PRIVACY POLICY

Version dated 22 July 2023

At BRUXLESS, we always ensure that the personal data processing we carry out complies with French Law No. 78-17 of 6 January 1978 (the "French Data Protection Act") and Regulation (EU) 2016/679 of 27 April 2016 (the "GDPR").

In particular, we are committed to upholding the fundamental principles of personal data law:

  • Purpose: we only process your data for a specific, lawful and legitimate aim, of which you are always informed.
  • Proportionality and relevance: we only process data that is relevant and strictly necessary for the purpose of the processing.
  • Limited retention period: your personal data is kept only for as long as is strictly necessary for the purposes of the processing we carry out.
  • Security and confidentiality: we attach the utmost importance to the security and confidentiality of your data.

None of your personal data is marketed or sold to third parties.

For each data processing operation, we inform you of: the controller (us), the purpose of the processing, its legal basis, whether providing and collecting your data is mandatory or optional, the categories of data recipients, any transfers outside the European Union, the data retention period, the rights available to you in respect of the processing, and your right to lodge a complaint with the CNIL.

This information is accessible from each page of our website involving a data processing operation and is compiled here.

BRUXLESS reserves the right to amend its privacy policy at any time by publishing a new version on its website. Any such changes become enforceable as soon as they are published online.

Article 1. Data Controller

BRUXLESS is the controller of all data processing carried out from the website https://www.bruxless.com/.

BRUXLESS is a simplified joint-stock company (société par actions simplifiée) with a share capital of €1,178,125, whose registered office is located at 25 Place de l'Encas, MANOSQUE (04100), FRANCE, registered with the Manosque Trade and Companies Register under number 894 562 826, represented by its President, Mr Guillaume COLLINOT.

BRUXLESS can be contacted by email at the following address: contact@bruxless.com

Article 2. Purposes and legal bases of data processing

BRUXLESS carries out personal data processing for the following purposes and on the following legal bases:

  • Creation and management of the customer account: the performance of pre-contractual measures taken at the customer's request.
  • Management of payments, pre-orders, orders, shipping and deliveries: the performance of the General Terms and Conditions of Sale.
  • Management of complaints, after-sales service and warranties: the performance of the General Terms and Conditions of Sale.
  • Compliance with accounting and tax obligations: compliance with a legal obligation.
  • Management of unpaid invoices, pre-litigation and litigation: the legitimate interest of BRUXLESS, namely defending its legitimate interests.
  • Compliance with the obligation to retain proof of the order or pre-order: compliance with a legal obligation.
  • Direct marketing relating to similar products or services: the legitimate interest of BRUXLESS, namely developing its business.
  • Management of contact requests: the consent of the data subject to having their contact request processed by BRUXLESS.

Article 3. Categories of data subjects

The data subjects affected by the data processing carried out by BRUXLESS are persons who connect to the BRUXLESS website and BRUXLESS customers.

Article 4. Data processed

4.1. Categories of data processed

BRUXLESS collects and processes the following categories of data, depending on the processing carried out:

  • Creation and management of the customer account: identity, contact details, telephone number, email, password, order history, customer account creation date, log-ins to the customer account, IP address.
  • Management of payments, pre-orders, orders, shipping and deliveries: identity, contact details, telephone number, email, IP address, order history.
  • Management of complaints, after-sales service and warranties: identity, contact details, telephone number, email, IP address, order history.
  • Compliance with accounting and tax obligations: identity, contact details, telephone number, email, order history.
  • Management of unpaid invoices, pre-litigation and litigation: identity, contact details, telephone number, email, order history.
  • Compliance with the obligation to retain proof of the order or pre-order: identity, contact details, telephone number, email, order history.
  • Direct marketing: identity, contact details, telephone number, email, order history.
  • Management of contact requests: identity, contact details, telephone number, email, contact requests and replies.

Payment data is not processed by BRUXLESS and is provided by the customer directly to third-party payment institutions that comply with the PCI-DSS standards on the secure processing of payment information.

4.2. Sources of the data

The data comes from BRUXLESS's customers and prospects themselves.

4.3. Mandatory or optional nature of the data

The categories of personal data that must be provided to BRUXLESS are marked with an asterisk (*) on the BRUXLESS website. Failing this, the customer's request cannot be processed.

4.4. Automated decision-making

The data processing carried out by BRUXLESS does not involve any automated decision-making.

Article 5. Retention period of personal data

  • Creation and management of the customer account: until the account is closed by the customer or, failing that, for 3 years from the last contact or the last log-in.
  • Management of payments, orders, complaints, after-sales service and warranties: for the duration of the contractual relationship with the customer.
  • Compliance with accounting and tax obligations: for 10 years from the close of the financial year during which the invoice was issued.
  • Management of unpaid invoices, pre-litigation and litigation: for the limitation period applicable to actions between the customer and BRUXLESS, and until all remedies have been exhausted in the event of legal action.
  • Retention of proof of order or pre-order: for 10 years from the order, the pre-order or the delivery, as applicable.
  • Contact requests and direct marketing: for 3 years from the customer's or prospect's last contact with BRUXLESS.

Article 6. Categories of recipients of personal data

BRUXLESS is the recipient of the personal data for all the purposes listed in Article 2. The data strictly necessary for each of these purposes is distributed among the relevant internal departments.

The following may also be recipients of the data:

  • Technical processors (hosting, email services, customer relationship management, order and pre-order management, etc.) for the purposes set out in Article 2.
  • Logistics processors (shipping, delivery, etc.) and payment-management providers, for the purposes of managing payments, orders, pre-orders, shipping and deliveries.
  • Accounting and legal processors, for the purposes of complying with accounting and tax obligations and of managing unpaid invoices, pre-litigation and litigation.

Article 7. Transfer of data outside the EU

The personal data processed for the purposes of creating and managing the customer account, managing payments, pre-orders, orders, contact requests and direct marketing may be transferred outside the European Union by SHOPIFY EU's processors.

The list of SHOPIFY EU's subprocessors as of 22 July 2023 is available here.

Where the destination country is Canada, Japan, the United Kingdom or New Zealand, these countries are deemed by the European Commission to provide an adequate level of protection (Article 45 of the GDPR). The list of countries covered by an adequacy decision is available here.

Where the destination country is the United States of America, that country is covered by an adequacy decision of the European Commission, available here, limited to companies certified by the US Department of Commerce, the list of which is available here.

Article 8. Data security

In order to ensure the security of the personal data processed, BRUXLESS has implemented technical and organisational security measures that comply with legal and regulatory requirements.

BRUXLESS only uses processors that provide sufficient guarantees regarding data security and that implement appropriate technical and organisational measures.

Article 9. Rights regarding the processing of personal data

For all the purposes mentioned above, you have, and may exercise with BRUXLESS, the following rights:

  • The right to access the personal data collected about you and to rectify it or restrict its processing.
  • The right to erasure of your personal data when it is no longer necessary for the purposes for which it was collected.

Where the legal basis for the processing is legitimate interest, you also have the following additional rights:

  • The right to object to the processing of your data, unless BRUXLESS demonstrates compelling legitimate grounds that override your interests, rights and freedoms.
  • The right to erasure at any time if BRUXLESS has no compelling legitimate grounds to keep the data and is not required to retain it.

Where the purpose of the processing is direct marketing, you have, in all cases and without any condition, the right to object to the processing of your data and to request its erasure.

Where the legal basis for the processing is the performance of the General Terms and Conditions of Sale, you have the right to data portability.

These rights must be exercised directly with BRUXLESS, whose contact details are set out in Article 1.

Article 10. Right to lodge a complaint with the CNIL

If, after contacting BRUXLESS, you consider that your rights are not being respected, you have the right to lodge a complaint with the French data protection authority (Commission nationale de l'informatique et des libertés): www.cnil.fr, 3, place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, +33 (0)1 53 73 22 22.

Article 11. Cookies

According to the CNIL's definition, a "cookie" is a string of information, usually small in size and identified by a name, that may be sent to your browser by a website you connect to. Your web browser stores it for a certain period and sends it back to the web server each time you reconnect. Cookies can be used, in particular, to remember your customer ID, the contents of your shopping cart, or to track your browsing for statistical or advertising purposes.

This website uses cookies, including third-party cookies, in order to improve your experience and to carry out audience measurement.

They are only placed if they have been accepted via the banner displayed on each page of the website, until a choice is made.

You can change this choice at any time and configure cookies to accept or refuse them by visiting this page: https://bruxless.com/pages/politique-de-confidentialite#