Privacy Policy

Effective Date: 10/2020
Publisher: Gorilla Organic
Address: 222 avenue du Stade, 73700 Bourg-Saint-Maurice, France
Email: contact@gorilla.organic

1. Definitions

Publisher: Gorilla Organic, the legal entity responsible for publishing and operating the online public communication services.
Site: The gorilla.organic website and associated services.
User: Any individual using the Site or its services.

2. Nature of Data Collected

When using the Site, the Publisher may collect the following categories of data:

  • Connection data (IP addresses, event logs, limited technical information).

3. Disclosure of Personal Data to Third Parties

  • No disclosure to third parties is carried out, except where required by law or by a competent authority in the United Kingdom or the European Union.

4. Prior Information in Case of Merger or Acquisition

In the event of a merger, acquisition, or asset transfer:

  • The confidentiality of personal data will be maintained.
  • Users will be informed before any transfer of data or application of new privacy rules.

5. Purpose of the Reuse of Collected Personal Data

Personal data may be used for the following purposes:

5.1 Customer Management

  • Managing contracts, orders, deliveries, and invoicing.
  • Accounting operations, including customer account management.

5.2 Customer Relations & Loyalty Programs

  • Managing loyalty programmes within one or more legal entities.
  • Monitoring customer relations, including satisfaction surveys, handling complaints, and after-sales service.

5.3 Studies, Surveys & Product Testing

  • Selecting customers to participate in studies, surveys, or product tests.
  • Important: These activities require the User’s consent and must not result in profiling that could reveal sensitive data (racial or ethnic origin, political, philosophical, trade union or religious opinions, sexual life, or health).

5.4 Rights Management

  • Handling requests to exercise rights of access, rectification, erasure, restriction, or objection, in accordance with the UK GDPR and EU GDPR.

5.5 Debt Recovery & Dispute Management

  • Managing unpaid invoices and disputes, provided this does not relate to offences and does not lead to excluding the User from a right, service, or contract.

5.6 Reviews & Feedback

  • Managing and analysing User opinions regarding products, services, or content.

6. Data Aggregation

  • Non-personal data: may be aggregated for statistical or analytical purposes.
  • Linked accounts: if the User connects a third-party service, certain information may be transmitted with their consent.

7. Collection of Identity and Account Data

  • Browsing the Site is free and does not require registration.
  • Personal data is collected only when voluntarily provided by the User.

8. Technical Data & Cookies

8.1 Technical Data

No technical data is collected beyond what is strictly necessary for the operation of the Site.

8.2 Cookies

  • Maximum retention period: 13 months (CNIL, GDPR, ICO compliance).
  • Purpose: statistics, analytics, service optimisation.
  • The User may disable cookies via browser settings.

9. Data Retention & Deletion

  • Data is retained only for the time required to fulfil its intended purpose.
  • Accounts inactive for 3 years may be deleted after notification by email.
  • The User may request deletion of their data at any time.

10. Data Security

In the event of a data breach, the Publisher undertakes to:

  • Notify Users within legally required time limits (ICO UK, CNIL, GDPR).
  • Investigate the cause of the incident.
  • Implement corrective measures.

Such notification does not constitute an admission of liability.

11. International Data Transfers

The Publisher undertakes not to transfer personal data outside the United Kingdom or the European Union unless adequate protection measures are in place (Standard Contractual Clauses, adequacy decisions, etc.).

12. Modifications to the Policy

Any substantial modification to this Policy will be communicated to Users.
The Publisher will never reduce the level of data protection without informing the User and obtaining consent where required by law.

13. Applicable Law & Dispute Resolution

  • Applicable laws: UK GDPR, Data Protection Act 2018, EU GDPR.
  • Consumers: may bring claims before the courts of their country of residence within the EU or the UK.
  • Business Users: any legal action must be brought before the courts of the United Kingdom.

14. Data Portability

Users may request all their personal data in a structured, commonly used, machine-readable format.