PRIVACY POLICY

Updated on July 12th 2023

TALPUS SAS (as defined in article 1 below), carrying out its activities under the KEY EQUIPMENT brand, markets splitboard items and accessories on its website www.key-equipment.com (the “site”) ).

In order to offer for sale, sell and deliver its products, TALPUS SAS collects personal data (the "Data") from the users of this site, (together hereinafter referred to as the “Users").

The purpose of this privacy policy is to inform Users of the means implemented to collect, consult, process and store users' personal data.

TALPUS SAS, as data controller, undertakes to comply with the provisions of the Regulation relating to the protection of individuals with regard to the processing of personal data and the free movement of such data n ° 2016/679 of the European Parliament and of the Council of April 27, 2016 and French law n°78/17 of January 6, 1978, as amended (known as the “Data Protection Act”).

The User is informed that certain Data must be collected by TALPUS SAS in order to be able to provide its products and services. If the User does not wish to communicate this data, TALPUS SAS will not be able to perform its services.

This privacy policy (“Policy”) may be modified at any time by TALPUS SAS, in particular to comply with any regulatory, jurisprudential, editorial or technical developments. The User must refer before any navigation to the latest version of the Policy.

1. The Data Controller

The data controller, who collects personal data and implements Data processing is:

TALPUS SAS with a share capital of €5,000, registered with the RCS ANNECY under number 893 000 273 (intra-community VAT number: FR26893000273) and whose registered office is located at 5215 route de Flaine 74300 Arâches la frasse, France (hereinafter the "Publisher" or the "Data Controller").

For the purposes of this Policy, the terms "Process" or "Processing" refer to any operation or set of operations applied to Data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, limitation, erasure or destruction.

The term "Data(s)" means any information relating to a User, identified or identifiable, in particular by reference to an identifier, such as a name, an identification number, location data, or one or more elements own specific.

2. Collection of personal data

TALPUS SAS is required to collect the Personal Data of Users on the www.key-equipment.com Site.

The Data likely to be collected are as follows:

- Data from the "Contact us" form: namely the data that the User provides when sending a message by completing the "Contact us" form (first name, last name, email address)

- User account data: namely the data that the User provides when creating an account by completing the registration form (first name, last name, postal billing and delivery addresses, email address, number mobile phone number, password for connecting to the customer account);

- Personal data of the User when the latter registers them in his customer account: size of clothes and shoes,

- Transaction data: refers to the User's information relating to orders made and returns, such as telephone number, address, e-mail address and payment information;

- Data contained in exchanges made with customer service;

- Browsing Data: refers to the data that the Publisher collects when the User browses the Sites and Applications, such as the date, time of connection and/or browsing, type of browser , browser language, IP address, location data and geolocation;

- Personal data of participants in contests: when you participate in a contest on our social networks, we are likely to keep the personal data of the winners.

Data relating to means of payment (credit card number, expiry date, authorization number, security code) are collected directly by our service provider, STRIPE. TALPUS SAS never has access to the payment data of its customers.

3. Purposes of collecting personal data

The Data collected within the framework of the use of the Site, are subject to Processing in order to meet the purposes described in the table below.

The regulations in force protect the privacy of Users and require any data controller to be able to justify a legitimate basis for said processing. The regulations thus provide among the legal bases for processing:

- the performance of a contract to which the data subject is a party, such as a sales contract. Thus certain personal data of the User is necessary to deliver the goods, manage the customer account and make returns;

- compliance with a legal obligation, in particular accounting, by keeping invoices;

- the prior consent of the data subject;

Purposes of processing / Legal bases for processing

Management of orders and sales, product deliveries, management of complaints, withdrawals and product returns / The execution of a contract concluded between the client and the professional

Realization of transactions, in particular payment / The execution of a contract concluded between the client and the professional

Creation and management of the customer account / The execution of a contract concluded between the client and the professional

After-sales service: exchanges with customer service / The execution of a contract concluded between the client and the professional

Send newsletters and privileged offers on the condition that the user ticks the box expressing his acceptance, provided for this purpose, when registering for the Services / User consent

TALPUS SAS does not share any Personal Data for commercial purposes with third parties.

The User has the option of modifying his Personal Data and withdrawing his consent at any time by logging into his customer account.

4. Service providers with access to Users' Personal Data

The Personal Data collected is transmitted to TALPUS SAS service providers, who may carry out Processing on behalf of TALPUS SAS (subcontractors) and/or on their own behalf (data recipients).

The recipients of the data are:

- Stripe, payment providers

- any police or administrative authority in the context of legal requisitions concerning the fight against fraud

- customs services and service providers in the event of delivery abroad.

TALPUS SAS subcontractors may have access to the Data collected for: - the dispatch of orders made by transport companies.

5. Rights of Users over their personal data

In accordance with Articles 14 to 22 of the General Data Protection Regulation 2016/679 of April 27, 2016, any natural person using the site has the right to exercise the following rights:

- A right of access, rectification and deletion of the data collected,

- A right of opposition to the processing of his data,

- A right to limit the Processing,

- A right to the portability of the data collected,

the right to formulate directives relating to the storage, erasure and communication of his personal data after his death in accordance with article 40-1 of the Data Protection Act.

Finally, if TALPUS SAS detects a Data breach likely to create a high risk for the rights and freedoms of its Users, it undertakes to inform the users concerned as soon as possible and the competent supervisory authority, namely to France the CNIL.

The User can exercise all of these rights by logging into their customer area, by contacting customer service at info@key-equipment.com or by simple mail to TALPUS SAS – 210 ROUTE DES MOULINS – 74300 ARACHES LA FRASSE, France.

The user must imperatively attach proof of identity to his request.

In the event of no response or an unsatisfactory response, the User may contact the supervisory authority of his country of residence, for France, the CNIL

: https://www.cnil.fr/

6. Transfer of Personal Data outside the European Union

Data from TALPUS SAS customers may be transferred to employees or managers residing or traveling outside the European Union. This transfer takes place under the standard contractual clauses of the European Commission.

This Data may also be transferred to TALPUS SAS service providers, allowing the latter to provide its services to its Customers (in particular carriers, hosts, technical service providers to manage the Site). This transfer takes place within the framework of the standard contractual clauses of the European Commission.

7. Data retention period

User Data will not be kept beyond the time strictly necessary for the purposes pursued as set out herein, in accordance with applicable regulations and laws. In this respect, the Data used for prospecting purposes may be kept for a maximum period of 3 years from the closing of the User's account or the last contact of the prospect concerned. The User's data is erased when the retention periods expire.

8. Cookies, tags and tracers

When browsing our website, information relating to the browsing of the user's terminal (computer, tablet, smartphone, etc.) may be recorded through files called "Cookies".

The cookie makes it possible to monitor browsing or analyze the behavior of the User, and in particular:

Functional and mandatory cookies:

These cookies are necessary and mandatory, as they allow users to browse and use the main features of the site:

• Accounts

• Cart and payment

• URL redirects

Nom

Purpose, type and duration

_acloggedin

• Supports login by Scheduling client if the client has an account
• Cookies
• January 1, 2025

_client_acloggedin

• Supports login by Scheduling client if the client has an account
• Cookie
• January 1, 2025

_dd_cookie_test

Test to check if cookies are supported
Cookie
Expires instantly

_dd_s

Tracks browser errors
Cookie
Four hours

_dd_site_test

Test to check if cookies are supported
Cookies
Expires instantly

algoliasearch-client-js

Add auto-populated suggestions to address fields in Scheduling to help customers fill out forms faster
Local storage
Persistent

CART

Indicates when a visitor adds a product to their cart
Cookies
Two weeks

CHECKOUT_WEBSITE

Identifies the correct site for payment when Payment on your domain is disabled
Cookies
Session

client_username

Remembers the username of a logged in Scheduling client between visits
Cookies
A year

Commerce-checkout-state

Store payment status while visitor checkout in PayPal
Session storage
Session

Crumb

Prevents cross-site request forgery (CSRF)
Cookies
Session

hasCart

Tells Squarespace that the visitor has a shopping cart
Cookies
Two weeks

Locked

Prevents the password-protected screen from appearing when a visitor enters the correct site password.
Cookies
Session

orderStatusSessionToken

Authenticates a visitor who logs into an order status page.
Cookies
A year

PHPSESSID

Securely authenticates a visitor during checkout in Scheduling
Cookies
A month

RecentRedirect

Avoid redirect loops if the site has custom URL redirects. Redirect loops are bad for SEO.
Cookies
30 minutes

remember_client

Saves Scheduling client login credentials if they have an account
Cookies
365 days

siteUserCrumb

Prevents injections of illegitimate requests by bounce (cross-site request forgery, or CSRF) for users connected to the site
Cookies
Three years

SiteUserInfo

Identify a visitor who logs into a customer account
Cookies
Three years

SiteUserSecureAuthToken

Authenticates a visitor who logs into a customer account
Cookies
Three years

squarespace-announcement- bar

Prevents the announcement bar from showing if a visitor chooses to skip it
Local storage
Persistant

squarespace-likes

Indicates that you have already “liked” a blog post
Local storage
Persistant

squarespace-popup-overlay

Prevents the promotional pop-up from appearing if a visitor chooses to ignore it
localstorage
Persistant

squarespace-video-player- options

Remembers preferences selected by the video player (volume, playback speed, and quality) for videos uploaded directly to Squarespace
Local storage
Persistant

ss_cookieAllowed

Remembers if a visitor has consented to having analytics cookies placed in their browser when a site restricts the placement of cookies
Cookies
30 days

ss_sd

Allows visitors using the Squarespace 5 platform to remain authenticated throughout their sessions
Cookies
Session

Test

Find out if the browser supports cookies and avoid errors
Cookies
Session

Allows a Scheduling client's appointments to display correctly based on their time zone preferences.Local storage
Persistant

Performance cookies

These cookies make it possible to determine the number of visits and the sources of traffic, in order to measure and improve the performance of the Website.

They make it possible to understand how visitors navigate on the Website and to identify the pages most or least visited. All information collected by these cookies is aggregated and therefore anonymized.

If the User does not accept these cookies, TALPUS SAS will not be informed of his visit to the Website.

Name of cookie Duration Function

ss_cid

Two years