The website cara-shanti.com is owned and managed by the sole proprietorship Caroline Bricout EI.

MODIFICATIONS AND LEGAL NOTICES

This site is normally accessible to users at any time.

However, an interruption for technical maintenance may be decided by Caroline Bricout EI, who will make an effort to communicate the dates and times of the intervention to the users in advance.

The site is regularly updated. Similarly, the legal notices may be modified at any time. Nevertheless, they are binding on the user, who is invited to refer to them as often as possible to become aware of any changes.

DESCRIPTION OF SERVICES PROVIDED

The purpose of the site is to share the experience and services of Caroline Bricout EI in the field of yoga therapy.

All information provided on the site is for informational purposes only and is subject to change.

Furthermore, the information on the site is not exhaustive and is subject to modifications that may have been made since its publication.

LIMITATIONS ON TECHNICAL DATA

The website uses WordPress technology. The website cannot be held responsible for any material damages resulting from the use of the site.

In addition, the user of the site agrees to access the site using up-to-date equipment that is free from viruses and with an updated web browser.

LIMITATIONS AND LIABILITY

Caroline Bricout EI cannot be held responsible for direct or indirect damages caused to the user’s equipment when accessing the cara-shanti.com site.

Caroline Bricout EI also cannot be held responsible for indirect damages resulting from the use of the site.

INTELLECTUAL PROPERTY

Neither the content nor the brand may be used, reproduced, duplicated, copied, sold, resold, made accessible, modified, or exploited in any other way, in whole or in part, for any purpose, without our prior written consent.

PRIVACY POLICY

Caroline Bricout EI is the data controller for the data collected on this website. You can contact her by email at [email protected] for any questions regarding this privacy policy.

Caroline Bricout EI is a sole proprietorship that offers therapeutic services related to the world of yoga.

This privacy policy documents the privacy policy of Caroline Bricout EI as the data controller, i.e., for the processing activities for which Caroline Bricout EI determines the purposes and means of processing.

What personal data is collected about users of this website? Users can provide their personal data to Caroline Bricout EI via this website by browsing the site (pop-up window), submitting a request through the contact form, or placing an order (on this website or in-store).

For each contact request, Caroline Bricout EI collects the following information:

  • Name
  • First name
  • Email address
  • Subject
  • Message

During browsing, our server stores logs (events executed by a server or computer application). This mainly consists of retrieving your IP address and the history of your requests (such as a page visit, for example).

Why does Caroline Bricout EI collect and use this personal data?

Browsing: Caroline Bricout EI stores server logs for the purpose of detecting intrusion attempts and anomalies in order to ensure the security of the computer system.

Contact Form:

The information provided by the user through the contact form is only used to respond to the user’s request. The personal data may also be used to send mailings on topics related to the user’s request (new product, promotion, etc.).

Pop-Up Window:

Caroline Bricout EI uses the Omnisend application on WordPress to create a pop-up window that aims to collect the emails of users interested in our promotions. We only collect the user’s email address if they explicitly consent to its use for marketing purposes. It is possible to unsubscribe from this newsletter at any time

Order on the website

For the purpose of order tracking, we request customers to provide us with their email address, first name, last name, and telephone number. This information is solely used for communication and scheduling of the ordered service.

Personal data will only be used for these purposes.

How Caroline Bricout EI collects these personal data?

Caroline Bricout EI collects data from users through various sources of information:

  • The user sends an email to [email protected]
  • The user sends an email to [email protected]
  • The user submits a message via the contact form
  • The user submits their email address in a pop-up window.
  • Cookies
  • Server logs

Who processes users’ personal data

The administrative controller of Cara Shanti, WordPress (hosting and content management system company, subcontractor), and Caroline Bricout EI (content manager of this site, subcontractor) are the recipients of the server logs for the purpose described above. Access to the logging system is secure and regulated. WordPress is a subcontractor and guarantees that all technical and organizational measures are in place to protect the data as required by the General Data Protection Regulation (GDPR), which replaces Directive 95/46/EC.

How Caroline Bricout EI collects and retains proof of user consent?

Each user is clearly informed of the uses that can be made of their personal data at the time they provide it, as described in this privacy policy.

Consent is requested for the pop-up window.

How long Caroline Bricout EI retains users’ personal data and what is the legal basis

Navigation

Server logs are stored for a period of 6 months. The storage of these logs is legal if the user is well-informed about it.

Contact Form and Pop-up

Personal data collected through the contact form is only processed for the time necessary to respond to the user’s inquiry. Therefore, the retention period of the information varies and depends on the complexity of the request. When a user submits the contact form, they can legitimately expect to receive a response from us.

If the request is commercial or for data collected through the pop-up window, with the prospect’s consent, Caroline Bricout EI retains the data for 3 years after the last contact, based on the recommendations of competent authorities and the explicit consent of the prospect. Please note that it is possible to unsubscribe from our email list at any time by following a link in the email or by contacting us via email.

Rights of the data subjects

In accordance with the General Data Protection Regulation (GDPR), users have the following rights regarding the data collected by Caroline Bricout:

  • Right of access
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restriction of processing
  • Right to data portability

For any request concerning these rights, users can send an email to [email protected] with the subject of their request. Caroline Bricout EI will respond to the request related to the listed rights within one calendar month after receiving the request. If Caroline Bricout EI receives numerous or complex requests, the response time may be extended for an additional maximum of 2 months.

For security purposes, for each request related to these rights, Caroline Bricout will verify the identity of the person submitting the request. To do so, the data subject will be asked to perform one of the following actions:

  • Send a copy of an official document (ID card, passport) and a copy of a service invoice (phone, electricity, etc.) clearly stating the name and address of the data subject.
  • Call Caroline Bricout, who will conduct a strict telephone verification by comparing the user’s responses with the information they have.

Caroline Bricout will only respond to the request after positive identification.

Subcontractors

Caroline Bricout EI does not share personal data with other companies, except for the identified subcontractors. During the recruitment process, the subcontractors for the personal data of candidates are:

WordPress

Caroline Bricout EI

As subcontractors, they guarantee that they have implemented all necessary technical and organizational measures to protect the data as required by the General Data Protection Regulation (GDPR), which replaces Directive 95/46/EC.

Definitions

  • Data Controller

“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

GDPR, Art. 4(7)

  • Data Processor

“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

GDPR, Art. 4(8)

  • Processing

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

GDPR, Art. 4(2)

Personal Data

“personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Source: GDPR, Rec. 26; Art. 4(1)

  • Sensitive Personal Data

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

Source: GDPR, Rec. 10, 34, 35, 51; Art. 9(1)

Reference Document

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [link: http://eur-lex.europa.eu/eli/reg/2016/679/oj]

HYPERLINKS AND COOKIES

The website contains a number of hypertext links to other websites, which have been authorized by Caroline Bricout EI. However, Caroline Bricout EI does not have the ability to verify the content of these visited websites and therefore assumes no responsibility for them.

Browsing the website may result in the installation of cookie(s) on the user’s computer.

A cookie is a small file that does not identify the user but records information about the computer’s navigation on a website.

The data obtained through cookies aims to facilitate subsequent navigation on the website and also serves various measurement purposes.

Refusing the installation of a cookie may result in the inability to access certain services. However, users can configure their computer as follows to refuse the installation of cookies:

  • In Internet Explorer: go to the Tools menu / Internet Options. Click on Privacy and choose Block All Cookies. Confirm by clicking OK.
  • In Netscape: go to the Edit menu / Preferences. Click on Advanced and choose Disable Cookies. Confirm by clicking OK.

APPLICABLE LAW AND JURISDICTION

Competent authorities for privacy protection

Commission for Data Protection

3 Place de Fontenoy

TSA 80715

75334 PARIS CEDEX 07

France

Phone: +33 (0)1 53 73 22 22

https://www.cnil.fr/

LEGAL NOTICE

Here are the legal information and contact details of the publisher:

Name & legal form: Caroline Bricout EI

Headquarters: 17, Rue Jean Moulin. 69300 Caluire et Cuire. France

Content Manager: Caroline Bricout

Email: [email protected]

Siret: 882 071 483 00011

VAT Number: FR 44 882071483