Privacy policy

Information about your rights to protect your personal data. This policy will be updated as necessary.
January 2021 version


SPIRIDOM, SPIRIBAM and RHUM DAMOISEAU are jointly responsible for processing the Member’s personal data (the “Data Controller”, “We”). As the data controller, we explain how we collect, process and use your personal data, in order to provide you with new services on a daily basis, while respecting your rights. We protect your privacy by ensuring the protection, confidentiality, non-alteration, availability and security of the personal data you entrust to us through all our communication channels.

We take all necessary measures to :

  • provide you with clear and transparent information on how your personal data will be collected and processed;
  • implement all necessary technical and organisational measures to protect your personal data against disclosure, loss, alteration or access by unauthorised third parties;
  • to keep your personal data only for as long as is necessary for the purposes of the particular processing or service;
  • to offer you at any time the possibility to access and modify your personal data that we process directly through your personal areas on our various sites.

In order to achieve these objectives, we implement appropriate technical and organisational measures to ensure that the processing complies with the applicable law on the protection of personal data.


Your personal data may be collected when you:

  • visit our website which may use cookies
  • contact us by email;
  • interact with us, particularly on social networks;
  • exercise your rights over your data.


We collect the information you provide in the context of our commercial relationship, in particular during your exchanges with our consumer service;
The information whose collection is strictly necessary to provide you with a service is indicated by an asterisk and concerns your title, surname, first name, date of birth, postal address (street, postcode, town), e-mail address, fixed or mobile telephone number.

In accordance with the regulations, we do not collect data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic personal data, biometric personal data for the purpose of uniquely identifying a natural person, personal data concerning health or personal data concerning the sex life or sexual orientation of a natural person.

These particular categories of personal data are never collected or processed by Us.


We process your personal information in a transparent and secure manner. Your personal information is collected for the purposes detailed below.



We process your Data to enable you to browse our website

The legal basis for this processing is your consent.


We collect and store your personal information so that we can communicate with you about your orders, invoices or customer service complaints.

The legal basis for this processing is the performance of the contract between you and Us as data controller.


We analyse your personal information to improve your customer experience. Unless you object, this analysis allows us to provide you with innovative products or additional or promotional offers or to display advertisements that match, as far as possible, your shopping habits and interests.


We may be required to disclose your personal data in response to legitimate requests from public authorities, including national security, anti-fraud or law enforcement requirements.


In all other cases, you will be notified of the processing that We intend to do.


We ensure that only authorised persons within SPIRIDOM, SPIRIBAM and RHUM DAMOISEAU have access to your personal data when such access is necessary for the execution of our commercial relationship.


The data is stored in compliance with French legislation and European regulations.

The data storage periods comply with the recommendations of the CNIL and/or legal obligations:

Behavioural data No limitation for anonymised data
Prospects data 3 years after the last contact
Cookies Validity period 13 months maximum

At the end of these periods, we may proceed to archive the data, in particular to meet the time limits for legal proceedings.


The protection of personal data is governed in France, by the General Data Protection Regulation of 27 April 2016, better known as the RGPD and by the amended Data Protection Act of 6 January 1978.

As a data controller, we are committed to protecting the data of our customers and prospects (hereinafter “you”), which we process for the purposes of our business. This is why we are committed to respecting the essential principles applicable to the protection of personal data.

To this end, this policy explains how we deposit and use cookies on the website. We also inform you of the procedures that allow you to manage your preferences for the deposit of these cookies.


A cookie can be described as a tracer or connection indicator, deposited, recorded and/or read by the Internet user’s browser when he visits a website, installs an application, uses software or a mobile application.

There are 3 types of cookies:

  • Technical use cookies (“essential”), which are necessary for the use of a service or access to content on the site; the user’s consent is therefore not required for their deposit.
  • Analysis and performance cookies, which enable us to carry out various measurements, such as the number of visitors or the pages visited by them. The deposit of these cookies requires in principle the collection of your consent, with some exceptions.
  • Advertising or targeting cookies, which record data that allows us to control the display of advertisements to a particular user. The deposit of these cookies requires your consent.



The names of the cookies likely to be deposited or read on your terminal, the purposes and the length of time they are kept are summarised in the following table:


_ga Allows the user to be identified by a unique ID generated at random 13 months
_gat Stores and updates a unique value for each page visited Duration of the connection session
_gid Limits the rate of requests, which limits data collection on high traffic sites 2 days


You are informed that, during your visits to our website, cookies may be installed on your equipment (computer, tablet or smartphone). Similarly, cookies may be deposited on your terminal via e-mails sent to you or when you install software or a mobile application.

These cookies may be deposited by us as the publisher of the aforementioned digital spaces, or they may be deposited by third parties, who may act on our behalf as subcontractors or in their own interest.


We offer you the possibility to set the parameters of the cookies, i.e. to accept or refuse all or part of the cookies deposited on our digital spaces. Your choice can be made :

  • either by using the management tool accessible at the bottom right of this page;
  • or by configuring your browser. To do this, each browser has its own specific features, and the settings can be accessed via the help menus of each browser.

For example

We cannot guarantee the permanence of these URLs, nor the quality of the information they contain.

With regard to e-mail and social networks, we invite you to refer to the options for setting up your account, which differ according to the platforms and operators, but which allow you to control the data collected about you.

As long as you have not given your consent, no Cookie is deposited or read on your terminal (with the exception of session cookies which do not require your prior consent). Refusal to give your consent does not prevent access to our Website.


In order to allow you to control our use of your personal data, you have the following rights:

  • the right to object to our processing of your personal data;
  • the right to access your personal data that we process;
  • the right to rectify it;
  • the right to erasure;
  • the right to portability of your data;
  • the right to restrict processing;
  • the right to set out instructions on the retention, erasure and disclosure of your personal data after your death.

You can exercise your rights by e-mail:

Proof of identity may be requested if there is any doubt about the identity of the applicant.

If you wish to know more about the content of these rights, please contact us at the above addresses.

We will provide you with our responses to your requests as soon as possible and in any event within one month of receiving your requests. You have the right to lodge a complaint with a supervisory authority, in France, the Cnil.



Respecting your right to the protection, security and confidentiality of your data is our priority.

We implement organisational and technical security measures adapted to the degree of sensitivity of the personal data to protect them against any malicious intrusion, loss, alteration or disclosure to unauthorised third parties.

When developing, designing, selecting and using our services that rely on the processing of personal data, we take into account the right to protection of personal data from the outset.

For example, we pseudonymize or anonymize, as appropriate, personal data whenever possible or necessary.

As all personal data is confidential, access to it is limited to employees of the Data Controller or service providers acting on behalf of the Data Controller, who need it to perform their duties. All persons having access to your data are bound by a duty of confidentiality and may be subject to disciplinary measures and/or other sanctions if they do not comply with these obligations.

Operations with third party recipients are subject to a contract to ensure the protection of your personal data and the respect of your rights.

We are fully committed to the effective protection of the personal data you entrust to us. As part of our ongoing commitment to security and protection, we encourage you to exercise caution to prevent unauthorised access to your personal data and to protect your terminals (computer, smartphone, tablet) against unwanted or even malicious access with a strong password, which we recommend you change regularly. If you share a terminal, we recommend that you log out after each use.


Our Data Protection Officer (DPO) is available to answer your questions at the following address:


“Anonymisation” is defined as “the result of processing personal data in order to prevent, in an irreversible way, any identification”;

Collecting” is defined as “the act of collecting personal data. This collection may be done, for example, by means of questionnaires or online forms;

“Consent” means any free, specific, informed and unambiguous expression of will by which you agree, by a declaration or by a clear positive act, that personal data concerning you may be processed;

“Personal data” or “personal data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;

“Rights protecting your personal data”: means the set of fundamental rights as described in the European regulation[1], covering :

  • the right to information;
  • the right of access;
  • the right to rectification;
  • the right to erasure or the right to be forgotten
  • the right to portability;
  • the right to object;
  • the right to restrict processing;
  • the right to define directives relating to the retention, erasure and communication of personal data after his or her death.

“Limitation of processing” means the marking of retained personal data with a view to limiting their future processing[2] ;

“Minimisation” together with “data” refers to a limitation on the collection or use of information;

“Data pooling” refers to the result of pooling the customer or prospect databases of several partners;

“Profiling”[3] means “any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict factors concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”;

Products or Services” means all products and services, including technological products and services (sites, applications and associated services) offered or to be offered by Us;

“Commercial prospecting” means the search for customers, the fact that it is commercial means that it is related to commerce, that it is connected to it[4] ;

“Pseudonymisation” means any technical and organisational security measure that consists of replacing an identifier in order to ensure that personal data is not attributed to an identified or identifiable individual.

“Commercial relationship” includes all relations between Us and its customers such as, for example, when you purchase products or services, use the after-sales service, participate in online games, return your products, make complaints, participate in satisfaction surveys or as part of your loyalty programme;

“Data controller” is the person or body who, alone or jointly, determines the purposes and methods of processing your personal data;

“Behavioural segmentation” allows, from information on observed behaviour, to establish the socio-economic or even psychological profile of a person, in order to classify him or her in a segment;

“Online Services” means digital services offered by Us such as websites, applications, associated services or mobile services;

“Sub-processor” is the person who processes personal data on behalf of the person, organisation or body responsible for the processing;

“Tracking of personal behaviour”, sometimes referred to as “profile deduction”, refers to techniques for evaluating behavioural aspects of a natural person in relation to his or her use of the internet.

“Third Party” means any person other than You and Us;

“Processing of personal data” means any operation or group of operations applied to your data, regardless of the online service medium in question and the process used.


[1] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, art. 15 to 21 and art. 23

[2] EU Reg. EU 2016-679 of 27-4-2016, art. 4

[3] EU Regulation 2016/679 of 27-4-2016: OJEU 2016 L 119 p.1, art. 4 §4.

[4] Larousse Dictionary, 2017.