Personal data

The General Data Protection Regulation (GDPR) is a set of laws put in place by the European Commission, as of May 25 2018, for all companies that are active in Europe.

We've all heard of personal data, but do you really know what it is? Personal data is any information that directly or indirectly identifies a person. It could be your name, your address, your telephone number, your date of birth or even the IP address with which you connect to the internet. Today, personal data is a valuable tool to provide you with the fast, efficient and personalized service you expect from us. In order to strengthen the trust between us, EcoTree is committed to protecting your personal data and respecting your privacy. This is why we've put together this page to inform you in a clear and transparent manner about the conditions under which we collect, process, store, archive and delete the personal data of our prospective customers, users and customers. You will also find a reminder of the rights you have over your data, as well as all the necessary information to exercise those rights. It is our responsibility as a partner to ensure you can remain in control of how your data is being used at all times.

In practical terms, what’s changed?

To protect internet users against data leaks or the misuse of personal data, it is now mandatory for companies to keep visitors informed of all computer processing that is carried out using the collected data. Like all e-retailers, we collect data from our internet users and we work with several third-party providers, who therefore have access to part of our data. This data is essential in giving you the best possible experience on our site, to ensure that your order and customer support are both handled smoothly and efficiently. We have nothing to hide, we want to be as transparent as possible, so we'll tell you everything!

In strict compliance with current regulations, we mainly process four kinds of personal data:
• Declared data, i.e. data collected directly from you or from partners with whom we have a contractual link.
• Personal data related to the operation of products and services, generated in particular when using online services.
• Personal data from public information, such as a public profile on social networks.
• Personal data resulting from calculations or inferences we’ve made with the data that you have provided. For example, to conduct fraud risk assessments. We responsibly handle your personal data for a specific and useful purpose.

The data helps us streamline our activities, meet our legal obligations, and most importantly provide you with the most efficient service possible, wherever you are.

Does EcoTree resell my personal data?

No ! And we never will! Some companies exchange customer files for commercial prospecting opportunities, but this is not the case at EcoTree. All collected data stays with us and will never be given, rented or sold to a third party.

Are my passwords safe?

Stored passwords are encrypted and cannot be decrypted. Your passwords are therefore safe.

What about my credit/debit card number?

For payments by credit or debit card, we work with the world leader in internet payment, Stripe, which guarantees your data’s security. We have no access to your bank card number. Stripe is certified to the highest industry standards and has obtained regulatory approvals worldwide.

What personal data do you collect about me and what is it used for?

Orders:

When you create a customer account, we record information about you so you can place an order. We ask for your e-mail, first and last names, bank details, postal address and phone number. This allows us to pay you the value of your tree when it is felled. This data is transferred, if necessary, to the various service providers working on your order. In our case, only gift cards and the forest operator's return on investment, because your trees are planted in the forest. Your information may be sent to our service providers as part of a satisfaction or telemarketing survey. These service providers have absolutely no right to use your data for anything other than processing your order. They must delete this data from their computer system after processing.

Newsletters:

If you have given us your consent, we also use your email address to send you our newsletters. If you no longer wish to receive these emails, you can unsubscribe at any time by clicking on the "unsubscribe" link located at the bottom of the newsletter or directly on the site in the "my account" tab. The process is immediate.

Statistics:

In order to constantly improve, we use software and services operated by third-party providers that allow us to better understand our business. We provide these tools with data regarding our customer base, its browsing history on our site and information on ordered products. Most of our tools are hosted in France or in Europe, but some have an activity in the United States. As a result, all data manipulated for statistical purposes outside of Europe is completely anonymized.

Publicity:

Like most online retailers, we log visits so we can target advertising when you browse other websites. This process does not manipulate any personal data and neither the advertising network nor the third-party sites displaying our adverts have access to your personal details. However, if you no longer wish to see our adverts, you can erase cookies from your web browser.

How can I delete cookies?

You can decline the registration of cookies (or equivalent technology) by selecting the appropriate browser settings on your computer, smartphone, tablet or any other interface.

You can also change your cookie settings at any time by clicking here.

Persistent cookies and third-party cookies described above are installed if you continue browsing outside the "find out more" link of the "cookie banner". Note that this banner is displayed automatically as soon as you enter a site that has implemented cookies, in order to ensure at all times that you have consented to the collection of your browsing data.

Do not hesitate to visit this site for more information.

Social networks and Gmail accounts:

If you used Facebook or Gmail to create your account with EcoTree, we collect nothing more than your email, last name, first name and your Facebook profile ID. We do not have access to your photos, friends list, contacts, posts, etc. We will never post on your page without your consent.

What if I want to modify or delete the data you have about me?

You can personally modify most of the data directly from your customer area on our website.

If you can't find what you're looking for, you can write directly to us on dpo@ecotree.green with your request.

How long does EcoTree keep my personal data?

Our precisely defined retention periods are designed to match the amount of time necessary for proper data processing (and don’t exceed it). To determine each retention period’s duration, we took into account:
• The different purposes for which this data is collected.
• The people concerned in the collection.
• Compliance with legal, regulatory or professionally recognized obligations to which we are bound.

Extra details about EcoTree's data protection policy

We have also taken organizational measures, by forming teams dedicated to the issue of information security.

More generally, we ensure all our employees are aware of personal data protection and that they comply with the regulations in force as well as the ethics of our company.

Our Data Protection Officer (DPO) ensures compliance with regulations on the protection of personal data within EcoTree. They inform and advise EcoTree’s CEO on all matters relating to the protection of personal data. They are also the contact person for the CNIL, our supervisory authority, for any question relating to the management of personal data.

We choose subcontractors or service providers who offer a high level of guarantee on the implementation of appropriate technical and organizational measures. This helps us ensure the processing of your data meets the requirements of the personal data protection regulations in force. If we notice an incident with an impact on personal data, we ensure, according to the framework imposed by the regulations, to immediately notify the French "National Commission for Information Technology and Freedoms" (French acronym CNIL) and inform the people concerned.

Our prospects, customers and other actors working with us (in particular on IT security monitoring) may also contribute to maintaining our level of security with regard to personal data. We urge them to respect the recommended rules and to inform us of any anomalies they may encounter.

Finally, you too can and should be an actor in the protection of your personal data. In terms of personal data, be aware that you have a series of dedicated rights, such as:
• A right of access, rectification, opposition, limitation, erasure and portability of your personal data.
• A right to define instructions concerning the storage, erasure and communication of your personal data, after your death.
• A right of complaint to the CNIL.