the GDPR, you have the right to request the deletion of your personal data without undue delay, for certain reasons/under certain conditions outlined in that article.
• Right to restriction of data processing: You have the right to request restriction of processing of your personal data in the cases provided for by Article 18 of the GDPR.
• Right to object to data processing: In accordance with Article 21 of the GDPR, you have the right to object to the processing of your personal data where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the controller demonstrates compelling legitimate grounds overriding your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims, especially where the data subject is a child.
• Right to data portability: You have the right to data portability, which allows you to receive the personal data you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller. The exercise of this right is subject to the conditions set out in Article 20 of the GDPR.
• Right to withdraw consent: In accordance with Article 7 of the GDPR, where processing is based on consent, you have the right to withdraw your consent at any time. This will terminate the processing of your data.
• Right to set post-mortem instructions: You may define instructions regarding the retention, deletion, and disclosure of your personal data after your death with a trusted third party, certified and responsible for ensuring the deceased’s wishes are respected in compliance with the applicable legal framework (Article 85 of Law No. 78-17 of January 6, 1978 on data processing, files, and freedoms). You may exercise your rights as follows: By sending your request to the following email address serviceclients@toutacoo.com or by mail, accompanied by a copy of an ID document, to Tissaya at the following address: 4 Rue Gutenberg 45500 Gien. You may also lodge a complaint with the CNIL.
Updates
To comply with regulatory changes and reflect our practices, Toutacoo reserves the right to modify this policy. We will publish changes on this page; we recommend checking our privacy policy regularly to stay informed of Toutacoo’s updates regarding your personal data.