Mothair

Privacy Policy

Last updated :

What is the purpose of our Privacy Policy?

SAS Mothair, which manages the mothair.com website, attaches great importance to the protection and confidentiality of your personal data, which we regard as a mark of our reliability and trustworthiness.

As such, our Privacy Policy clearly demonstrates our commitment to ensuring that SAS Mothair complies with the applicable rules on the protection of personal data and, in particular, those of the General Data Protection Regulation (GDPR).

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in connection with the services we provide to you.

Who is our Privacy Policy intended for?

Our Privacy Policy applies to you, regardless of where you live, provided you are at least 15 years old and are a user of our website mothair.com.

If you are under the legal age specified above, you are not permitted to use our services without the prior and explicit consent of one of your parents or the holder of parental authority, which must be sent to us by email at dpo@mothair.fr.

If you believe we hold personal data concerning your children without your consent, please contact us at the dedicated address provided above.

Why do we process your personal data and on what basis?

We process your personal data primarily for the following reasons:

  • To use and benefit from our service and all its features in accordance with our terms and conditions of use, namely to enable you to place an order and have it delivered to you.
  • To communicate with our support team via our chat/chatbot in accordance with our Terms and Conditions of Use.
  • To make online payments in accordance with our general terms and conditions of sale.
  • To receive our technical emails (e.g. password changes, etc.) based on our legitimate interest in ensuring the security of your account and providing you with the information necessary for the proper functioning of the service.
  • To guarantee and enhance the security and quality of our services on a daily basis (e.g. statistics, data security, etc.) in accordance with our legal obligations, our Terms and Conditions of Use, and our legitimate interest in ensuring the proper functioning of our services.
  • To receive our newsletter based on our legitimate interest in building customer loyalty and on your consent if you are not yet a customer of our services.

Your data is collected directly from you when you use our website mothair.com, and we undertake to process your data only for the reasons described above.

When you use our child sleep tracking device, we also process data relating to you and your child on the basis of our Terms and Conditions and our legitimate interest in providing our services to you. Further details are provided in the privacy policy available on our tracking app.

What personal data do we process and for how long?

We have summarised below the categories of personal data and their respective retention periods:

  • Personal identification data (e.g. surname, first name, etc.) and contact details (e.g. email address) are retained for the entire duration of the service provision, plus the statutory limitation periods, which are generally 5 years.
  • Financial and economic data (e.g. bank account number, verification code, etc.) retained for the duration necessary for the transaction and for the management of invoicing and payments, plus the statutory limitation periods, which are generally between 5 and 10 years.
  • Email address for receiving our technical messages: retained until your account is deleted.
  • Email address for receiving our newsletter: retained until you unsubscribe from the newsletter.
  • Connection data (e.g. logs, IP address, etc.) is retained for a period of 1 year.
  • Financial and asset information is retained until your account is deleted in connection with your use of the website.

Once the applicable retention periods have expired, the deletion of your personal data is irreversible and we will no longer be able to provide it to you after this period. At most, we may only retain anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are obliged to retain all data relating to you for the entire duration of the case, even after the expiry of the retention periods described above.

When you use our sleep tracking device for your child, we also process data relating to your children’s wellbeing, including their sleep patterns, etc. For further information, please refer to the privacy policy of our tracking app.

What rights do you have to control the use of your personal data?

The applicable data protection regulations grant you specific rights which you may exercise at any time and free of charge to control how we use your data.

  • The right to access and obtain a copy of your personal data, provided that such a request does not conflict with trade secrets, confidentiality, or the secrecy of correspondence.
  • The right to rectify personal data that is inaccurate, out of date or incomplete.
  • The right to object to the processing of your personal data where such processing is based on our legitimate interests, unless there are legitimate and compelling reasons justifying such processing that override your interests, rights and freedoms.
  • Right to request the erasure (“right to be forgotten”) of your personal data that is not essential to the proper functioning of our services.
  • The right to restrict the processing of your personal data, which allows you to monitor the use of your data in the event of a dispute regarding the lawfulness of such processing.
  • Right to data portability, which allows you to retrieve some of your personal data so that you can easily store or transfer it from one information system to another.
  • The right to provide instructions regarding the handling of your data in the event of your death, either directly or through a trusted third party or a beneficiary.

For a request to be considered, it is essential that it is made directly by you or your representative at dpo@mothair.fr.

Requests cannot be made by anyone other than you or your representative. We may therefore ask you to provide proof of identity if there is any doubt as to the identity of the applicant, as well as proof of representation.

We will respond to your request as soon as possible, within a maximum of one month from receipt, unless the request is technically complex or we receive a large number of requests at the same time. In such cases, the response time may be up to three months.

Please note that we may refuse to respond to any excessive or unfounded requests, particularly if they are repetitive in nature.

Who has access to your personal data?

Your personal data is processed by our teams and our technical service providers for the sole purpose of operating our service.

We would like to point out that we vet all our technical service providers before engaging them to ensure that they strictly comply with the applicable rules on personal data protection.

FURTHERMORE, WE GUARANTEE THAT WE NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR BUSINESS PARTNERS.

Can your personal data be transferred outside the European Union?

The personal data processed by our website is hosted exclusively on servers located within the European Union.

Furthermore, we do our utmost to use only technical tools whose servers are also located within the European Union. Should this not be the case, we take great care to ensure that they implement the appropriate safeguards required to guarantee the confidentiality and protection of your personal data.

As regards the data processed as part of our child sleep tracking system, it is stored on health data hosting servers located within the European Union. For further information, please consult our privacy policy available on our tracking app.

How do we protect your personal data?

We implement the following technical and organisational measures to ensure the security of your personal data on a daily basis and, in particular, to guard against any risk of destruction, loss, alteration or disclosure.

Technical security measures: HTTPS protocol

Organisational security measures:

Information Systems Charter, Access Rights and Password Management Policy, Data Breach Management Procedure, Data Subject Rights Management Procedure, Code of Conduct, Staff awareness-raising and training twice a year

Do we use cookies when you browse our platform?

We guarantee that we do not use any advertising cookies for the operation of this platform.

However, we would like to inform you that we use statistical cookies when you browse our platform. For further information, please see our Cookie Policy.

Who can you contact for more information about the use of your personal data?

To best ensure the protection and integrity of your data, we have officially appointed an independent Data Protection Officer (“DPO”) with our supervisory authority.

You may contact our DPO at any time, free of charge, at dpo@mothair.fr to obtain further information or details on how we process your data.

How can you contact the CNIL?

You may contact the “Commission nationale de l’informatique et des libertés” or “CNIL” at any time using the following contact details: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22.

Can the Privacy Policy be amended?

We may amend our Privacy Policy at any time to bring it into line with new legal requirements and any new data processing activities we may implement in the future.