Updated June 3, 2020
1. Parties and Purpose
Promenade SAS (hereinafter “My Promenade” or the “Data Controller”)
Fredensborgveien 11, 0177 Oslo, Norway
Telephone: +47 46613639
The term “User” refers to any user, either any natural or legal person, who visits or interacts in any way with the Site.
As such, My Promenade determines all the technical, legal and organizational means and purposes for processing Users’ personal data. My Promenade undertakes to this end to take all necessary measures to guarantee the processing of personal data in accordance with the law of July 30, 2018, relating to the protection of individuals with regard to the processing of personal data (ci -after, “the Law”) and to the European Regulation of 26 April 2016 on the protection of data of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter ” Rules “).
My Promenade is free to choose any natural or legal person who processes users’ personal data at their request and on their behalf (hereinafter the “Subcontractor”). If necessary, My Promenade undertakes to select a Subcontractor offering sufficient guarantees as to the technical and organizational security measures for the processing of personal data, with regard to the Law and the Regulations.
2. Processing of personal data
The use of the Site by Users may result in the communication of personal data. The processing of this data by My Promenade, in its capacity as Data Controller, or by providers acting on behalf and on behalf of My Promenade, will comply with the Law and the Regulations.
Personal data will be processed by My Promenade, in accordance with the purposes mentioned below, via:
3. Purpose of processing personal data
In accordance with article 13 of the Regulation, the purposes of processing personal data are communicated to the User and are as follows:
4. Personal data likely to be processed
The User has the right to withdraw their consent at any time. Withdrawal of consent does not compromise the lawfulness of processing based on previously given consent.
6. Duration of storage of users’ personal data
In accordance with article 13 §2 of the Regulation and the Law, the Data Controller only stores personal data for the time reasonably necessary to allow the purposes for which they are processed to be fulfilled.
This duration is in all cases less than: 10 years
7. Data recipients and disclosure to third parties
Personal data can be transmitted to the agents, employees, subcontractors or suppliers of My Promenade who offer adequate data security guarantees, and who collaborate with My Promenade in the context of the marketing of products or the provision of services . They act under the direct authority of My Promenade, and are particularly responsible for collecting, processing or sub-processing this data.
In the event that the data is disclosed to third parties for direct marketing or prospecting purposes, the User will be informed beforehand so that he expresses his consent to the use of this personal data.
8. Rights of Users
At any time, the User can exercise their rights by sending a message by email to the following address: firstname.lastname@example.org, or a letter by post addressed, attaching a copy of their identity card to the ” following address: Oslo, Norway
a. Permission to access
In accordance with article 15 of the Regulations, My Promenade guarantees the right of access to the User for his personal data. The User has the right to obtain access to said personal data and the following information:
The Data Controller may require the payment of reasonable fees based on administrative costs for any additional copy requested by the User.
When the User submits this request electronically (through the e-mail address for example), the information is provided in an electronic form in common use, unless the User requests otherwise .
The copy of his data will be communicated to the User no later than one month after receipt of the request.
b. Right of rectification
My Promenade guarantees the right of rectification and erasure of personal data to the user.
In accordance with article 16 of the Regulation, incorrect, inaccurate or irrelevant data can be corrected or deleted at any time. The User first makes the necessary modifications himself from his user / other account, unless these cannot be done independently, in which case the request can be made to My Promenade.
In accordance with article 19 of the Regulation, the Controller notifies each recipient to whom the personal data have been communicated of any rectification of the personal data, unless such communication proves to be impossible or requires disproportionate efforts. The data controller provides the data subject with information on these recipients if the latter so requests.
c. Right to erasure
The User has the right to obtain the erasure of his personal data as soon as possible in the cases listed in article 17 of the Regulation.
When the Data Controller has made personal data public and is required to erase it under the previous paragraph, the Data Controller, taking into account the available technologies and the costs of implementation, takes reasonable measures , including of a technical nature, to inform the other data controllers who process this personal data that the data subject has requested the erasure by these data controllers of any link to this personal data, or of any copy or reproduction thereof.
The two preceding paragraphs do not apply insofar as this processing is necessary:
the exercise of the right to freedom of expression and information;
to comply with a legal obligation which requires processing provided for by Union law or by the law of the Member State to which the controller is subject, or to perform a task of public interest or relating to the exercise of the public authority vested in the controller;
the establishment, exercise or defense of legal claims.
In accordance with article 19 of the Regulation, the Data Controller notifies each recipient to whom the personal data has been communicated of any deletion of personal data or any limitation of the processing carried out, unless such communication proves impossible. or requires disproportionate effort. The data controller provides the data subject with information on these recipients if the latter so requests.
d. Right to limit processing
The User has the right to obtain the limitation of the processing of his personal data in the cases listed in article 19 of the Regulation.
In accordance with article 19 of the Regulation, the Controller notifies each recipient to whom the personal data has been communicated of any limitation of the processing carried out, unless such communication proves to be impossible or requires disproportionate efforts. The data controller provides the data subject with information on these recipients if the latter so requests.
e. Right to data portability
In accordance with article 20 of the Regulation, Users have the right to receive from My Promenade personal data concerning them in a structured, commonly used and machine-readable format. Users have the right to transmit this data to another controller without My Promenade obstructing it in the cases provided for by the Regulations.
When the User exercises their right to data portability in application of the preceding paragraph, they have the right to obtain that personal data be transmitted directly from one controller to another, when this is technically possible.
The exercise of the right to data portability is without prejudice to the right to erasure. This right does not apply to the processing necessary for the performance of a task of public interest or falling within the exercise of public authority vested in the controller.
The right to data portability does not affect the rights and freedoms of third parties.
f. Right to object and automated individual decision-making
The User has the right at any time to oppose the processing of his personal data due to his particular situation, including the automation of data carried out by My Promenade. In accordance with article 21 of the Regulation, My Promenade will no longer process personal data, unless there are legitimate and compelling reasons for the processing which prevail over the interests and rights and freedoms of the User, or for the establishment, exercise or defense of legal claims.
When personal data is processed for prospecting purposes, the User has the right to object at any time to the processing of personal data concerning them for such prospecting purposes, including profiling to the extent where it is linked to such prospecting.
When the data subject objects to the processing for prospecting purposes, personal data is no longer processed for these purposes.
a. General principles
A “Cookie” is a file temporarily or permanently placed on the User’s hard disk when consulting the Website, for subsequent connection. Thanks to cookies, the server recognizes the User’s computer.
Cookies can also be installed by third parties with whom My Promenade collaborates.
Some of the cookies used by My Promenade are necessary for the proper functioning of the Site, others allow the User experience to be improved.
The User can personalize or deactivate cookies by configuring their browser.
By using the Website, the User expressly agrees with the management of cookies as described in this article.
b. Type of cookies and purposes pursued
Different types of cookies are used by My Promenade on the Site:
c. Cookie retention period
Cookies are kept for the time necessary to achieve the intended purpose. The cookies likely to be stored on the User’s hard drive and their retention period are as follows:
d. Cookies management
If the User deactivates certain cookies, he accepts that the Website may not function optimally. Certain parts of the Website may therefore not be usable, or may be so partially.
If the User wishes to manage and / or delete certain cookies, he can do so by using the following link (s):
For Users with browser:
If the User refuses the use of Google Analytics cookies, he is invited to configure his browser in this sense, on the following website: http://tools.google.com/dlpage/gaoptout.
10. Limitation of liability of the Data Controller
The website may contain links to other websites owned by third parties not linked to My Promenade. The content of these sites and their respect for the Law and the Regulations are not the responsibility of My Promenade.
The holder of parental authority must give his express consent so that the minor under the age of 16 can disclose personal information or data on the website. My Promenade strongly advises those exercising parental authority over minors to promote responsible and secure use of the Internet. The Data Controller cannot be held responsible for having collected and processed personal information and data from minors under the age of 16 whose consent is not effectively covered by that of their legal parents or for incorrect data – in particular concerning the ‘age- introduced by minors. In no case will personal data be processed by the Data Controller if the User specifies that he is under the age of 16.
My Promenade is not responsible for the loss, corruption or theft of personal data caused in particular by the presence of viruses or following computer attacks.
The editor of the site reserves the right to modify it in order to guarantee its conformity with the law in force.
However, in the event of a substantial modification of this policy, the user will be informed as follows:
By push notification when the user re-visits the site
12. Conditions applicable to the consent of children with regard to information society services
Where Article 9 (1) (a) applies with regard to the direct provision of information society services to children, the processing of personal data relating to a child is lawful when the child is at least 16 years old. When the child is under the age of 16, this processing is only lawful if, and to the extent that, consent is given or authorized by the holder of parental responsibility for the child. Member States may provide by law for a lower age for these purposes, provided that this lower age is not less than 13 years.
The controller makes reasonable efforts to verify, in such a case, that consent is given or authorized by the holder of parental responsibility for the child, taking into account the technological means available.
13. Applicable law and competent jurisdiction