Privacy policy

The purpose of this Privacy Policy is to define the terms and conditions under which Personal Data (hereinafter "Data") and Cookies are processed.

The company TRAVEL STADIUM, and the company WONDERBOX SAS (hereinafter together "Tick'nBox") are concerned about the protection reserved for your Data and the way in which they can be processed on the site https://www.ticknbox.com/ (hereinafter the “Site”). They ensure and undertake that they are collected in compliance with the Data Protection Act No. 78-17 of 6 January 1978 as amended (hereinafter "Data Protection Act"), and European Regulation 2016/ 679 (hereinafter “Rules”).

 

Any use of the Site implies your unreserved acceptance and your full and complete adherence to the present which prevails over any other document, except for special conditions expressly granted in writing by Tick'nBox.

This Privacy Policy is effective as of March 24, 2020. It cancels and replaces all prior versions. Tick'nBox reserves the right to modify it at any time by publishing a new version on the Site. Therefore we invite you to visit this page regularly.

The invalidity of a clause does not invalidate the entire Privacy Policy. The temporary or permanent non-application of one or more clauses by Tick'nBox does not constitute a waiver on its part.

 

1 - RESPONSIBLE FOR THE PROCESSING

 

The Data Controller is:

WONDERBOX SAS, Simplified Joint Stock Company with capital of 10,279,961 euros, having its registered office at 34 avenue des Champs Elysées, 75008 PARIS, registered with the Paris Trade and Companies Register under number 508 244 548.

 

2- NATURE OF DATA PROCESSED

 

During your use of the website, certain Data may be processed, these are the following Data:

 

• Data related to your identity: Surname, first name, billing address, delivery address, email address, telephone number, date of birth
• Connection data: IP address, connection identifiers
• Data relating to order tracking: Product purchased, service performed, order history, opinion on the service, products viewed, use of a promotional code, delivery method and costs, purchase details, gift voucher number
• Payment data: Payment method, payment card data, transaction number
• The subscription to which you have or have not subscribed (newsletters, etc.)

The mandatory or optional nature of the data is indicated to you during collection by an asterisk. Some data is collected automatically as a result of your actions on the website.

 

3- PURPOSE OF DATA PROCESSING - DURATION

 

 

4 - RECIPIENTS OF PERSONAL DATA

 

The data collected on the Site is intended for WONDERBOX SAS and all the companies it controls and/or the Partners and subcontractors of Tick'nBox.

 

5 - DATA TRANSFER

 

As a matter of principle, we ensure that the Data is not transferred outside the European Union or within a country that has not been the subject of an adequacy decision by the European Commission.

However, transfers outside the European Union may be carried out, in particular within the framework of the following activities:

• Customer relationship
• Exploitation of data to social networks
• IT services

In such a case, Tick'nBox takes the appropriate guarantees in accordance with Article 46. 2. d) of the Regulation by implementing standard contractual clauses from the European Commission.

Pursuant to Article 13.1 f) of the Regulation, the appropriate safeguards are made available below within Article 13 of this Privacy Policy.

 

 

6 - PERSONAL DATA COLLECTION METHODS

 

Your Data may be collected when:

 

• you create your customer account;
• you use a gift set;
• you place an order on our Site;
• you participate in a game or competition;
• you browse our Site and view Products;
• you contact our customer service;
• you write a comment

 

7 - CONSENT OF MINORS

 

In order to comply with regulations aimed at protecting minors, Tick'nBox does not collect or process the Data of minors.

The services available on this site are therefore intended for people over the age of 18. Anyone under the age of 18 wishing to place an order or create an account must ask their legal representative to do so for them.

 

8 - COOKIES

8.1 POLICY ON THE USE OF COOKIES

When consulting the Site, cookies are placed on your computer, mobile or tablet. Our Site is designed to be attentive to the needs and expectations of our customers. This is one of the reasons why we use cookies, for example to identify you and access your account. This page allows you to better understand how cookies work and how to configure them.

8.2 DEFINITION OF A COOKIE

 

A cookie is a text file placed on your computer when visiting a site or consulting an advertisement. Its purpose is to collect information relating to your browsing and to send you services adapted to your terminal (computer, mobile or tablet). Cookies are notably managed by your internet browser.

8.3 THE DIFFERENT TRANSMITTERS

 

Site cookies: these are cookies placed by https://www.ticknbox.com/ on your terminal to meet the needs of navigation, optimization and personalization of services on the Site.

 

Third-party cookies: these are cookies placed by third-party companies (eg partners) to identify your areas of interest and possibly personalize the advertising offer sent to you on and off the website.

 

They can be deposited when you browse the website or when you click in the advertising spaces of the website.

 

8.4 MODIFYING THE COOKIE SETTINGS

 

Technical cookies - essential for the operation of the site https://www.ticknbox.com/

These cookies are essential for navigation on the Site. They allow you to use the main features of the website and to secure your connection.

You can change your cookie settings by clicking here

 

Functional cookies

These cookies are essential to your navigation because they allow you to access the temporary functionalities of the Site (memorize your basket or your connection information for example). They also allow you to adapt the graphic rendering of the site to the display preferences of your terminal. These cookies allow you to have a fluid and customized navigation. They are kept 24 hours and do not require your consent.

 

In addition, these cookies allow us to know the use and performance of our Site, to establish statistics, volumes of visits and use of the various elements of our Site (content visited, routes) allowing us to improve the interest and ergonomics of our services (the pages or sections most often consulted, the most read articles, etc.). Cookies are also used to count visitors to a page.

From time to time, cookies may be placed in order to measure, on the basis of aggregated and anonymous statistical data, the effectiveness of advertising campaigns carried out by Tick'nBox.

You can change your cookie settings by clicking here

 

Optional functional cookies

These are the same functional cookies that will be kept for a longer period, up to a maximum of 13 months, if you consent.

You can change your cookie settings by clicking here

 

Personalised content cookies on our site

These are cookies used to offer you personalized content on our Site and to reward your loyalty (for example: sponsorship program). The refusal of these cookies has no impact on the use of our Site.

You can change your cookie settings by clicking here

 

Advertising cookies on other sites

These are cookies used to present you with information tailored to your areas of interest when browsing the Internet. The refusal of these cookies has no impact on the use of our Site. However, refusing advertising cookies will not stop advertising during your browsing. This will only have the effect of displaying advertisements that do not take into account your centers of interest or your preferences when you browse the Internet.

 

Cookies placed by advertising organizations allow anonymous identification of Internet users. The browsing data reported is non-personally identifiable information such as the URL of the pages visited, the keywords used in search engines or interactions with advertisements.

 

There may also be cookies from Tick'nBox partners which identify Internet users who have visited our Site and then send commercial solicitations. This may be an email, although you would not have given your email address to Tick'nBox. This processing involves service providers specializing in retargeting, who have obtained your email address from their partners, as well as your consent to authorize the sending of advertising.

You can change your cookie settings by clicking here

 

8.5 CONFIGURING YOUR INTERNET BROWSER

 

You can also choose to deactivate these cookies at any time by modifying the settings of your internet browser. Indeed, your browser can also be configured to notify you of the cookies that are stored on your computer and ask you to accept them or not.

 

You can accept or refuse cookies on a case-by-case basis or refuse them systematically.

 

We remind you that the setting is likely to modify your conditions of access to our content and services requiring the use of cookies. If your browser is configured to refuse all cookies, you will not be able to take advantage of some of our services. In order to manage cookies as closely as possible to your expectations, we invite you to configure your browser taking into account the purpose of cookies.

 

Internet Explorer

In Internet Explorer, click the Tools button, then click Internet Options.
On the General tab, under Browsing history, click Settings.
Click the View Files button.

Firefox

Go to the Tools tab of the browser then select the Options menu
In the window that appears, choose Privacy and click Show cookies.

Safari

In your browser, choose the Edit menu > Preferences.
Click Security.
Click Show Cookies.

Google Chrome

Click on the Tools menu icon.
Select Options.
Click on the Advanced Options tab and navigate to the Privacy section.
Click the Show Cookies button.

9 - HYPERTEXT LINKS

 

The website may contain certain links to other sites whose content is beyond our control and not covered by this Privacy Policy. We are not responsible for the content of the sites thus presented, nor for the way in which your Data will be collected and processed there.

 

10 - SECURITY OF PERSONAL DATA

 

We are committed to implementing measures to ensure Data security. These are appropriate technical and organizational measures to guarantee an appropriate level of security. These may include:

• pseudonymization and encryption of Data;
• the means to guarantee the constant confidentiality, integrity, availability and resilience of the processing systems and services;
• the means to restore the availability of the Data and access to it within the appropriate timeframes in the event of a physical or technical incident;
• a procedure for regularly testing, analyzing and evaluating the effectiveness of the technical and organizational measures to ensure the security of the processing

 

To this end, we ask you to keep your password confidential and not to communicate it to anyone. You remain responsible for any failure resulting from failure to respect the confidentiality of the password we have chosen for you to access your account.

 

For payment purposes, payment card details are collected by Crédit Agricole, our payment service provider, who will be the sole recipient of the Data collected and in charge of storing it. Thus the Data is stored on the Crédit Agricole servers and is at no time transmitted to the Tick'nBox servers. Crédit Agricole is in charge of the request for authorization from the bank and sends us the transaction number allowing the operations. Crédit Agricole retains the associated Data, the time necessary to complete the transaction and to implement the right of withdrawal.

 

11 - RIGHTS ON YOUR PERSONAL DATA

 

In accordance with the regulations, you have a right of access, deletion, portability of the Data concerning you and opposition or limitation to their processing. You also have the right to define the directives concerning the fate of your Data after your death under the conditions defined in article 40.1 of the Data Protection Act Finally, you have the right to lodge a complaint with the competent supervisory authority.

 

At any time, while browsing the Site, you can access your Data via your customer area, rectify your data if your situation has changed or even object to us collecting your data for prospecting purposes.

 

On the other hand, certain data are essential to the processing of your order. If this Data is not collected, we will not be able to follow up on your order.

 

Finally, at any time, you can also exercise your rights. Simply send us your request, indicating your surname, first name, e-mail and address, by post to the following address:

TRAVEL STADIUM
255 rue Carnelian
13510 Eguilles

 

In accordance with the regulations in force, your request must be signed and accompanied by proof of identity to ensure that the request comes from the person concerned. A response will then be sent to you within 1 month of receipt of the request. If necessary, this period may be extended by a period of 2 months given the complexity of the request or because of the number of requests.

 

You can also exercise your rights by making your request via the contact form accessible in the Contact Us tab.

 

12 – DATA PROTECTION DELEGATE

 

The Data Protection Officer (hereinafter the "DPO") Tick'nBox can be contacted by mail at the following address:

TRAVEL STADIUM
255 rue Carnelian
13510 Eguilles

 

You also have the option of contacting the DPO by sending your request via the contact form accessible in the “Help and Contact” / “Contact us” tab.

 

13 - APPROPRIATE GUARANTEES

STANDARD CONTRACTUAL CLAUSES APPLICABLE TO SUBCONTRACTORS EFFECTING TRANSFERS OUTSIDE THE EU

 

The Parties HAVE AGREED to the following contractual clauses (hereinafter referred to as "the clauses") in order to offer adequate guarantees concerning the protection of privacy and the fundamental rights and freedoms of individuals during the transfer, by the exporter of data to the data importer, of the personal data referred to in Annex 1.

 

1. Definitions

Within the meaning of the clauses:

1. “personal data”, “special categories of data”, “processing/processing”, “controller”, “processor”, “data subject” and “supervisory authority” have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
2. the "data exporter” is the data controller who transfers the personal data;
3. the "data importer" is the processor who agrees to receive from the data exporter personal data intended to be processed on the latter's behalf after the transfer in accordance with its instructions and under the terms of the present clauses and which is not subject to the mechanism of a third country ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
4. "Sub-processor" means the sub-processor engaged by the Data Importer or any other sub-processor thereof, who agrees to receive from the Data Importer or any other sub-processor subsequent processing by the latter of personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with the latter's instructions, on the conditions set out in these clauses and according to the terms the written subcontract;
5. 'applicable data protection law' means legislation protecting the fundamental rights and freedoms of individuals, including the right to privacy in relation to the processing of personal data, and applying to a controller in the Member State where the data exporter is established;
6. "technical and organizational security measures" are measures intended to protect personal data against accidental or unlawful destruction, accidental loss, alteration, disclosure or unauthorized access, in particular when the treatment supposes the transmission of data by network, and against any other illicit form of treatment.

 

2. Transfer details

The details of the transfer and, in particular, where applicable, the special categories of personal data, are specified in Annex 1 which forms an integral part of these clauses.

 

3. Third party beneficiary clause

1. The data subject may enforce against the data exporter this clause, as well as clause 4, points b) to i), clause 5, points a) to e) and points g) to j), the clause 6, paragraphs 1 and 2, clause 7, clause 8, paragraph 2, and clauses 9 to 12 as a third party beneficiary.

2. The data subject may enforce against the data importer this clause, as well as clause 5, points a) to e) and g), clause 6, clause 7, clause 8, paragraph 2, and clauses 9 to 12 in cases where the data exporter has materially disappeared or ceased to exist in law, unless all of its legal obligations have been transferred, by contract or by operation of law , to the entity which succeeds it, to which therefore fall the rights and obligations of the data exporter, and against which the data subject can therefore enforce the said clauses.

3. The data subject may enforce against the sub-processor this clause, as well as clause 5, points a) to e) and g), clause 6, clause 7, clause 8, paragraph 2, and clauses 9 to 12, but only in cases where the data exporter and the data importer have materially disappeared, ceased to exist in law or have become insolvent, unless the set of legal obligations of the the data exporter has been transferred, by contract or by operation of law, to the legal successor, to whom therefore fall the rights and obligations of the data exporter, and against whom the data subject can therefore enforce the said clauses. This civil liability of the sub-processor shall be limited to its own processing activities in accordance with these clauses.

4. The parties do not object to the data subject being represented by an association or other body if he so wishes and if national law so permits.

 

4. Obligations of the data exporter

The Data Exporter agrees and warrants the following:

1. the processing, including the actual transfer of the personal data, has been and will continue to be carried out in accordance with the relevant provisions of applicable data protection law (and, where applicable, has been notified to the competent authorities of the Member State in which the data exporter is established) and does not infringe the relevant provisions of that State;
2. it has instructed, and will for the duration of the Personal Data Processing Services, instruct the Data Importer to process the Personal Data transferred on the Data Exporter's sole behalf and in accordance with applicable law data protection and these clauses;
3. the data importer will offer sufficient guarantees with regard to the technical and organizational measures related to security specified in Annex 2 of this contract;
4. after evaluating the requirements of applicable data protection law, the security measures are adequate to protect the personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access. authorized, in particular when the processing involves the transmission of data by network, and against any other illicit form of processing and they ensure a level of security adapted to the risks linked to the processing and to the nature of the data to be protected, with regard to the technological level and the cost of implementation;
5. he will ensure compliance with security measures;
6. if the transfer relates to special categories of data, the data subject has been informed or will be informed before the transfer or as soon as possible after the transfer that his data could be transmitted to a third country not offering a level of protection adequate within the meaning of Directive 95/46/EC;
7. i it will forward any notification received from the Data Importer or any Sub-processor pursuant to Clause 5(b) and Clause 8(3) to the Data Protection Supervisory Authority. data if he decides to continue the transfer or to lift his suspension;
8. it will make available to the persons concerned, if they so request, a copy of these clauses, with the exception of Annex 2, and a summary description of the security measures, as well as a copy of any contract of subsequent sub-contracting having been concluded in accordance with these clauses, unless the clauses or the contract contain(s) commercial information, in which case it may withdraw this information;
9. in case of sub-processing, the processing activity is carried out in accordance with clause 11 by a sub-processor offering at least the same level of protection of personal data and the rights of the data subject as the data importer in accordance with these clauses; And
10. he will ensure compliance with clause 4, points a) to i).

 

5. Obligations of the data importer

The Data Importer agrees and warrants the following:

1. it will process the personal data on the exclusive behalf of the data exporter and in accordance with the instructions of the latter and these clauses; if he is unable to comply for any reason whatsoever, he agrees to inform the data exporter as soon as possible of his inability, in which case the latter has the right to suspend the transfer of data and/or withdraw from the contract;
2. he has no reason to believe that the law affecting him prevents him from fulfilling the instructions given by the data exporter and his obligations under the contract, and if such law is the subject of a modification likely to have significant negative consequences for the guarantees and obligations offered by the clauses, it will communicate the modification to the data exporter without delay after becoming aware of it, in which case the latter has the right to suspend the transfer of data and/or withdraw from the contract;
3. it has implemented the technical and organizational security-related measures specified in Annex 2 before processing the personal data transferred;
4. it will communicate without delay to the data exporter:
   1. any binding request from a law enforcement authority to disclose personal data, unless otherwise provided, such as a criminal prohibition to preserve the secrecy of a police investigation;
   2. any incidental or unauthorized access; And
   3. any request received directly from data subjects without responding to such request, unless authorized to do so;
5. it will deal promptly and appropriately with all inquiries from the data exporter relating to its processing of the personal data which is the subject of the transfer and will comply with the advice of the control with regard to the processing of the transferred data;
6. "technical and organizational security-related measures" are measures intended to protect personal data against accidental or unlawful destruction, accidental loss, alteration, disclosure or non-automatic access
7. it will make available to the data subject, if requested, a copy of these clauses, or any existing subcontract, unless the clauses or the contract contain(s) commercial information, in which case he may withdraw this information, with the exception of Annex 2, which will be replaced by a summary description of the security measures, when the person concerned is unable to obtain a copy from the exporter of data;
8. in the event of subsequent sub-contracting, he will first ensure that the data exporter is informed and that the latter's written agreement is obtained;
9. the processing services provided by the sub-processor will comply with clause 11;
10. it will promptly send a copy of any subsequent processor agreement entered into by it under these clauses to the data exporter.

 

6. Liability

1. The parties agree that any data subject who has suffered damage as a result of a breach of the obligations referred to in clause 3 or clause 11 by one of the parties or by a subsequent sub-contractor has the right to obtain data exporter compensation for the damage suffered.

2. If a data subject is prevented from bringing the action for damages referred to in paragraph 1 against the data exporter for breach by the data importer or its sub-processor of either of its obligations under clause 3 or clause 11, because the data exporter has materially disappeared, ceased to exist in law or has become insolvent, the data importer agrees that the data subject may file a complaint against it as if it were the data exporter, unless all of the data exporter's legal obligations have been transferred, by contract or by operation of law, to the entity that succeeds him, against which the person concerned can then assert his rights.

The data importer cannot invoke a breach by a sub-processor of its obligations to avoid its own responsibilities.

3. If a data subject is prevented from bringing the action referred to in paragraphs 1 and 2 against the data exporter or data importer for breach by the sub-processor of any of its obligations referred to in clause 3 or clause 11, because the data exporter and the data importer have materially disappeared, ceased to exist in law or have become insolvent, the sub-processor agrees that the person data subject may bring a complaint against it in relation to its own processing activities in accordance with these clauses as if it were the data exporter or the data importer, unless the full legal obligations of the data exporter or data importer has been transferred, by contract or by operation of law, to the legal successor, against whom the data subject may then assert his rights. The Sub-processor's liability shall be limited to its own processing activities in accordance with these clauses.

 

7. Mediation and Jurisdiction

1. The data importer agrees that if, under the terms of the clauses, the data subject invokes against him the right of the third party beneficiary and/or requests compensation for the damage suffered, he will accept the decision of the data subject:
1. to submit the dispute to mediation by an independent person or, where appropriate, by the supervisory authority;
2. bring the dispute before the courts of the Member State where the data exporter is established.

2. The parties agree that the choice made by the data subject will not affect the procedural or substantive right of the data subject to obtain redress under other provisions of national or international law.

 

8. Cooperation with supervisory authorities

1. The Data Exporter agrees to file a copy of this Agreement with the Supervisory Authority if required to do so or if such filing is required by applicable data protection law.
2. The parties agree that the supervisory authority has the right to carry out verifications at the data importer and at any sub-processor to the same extent and under the same conditions as in the case of verifications carried out at the data importer. data exporter in accordance with applicable data protection law.
3. The data importer shall inform the data exporter, as soon as possible, of the existence of legislation concerning him or any sub-processor preventing verifications from being carried out at his place or at any sub-processor in accordance with paragraph 2. In this case, the data exporter has the right to take the measures provided for in clause 5, point b).

 

9. Applicable law

The clauses are governed by the law of the Member State where the data exporter is established, namely French law.

 

10. Modification of the contract

The parties undertake not to modify these clauses. The parties remain free to include other clauses of a commercial nature that they deem necessary, provided that they do not contradict these clauses.

 

11. Subsequent subcontracting

1. The Data Importer shall not subcontract any of its processing activities carried out on behalf of the Data Exporter in accordance with these clauses without the prior written consent of the Data Exporter. The Data Importer shall only subcontract its obligations under these clauses, with the consent of the Data Exporter, by means of a written agreement concluded with the sub-processor, imposing on this last the same obligations as those incumbent on the data importer in accordance with these clauses (3). In the event of a breach by Sub-processor of its data protection obligations pursuant to such written agreement, Data Importer shall remain fully liable for compliance with such obligations to Data Exporter.

2. The prior written contract between the data importer and the sub-processor also provides for a third party beneficiary clause as set out in clause 3 for cases where the data subject is prevented from bringing the action for damages referred to in clause 6, paragraph 1, against the data exporter or data importer because these have materially disappeared, ceased to exist in law or have become insolvent, and all legal obligations of the Data Exporter or Data Importer has not been transferred, by contract or by operation of law, to any successor entity. This civil liability of the sub-processor shall be limited to its own processing activities in accordance with these clauses.

3. The provisions relating to the data protection related subcontracting aspects of the contract referred to in paragraph 1 shall be governed by the law of the Member State where the data exporter is established, namely French law.

4. The Data Exporter maintains a list of Subprocessing Agreements entered into under these Clauses and notified by the Data Importer pursuant to Clause 5(j), which will be updated at least once. per year. This list is made available to the data exporter's data protection supervisory authority.

 

12. Obligation after Termination of Personal Data Processing Services

1. The Parties agree that upon termination of the Data Processing Services, the Data Importer and Sub-processor will return to the Data Exporter, at the Data Exporter's option, all Data to personal character transferred as well as the copies, or will destroy all of this data and will provide proof of this to the data exporter, unless the legislation imposed on the data importer prevents him from returning or destroying the all or part of the personal data transferred. In this case, the data importer guarantees that he will keep the personal data transferred confidential and that he will no longer actively process this data.

2. The data importer and the sub-processor guarantee that if the data exporter and/or the supervisory authority so requests, they will subject their means of data processing to verification of the measures referred to in paragraph 1.

 

14 - APPENDIX & PARTNERS

Google

By visiting and using the Tick'nBox website, the website user also agrees to be bound by Google's privacy policy located at: Google Privacy Policy

‍

 

YOUTUBE

We use the YouTube service APIs to be able to display the video media content associated with all of our Tick'nBox catalog products.

By visiting and using the Tick'nBox website, the user of the website also agrees to be bound by the YouTube Terms of Service located at: Youtube Terms of Service