PRIVACY POLICY

Last updated: 09/02/2025

The protection of your personal data is a priority for Beseas. This privacy policy informs you about how we collect, use, share, and protect your personal data in accordance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679).

1. DATA CONTROLLER

The data controller for your personal data is:

Beseas
Simplified joint-stock company (SAS)
Registered office: 16 avenue du Maréchal de Lattre de Tassigny, 33660 Saint-Seurin-sur-l'Isle, France
SIRET: 994 453 157 00012
Email: contact@beseas.com
Phone: +33 7 80 00 88 55

2. PERSONAL DATA COLLECTED

In the context of using our website www.beseas.com and our services, we collect the following personal data:

When placing an order:

  • First and last name
  • Email address
  • Delivery and billing postal address
  • Phone number (if provided during payment)
  • Payment method used (without complete banking data)
  • Order details and history

Browsing data:

  • IP address
  • Connection and browsing data (cookies, pages visited, visit duration)
  • Statistical and analytical data

Important: Your banking data (credit card numbers) is never collected or stored by Beseas. It is processed directly and securely by our PCI-DSS certified payment processor.

3. PURPOSES AND LEGAL BASES OF PROCESSING

We collect and process your personal data for the following purposes:

Purpose Legal basis
Processing and execution of your orders Performance of contract
Product delivery Performance of contract
Customer service and support management Performance of contract and legitimate interest
Sending newsletters and marketing communications Consent (checkbox)
Improvement of our site and services Legitimate interest
Statistics and audience analysis Legitimate interest
Compliance with legal obligations (accounting, invoicing) Legal obligation
Fraud prevention Legitimate interest

4. DATA RECIPIENTS

Your personal data may be transmitted to the following recipients, strictly limited to what is necessary to accomplish the stated purposes:

Technical service providers:

  • Shopify International Limited (hosting and online store management)
  • Shopify Payments (secure payment processing)
  • Carriers (order delivery)

Marketing and analytical tools:

  • Google Analytics (audience analysis)
  • Google Ads (advertising and remarketing)
  • Meta/Facebook Pixel (advertising and remarketing)

Competent authorities:

  • Upon legal request: judicial, police, tax, or customs authorities

All our service providers are subject to strict confidentiality and security obligations in accordance with GDPR.

5. DATA TRANSFERS OUTSIDE THE EUROPEAN UNION

Some of our service providers may be located outside the European Union, notably:

  • Shopify Inc. (Canada)
  • Google LLC and Meta Platforms (data processed through their European entities in Ireland, but with possible transfers to the United States)

These transfers are governed by:

  • Standard contractual clauses approved by the European Commission
  • The EU-US Data Privacy Framework (for certified companies)
  • Appropriate safeguards ensuring a level of protection equivalent to that of the EU

For customers located outside the European Union, we apply GDPR principles. Depending on your location, additional data protection laws may apply, including:

  • California (USA): California Consumer Privacy Act (CCPA)
  • Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Australia: Privacy Act 1988

If you reside in one of these jurisdictions, you may benefit from additional rights under local law.

6. DATA RETENTION PERIOD

We retain your personal data for the following periods:

Type of data Retention period
Order data (invoices, delivery notes) 10 years (accounting and tax obligations)
Active customer data Duration of business relationship + 3 years
Inactive prospect data 3 years from last contact
Marketing data (newsletter) 3 years without interaction (email opening, click, purchase)
Cookies and trackers 13 months maximum
Connection data (logs) 12 months

Beyond these periods, your data is deleted or anonymized.

7. COOKIES AND TRACKERS

Our site uses cookies and other trackers to improve your browsing experience and analyze our audience.

Types of cookies used:

Essential cookies (mandatory):

  • Shopify session cookies (cart functionality, ordering)
  • Security and authentication cookies

Analytical cookies:

  • Google Analytics (audience measurement, visit statistics)

Advertising cookies:

  • Google Ads (targeted advertising, remarketing)
  • Facebook Pixel (targeted advertising, remarketing)

Managing your preferences: During your first visit, a banner allows you to accept or refuse non-essential cookies. You can modify your preferences at any time through your browser settings.

Browser settings: You can configure your browser to refuse cookies:

  • Chrome: Settings > Privacy and security > Cookies
  • Firefox: Settings > Privacy and security
  • Safari: Preferences > Privacy
  • Edge: Settings > Cookies and site permissions

Disabling certain cookies may affect the proper functioning of the site.

8. YOUR RIGHTS

In accordance with GDPR, you have the following rights concerning your personal data:

  • Right of access: obtain confirmation that your data is being processed and access it
  • Right of rectification: correct your inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): delete your data in certain cases
  • Right to restriction of processing: limit the use of your data
  • Right to data portability: receive your data in a structured format
  • Right to object: object to the processing of your data for legitimate reasons
  • Right to withdraw your consent: for processing based on consent (newsletter)
  • Right to define post-mortem directives: on the fate of your data after your death

How to exercise your rights?

You can exercise your rights at any time by contacting us:

  • By email: contact@beseas.com
  • By mail: Beseas, 16 avenue du MarĂ©chal de Lattre de Tassigny, 33660 Saint-Seurin-sur-l'Isle, France

We will respond within a maximum period of 1 month from receipt of your request.

Newsletter unsubscription: You can unsubscribe at any time by clicking on the unsubscribe link in each marketing email.

9. DATA SECURITY

We implement all appropriate technical and organizational measures to ensure the security of your personal data and protect it against:

  • Accidental or unlawful destruction
  • Loss, alteration, or unauthorized disclosure
  • Unauthorized access

These measures include notably:

  • SSL/TLS encryption of data in transit
  • Secure hosting with Shopify (PCI-DSS certified)
  • Restricted access to data by secure passwords
  • Regular backups
  • Regular security system updates

10. MINORS' DATA

Our site is intended for an adult audience. We do not knowingly collect personal data concerning persons under 18 years of age. If you are a minor, please obtain your parents' consent before providing us with your personal data.

11. CHANGES TO THE PRIVACY POLICY

We reserve the right to modify this privacy policy at any time to reflect legal, regulatory, or operational developments.

The current version is the one accessible on our site. The last update date is indicated at the top of this document.

We will inform you of any substantial modification by email or via a notification on the site.

12. COMPLAINT

If you believe that your rights are not being respected, you may file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) [French Data Protection Authority]:

CNIL
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07
Phone: 01 53 73 22 22
Website: www.cnil.fr

Note: Customers outside France may also contact their local data protection authority.

13. CONTACT

For any questions regarding this privacy policy or the exercise of your rights, you may contact us:

Email: contact@beseas.com
Phone: +33 7 80 00 88 55
Mail: Beseas, 16 avenue du Maréchal de Lattre de Tassigny, 33660 Saint-Seurin-sur-l'Isle, France