The purpose of this privacy and cookies policy is to inform users of the Livingpackets website and services about:
- how their personal data is collected. Personal data is any information that allows a user to be identified. This information may include: their first and last names, age, postal address, or email address (non-exhaustive list);
- the rights users have regarding their personal data;
- the person responsible for processing the personal data collected and processed;
- the recipients of personal data;
- the website's cookie policy.
This policy supplements the legal notices and the General Terms and Conditions of Use, which can be viewed by users at the following address.
Who is the controller of your personal data?
The controller of personal data is LivingPackets SA, registered under number 824 631 584, R.C.S. Nantes (“Livingpackets”, “controller”, “we”).
How can you contact the controller?
The controller responsible for processing personal data can be contacted as follows:
By mail at: 2 Rue Adrienne Boland, Saint Luce sur Loire, 44980
By telephone at : +33 (0)9 70 26 57 00
By email: contact@livingpackets.com
Our Data Protection Officer is:
Clément Macé
2 Rue Adrienne Boland, Saint Luce sur Loire, 44980
dpo@livingpackets.com
+33 (0)9 70 26 57 00
Below you can find more information about the processing of personal data:
[AUTO_GENERATED_TABLE_OF_CONTENTS]
1. How do we protect your personal data?
Livingpackets is committed to taking the protection of your personal data and your privacy into account in the services and offers we provide you. To ensure security and ensure that your rights are respected and properly exercised, measures are implemented to protect your personal data.
Livingpackets is committed to the following essential principles:
- Legitimacy and relevance: only collect and process personal data necessary for the stated purposes;
- Confidentiality: implement the necessary technical and organizational measures to protect your personal data;
- Transparency: provide you with useful information about the recipients of your personal data;
- Retention: retain your personal data only for the time necessary for the stated purposes;
- Rights related to the processing of personal data: enable you to exercise your rights, e.g., access to data, deletion of data, objection to data processing.
We collect and process your personal data:
- to conclude and to perform a contract between you and us for the provision of the Services (including making a purchase, accessing user purchase reviews, managing payments, inviting you to leave a review or respond to a survey),
For users from the European Economic Area - EEA (EU + Norway, Iceland, Liechtenstein): we process your personal data on the basis of Article 6(1)(b) of the GDPR (performance of a contract)
- to provide you with the best possible user experience (including enabling you to understand our product – strengths, weaknesses, opportunities, and risks, testing and developing new products and services, as well as improving existing products and services, understanding and staying abreast of current, new, and emerging trends in our industry), based on our legitimate interest consisting in ensuring the proper development, improvement, and promotion of our products and services, as well as optimising their functionality and overall user experience,
For users from the EEA: we process your personal data on the basis of Article 6(1)(f) of the GDPR (legitimate interest)
- to administer and protect our Services (ensuring the integrity of our IT services and network security, troubleshooting, maintaining our system, providing support, reporting, and hosting data), managing payments, and keeping our records up to date, based on our legitimate interest consisting in ensuring the security, continuity, and proper functioning of our business operations, including our IT infrastructure, payment processes, and administrative systems,
For users from the EEA: we process your personal data on the basis of Article 6(1)(f) of the GDPR (legitimate interest)
- to respond to your requests and questions or to send you our newsletters, if you agreed to it, based on our legitimate interest consisting in ensuring effective communication with users and maintaining relationships essential for the proper operation and development of our Services,
For users from the EEA: we process your personal data on the basis of Article 6(1)(f) of the GDPR (legitimate interest)
- to present you with personalized ads based on your data via Cookies,
For users from the EEA: we process your personal data on the basis of Article 6(1)(a) of the GDPR (your consent)
- to fulfil the legal obligations of the controller, e.g. in the field of accounting documentation storage (if applicable), responding to complaints and requests from the competent administrative or judicial authorities or any other authorized third party, in accordance with applicable laws,
For users from the EEA: we process your personal data on the basis of Article 6(1)(c) of the GDPR (legal obligations)
2. What data is being collected and how long do we store it?
The personal data we process depends on how you interact with us. When you use our website, the following data is collected and stored when you perform the following operations on the platform (we collect this data directly from you or through cookies that you have agreed to install):
When you contact us via chat out of interest in our service offerings:
- First/Last Name
- Contact Phone Number
- Email Address
We store this data for 3 (three) years counted from the moment we receive your information.
When you receive a delivery through our services:
- First/Last Name
- Phone Number
- Physical Address
- Email Address
We store this data for 2 (two) months counted from finalisation of the delivery.
When you want to invest in our activities:
- First/Last Name
- Contact Phone Number
- Email Address
- Address
- Payment Method
- Date and Place of Birth
- Bank Card Numbers/Bank Account Numbers/IBANs of Contributors Only
We store this data from the moment an investment contract is signed between you and LivingPackets and we keep it up to 5 (five) years counted from the moment you resiliate your investment contract with us for legal purposes.
We may store the selected data for longer if this is justified by pending legal proceedings.
3. Is it necessary to provide personal data?
When you use our delivery services, providing your personal data (Contact information) is necessary to perform such services when creating an account on our platform.
When you want to invest in our activities, it’s necessary to provide your data to enter into a contract with us for legal purposes. Your banking information is also necessary for this type of agreement.
4. Who do we share your personal data with?
The livingpackets.com website and our database is hosted by:
Amazon Web Services
+33 6 17 03 44 54
npfeiffe@amazon.fr
The data is stored on the Frankfurt AWS server.
We may share your data with:
- Our partners or technical service providers involved in the provision of our services. These partners and our service providers must comply with applicable personal data protection laws. We use the following tools:
- Brevo for advertising or informational email campaigns
- Twilio and Kore Wireless for phone notifications
- Geotargetly for localizing our users' languages
- Paperform for our contact forms
- Zapier for transferring contact data
- SalesForce for storing this data for business purposes
- Stripe for storing banking data
- Webflow for website management
- Crisp for messaging with our support team
- Google Ads, Meta Business Suite, and Linkedin Campaign Manager for advertising promotion.
- The competent administrative or judicial authorities or any other authorized third party, in accordance with applicable laws. We always verify the legitimacy of the request.
- Partners who use your personal data to present you with advertisements or personalized content via Cookies: To see the list of these partners, refer to the Cookies section.
5. Do we transfer personal data to third countries (outside the EEA)?
Our third-party tools Twilio and KORE Wireless store the data we collect from the users of our deliveries services outside of the EEA area in servers in the United States. This data include phone numbers from these users. KORE Wireless has certified its compliance with the EU-US Data Privacy Framework. Twilio provides a Data Processing Addendum (DPA), Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs)
Our this-party tool Zappier stores the data collected in US based servers. It collects data for people filling a form with contact information when seeking to reach our sales services. Zappier has certified its compliance with the EU-US Data Privacy Framework.
The Google Maps, Youtube, Google analytics and Google Adds cookies collects your data and this data may be processed on servers outside the EU (especially in the US) and accessed by Google entities globally.
The Linkedin cookie can export your data outside of the EEA area.
The Facebook Pixel cookie collects your data and it may be stored in the US or non-EU countries servers or be accessed remotely from outside the EU by Meta entities globally.
The Stripe cookie collects your data and it may be processed by servers in the US and it can be accessed by teams outside of the EU.
Exporting data outside of the EEA area for these cookies is regulated and only allowed under specific legal safeguards (in accordance to chapter V of the GDPR). To know the details regarding which data can be stored/exported outside of the EEA area, check the cookies section.
6. What are your rights and how to exercise them?
In connection with the processing of personal data, in the cases and to the extent provided for by GDPR, you have the following rights:
- the right to access to data, including the right to obtain a copy of the data,
- the right to rectification of data,
- the right to erasure of data, whereby we will delete your personal data if there are no reasons for which we have an obligation or a legitimate interest in retaining them, e.g. we may keep certain information about you to the extent necessary for the purposes of establishing, asserting or defending claims,
- the right to the portability of your personal data and to receive them yourself or have them transmitted to another indicated entity, in a commonly used, machine-readable format, if we process your personal data on the basis of consent or for the purpose of concluding or performing a contract,
- the right to withdraw consent to the processing of personal data at any time, if the processing is based on the consent given. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal,
- the right to restriction of processing,
- the right to object to data processing of data if we process the data on the basis of our legitimate interest. We will uphold your objection if it is justified (after weighing our interests and rights against yours),
- the right not to be subject to a decision based solely on automated processing;
If you believe, after contacting us, that your rights are not respected, you file a complaint to the relevant European Data Protection Authority. You can find details of supervisory authorities in EU Member States here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
7. Do we use profiling or automated decision-making?
We do not use profiling or automated decision-making.
8. How do we use cookies?
We may store certain information on your device when you access our website. This information is commonly referred to as "cookies".
Cookie is a file stored on a website user's device, created and subsequently read by a website server, and is commonly used to make websites work, or work more efficiently, as well as to provide information to the owners of the website. We may use cookies or other similar technologies, or small electronic files known as web beacons, or SDKs, clear GIFs, pixel tags, and single-pixel GIFs ("Cookies").
We use Axeptio to manage our Cookies and gather consent from our website users.
Below are details of cookies we use on the website.
- Cookies Preferences
- Whose cookie is it? :
- Name of the cookie provider :
- Type of cookie :
- What is the cookie used for? :
- Cookies preference management
- What data does the cookie collect? :
- Unique visitor ID
- Approval choice regarding cookies
- How long do we keep the cookie on your device?
- Facebook Pixel
- Whose cookie is it? :
- Name of the cookie provider :
- Type of cookie :
- What is the cookie used for? :
- Ad conversion tracking & remarketing
- What data does the cookie collect? :
- Pages visited & actions (events)
- Browser & device info
- IP address (hashed)
- Cookie IDs (_fbp, fr)
- How long do we keep the cookie on your device?
- Tracking cookies (_fbp, fr): Stored on browser for 90 days, then automatically deleted.
- Ad performance data: Kept by Meta for 28 days by default, then removed from reporting
- Google Analytics 4
- Whose cookie is it? :
- Name of the cookie provider :
- Type of cookie :
- What is the cookie used for? :
- Website audience & behaviour analytics
- What data does the cookie collect? :
- Pages visited, session data
- Unique visitor ID (_ga)
- Traffic source & referrer
- Device, browser, OS
- How long do we keep the cookie on your device?
- Visitor identifier cookie (_ga): Stored on your browser for 2 years.
- Session cookie (_gid): Stored for 24 hours, then deleted.
- Behavioural data (events, pages): Kept on Google's servers for 14 months then automatically purged.
- Google Ads
- Whose cookie is it? :
- Name of the cookie provider :
- Type of cookie :
- What is the cookie used for? :
- Ad targeting, remarketing & conversion tracking
- What data does the cookie collect? :
- Ad clicks & conversions
- Ad impressions
- Browser & device identifiers
- IP address
- How long do we keep the cookie on your device?
- Ad targeting cookies (IDE/id): Stored for 13 months in Europe (EEA), 24 months elsewhere.
- Conversion cookies (_gcl_aw, _gcl_au): Stored for 90 days.
- Preference cookie (NID): Stored for 6 months.
- Youtube
- Whose cookie is it? :
- Name of the cookie provider :
- Type of cookie :
- What is the cookie used for? :
- What data does the cookie collect? :
- IP address
- Device & browser info
- Viewing behaviour & dwell time
- Google account match (if logged in)
- How long do we keep the cookie on your device?
- Session cookie (YSC): Deleted as soon as you close your browser.
- Viewer history cookie (VISITOR_INFO1_LIVE): Stored for 6 months.
- Consent cookie (__Secure-YEC): Stored for 13 months.
- Linkedin
- Whose cookie is it? :
- Name of the cookie provider :
- Type of cookie :
- What is the cookie used for? :
- Ad conversion tracking & audience insights
- What data does the cookie collect? :
- Pages visited (URL, referrer)
- IP address (truncated)
- Device & browser info
- LinkedIn member match
- How long do we keep the cookie on your device?
- Identifiable data: Any data that could identify you directly is deleted within 7 days.
- Anonymised data: The remaining pseudonymous data is deleted within 180 days (6 months).
- Google Maps
- Whose cookie is it? :
- Name of the cookie provider :
- Type of cookie :
- What is the cookie used for? :
- Embedded interactive maps
- What data does the cookie collect? :
- IP address
- Device & browser info
- Map interactions (zoom, clicks)
- Timestamp
- device, IP, maps interactions
- How long do we keep the cookie on your device?
- Preference cookie (NID): Stored for 6 months.
- Advertising cookie (1P_JAR): Stored for 1 month.
- Security cookie (AEC): Stored for 6 months.
- Weglot
- Whose cookie is it? :
- Name of the cookie provider :
- Type of cookie :
- What is the cookie used for? :
- What data does the cookie collect? :
- Unique visitor ID
- User language code preference
- How long do we keep the cookie on your device?
- Stripe
- Whose cookie is it? :
- Name of the cookie provider :
- Type of cookie :
- What is the cookie used for? :
- Transaction management for investors
- What data does the cookie collect? :
- Stripe connection information
- Banking details of the transaction for security
- How long do we keep the cookie on your device?
- Stripe connection information is stored for the duration of the session
- Transaction details are stored for 30 minutes
Essential cookies
Essential cookies, required for the website to function properly, can be installed automatically. Their use is necessary to provide the data transmission service in order to display content – you cannot opt out of these cookies if you want to use the website.
Please note that Google Maps cookie is only essential if you are a customer wanting to track one or several deliveries handled by us.
Non-essential cookies
Other cookies (non-essential) are installed only after you give your consent.
This means that marketing, analytical, social media cookies are not automatically installed by us. You can give us permission to install cookies by clicking on the "OK!" button on the cookie banner that appears when you enter the website. We will then be entitled to install these cookies. You can also say “no” to any non-essential cookies by clicking on the “No, thanks” button on the cookie banner that appears when you enter the website.
You can also agree to the installation of selected cookies only. To do this, just click on the "I want to choose" button on the cookie banner that appears when you enter the website and select the cookies you agree to be installed.
You can withdraw your consent at any time in the preference center ("Cookies"), which can be found in the footer of our website. You can also manually delete cookies in your browser settings.
9. How do we protect your data?
To ensure the security and confidentiality of your Data, we implement appropriate physical, electronic, and organizational procedures to protect and secure Data across all our Services to prevent your Data from being altered, damaged, or disclosed to unauthorized third parties, ensuring an appropriate level of security by taking into account the risks associated with the processing and the nature of the Data to be protected. Data stored in our AWS database is stored encrypted.
It is your responsibility to maintain the confidentiality of your password. We ask that you do not share your username or password with anyone.
