At HEYWINKY, protecting your personal data is a priority.

When you use the website (hereinafter the " Site "), we may collect personal data about you.

The purpose of this policy is to inform you about how we process such data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the " GDPR ").

1. Who is the data controller?

The data controller is MAINBOT, a simplified joint stock company, registered in the Paris Trade and Companies Register under no. 824 611 800 and whose registered office is located at Tour Maine Montparnasse - 33 Avenue du Maine, 75015 Paris (hereinafter referred to as " We ").

In accordance with our General Terms and Conditions of Sale, insofar as SODILOG (SAS registered with the Colmar Trade and Companies Register under no. 339 668 436, whose registered office is located at 4 rue Cure, 68000 Colmar) is acting as seller of the products available on the Website, MAINBOT and SODILOG must be considered to be acting as joint managers within the meaning of Article 26 of the RGPD for processing relating to the execution of the order and the constitution of the customer file. As owners and managers of the Website, We assume almost all the commitments made to ensure the respect and protection of your privacy. This is why We are your point of contact to deal with any request relating to your personal data, in accordance with article 8 of this document.

2. What data do we collect?

Personal data is data that allows an individual to be identified directly or by cross-referencing with other data.

We collect data in the following categories:

- Identification data (including your name, first name, email and postal address, telephone number, country)

- Data relating to your professional life (including the name of your company)

- Data relating to your orders

- Connection data (e.g. IP address, connection logs, password) 

- Data relating to your bank cards.

Mandatory data are indicated when you provide us with your data. They are marked with an asterisk and are necessary to provide you with our services.

3. On what legal grounds, for what purposes and for how long do we keep your personal data?

GoalsLegal basisShelf lifeExecute your order, carry out operations relating to the management of our customers concerning contracts, orders, deliveries, invoices, and follow-up of the contractual relationship with our customersFulfilment of the contract you or your company has with UsPersonal data is kept for the duration of the contractual relationship.
In addition, your data (with the exception of your bank details) is archived for evidential purposes for a period of 5 years.
Your credit card details are kept by our payment service provider until the goods are received, plus the withdrawal period.
The data relating to the visual cryptogram or CVV2, written on your bank card, is not stored.Build a file of clients and prospectsOur legitimate interest in developing and promoting our businessFor customers: data is kept for the duration of the contractual relationship.
For prospects: data is kept for a period of 3 years after your last contact.Create an account on our Site to manage orders placed for individual sellersPerformance of your contract with UsYour data is kept for the duration of your account.
If your account is inactive for 2 years, your personal data will be deleted if you do not respond to our reactivation email.
In addition, your data may be archived for evidential purposes for a period of 5 years.Send newsletters, solicitations and promotional messagesFor BTOB customers and prospects: our legitimate interest in building customer loyalty and informing our customers of our latest news
For prospects: your consentThe data is kept for 3 years from your last contact with us or until you withdraw your consent.Responding to your requests for informationOur legitimate interest in responding to your requestsThe data is kept for the time necessary to process your request for information and deleted once the request for information has been processed.Improving our servicesOur legitimate interest in improving our servicesComply with the legal obligations applicable to our businessComply with our legal and regulatory obligationsFor invoices: invoices are archived for a period of 10 years. The data relating to your transactions (with the exception of bank details) are kept for 5 years.Organise competitions and promotional operationsOur legitimate interest in customer loyalty and gift givingThe data is kept for the duration of the games or promotional operations and may be archived for 5 years for evidential purposes.To compile statistics on the navigation and audience of the SiteOur legitimate interest in analysing the composition of our customer base and improving our servicesManaging requests to exercise rightsOur legitimate interest in responding to your requests and keeping track of themIf we ask you for proof of identity, we will only keep it for as long as it takes to verify your identity. Once the verification has been completed, the proof is deleted.
If you exercise your right to object to receiving marketing: we keep this information for 3 years.

4. Who are the recipients of your data?

Will have access to your personal data:

- The staff of our company ;

- Our subcontractors: our hosting provider, our newsletter sending provider, our payment service provider, our CRM tool, our request management tool, our chat tool;

- Where applicable: public and private bodies, exclusively to meet our legal obligations.

5. Is your data likely to be transferred outside the European Union?

Your data is kept and stored for the entire duration of the processing on the BSVD company's servers, located in the European Union.
Within the framework of the tools that we use (see article on the recipients concerning our subcontractors), your data is likely to be the subject of transfers outside the European Union. The transfer of your data in this context is secured by means of the following tools:

- or the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, this country ensures a level of protection deemed sufficient and adequate to the provisions of the GDPR

- or the data is transferred to a country whose level of data protection has not been recognised as adequate for the purposes of the GDPR: in this case these transfers are based on appropriate safeguards as indicated in Article 46 of the GDPR, adapted to each provider, including but not limited to the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or under an approved certification mechanism

- or the data is transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.

6. What are your rights to your data?

You have the following rights with respect to your personal data:

- Right to information: this is the reason why we have drawn up this policy. This right is provided for in articles 13 and 14 of the RGPD.

- Right of access: you have the right to access all your personal data at any time, in accordance with Article 15 of the GDPR.

- Right of rectification: you have the right to rectify inaccurate, incomplete or outdated personal data at any time in accordance with Article 16 of the GDPR

- Right to limitation: you have the right to obtain a limitation of the processing of your personal data in certain cases defined in Article 18 of the GDPR.

- Right to erasure: you have the right to request that your personal data be erased, and to prohibit any future collection of your personal data on the grounds set out in Article 17 of the GDPR

- Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of the applicable texts. (Article 77 of the GDPR)

- The right to define directives relating to the conservation, deletion and communication of your personal data after your death, in accordance with article 40-1 of the French Data Protection Act.

- Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. Such withdrawal will not affect the lawfulness of the processing carried out before the withdrawal.

- Right to portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to request its transfer to the recipient of your choice.

- Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note, however, that we may continue to process your personal data despite this objection, for legitimate reasons or to defend legal claims.

You can exercise these rights by writing to us using the contact details below. We may ask you to provide additional information or documents to prove your identity.

7. What cookies do we use?

For more information on cookie management, please see our Cookie Policy.

8. Contact point for personal data



33 avenue du Maine, 

Tour Maine, Montparnasse, 45ème étage

75755 Paris Cedex 1575015

9. Changes

Entry into force: October, 10th 2022