Privacy Policy

PREAMBLE

Gas Bijoux, a simplified joint-stock company (SAS) with a capital of €40,000, headquartered at 10 rue Bachaumont, 75002 Paris, and registered with the Marseille Trade and Companies Register Marseille number 440 266 765, is the data controller for your personal data.
As the data controller, Gas Bijoux to respecting your right to privacy when you visit the website www.gasbijoux.com and when making purchases in-store, in accordance with the General Data Protection Regulation (GDPR — EU 2016/679) and the French Data Protection Act.
Gas Bijoux appointed a Data Protection Officer (DPO): Franck Sebille, Director of Operations. For any questions regarding the protection of your data, you may contact him at: franck@gasbijoux.fr

I. DATA COLLECTED

The personal data we collect includes:
– Identity: last name, first name, gender, date and place of birth
– Contact information: mailing address, email address, phone numbers
– Payment information: payment method used (card numbers are never stored by Gas Bijoux)
– Transaction history: orders, returns, complaints, purchase history
– Browsing data: IP address, cookies, pages visited, audience statistics
– Communications: messages exchanged with our customer service or after-sales service
Fields marked with an asterisk in our forms are required to process your order. Failure to provide this information will prevent Gas Bijoux processing your request.

II. PURPOSES AND LEGAL BASIS OF THE PROCESSING

Contract performance:
Processing your order, billing, delivery, managing returns and after-sales service. Legal basis: contract performance (Art. 6.1.b GDPR).
Customer relations:
Communication via email or SMS, personalizing your experience, managing complaints. Legal basis: performance of the contract and legitimate interests (Art. 6.1.b and 6.1.f GDPR).
Marketing:
Sending newsletters, exclusive offers, and anniversary communications. Legal basis: consent or legitimate interests for existing customers (Art. 6.1.a and 6.1.f GDPR). You can unsubscribe at any time via the unsubscribe link included in each email or by sending STOP to the SMS number.
Legal obligations:
Retention of data for accounting, tax, or in response to a request from the competent authorities. Legal basis: legal obligation (Art. 6.1.c GDPR).
Security and fraud prevention:
Website protection, payment security (3D Secure), prevention of fraudulent behavior. Legal basis: legitimate interests (Art. 6.1.f GDPR).

III. SHARING YOUR DATA WITH THIRD PARTIES

Gas Bijoux share any personal data with third parties for commercial purposes.
In connection with the fulfillment of your orders, your data may be shared with the following categories of recipients, provided that an adequate level of protection is ensured:
– Logistics providers and carriers (Colissimo, Chronopost, FedEx)
– Payment providers (partner banks, Alma, PayPal)
– Digital partners ensuring the operation of the website (Shopify, analytics tools, CRM), bound by a confidentiality agreement
– Administrative or judicial authorities, in the event of a legal obligation

IV. ACCOMMODATION AND INTERNATIONAL TRANSFERS

Your personal data is hosted on servers operated by Shopify Inc. (Ottawa, Canada). Shopify is certified under the EU-US Privacy Shield Framework and the European Commission’s Standard Contractual Clauses, ensuring an adequate level of protection.
Gas Bijoux appropriate measures to ensure data security during any international transfer.

V. SHELF LIFE

– Active customer data: duration of the business relationship + 3 years
– Prospect data (non-customers): 3 years from the date of collection or the last contact
– Accounting and tax data: 10 years in accordance with legal obligations
– Browsing data (cookies): 13 months maximum
After these periods, your data is deleted or anonymized.

VI. SAFETY

Gas Bijoux appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure:
– Storage on secure servers (Shopify)
– Encryption of payment transactions (SSL/TLS protocol)
– Secure payments via 3D Secure (Visa Verified / Mastercard SecureCode)
In the event of a data breach that may pose a risk to your rights, Gas Bijoux to notify the CNIL within 72 hours and to inform you if the breach is likely to result in a high risk.

VII. YOUR RIGHTS

In accordance with the GDPR, you have the following rights regarding your personal data:
– Right of access: to obtain confirmation that your data is being processed and to receive a copy of it
– Right to rectification: to request the correction of inaccurate or incomplete data
– Right to erasure (“right to be forgotten”): request the deletion of your data
– Right to restriction of processing: obtain a temporary suspension of processing
– Right to data portability: receive your data in a structured and machine-readable format
– Right to object: object to processing for marketing purposes
– Right to withdraw consent: at any time, without affecting the lawfulness of prior processing
– Post-mortem directives: instructions regarding your data after your death
To exercise your rights, contact us by email at: service@gasbijoux.fr
You also have the right to file a complaint with the CNIL: www.cnil.fr

VIII. COOKIES

What is a cookie?
A cookie is a text file stored on your device (computer, tablet, smartphone) when you browse our website. It allows us to recognize you and remember your preferences.
Types of cookies used:
– Technical (essential) cookies: essential for the website to function and to secure transactions. No consent required.
– Audience measurement cookies: used to analyze website traffic (e.g., Google Analytics). Subject to your consent.
– Advertising cookies: used to display targeted ads on third-party sites. Subject to your consent.
– Social media sharing cookies: used to share content (Meta, Pinterest, etc.). Subject to your consent.
You can change your preferences at any time via the cookie management banner at the bottom of the page, or by changing your browser settings. Your consent is valid for 6 months.