Privacy Policy

Last updated :

What is the purpose of our Privacy Policy?

Mothair SAS, which manages the mothair.com website, attaches great importance to the protection and confidentiality of your personal data, which represent, for us, a guarantee of seriousness and trust.

In this regard, our Personal Data Privacy Policy is a testament to ourcommitment to respecting, within Mothair SAS, the applicable rules regarding the protection of personal dataand, in particular, those of the General Data Protection Regulation ("GDPR").

In particular, our Privacy Policy aims to inform you about the way and reasons why we process your personal data in the context of theservicesthat we provide to you.

Who is our Privacy Policy addressed to?

Our Privacy Policy is addressed toyou, regardless of your place of residence, as long as you are at least 15 years old and areusers of our sitemothair.com.

If you are under the legal age mentioned above, you are not authorized to use our serviceswithout the prior and explicit consentof one of your parents or the holder of parental authority, which must be sent to us by email at dpo@mothair.fr.

If you believe that we hold personal data concerning your children without your consent, we invite you to contact us at the dedicated address mentioned above.

Why do we process your personal data and on what basis?

We process your personal data mainly for the following reasons:

  • To use and benefit from our service and all its featuresbased on our general terms of use, namely to allow you to place an order and have it delivered.
  • To exchange with our support service via our chat/chatbotbased on our general terms of use.
  • Topay onlinebased on our general terms of sale.
  • To receive our technical emails (e.g., password changes, etc.)based on our legitimate interest in ensuring the security of your account and providing you with the necessary information for the proper functioning of the service.
  • To guarantee and strengthen the security and quality of our serviceson a daily basis (e.g., statistics, data security, etc.) based on the legal obligations that apply to us, our general terms of use, and our legitimate interest in ensuring the proper functioning of our services.
  • To receive our newsletterbased on our legitimate interest in retaining our customer base and based on your consent if you are not already a customer of our services.

Your data is collecteddirectly from youas soon as you are a user of our mothair.com site, and we undertake to only process your data for thereasons described above.

When using our child sleep tracking device, we also process data concerning you and your child based on our general terms and our legitimate interest in providing our services. Details are provided by the privacy policy available on our tracking application.

What personal data do we process and for how long?

We have summarized below thecategories of personal dataand theirrespective retention periods :

  • Personal identification data(e.g., name, first name, etc.) andcontact details(e.g., email address) kept for the duration of the service provision, to which are added the legal prescription periods, which are generally 5 years.
  • Economic and financial data(e.g., bank account number, verification code, etc.) kept for the duration necessary for the transaction and management of billing and payments, to which are added the legal prescription periods, which are generally 5 to 10 years.
  • Email address to receive our technical messageskept until the deletion of your account.
  • Email address to receive our newsletterkept until the end of your subscription to the newsletter.
  • Connection data(e.g., logs, IP address, etc.) kept for a period of 1 year.
  • Financial and asset situationkept until the deletion of your account in the context of using the site.

At the end of the applicable retention periods, the deletion of your personal data isirreversibleand we will no longer be able to communicate them to you after this deadline. At most, we can only keep anonymous data forstatistical purposes.

Please note that in the event ofdisputes, we are required to keepallof the data concerning you for the entire duration of the processing of the file, even after the expiration of their retention periods described above.

In the context of using our child sleep tracking device, we also process data related to the well-being of your children, and in particular, their sleep rhythm, etc. For more information, please consult the privacy policy available on our tracking application.

What rights do you have to control the use of your personal data?

The applicable regulations regarding data protection grant youspecific rightsthat you can exercise,at any time et free of charge, in order to control the use we make of your data.

  • Right ofaccessandcopyof your personal data, provided that this request is not in contradiction with business secrecy, confidentiality, or correspondence secrecy.
  • Right torectificationof personal data that may be inaccurate, outdated, or incomplete.
  • Right toobjectto the processing of your personal data when it is based on our legitimate interest, unless there are legitimate and compelling reasons that justify this processing and prevail over your interests, rights, and freedoms.
  • Right to requesterasure("right to be forgotten") of your personal data that are not essential to the proper functioning of our services.
  • Right tolimitationof your personal data, which allows us to freeze the use of your data in case of a dispute over the legitimacy of a processing operation.
  • Right toportabilityof your data, which allows you to recover part of your personal data in order to store it or transmit it easily from one information system to another.
  • Right to giveinstructionsregarding the fate of your data in the event of death, either through your intermediary or through a trusted third party or heir.

For a request to betaken into account, it is imperative that it be made directly byyou, or your representativeat the address dpo@mothair.fr.

Requests cannot come from anyone other than you or your representative. We may therefore ask you forproof of identityin case of doubt about the identity of the applicant, as well as justification of representation.

We will respond to your request within thebest possible timewith a maximum limit ofone monthfrom the date of receipt, unless the request is technically complex or if we receive many requests at the same time. In this case, the response time may be up to three months.

Please note that we can alwaysrefuseto respond to anyexcessive or unfoundedrequest, particularly with regard to itsrepetitive.

Who can access your personal data?

Your personal data is processed byour teamsand byour technical service providers for the sole purpose of operating our service.

We specify that wecontrol all our technical service providers before recruiting themto ensure that they scrupulously respect the applicable rules regarding the protection of personal data.

MOREOVER, WE GUARANTEE THAT WE NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR COMMERCIAL PARTNERS.

Can your personal data be transferred outside the European Union?

The personal data processed by our site is exclusively hosted on servers located within the European Union.

Moreover, we do our best to only use technical tools whose servers are also located within the European Union. If this is not the case, we ensure that they implementthe necessary guarantees

Regarding the data processed in the context of ourchild sleep tracking devicethey arestored on health data hosting servers located within the European Union.For more information, please consult our privacy policy available on our tracking application.

How do we protect your personal data?

We implement thetechnical means et organizational measuresto guarantee thesecurityof your personal data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or disclosure.

Technical security measures: HTTPS protocol

Organizational security measures:

Information system charter, Password and authorization management policy, Data breach management procedure, Data subject rights management procedure, Code of conduct, Awareness and training of teams twice a year

Do we use cookies when you browse our platform?

We guarantee that we do not use any advertising cookies for the operation of this platform.

On the other hand, we use audience measurement tools (Google Analytics and PostHog, whose servers are located within the European Union) in order to understand the use of our platform and improve it. These tools are only activated with your consent; in case of refusal, the measurement continues in an anonymous and cookie-free manner. We do not resell any of this data. For more information, we invite you to consult our Cookie Policy.

Who can you contact to obtain more information about the use of your personal data?

To best ensure the protection and integrity of your data, we have officially appointed anData Protection Officer (“DPO”) independentwith our supervisory authority.

You can contact our DPO at any time and free of charge at the address dpo@mothair.fr to obtain more information or details on how we process your data.

How can you contact the CNIL?

You can contact theNational Commission for Informatics and Liberties ou CNILat the following address: Complaints Department of the CNIL, 3 Place de Fontenoy – TSA 80751, 75334 Paris Cedex 07, or by phone at 01.53.73.22.22.

Can the Privacy Policy be modified?

We may modify our Privacy Policy atany timeto adapt it to newlegal requirementsas well as tonew processing operationsthat we may implement in the future.