PREAMBLE
Gas Bijoux, a simplified joint-stock company (SAS) with a share capital of €40,000, headquartered at 10 rue Bachaumont, 75002 Paris, registered with the Marseille Trade and Companies Register under number 440 266 765, is the data controller for your personal data.
As data controller, Gas Bijoux is committed to respecting your right to privacy when you visit www.gasbijoux.com and when you make purchases in store, in accordance with the General Data Protection Regulation (GDPR — EU 2016/679) and the French Data Protection Act (Loi Informatique et Libertés).
Gas Bijoux has appointed a Data Protection Officer (DPO): Franck Sebille, Director of Operations. For any questions regarding the protection of your data, you may contact him at: franck@gasbijoux.fr
I. DATA COLLECTED
The personal data we collect includes:
– Identity: last name, first name, gender, date and place of birth
– Contact details: postal address, email address, phone numbers
– Payment data: payment method used (card numbers are never stored by Gas Bijoux)
– Commercial history: orders, returns, claims, purchase history
– Browsing data: IP address, cookies, pages visited, audience statistics
– Communications: messages exchanged with our customer service team
Fields marked with an asterisk in our forms are mandatory to process your order. Failure to provide this data will prevent Gas Bijoux from processing your request.
II. PURPOSES AND LEGAL BASES FOR PROCESSING
Contract performance:
Processing your order, invoicing, delivery, returns management and after-sales service. Legal basis: performance of a contract (Art. 6.1.b GDPR).
Customer relationship:
Communication by email or SMS, personalisation of your experience, handling of complaints. Legal basis: performance of a contract and legitimate interests (Art. 6.1.b and 6.1.f GDPR).
Marketing:
Sending newsletters, exclusive offers, and birthday communications. Legal basis: consent or legitimate interests for existing customers (Art. 6.1.a and 6.1.f GDPR). You may unsubscribe at any time via the unsubscribe link included in every email, or by replying STOP to the SMS number.
Legal obligations:
Retention of data for accounting, tax purposes, or in response to a request from competent authorities. Legal basis: legal obligation (Art. 6.1.c GDPR).
Security and fraud prevention:
Website protection, payment security (3D Secure), prevention of fraudulent activity. Legal basis: legitimate interests (Art. 6.1.f GDPR).
III. SHARING YOUR DATA WITH THIRD PARTIES
Gas Bijoux does not sell any personal data to third parties for commercial purposes.
In the context of fulfilling your orders, your data may be shared with the following categories of recipients, subject to an adequate level of protection:
– Logistics providers and carriers (Colissimo, Chronopost, FedEx)
– Payment providers (partner banking institutions, Alma, PayPal)
– Digital partners responsible for website operations (Shopify, analytics tools, CRM), bound by a confidentiality agreement
– Administrative or judicial authorities, where required by law
IV. HOSTING AND INTERNATIONAL DATA TRANSFERS
Your personal data is hosted on the servers of Shopify Inc. (Ottawa, Canada). Shopify is certified compliant with the EU-US Privacy Shield framework and the European Commission's standard contractual clauses, ensuring an adequate level of protection.
Gas Bijoux takes appropriate measures to ensure the security of data during any international transfer.
V. DATA RETENTION
– Active customer data: duration of the commercial relationship + 3 years
– Prospect data (non-customers): 3 years from the date of collection or last contact
– Accounting and tax data: 10 years in accordance with legal obligations
– Browsing data (cookies): 13 months maximum
Beyond these periods, your data is deleted or anonymised.
VI. SECURITY
Gas Bijoux implements appropriate technical and organisational measures to protect your personal data against any unauthorised access, loss, alteration or disclosure:
– Storage on secure servers (Shopify)
– Encryption of payment transactions (SSL/TLS protocol)
– Payment security via 3D Secure (Visa Verified / Mastercard SecureCode)
In the event of a data breach likely to pose a risk to your rights, Gas Bijoux undertakes to notify the relevant supervisory authority within 72 hours and to inform you if the breach is likely to result in a high risk to your rights and freedoms.
VII. YOUR RIGHTS
In accordance with the GDPR, you have the following rights regarding your personal data:
– Right of access: obtain confirmation that your data is being processed and receive a copy
– Right to rectification: request the correction of inaccurate or incomplete data
– Right to erasure ("right to be forgotten"): request the deletion of your data
– Right to restriction of processing: obtain the temporary suspension of processing
– Right to data portability: receive your data in a structured, machine-readable format
– Right to object: object to processing for commercial prospecting purposes
– Right to withdraw consent: at any time, without affecting the lawfulness of prior processing
– Post-mortem instructions: directions regarding your data after your death
To exercise your rights, contact us by email at: service@gasbijoux.fr
You also have the right to lodge a complaint with the CNIL: www.cnil.fr
VIII. COOKIES
What is a cookie?
A cookie is a small text file placed on your device (computer, tablet, smartphone) when you browse our website. It allows us to recognise you and remember your preferences.
Types of cookies used:
– Technical cookies (essential): necessary for the website to function and to secure transactions. No consent required.
– Audience measurement cookies: used to analyse website traffic (e.g. Google Analytics). Subject to your consent.
– Advertising cookies: used to display targeted advertisements on third-party websites. Subject to your consent.
– Social media sharing cookies: used to share content (Meta, Pinterest, etc.). Subject to your consent.
You may update your preferences at any time via the cookie management banner at the bottom of the page, or by adjusting your browser settings. Your consent is valid for 6 months.