Privacy policy
Updated as of March 31, 2023
In order to offer for sale, sell and deliver its sold products on the Website www.bacci-paris.com (hereinafter “the Website”), DE GERAULT collects personal data (the “Data”) from users of the Website (hereinafter referred to as the “Users”).
The purpose of this Privacy Policy is to inform Users of the means used to collect, view, process and retain Users' personal data.
DE GERAULT, as Data Controller, undertakes to comply with the provisions of the Regulation concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data n°2016/679 of the European Parliament and of the Council of 27 April 2016 and of French law no. 78/17 of 6 January 1978, as amended (known as the “French Data Protection Act”).
The User is informed that certain Data must be collected by DE GERAULT in order to be able to provide its products and services. If the User does not wish to communicate this data, DE GERAULT cannot perform its services.
This Privacy Policy (“Policy”) may be amended at any time by DE GERAULT, in particular to comply with any regulatory, legal, editorial or technical developments. The User must refer to the latest version of the Policy before browsing.
1. The Data Controller
The data controller, who collects the personal data and implements the data processing is:
DE GERAULT, identified as SIREN 909 863 417 and SIRET 909 863 417 00012, with registered office at 10 rue George Bernard Shaw - 75015 Paris
(hereinafter the “Editor” or the “Controller”).
For the purposes of this Policy, "Process" or "Process" means any operation or any set of operations applied to the Data, such as collection, registration, organization, structuring, retention, adaptation or modification, extraction, consultation, use, limitation, erasure or destruction.
The term "Data(s)" means any information relating to a User, identified or identifiable, in particular by reference to an identifier, such as a name, an identification number, location data, or one or more specific elements.
2. Collection of personal data
The Data that may be collected by DE GERAULT are:
- User account data: the data that the User fills in when creating an account by completing the registration form (first name, last name, billing and delivery mailing addresses, email address, mobile phone number, password for login to customer account)
- Transaction data: the User’s information relating to orders made and returns, such as the telephone number, address, e-mail address and information relating to the means of payment;
- Exchanges with customer service;
- Navigation data: refers to the data that the Editor collects when browsing the User on the Sites and Applications, such as the date, time of connection and/or navigation, the type of browser, the language of the browser, its IP address, location data and geolocation
- Data relating to the means of payment (credit card number, expiry date, authorization number, security code) are collected directly by our service provider Shopify Payments. DE GERAULT never has access to its customers' payment data.
Certain services may be altered or inaccessible in the absence of consent to the collection of the Data mentioned in this Privacy Policy.
3. Purposes of collecting personal data
The Data collected in connection with the use of the Website are subject to Processing in order to meet the purposes described below.
The regulations in force protect the privacy of Users and require any controller to be able to justify a legitimate basis for such processing.
The regulations thus provide among the legal bases for processing :
- the performance of a contract to which the person concerned is a party, such as a sales contract. Thus some personal data of the User are necessary to deliver the good, manage the customer account and make returns;
- compliance with a legal obligation, in particular accounting, by keeping invoices;
- prior consent of the person concerned;
- the legitimate interest of the controller, while respecting the rights and freedoms of users.
Thus, improving the customer experience or preventing fraud may justify collecting Data.
Purpose of processing :
Management of orders and sales of products and services; management of receipts, withdrawals and returns
Use of data :
Use of data to produce products and services (from shopping cart and orders; sales, returns and refunds of purchased products)
Legal bases for processing :
The execution of a contract between the client and the professional
Purpose of processing :
Processing payments
Use of data :
Shopify payments uses information about the means of payment when making payment for each order. This data can also be used to prevent fraud in the payment of the order and/or the management of outstanding payments after ordering
Legal bases for processing :
The execution of a contract between the client and the professional.
Creating and managing the client account
Use of data :
The Personal Data of a customer registered on the website are used (email address, password) in order to manage and track our customers' orders and returns.
Legal bases for processing : Execution of a contract between the client and the teacher and compliance with a legal obligation
Purpose of processing : Delivery of ordered Products
Use of data : Data (co-data, address, email) are used to deliver
Legal bases for processing : The execution of a contract between the client and the professional
Purpose of processing : Administration of the website, Sites, apps and fraud
Use of data : The data (cookies) are used to update the website and to combat cross-net fraud.
Legal bases for processing : The legitimate interest of the Responsible for Processing in order to prepare appropriate offers and ensure the safety of its Inter-net site
Use of data : After-sales service: exchanges with customer service
Purpose of processing : Data is used to interact with clients. As such, exchanges between customer service and the customer via email can be recorded to improve the quality of service. The client can apply at any time.
Legal bases for processing :The execution of a contract between the client and the professional
Use of data : Send private news and offers as long as the user checks the box indicating his/her acceptance, when he/she registers for the Services
Purpose of processing : Personal data is used to inform customers of our products and services and to provide personal products on social networks.
Legal bases for processing : Legitimate interest in processing to ensure products and services are tailored to the needs of clients
Use of data : Analyze site visits and their frequencies, measure audience, studies, statics, surveys (cookies) and improve user experience on the Internet site and mobile apps.
Purpose of processing : The data, including cookies, are used to understand the use of the Sites and mobile apps, as well as to help the user make purchases on the Sites when a discussion is held with our chat partners.
Legal bases for processing :
- The Board of the User
- The legitimate interest of the Management Department to ensure that products and services meet the needs of customers
DE GERAULT does not share any Personal Data for commercial purposes with third parties.
The User has the option to modify his Personal Data and withdraw his consent at any time by logging into his customer account.
4. Providers having access to Users' Personal Data
The Personal Data collected is transmitted to the DE GERAULT service providers, who can process on behalf of DE GERAULT (subcontractors) and/or their own account (recipients of the data).
The recipients of the data are:
- Shopify Payments, payment provider;
- any police or administrative authority in connection with judicial requisitions concerning the fight against fraud;
- customs services and service providers in the case of deliveries abroad.
DE GERAULT subcontractors may have access to the Data collected for:
- preparation, dispatch of orders and return of products
- Improving the content of the Website;
- the technical maintenance and development of the Website.
5. Users' rights to their personal data
In accordance with Articles 14 to 22 of the General Data Protection Regulation 2016/679 of 27 April 2016, any natural person using mobile sites or applications has the right to exercise the following rights:
- A right of access, rectification and deletion of the data collected,
- A right to object to the processing of its data,
- A right to the limitation of Processing,
- A right to the portability of the data collected,
- the right to issue directives relating to the retention, erasure and disclosure of personal data after death in accordance with Article 40-1 of the French Data Protection Act.
Finally, if DE GERAULT detects a breach of Data that could create a high risk for the rights and freedoms of its Users, it undertakes to inform the users concerned as soon as possible and the competent supervisory authority, for France the CNIL.
The User can exercise all these rights by logging in to his customer area, by contacting customer service at contact@bacci-paris.com or by simple mail to LEDL – Customer Service 21 rue Desaix – 75015 Paris, France.
The user must attach proof of identity to his application.
In case of non-response or unsatisfactory response, the User may contact the supervisory authority of his country of residence, for France, the CNIL: http://www.cnil.fr/
6. Data retention period
The User Data will not be stored beyond the period strictly necessary for the purposes pursued as set forth herein and in accordance with applicable regulations and laws. In this regard, the Data used for prospecting purposes may be kept for a maximum period of 3 years from the closure of the User’s account or the last contact of the prospect concerned. User data is erased when retention periods expire.
Nevertheless, certain Data may be archived beyond the time limits provided for the purposes of research, identification and prosecution of criminal offences for the sole purpose of enabling, where necessary, the provision of such data to the judicial authority.
Archiving implies that these Data will be anonymised and will no longer be searchable online.
7. Security measures for personal data collected
As Data Controller, DE GERAULT undertakes to take all necessary precautions in order to preserve the security and confidentiality of the data and in particular to prevent it from being altered, distorted or access by unauthorized third parties.
All Data is hosted in France or the European Union.
For more information, please visit: