Privacy Policy

1 - Parties to this Act
Between the undersigned :

1° The Simplified Joint Stock Company TOMORROW ECOM LIMITED COMPANY with a capital of 1000 Euros, registered at Companies House under number 13094378, whose registered office is located at 2105 Vista Oeste St NW Albuquerque, NM 87120, USA, and having VAT number () . Hereinafter referred to as the "Data Controller",

On the one hand,

And 2° Any natural person browsing the website of the Data Controller; Hereinafter referred to as the "Data Subject",

On the other hand, it was stated and agreed as follows:

2 - Purpose
This Privacy Policy applies, without restriction or reservation, between the Data Subject and the Data Controller.

Its purpose is to provide information concerning the way in which the Data Controller collects and processes certain personal data relating to the Data Subject, in accordance with the legislation in force and in particular European Regulation n°2016/679 and Law n°78-17 (hereinafter referred to as the "Legislation"), in relation to the use of the website www.tomorrow-tea.com (hereinafter referred to as the "Site") by the Data Subject. This Privacy Policy is an integral part of the General Terms and Conditions of Sale of the Data Controller.

3 - Definitions
Supervisory authority means the Commission Nationale de l'Informatique et des Libertés (CNIL), an independent French public authority for the regulation of data protection;

Consent means any free, specific, enlightened and unambiguous expression of will by which the Data Subject accepts, by a declaration or by a clear positive act, that Data concerning him/her may be processed by the Data Controller.

Cookie means a file that allows the Data subject to trace his or her path on the Site.

Recipient means any natural or legal person, public authority, service or other body that receives communication of the Data, whether or not it is a Third Party. However, public authorities that are likely to receive communication of the Data, in particular in the context of a fact-finding mission, are not considered as Recipients within the meaning of this definition.

File means any structured set of Data accessible according to determined criteria, whether this set is centralised, decentralised or distributed in a functional or geographical manner.

Legislation means any law and regulation relating to Data protection, and in particular European Regulation n°2016/679 and Law n°78-17.

Browsing means the consultation, the taking of knowledge, the order and/or the purchase of Products on the Site by the Person concerned.

Person concerned means any natural person who browses the Site, as soon as he or she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity.

Products means the products offered for sale on the Site by the Data Controller to the Person concerned.

Pseudonymisation refers to the processing of Data in such a way that it can no longer be attributed to the Person concerned without having recourse to additional information.

Data Controller means TOMORROW ECOM LIMITED COMPANY , registered in Companies House under the number 13094378, whose registered office is located at 2105 Vista Oeste St NW Albuquerque, NM 87120, USA, and whose VAT number is , which alone or jointly with others, determines the purposes and means of the Processing.

Site refers to the infrastructure developed by the Data Controller according to the computer formats that can be used on the Internet, including data of various kinds, in particular texts, sounds, still or animated images, videos and databases, intended to be consulted by the Person concerned to find out about, reserve, order and/or purchase Products (www.tomorrow-tea.com).

Subcontractor means any natural or legal person, public authority, service or other body other than the Data Controller who processes the Data on behalf of the Data Controller.

Third Party means any natural or legal person, public authority, service or other body other than the Data Controller, the Subcontractor and the persons who, under the direct authority of the Data Controller or the Subcontractor, are authorised to process the Data, and in particular tour operators, travel agencies and reservation systems.


Processing means any operation or set of operations carried out or not using automated processes and applied to Data or sets of Data, such as collection, recording, organisation, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, matching or interconnection, limitation, erasure or destruction.

4 - Principles relating to processing
In accordance with the Legislation, the Data Controller undertakes to comply with the following principles for each Treatment:

Lawfulness ;
Loyalty;
Transparency;
Limitation of purposes;
Minimisation of Data;
Accuracy ;
Limitation of Retention ;
Integrity ;
Confidentiality ;
Liability.
5 - Processed data
In the context of Navigation, the Data Controller is required to collect and process a certain number of Data, in particular:

Personal information (surname, first name, gender, postal address, email address, telephone number, date of birth, age, date of registration and unsubscription to the customer account and to the newsletter of the Data Controller, messages exchanged with the Data Controller, telephone conversations with the customer service department of the Data Controller).
Bank information (means of payment, credit card number)
Information about your order (product ordered, delivery address, delivery tracking number, order price)
Technical information (browsing behaviour on the Site, IP address, products added to the shopping cart, collection of consent).
6 - Context of the processing
The Data may be collected and processed by the Data Controller on various occasions, and in particular :

Purchase of Products on the Site
Contact with the data controller
Subscribe to the newsletter
Creation of a sponsorship link
Create a customer account
Navigation on the Site.
7 - Treatment details
Purpose of the Treatment

Data concerned

Legal basis of the Processing

Data Retention Period

Management of product purchases, deliveries, invoicing and accounting standards

First name, surname, email address, postal address, telephone number, delivery address, order placed, delivery tracking number, registration and unsubscription date, means of payment, credit card number

Contract, legal obligation and legitimate interest of the Data Controller to establish, exercise and defend his rights in court

10 years from the purchase of the Product EXCEPT 15 months from the purchase of the product for the bank data (immediately for the visual cryptogram)

Creation and management of customer accounts

First name, surname, email address, postal address, telephone number, date of creation of customer account, date of deletion of customer account, collection of consent

Consent of the Data Subject, legitimate interest of the Data Controller to create a customer account following the purchase of a product by the Data Subject.

3 years from the last connection of the Person concerned to his/her customer account OR immediately after the deletion of his/her customer account.

Management of commercial relations and prospecting

First name, last name, email address, postal address, telephone number, purchase history, consent form

Consent of the Data Subject and legitimate interest of the Data Controller in promoting its Products

3 years from the last contact by the Person concerned or from the end of the business relationship

Newsletter management

Email address, surname, first name, telephone number, consent form

Consent of the Person concerned

To unsubscribe

Securing and improving the Site

IP address, Navigation data

Legitimate interest of the Data Controller in improving the Site and managing the Site, securing and administering the Site, preventing fraud and malicious acts.

13 months

Complaints and customer service management

First name, last name, email address, postal address, telephone number, purchase history, exchanges, IP address, consent collection

Consent of the Data Subject and legitimate interest of the Data Controller in improving its Products and customer service.

3 years from the last contact by the Person concerned

Site statistics and personalised advertising

IP address, navigation data, collection of consent

Consent of the Person concerned

13 months

Sponsorship

E-mail address, surname and first name, collection of consent

Consent of the Person concerned

3 years after application for a sponsorship link


The Data Controller reserves the right to anonymise the Data being processed before deleting it, in which case the anonymised data may be processed for statistical purposes.

8 - Recipients of the data
As a matter of principle, the Data Controller is the sole Recipient of the Data. However, the Data Controller may transfer the Data to Recipients, in particular in the context of the management of purchases of Products by the Data Subject, and/or to any public authority that may request it, in particular in the context of a fact-finding mission. The following Recipients may process your data, as Subcontractors, on behalf of the Data Controller:

FACEBOOK FRANCE SARLU with a capital of €4,950,000 RCS Paris 630 085 802 Head office: 6 rue Menars, 75002 Paris
GOOGLE FRANCE SARLU au capital de 7 500€ RCS Paris 443 061 841 Head office : 8 rue de Londres, 75009 Paris
CRITEO SA au capital de 1 677 273€ RCS Paris 484 786 249 Head office: 32 rue Blanche, 75009 Paris
OUTBRAIN UK LIMITED Foreign company registered with the RCS RCS Paris 534 895 727
AWIN SAS SASU with capital of €58,050 RCS Paris 432 845 964 Registered office: 8 rue Saint Fiacre, 75002 Paris
TWITTER FRANCE SAS SASU with capital of €37,000 RCS Paris 789 305 596 Head office: 10 rue de la Paix, 75002 Paris
DIDUENJOY SAS au capital de 1 000€ RCS Paris 801 901 273 Head office: 42 rue Jean Baptiste Pigalle, 75009 Paris
EMARSYS SASU with a capital of €25,000 RCS Nanterre 530 844 232 Head office: 67 rue Anatole France, 92300 Levallois Perret, France
SHOPIFY INC, a simplified joint stock company with a capital of 86,853 euros, whose head office is located at 150 Elgin Street Suite 800, Ottawa, Ontario K2P 1L4
DATABILITY SOLUTIONS PVT LTD Incorporated company in the USA Head office: 2035 Sunset Lake Road Suite B2, Newark New Jersey 19702 USA
TRADEDOUBLER SARLU with a capital of €7,622.45 RCS Nanterre 431 573 716 Head office: 8 rue Barthélémy d'Anjou, 92100 Boulogne Billancourt, France
MANDRILL SARL au capital de 3 000€ RCS Paris 832 517 858 Head office : 26 rue d'Avron, 75020 Paris
SHIPUP SAS au capital de 1 258€ RCS Nanterre 822 856 068 Head office : 47 rue Marcel Dassault, 92100 Boulogne Billancourt, France
ALPHA DIRECT SERVICES SASU au capital de 22 912 625€ RCS Beauvais 533 296 240 Head office: rue Hyppolite Bayard, 60000 Beauvais
LA POSTE SA with capital of €3,800,000,000 RCS Paris 356,000,000 Registered office: 9 rue du Colonel Pierra Avia, 75015 Paris
ANAFORE PTE LTD. Private limited company 10 Anson Road, #26-04, International Plaza, Singapore 07990, SINGAPORE Tel. 65 9179 1176
AIRCALL SASU with capital of €4,110,000 RCS Paris 807 437 595 Registered office: 42 rue du faubourg Poissonnière, 75010 Paris
ZENDESK UK LTD Foreign company not registered with the RCS Head office: 30 Eastbourne terrace, London UK
BOTMIND SAS au capital de 1 000€ RCS Melun 844 279 380 Head office : 54 passée des vaches, 77630 Arbonne-la-Forêt
METAPHORA LLC Foreign company not registered with the RCS Head office: 347 Fifth Ave. Suite 1402, New York, NY, 10016
STRIPE FRANCE SARLU au capital de 1 000€ RCS Paris 807 572 011 Head office : 10 Boulevard Haussmann, 75009 Paris
SNAP GROUP SASU with a capital of €100 RCS Paris 820 920 056 Head office: 16 rue de la Rochefoucauld, 75009 Paris
PERFMAKER SAS with capital of €30,000 RCS Paris 833 952 831 Registered office: 24 Boulevard St Denis, 75010 Paris
AB TASTY SAS au capital de 49 705,65€ RCS Paris 518 685 540 Head office : 3 impasse de la Planchette, 75003 Paris
MONDIAL RELAY SASU au capital de 500 400€ RCS Lille 385 218 631 Head office : 5 Avenue Antoine Pinay, 59510 Hem, France
CYBOT A/S Danish Company DK34624607 Havnegade 39, 1058 Copenhagen, Denmark
BIRON SAS au capital de 12 000€ RCS Paris 790 195 937 Head office: 21 place de la République, 75003 Paris
MAGENTO Incorporated company in the USA Head office: 54 North Central Avenue, CAMPBELL, CA 95008, USA
This list of the Data Controller's Subcontractors may change at any time. The Data Controller undertakes to require its Sub-Contractors to provide sufficient guarantees as to the implementation of appropriate technical and organisational measures to ensure that the Processing complies with legal and regulatory requirements and guarantees the protection of the rights of the Data Subject, in particular in the event of transfer of the Data outside the European Union. Furthermore, the Data Controller may communicate to any Recipient or Third Party the Data that is subject to Processing when a legal obligation to do so exists or when the Data Controller considers in good faith that this is necessary to :


Respond to any claim against it
Comply with the requirements of the judicial order and/or the administrative order and/or the Control Authority
Enforce any contract to which the Person concerned is a party
Safeguarding the vital interests of all individuals
The performance of a mission of public interest.
In case of purchase of the Data Controller by a Third Party, the Data Controller reserves the right to share the Data with the purchasing Third Party subject to the Third Party's compliance with this Privacy Policy.

9 - Data security
The Data Controller takes the appropriate technical and organisational measures to protect the Data against destruction, loss, alteration, misuse and unauthorised access, modification or disclosure, whether these actions are voluntary or accidental. The purpose of these technical and organisational measures is to ensure the confidentiality, integrity, availability and resilience of the Site and the information systems where the Files are stored. In order to secure Personal Navigation, the Site is SSL (Secure Socket Layer) encrypted.

10 - Modification of the confidentiality policy
The Data Controller reserves the right to modify this Privacy Policy from time to time, in particular the list of Recipients set out in Article 8. In the event of a substantial modification of this Privacy Policy, the Person concerned will be personally informed of the new Privacy Policy. The Data Subject is invited to regularly consult this Privacy Policy to be aware of any changes to it.

11 - Nullity of the Privacy Policy
If any provision of this Privacy Policy is found to be invalid under any applicable law or a final court decision, then that provision shall be deemed to be unwritten and shall not invalidate the entire Privacy Policy or affect the validity of any of its other provisions.

12 - Cookie management
When browsing the Site, the Person concerned is required to consent to the installation of Cookies on his/her computer terminal. Generally speaking, Cookies record information relating to the browsing of computers on the Site (the pages consulted, the date and time of consultation, etc.), information that may be read during subsequent visits by the Person concerned to the Site with transmission of the Data to the Data Controller. The installation of these Cookies requires the consent of the Person concerned. Certain Cookies are essential to the proper functioning of the Site and do not require the consent of the Person concerned before their installation, we then speak of Functional Cookies. In accordance with Article 7. of this Privacy Policy, Cookies are automatically deleted within thirteen (13) months of their installation if the Person concerned does not renew his consent before the expiry of this period. The Data Subject may refuse to give his/her consent to the installation of non-functional Cookies, revoke his/her consent and/or set the Cookies at any time by using the Data Controller's Cookie Manager below or by configuring his/her browser as follows:

For Mozilla Firefox: Select the "Tool" menu, then "Options".
Click on the "privacy" icon
Locate the "cookie" menu and select the options that suit you
For Microsoft Internet Explorer 6.0: Select the "Tools" menu, then "Internet Options".
Click on the "Confidentiality" tab.
Select the desired level using the cursor.
For Microsoft Internet Explorer 5: Choose the "Tools" menu, then "Internet Options".
Click on the "Confidentiality" tab.
Customise the level" using the cursor
For Netscape 6.X and 7. X :Choose the menu " Edit " > "Preferences ".
Privacy and Security
Cookies
For Opera 6.0 and above: Choose the "File" menu > "Preferences".
Privacy Policy