Privacy policy
Bonnegueule (BG Group) Personal Data Protection Principles
Introduction
This page outlines the principles by which BG GROUP collects various types of customer data, along with our commitments regarding BG GROUP's security and data protection policy.
Definitions
To avoid any imprecise interpretation, here are some key terms used in this document:
- Personal Data: Any information relating to an identified or identifiable natural person. An "identifiable natural person" is one who can be identified, directly or indirectly.
- Processing: Any operation or set of operations performed on personal data, whether or not by automated means (collection, recording, transmission, storage, retention, extraction, consultation, use, interconnection, segmentation, etc.).
Data Controller
All personal information provided to BG GROUP is processed under the responsibility of BG GROUP, 226 rue Saint Denis, 75002, Paris, SIRET N° 790 674 873 00142.
For any questions regarding the processing of personal data, or any request for access, portability, rectification, or deletion of your personal data, please contact our Data Protection Service at: [email protected].
Requests to Modify Your Personal Data
As a user of BG GROUP services, you can modify your personal data through your customer account.
If you wish to delete your customer account, you may request this from our customer service.
IMPORTANT: This action is irreversible—you will lose access to your order history, loyalty points, etc. However, you will be able to create a new account.
For any other request regarding access, portability, rectification, or deletion of your personal data, please contact our service at: [email protected].
How Do We Collect Data About You?
The collection of your personal data (such as name and contact information) is usually based on your customer relationship or another relevant relationship with us. For example, we collect data when you interact with our services, register as a user on our website, use BG GROUP services, or provide us with other information.
When you use BG GROUP's communication and network services, such as making a call, creating your customer account, or sending an email, identification data is stored in our systems for service use.
When you visit BG GROUP's websites or load pages, you leave various types of anonymous browsing data, such as your IP address and browsing history. The operation of our services is based on the use of cookies. We may collect data based on your consent. We record customer service calls to verify the actual discussion if needed. We also collect data from potential customers when they participate in contests, sweepstakes, or customer events.
What Data Do We Collect?
This data includes your first and last name, address, phone number, email address, date of birth, direct marketing information and consent, company contact information, company name, information provided by you, customer classification, order, delivery, agreement, and billing information.
We store data that can be linked to you. The data created and collected during communication includes information about the communicating parties, connection time, routing information, data transfer protocol, connection format, and location information. While browsing the internet, "measurement data" is collected using cookies. This data cannot be linked to an individual. The customer information we collect helps us personalize and continually improve your shopping experience on BG GROUP services. We use this information to process orders, deliver products and services, handle payments, communicate with you about your orders, products, services, and promotional offers, maintain and update our records and your accounts with us, and make content available to you, such as wish lists and customer reviews, and recommend products and services that might interest you. We also use this information to improve our stores and websites, prevent or detect fraud or abuse on our website, and enable third parties to provide technical, logistical, or other services on our behalf.
List of Cookies
A cookie is a small data file (text file) that a website, when visited by a user, asks your browser to store on your device in order to remember information about you, such as your language preferences or login information. We set these cookies, known as first-party cookies. We also use third-party cookies, which are cookies from a domain different from the website you are visiting, for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:
- Cookies for targeted advertising
These cookies may be set on our website by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant ads on other websites. They do not store personal data directly but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. - Functionality Cookies
These cookies allow the website to offer enhanced functionality and personalization. They may be set by us or by third-party providers whose services we use on our website. If you do not allow these cookies, some or all of these services may not function properly. - Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us know which pages are the most and least popular and see how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site. - Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually set in response to actions made by you, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or alert you about these cookies, but some parts of the website may not work properly. These cookies do not store any personally identifiable information.
List of Types of Information We Collect:
- Information You Provide to Us
We collect and store all information that you provide to us via our website or by other means. You may choose not to provide certain information, but this decision may limit your ability to use our services. We use the information you provide to respond to your requests, personalize your future shopping experiences, improve our services, and communicate with you. - Information Collected Automatically
Every time you interact with us, we receive and store certain types of information. Like many other websites, we use cookies and obtain certain types of information when your browser accesses BG GROUP’s website, advertisements, and other content provided by or on behalf of BG GROUP on other websites. - Email Information
To help us make our emails more useful and interesting, we often receive a confirmation when you open emails from BG GROUP, if your computer supports this functionality.
How Do We Manage Your Information?
Please note that BG GROUP staff, subsidiaries, and subcontractors are bound by confidentiality obligations when processing your data. We maintain the confidentiality of your information and ensure it is used only for predefined purposes.
Your data is processed to provide and deliver communication services and other content, develop services, bill you, provide you with the best possible and most comprehensive services, and inform you about our services.
We also use your data for customer communications, such as sending information about our services, and for direct marketing purposes.
We also use data for customer profiling based on billing, usage amounts, the duration of the customer relationship, and external classifications.
We process potential customer data for direct marketing purposes. We strive to ensure that customer data is up to date and correct. We delete obsolete and unnecessary data where possible. We protect all data concerning you by applying task-based personal access rights and prevent unauthorized third-party access to the data.
Where Do We Send Your Data?
We only share your data to the extent permitted by applicable law and as specified in the file description with authorities and other telecommunication companies.
When we use subcontractors, we sign a security agreement with them, which also covers the use of your data. We remain responsible for this type of data handling on your behalf.
BG Group Data Protection Principles
The purpose of this data protection policy is to describe the principles and practices BG GROUP follows to ensure the protection of privacy, confidentiality of communication, and the legal protection of our customers. BG GROUP regularly updates this policy as operations or services change or evolve. For this reason, we encourage you to regularly review the latest statement. BG GROUP's core values include the confidentiality of customer data and communication and the protection of customer privacy in all company operations. When handling our customers' personal data, we follow French law, orders, and instructions from authorities, as well as good data processing practices. BG GROUP implements a high level of data protection. Personal and identifiable data, as well as location data, is collected solely for specific predefined and lawful purposes and is not processed in a manner incompatible with these purposes. We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of customers' personal information. Our security procedures may require us to ask for proof of your identity before we disclose your personal information to you. We continuously train our staff on data processing principles and monitor data usage through appropriate means.
General Principles of Customer Data Management
The processing of personal data must always be justified in the context of BG GROUP's operations. BG GROUP has defined the purpose of collecting, handling, and submitting personal data in the following section. BG GROUP only processes customer data necessary for its operations, as defined in the purpose of use specified in the file description for the customer register. We strive to avoid processing incorrect, incomplete, or outdated data. Customer data processing is generally based on a relevant relationship, information received during the use or registration of a service, or your consent. We may also process your data for other reasons, such as at your request or when required by law. Your information may be processed within BG GROUP. We encourage our customers to regularly update their contact information. We record your conversations with our customer service to verify a business transaction, respond to your inquiries, and monitor and develop service quality. Please note that as a BG GROUP customer, you have the right to check what data concerning you has been stored in our information systems or confirm that there is no data concerning you in our file. You may also refuse the use of your data in accordance with relevant legislation. You may request data inspection once a year at no cost. Data inspection requests must be made with a signed document between BG GROUP and you.
Collection, Retention, Extraction, and Processing of Personal Data
- Contact Form
Service Provider: https://globo.io/
Data Collected: Email and message
Purpose: Customer relationship management
Data Retention: Stored in a database
Data Access: BG GROUP customer service
Are data stored or processed outside the EU? Yes
GDPR Compliance of Service Provider: https://globo.io/privacy-policy/ - Customer Account Creation & Order Processing
Data Collected: Name, surname, address, phone number, email, date of birth, direct marketing information and consent, company contact information, company name, information provided by you, order, delivery, and billing information. We store any data that can be connected to you.
Purpose: Orders / Order tracking / Address / Returns / Credits / Loyalty management
Data Retention: Stored in a database
Retention Period: Customer lifetime / Inactive customers for 2 years are deleted
Data Access: Logistics (partially, only data related to processing and shipping your order) / Marketing department / Customer service
Are data stored or processed outside the EU? Yes
GDPR Compliance of Service Provider: https://help.shopify.com/en/manual/privacy-and-security/privacy/gdpr/comply-with-gdpr#data-processing-agreement - Stock Alert
Data Collected: Email
Purpose: Send a product restock notification email
Data Retention: Opt-in stored in the database
Retention Period: Duration of customer's opt-in unless declined by the customer
Data Access: Marketing department
Are data stored or processed outside the EU? Yes
GDPR Compliance of Service Provider: https://www.backinstock.org/gdpr-privacy-policy - Meta
Service Provider: https://www.facebook.com/
Location of Service Provider: United States
Purpose: Remarketing
Are data stored or processed outside the EU? Yes
GDPR Compliance of Service Provider: https://www.facebook.com/ - Google Analytics
Service Provider: https://analytics.google.com/analytics
Location of Service Provider: United States
Purpose: Website traffic analysis + Remarketing
Are data stored or processed outside the EU? Yes
GDPR Compliance of Service Provider: https://privacy.google.com/intl/en/businesses/compliance/ - Klaviyo
Service Provider: https://www.klaviyo.com
Location of Service Provider: United States
Purpose: Marketing emails
Are data stored or processed outside the EU? Yes
GDPR Compliance of Service Provider: https://www.klaviyo.com/legal/data-processing-agreement - Yotpo
Service Provider: https://www.yotpo.com
Location of Service Provider: United Kingdom
Purpose: Loyalty program and review management, email or SMS notifications
Are data stored or processed outside the EU? Yes
GDPR Compliance of Service Provider: https://www.yotpo.com/privacy-policy/ - Gorgias
Service Provider: www.gorgias.com
Location of Service Provider: United States
Purpose: Customer relationship management
Are data stored or processed outside the EU? Yes
GDPR Compliance of Service Provider: https://www.gorgias.com/legal/data-processing-agreement-legacy
Data Sharing and Transmission
BG GROUP may only submit your data to third parties in accordance with applicable law. We provide information to authorities upon request, such as the police and security authorities, and other authorities as specified by law. Customer information is a vital part of our business, and it is not our practice to sell it. We share information only as described earlier and for the purposes outlined in this privacy policy with BG GROUP-controlled entities, which either adhere to this privacy policy or have implemented protections at least as stringent as those described in this privacy policy. Additionally, we may share your data with subcontractors, ensuring data confidentiality, and we remain responsible for data management in such cases. If we process your data outside the EU, we ensure that the subcontractor guarantees proper data handling.
Processing of Identification and Location Data Related to Electronic Communication
BG GROUP treats all data and messages generated during communication as confidential. Our staff is bound by confidentiality obligations and prohibited from using messages or other confidential information. Communication over a network always leaves a trace, known as identification data if it can be connected to an individual. Network traces are created, for example, during phone calls, sending emails and SMS messages, and browsing the internet, and may contain information about the parties involved, connection routes or routing, the data transfer protocol used, events, terminals used, or their location. BG GROUP handles identification and location data in accordance with current laws for purposes such as service implementation and use, billing, and technical development. Data may also be used to bill other service providers if necessary. BG GROUP may also handle identification data in cases of misuse, data security violations, and fault repairs. In all the above situations, we only process identification and location data as necessary to accomplish specific tasks.
Use of Location Data
A real-time location method, where one person can follow another's location, requires the consent of the person being located. The customer may refuse location-based services, in which case they cannot be located. If we share location information with location service providers, we ensure by appropriate means that there is consent from the person to be located.
Authorized Persons for Managing Identification and Location Data
Only specific individuals at BG GROUP whose work requires access to identification and location data are authorized to process such data. In practice, authorization is only granted to individuals performing tasks related to billing, maintenance or development of communication networks or services, preventing and investigating misuse, customer service, and marketing. Those authorized to handle the data may only process it as necessary to perform specific tasks.
Duration of Identification and Location Data Processing and Data Storage
We process identification and location data only as long as necessary for billing, technical development, fault repair, marketing, investigation of misuse, or data security purposes. However, processing is limited to the scope required for the necessary actions and without unduly compromising the confidentiality of messages and privacy protection. We store required billing data for at least one year from the invoice due date and for no more than three years from the invoice due date unless a longer storage period is required for invoice collection. Otherwise, data is stored as permitted and required by applicable legislation.
Websites and Visit Tracking
We also collect data regarding website visits. This data includes the IP address and corresponding DNS name, the organization that registered the IP address, the name and address of the page visited, the page loading time, and the type of browser. Please note that the IP address is required for the functioning of the internet, used to route messages transmitted over the internet to the correct locations. Generally, the IP address is not connected to the person using the computer, but it may be connected to the organization that registered the IP address. An IP address connection may be established upon request by authorities.
Cookies
As a BG GROUP customer, you can browse our websites anonymously. However, like most websites, we use cookie technology. When you view our website, a cookie sets a random number for the browser, which does not indicate your identity. Cookies help BG GROUP determine which parts of its websites are most popular, where visitors go, and how long they stay. The data is used to implement and develop services and target advertisements on websites. You can prevent cookie storage by adjusting your browser settings. In some cases, this may slow down or prevent navigation on the website.
Data Security
We ensure the security of data for our services by using methods proportional to the severity and sophistication of threats as well as the cost. BG GROUP takes care to prevent data security breaches and eliminate disruptions affecting data security. Additionally, we use all means to ensure that the confidentiality of messages or privacy protection is not unduly compromised when carrying out these actions. We provide information about actions related to the security of our services and other data security issues through appropriate channels, such as our website or customer bulletins. To prevent data security breaches and eliminate disruptions affecting data security, we may, among other things, prevent the receipt of email messages, remove viruses and other malware from messages, and take other comparable technical measures. These measures are necessary within authorized limits. We use physical, administrative, and technical protections to keep messages and identification data transmitted over the communication network confidential. These actions reduce the risk that your data will be disclosed to third parties and prevent misuse or unauthorized access. Some of our services also use standard encryption methods. Please note that as a BG GROUP service user, you should also use the most appropriate methods to ensure your own data security. We encourage you to store and use our services and your devices carefully and monitor their use, for example, by using secure codes and unique passwords, and using sufficient antivirus and firewall services, keeping them and your operating system updated.
Customer Communication and Direct Marketing
BG GROUP sends customer messages regarding its products and services to customers who have given consent via their customer account. BG GROUP also sends direct marketing messages electronically. You have the right to opt out of receiving direct marketing messages from BG GROUP. You can opt-out by following the instructions included at the bottom of our newsletters.
