PRIVACY POLICY AND DATA PROTECTION

We attach great importance to the protection of your data and do everything we can to protect them. You will find below our commitment to the protection of personal data as well as our Personal data protection policy.

OUR COMMITMENT TO THE PROTECTION OF PERSONAL DATA

1. When we have to use external service providers for some of our missions, we select them rigorously and ensure that they are also committed to data protection.

2. We are respectful of your rights as customers, which is why we do everything we can to ensure that you can exercise them and thus satisfy your requests as well as possible.

3. We respect your privacy and your choices, which is why the communications you receive from us may be subject to termination or change of reception frequency at any time.

1. IDENTITY OF THE PROCESSING RESPONSIBLE

Personal data is collected by SARL DENIM registered with the Versailles RCS under number 484 421 045 with a capital of 20,000 Euros, whose registered office is based at: 136 rue Léon Jouhaux, 78500 Versailles, France.

As part of our activities, we provide our customers with an e-commerce service accessible from the website https://online-wholesalers.com/en/ a mobile site and a compatible application for smartphone and tablet on IOS and Android.

To deliver its service, Online Wholesalers collects personal data on individuals and companies. Data collection takes place on our website, on mobile applications, by telephone, in stores and during events (trade fairs, conferences, exhibitions). In the forms for collecting personal data on the site or in paper format, the Customer is notably informed of the compulsory nature or not of the collection of data. In the event of non-provision of a mandatory data field, we will not be able to perform our services and respect our commitments.

We are concerned about the protection of the personal data entrusted to us. We are committed to ensuring the best level of protection of your personal data in accordance with the GDPR 'General Data Protection Regulation' Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 and the Data Protection Act Freedoms law n° 2018-493 of June 20, 2018, promulgated on June 21, 2018 which amended the Data Protection Act of January 6, 1978.

For any information on the protection of personal data, you can also consult the website of the National Commission for Computing and Liberties www.cnil.fr.

2. YOUR RIGHTS

In application of the Data Protection Act, Law 78-17 of January 6, 1978 as amended and of the General Data Protection Regulations' Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, any natural person using the service has the right to exercise the following rights:

• A right of access : As a data subject, you can inform yourself about the nature of the personal data stored or processed concerning you by any entity of the group. Access to your personal data will be provided to you.

• A right of rectification : If personal information is inaccurate or incomplete, you can request that it be changed.

• A right of opposition : You have the right to object at any time to the processing of your personal data when Online Wholesalers processes your data for reasons which are of legitimate interest to it or for direct marketing reasons.

• A right to the deletion of your data : You can request the deletion of your personal data in the cases provided for by law.

• A right to limit the processing of your data : You have the right to request the limitation of the processing of your personal data when it is authorized by the applicable laws and regulations.

• A right to the portability of your personal data : If you meet the conditions defined by the laws and regulations relating to the protection of personal data, you have the right to receive a subset of your personal data and to transfer it to another data controller.

• Fate of your data : The user can formulate directives relating to the conservation, erasure and communication of his personal data after his death in accordance with article 40-1 of law 78-17 of January 6, 1978.

2.1. HOW TO EXERCISE YOUR RIGHTS

To exercise your rights, please send your mail to Online Wholesalers, 136 rue Léon Jouhaux, 78500 Sartrouville or by email to contact@online-wholesalers.com

Your requests must be accompanied by a copy proving your identity. We have a period of 30 working days from receipt of your request to respond to you. Some binding requests may take longer, in which case the deadline will be extended and you will be informed.

If you believe that one of your rights is not respected by the Company, you have the possibility of bringing an action with the Cnil via its website: www.cnil.fr.

3. THE PURPOSES OF COLLECTING YOUR PERSONAL DATA ?

User privacy is protected by regulation. Under data protection regulations, Online Wholesalers is only allowed to use its users' personal data if it has a valid legal basis.

3.1. The legal bases that allow us to collect your data are as follows:

• The performance of a contract (for example to process and fulfill an order or to open and manage a user account);

• The performance of a legal obligation (eg: retention of invoices);

• When it is in the legitimate interest of the data controller (prevention of fraud, direct marketing, etc.);

• When the user has given his consent.

3.2. Why we use your data

4. DURATION OF RETENTION OF YOUR DATA

Depending on the 'Prospect' or 'Client' scenario, OWS has defined separate retention periods. We make retention periods relevant.

4.1 Lead : the starting point of the retention period is the creation of the account. The data is kept for 5 years.

4.2 Customer : the starting point of the shelf life constitutes the last purchase of it. All the information collected is kept for the duration of the commercial relationship and then 5 years after the last exchange with you. Invoices related to purchases are kept for 10 years.

5. TO WHOM IS YOUR DATA TRANSMITTED ?

In order to offer you certain services such as delivery, payment by credit card and to allow you to benefit from our promotional offers, some of your data is communicated to our partners or to our internal departments.

Your data is also transmitted to OWS partners who may process the data on their behalf (these are recipients) or only on behalf of, and according to the instructions of OWS (these are subcontractors).

5.1. The recipients of the data are:

• Marketplace sellers;

• Financing and credit institutions;

• The police authorities in the context of legal requisitions concerning the fight against fraud;

• Customs services in the event of delivery abroad;

• Commercial partners and in particular marketing and advertising agencies;

5.2. Subcontractors

We also use subcontractors for the following operations:

• Secure payment on sites and mobile applications;

• The fight against fraud and the recovery of unpaid debts;

• Shipping your orders and packages;

• The management of the chat, telephone calls, their possible recordings and the sending of mail by post;

• The personalization of the content of sites and mobile applications;

• Carrying out maintenance operations and technical development of the website, internal applications and information system of Online Wholesalers;

• The collection of customer opinions;

• Sending commercial prospecting emails and mobile notifications;

6. TRANSFER OUTSIDE EU

Online Wholesalers informs you that personal data concerning you may be transmitted to companies located in countries outside the European Union and which do not offer an adequate level of protection with regard to the protection of personal data. . This transfer may particularly take place when you use the social networks that we make available to you on our site or certain search engines.

Prior to the transfer outside the European Union, and in accordance with the regulations in force, we do our utmost to obtain the guarantees necessary to secure such transfers.

7. THE SECURITY MEASURES WE PUT IN PLACE TO PROTECT YOUR DATA

As Data Controller, Online Wholesalers takes all necessary precautions to preserve the security and confidentiality of your data. This includes physical security of the buildings housing our systems and IT system security to prevent external access to your data. Access to your data is limited to only people with a need to know.

8. RULES APPLICABLE TO CREDIT CARD PAYMENTS AND BANK DATA PROTECTION

In order to ensure the security of your payments, we use the services of a service provider, PAYPLUG. It guarantees secure processing of all sensitive data such as banking data and user identity, in accordance with directives and standards: DSP2, GDPR and PCI-DSS.

When payment for your order is made by credit card, our order taking system connects in real time with the PAYPLUG system which collects your data and carries out various checks to prevent abuse and fraud. The data is stored on the PAYPLUG servers and is never transmitted to our servers. PAYPLUG requests authorization from the bank and only sends us the transaction number.

In order to avoid having to re-enter your bank details for future orders, you can choose, by ticking the acceptance box provided for this purpose, that your bank cards are associated with your online account. They are registered with PAYPLUG in a secure way.

In order to be able to debit the account during invoicing or to credit it following a return, PAYPLUG keeps the bank details associated with the authorization number, the time required to complete the transaction (payment after shipment of the goods) and the processing of any complaints (returns, disputes).

9. FIGHT AGAINST FRAUD

In order to secure the payment of orders, the personal data collected on the site is processed to determine the level of risk of associated fraud. Any order considered suspicious will be subject to verification. In the event of detection of a fraudulent order, the data is likely to be transmitted to the police forces within the framework of their power of investigation.

The data likely to be analyzed in the event of suspicion of fraud are:

• Name, address, date of birth

• History of previous addresses

• Contact details, e.g. email, phone

• Financial datas

• Data relating to your account

• Data identifying the computers/devices you use to connect to the internet, e.g. Internet Protocol (IP) address.

• Order history, order amount

• Site navigation data

10. COMMERCIAL PROSPECTING

Online Wholesalers uses your contact details to send you targeted advertising, in particular by email, sms and via social networks. In this case, we undertake to respect the rules dictated by Directive 2002/58/EC of July 12, 2002. The receipt of our email and sms communications is based mainly on your consent. When you register, you have the choice to consent or not to the receipt of:

• Our promotional offers by email;

• Our promotional offers by SMS;

• Our newsletters;

• Promotional offers from our partners.

However, there is an exception to this rule. In the event that you are already a customer of Onlines Wholesalers, we may send you promotional offers on products similar to those that you are used to ordering from us without any prior consent on your part.

In any case, you have the possibility of opposing the receipt of these solicitations by carrying out the following actions:

• For newsletters, by clicking on the unsubscribe link provided at the bottom of each email;

• For the sms, by sending a stop SMS to the number indicated in it;

• By contacting customer service.

• By sending an email to: contact@online-wholesalers.com

10.1 Commercial prospecting by telephone

We may contact you by telephone to offer you offers on OWS products or services. If you do not wish to be solicited, know that you have the possibility of registering on the list of opposition to canvassing accessible on the site www.bloctel.gouv.fr or to exercise your right of opposition with your online contact or by sending an email to the address: contact@online-wholesalers.com.

11. THIRD-PARTY WEBSITES AND SOCIAL NETWORKS

You have the possibility of using the social networks offered by OWS on its site to contact our teams (Ex: Facebook messenger) and thus benefit from a close commercial relationship, you also have the possibility of sharing the content offered by OWS (Ex : the “share” button). Via social networks OWS has the possibility of offering you personalized advertising offers according to your interests. The use of social networks to interact with OWS is likely to lead to exchanges of data between OWS and these social networks. We encourage you to consult the privacy policies and settings of the social networks with which you interact, in order to know the information likely to be collected, used or shared by these sites.

12. COOKIES POLICY

12.1. What is a cookie ?

Cookies are small data files placed on your computer or mobile device by your browser when you visit a website. Typically, a cookie contains the name of the website using it and a text string or "unique identifier" that allows websites to recognize that cookie on each subsequent visit throughout its lifetime.

Cookies can collect and store a wide range of information, such as the type of browser or operating system used, language or other browser settings, or your interactions with the website. Usually, cookies are not used to collect data that identifies an individual. However, information collected with cookies can be associated with a natural person, if combined with personally identifiable data such as a person's email address.

The deposit of cookies is indicated to you, during your connection, by a banner located at the bottom of our site. Your consent for the deposit of certain cookies is essential. You can accept or refuse the deposit of cookies on your computer or mobile device.

If you choose not to use cookies, you may be deprived of certain features on the site.

In general, we use two different types of cookies on this site:

Session cookies are used to store information about your activities on this site for the duration of your visit. They are erased when you close your browser.

Persistent cookies are stored in one of your browser's subfolders for one or more sessions. They expire after a certain period (defined in the file) or can be deleted manually.

Web beacons, embedded scripts and other similar technologies:

We and our third-party partners may also use similar technologies on this site, such as web beacons (also known as Pixel-Tags or GIFs) or scripts.

Web beacons are small graphic images that can be embedded in websites or in HTML emails that are generally not visible to the user. They make it possible to follow the interaction of the user with the site or our newsletters. For example, they help us understand whether you have read our newsletter or clicked on the links in it, so that we can provide you with offers tailored to your interests.

A script or embedded pixel is code designed to collect information about your interactions with this site, such as the links you click on. The code is temporarily downloaded to your device from our web server or that of a third-party service provider. It is active only when you are logged into the website, and is deactivated or deleted thereafter. Although you will not have the ability to specifically reject or disable these technologies, they do work in conjunction with certain cookies. Therefore, disabling cookies will prevent the operation of the aforementioned technologies.

In accordance with Directive 2002/58/EC of July 12, 2002, we obtain your prior consent to the deposit of advertising cookies, audience measurement and sharing on social networks.

12.2. What type of cookies we use and for what purpose

Strictly Necessary Cookies

These cookies are necessary for the operations specific to the services that are provided on our websites. They are used to provide the basic functionality of our websites, such as remembering information that has been entered into a form. If you prevent the installation of these cookies, you will no longer be able to use these functionalities and the website may not function effectively.

Performance cookies

These cookies are used to collect anonymous data for statistical purposes. They allow us to measure the audience of the website and to analyze how visitors surf the website (number of visitors to the website, number of visits per page, time spent on each page, location of clicks, advertising effectiveness measures, etc.). They are also used to detect navigation problems and any other difficulties. These cookies help us to improve our website and your navigation.

Personalization or functionality cookies

These cookies are used to remember your choices, your settings and your content preferences on the website (such as your language, your personalization choices, etc.) and thus offer you a personalized browsing experience by adapting the content of the site. internet for you. If you refuse these cookies, we will no longer be able to offer you certain functionalities and certain pages of the website may not function correctly.

Specificity of sharing cookies

These cookies are specifically linked to the use of the buttons for sharing a page of the Site on social networks (Facebook, Twitter, LinkedIn, etc.). The sharing buttons allow you to directly share a page of the Site on the social network concerned. By clicking on the share button on the social network concerned, one or more cookies are then placed on your terminal (computer, smartphone, tablet) by the social network. We have no access to or control over these third-party cookies, which may be analytical, performance or targeting cookies.

We suggest that you consult the websites of these third parties for more information about their cookies and how to manage them:

• Facebook : https://fr-fr.facebook.com/policies/cookies/

• Twitter: https://help.twitter.com/en/rules-and-policies/twitter-cookies

• LinkedIn: https://www.linkedin.com/legal/cookie-policy?_l=fr_FR

• Youtube : https://www.youtube.com/static?template=terms&gl=FR

12.3. Setting and blocking cookies via our cookie manager

The list of cookies we use can be consulted via the management tool we have put in place. You have the possibility to deactivate them at any time. Nevertheless, we draw your attention to the fact that some cookies are essential for the proper functioning of our site and that it is therefore not recommended to deactivate them.

12.4. Setting and blocking cookies via your browser settings

You can also control cookies through your browser settings. If most browsers are configured by default and accept the installation of cookies, you have the possibility, if you wish, to choose to accept all cookies, or to reject them systematically or to choose those that you accept according to the transmitter. You can also configure your browser to accept or refuse, on a case-by-case basis, cookies prior to their installation. You can also regularly delete cookies from your terminal via your browser.

The use of cookies or similar technologies by any third-party website, advertising content provider is subject to their own privacy policy regarding cookies.

The CNIL (Commission Nationale Informatique et Liberté) offers a free download of cookie management software on its website: go to the address https://www.cnil.fr/vos-droits/vos-traces/les-cookies/ to know more.

For the management of cookies and your choices, the configuration of each browser is different. It is described in the help menu of your browser, which will allow you to know how to modify your wishes in terms of cookies.

12.5. Setting up your smartphone's operating system

You have the possibility to control the deposit of Cookies on your smartphone in the rules of the operating system.