Our Company takes people’s personal data protection and privacy very seriously.
We are committed to respecting your privacy and to protecting access to your personal data (hereinafter referred to as the “PD”), by collecting and using them strictly in accordance with current legal provisions.
With this policy, we want to inform you, with complete transparency, of the different types of data we collect and how we compile, use and protect your PD.
Our website www.bonpoint.com(hereinafter referred to as “Our Website””) gives you easy access to our Data Protection Policy. We endeavor to update it based on regulatory and legislative changes, and in accordance with the best practices and recommendations published by the CNIL(French Data Protection Authority). As a result, we invite you to visit this page regularly, to make sure you still agree with all of the conditions of this policy.
Who we are
Our Company, Bonpoint SAS, a simplified joint-stock company with registered capital of €500,000, headquartered at 62 avenue d’Iéna, 75116 Paris, France, registered with the Paris Trade & Companies Register under number 702 041 526, represented by Marie-Sabine Leclerc in her capacity as Chief Executive Officer, and referred to in this document as “Our Company”, is responsible for the collection, processing and use of the data you provide to us.
Our Company is not subject to the obligation to appoint a Data Protection Officer, as defined by current regulation. Nevertheless, people have been designated at the company to ensure our continued compliance with regulation and the implementation and regular updating of best PD protection practices.
What data we collect and use?
The data that Bonpoint collects about you is limited to the information you provide in connection to the services we offer and your interactions with our brand:
- Account creation and billing information
Your first and last names, mailing address, phone number, date of birth, and the other data needed to process your payment, your username and password (encrypted and only stored for the purpose of recognizing your login on the website), and recipients of your purchases
- Financial information for transactions
Credit/debit card number and expiration date, and cardholder name and address
- Information about browsing habits (Google Analytics)
Cookie ID, pages viewed, actions performed on the website, and recurrence + demographic and geographic data
- Information about buying habits
Purchase history, habits, and preferences.
How do we collect your data?
With your prior consent, your data is collected when you provide them to us while creating an account, placing an order or signing up for our newsletter. It is used to process your requests, including any warranties, and to provide services to you, as well as for the technical administration of Our Website.
For what purposes and on what legal basis do we use your data?
We assure you that the personal data you provide to us will only be used for explicit, legitimate purposes. They allow us to:
- Process your orders and payments, and ship goods and provide services to you;
- Manage our customer base;
- Send you newsletters and invitations to events;
- Simplify and accelerate the processing of your order as much as possible;
- Improve the service we provide to you;
- Endeavor to prevent all forms of fraud and the risk of non-payment;
- Process and resolve your questions and complaints.
With whom do we share your data?
We may transmit your information to third parties, such as Our Company’s service providers, our partners, or affiliated companies or subsidiaries of our group (“Group Companies”), especially for the purposes of processing your order, sending you our newsletters, and facilitating and optimizing the services we provide to you.
We assure you that all of your personal data will be kept confidential, and access to them will be restricted to employees of Our Company and of Our Company’s service providers and agents who need them in order to fulfill their duties to us. We guarantee that all of our employees with access to your PD are bound by an obligation of confidentiality and will be exposed to disciplinary measures and/or other sanctions in the event of their failure to comply with that obligation.
To process your payments, we will transmit your payment information to the following mandated service providers: CIC. You can find more information about those service providers’ data protection policies on their websites.
In addition, we will not share, sell or communicate your data (customer records) to third parties unrelated to Our Company.
Do we transfer your personal data?
In the event of access to Our Website from a country that is not a member of the European Union, and whose legislation on the collection, use and transfer of personal data differs from the same legislation in the European Union, you agree that your PD may be transferred to the European Union, given that Our Website is governed by French law, the corresponding terms of use and this policy.
We may also transmit your data to Group Companies, which may be located outside the European Union, again limited to the purposes set out above. In that case, before transferring your data, we will make sure that those entities offer an adequate level of protection, in accordance with the applicable legislation.
Under no circumstances will your PD be transferred outside countries in the European Economic Area or that the European Commission considers as guaranteeing adequate citizens’ protections as of the date of the transfer.
You can view the list of those countries at the following address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
For what purposes do we use cookies, targeted advertising and social plugins?
Our Company uses small text files called “cookies,” which are installed on your hard drive when you visit Our Website. They save information, such as your language preference, the length of your visit, and the pages you viewed. These cookies allow us to provide for smoother navigation of Our Website and to analyze its traffic and use by our users so that we can produce statistics that allow us to improve the presentation of our products and our communications.
You can personalize the configuration of those cookies in your browser. If you want to prevent their storage on your hard drive, you can select “Block cookies” in your browser’s settings.
Some of Our Website’s functionalities (sharing content on social networks and direct video playback) rely on services provided by third-party sites. Those functionalities install cookies that allow them, in particular, to trace your navigation and so analyze your browsing habits and your centers of interest, in order to target our suggestions to you, as well as measure Our Website’s audience. Those cookies will only be installed with your consent. You can learn about the types of cookies installed and then accept or block them, either for the entire Website and all of our services or on a service-by-service basis.
You can also delete the cookies installed on your computer, at any time. However, if you choose to do so, when you visit Our Website, some of its functionalities will no longer be available to you, and its operation will no longer be optimal. In that case, we decline any responsibility for Our Website’s downgraded operation.
Our Website uses plugins for the social networks Facebook, Instagram, and WhatsApp. If you do not want Facebook or Instagram to assign the data collected via Our Website directly to your profile, you should log off of the corresponding network before visiting Our Website. You can also prevent the plugins from loading at all, by means of additional modules for your browser, for example with the NoScript script blocker (http://www.noscript.net).
Our newsletter and Ad Campaigns
If you have consented to it, you will receive our newsletter, as well as regular information about Our Company’s sales actions and products.
We would also like to inform you about the service we use to send out our newsletters, called Scal-e.
Your data allow us to communicate with you as part of our marketing campaigns (by email or snail mail) and to keep you informed about Our Company’s latest news and new products that may be of interest to you.
How long do we keep your data?
Our Company does not keep your PD for longer than necessary for the purposes for which they were collected. As a result, the storage period is restricted as a function of the purpose of the processing and in accordance with applicable legislation.
For example, our customers’ data are kept throughout our business relationship with each of them, plus three years for purposes of sales actions and direct marking, without prejudice to any applicable storage obligations or statutory limitation periods, as the case may be.
Prospective customers’ data are kept for a period of three years from the last incoming contact with Our Company.
How do we secure your data?
Our Company protects and secures the PD that we collect. We guarantee their confidentiality and will prevent them from being altered, damaged, destroyed or disclosed to any unauthorized third party.
For that reason, we have taken appropriate physical, electronic and organizational measures to prevent any loss, misuse, unauthorized access or disclosure, alteration or destruction of your personal data.
Those protective measures include the integration of technologies specially designed to protect your PD while they are being transferred. However, despite our best efforts, Our Company cannot guarantee the infallibility of that protection, due to the inherent risks associated with data transfers in general. This is why we recommend that you exercise caution, in order to prevent any unauthorized access to your PD. In particular, to prevent any intrusions into your PD, you should make sure to close your session, if anyone else may have access to your computer. We would like to remind you that you are responsible for the confidentiality of your password and your account information.
Your card payments are secure, thanks to the 3D Secure platform, which offers a second layer of cardholder identification via a secure, single-use code sent by text message. Your bank can only confirm your payment once that secure code has been input. Under no circumstances will Bonpoint store your financial information. All refunds are transmitted by secure, encrypted means.
What are your rights ?
You can, at any time (when creating your account or placing an order, or via your personal account settings on Our Website), access, modify, update, or request the erasure of your PD.
You can also, without having to give a reason and at no cost to you, exercise your right to access, modify, update or erase your data by sending a written request to our headquarters, to Evan Vokorad, Bonpoint, Service digital, 62 avenue d’Iéna, 75116 Paris, France, or by email to evonkorad@bonpoint.com.
For us to be able to fulfill your request, you will need to send us a copy of your official identification. The processing time for such requests is a maximum of one month.
You can also, at any time and again without having to give a reason, revoke the consent you gave us to collect and use your data to send you advertising messages or our newsletters, by clicking on the hyperlink at the bottom of our electronic correspondence or by writing to us at europe@support.information-bonpoint.com
Who can you contact in the event of a dispute ?
In the event of any problems, our Customer Service and Marketing Departments are here to answer your questions and will do everything in their power to provide you with a satisfactory answer.
You can also (by virtue of the French Data Protection Act of January 6, 1978, as amended, and of European General Data Protection Regulation 2016/679) submit a complaint, at any time, to the CNIL, the French Data Protection Authority, by mail, online or by phone, as follows:
Letter: 3 Place de Fontenoy - TSA 80715 - 75334 Paris Cedex 07 - France
Website (in French): https://www.cnil.fr/fr/plaintes
Telephone: +33 (0)1 53 73 22 22
You can also reach out to another, equivalent supervisory authority in the EU Member State where you live, a list of which is available here:
http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm