Get -20% on your 1st order by creating a Gyny Fidelity account!
0

Privacy Policy

← Back to policies

Last updated: February 2024

This privacy policy informs users of this website about how their personal data is collected and processed, in accordance with Law No. 78-17 of January 6, 1978, as amended, and Regulation No. 2016-679 of April 27, 2016 (GDPR). 

The data controller is GYN 1957, a simplified joint-stock company with a share capital of 3,000 euros, headquartered at Richeplaine, Sainte-Anne 97180 Guadeloupe, registered with the Pointe-à-Pitre Trade and Companies Register under number 931 611 487, represented by Ms. Giannina MOUROUVIN in her capacity as President.

 

Article 1. Definitions

Within the context of this policy, capitalized terms have the following meanings: 


Site : Website published by the data controller 

Services : All services offered by the data controller 

User : Any person browsing the Site 

Personal data : Any information relating to an identified or identifiable natural person. This may include: names and surnames, age, email or postal address, location, etc. (Non-exhaustive list)

Personal data processing : Any operation or set of operations performed on personal data, regardless of the method used (collection, recording, organization, storage, adaptation, modification, extraction, consultation, use, transmission or dissemination, or any other form of disclosure, alignment)


Article 2. Personal data processing

Site Navigation

When browsing the Site, the data controller may automatically collect technical data about your equipment, actions, and browsing patterns, particularly through cookies. Please consult the cookie policy below for more details on the purpose of data processing, retention periods, and your rights. 


Contact Form 

When you submit a request via the contact form, the data controller collects your name and email address, as well as any information you may include in your message. We ask you not to communicate any sensitive information in your message. 


The legal basis for processing is the legitimate interest of the data controller. 

Data provided in contact requests is kept for three (3) years from the closure of the request. If the contact results in a contract, the data is retained for the duration of the contract and for the periods required to comply with legal and regulatory obligations. 


Newsletter Subscription 

When you subscribe to the email newsletter, you consent to receive promotional and advertising information by email. You provide your email address for this purpose. 


The legal basis for this processing is consent. You can withdraw your consent at any time by clicking the unsubscribe link in each email. 

The data controller may send you commercial communications by email related to services similar to those already provided or products similar to those you have already ordered. 

The legal basis for this processing is the legitimate interest of the data controller. You can choose to stop receiving these communications at any time by clicking the unsubscribe link in each email. 


Your email address is kept until you unsubscribe or for three (3) years from the last contact between you and the data controller (e.g., a click on an element in an email). Before deleting your address from the database, the data controller may contact you to ask if you wish to maintain your newsletter subscription. 


Processing Orders and Pre-orders 

When placing an order, you provide personal data necessary for processing your order (invoice management, delivery and payment, tracking, customer review management, and after-sales service): name, surname; postal address; email address; telephone number for delivery.

This information is only intended for the Data Controller, who may transmit it to partners, particularly logistics partners (e.g., carriers), with the sole purpose of processing the order. 

The legal basis for this data processing is the execution of the contract concluded when placing an online order. 

The following retention periods apply to personal data collected during orders on the site: 

  • Pending, failed, or canceled orders: six (6) months;

  • Completed orders: two (2) years in active database, then 3 years in intermediate archiving;

  • Invoices: 10 years in intermediate archiving.

 

Customer Account Creation 

Personal data collected when creating a customer account includes: name, surname, email address. The password chosen by the user is encrypted. 

The legal basis for this processing is the execution of contractual or pre-contractual measures. 

Customer account data is kept for two (2) years after your last login to your customer account. Beyond this period, before permanently deleting your data, the data controller will send you an email offering to keep your customer account or delete it.


Loyalty Program Membership

Information collected in the loyalty program subscription form is recorded in a computerized file maintained by the Data Controller. 

The legal basis for processing is the execution of contractual or pre-contractual measures. 

Data provided in the membership form is kept for the duration of the loyalty program membership and three years after its end. 


Customer Reviews 

When you submit a product review after purchase, the Data Controller collects your name and email address, as well as any information you may include in your message. We ask you not to communicate any sensitive information in your message. 

The legal basis for processing is consent. 

Data provided in customer reviews is kept for three (3) years from when the review is posted on the site.


Article 3. Data Recipients

The data controller may share your data with the following categories of recipients:

  • Authorized internal staff according to their missions and functions

  • Payment service providers, identity verification and bank details verification, delivery, and newsletter sending

  • Subcontractor service providers for conducting business activities

The data controller requires all third-party providers to respect the security of personal data and to process it in compliance with the law, only for specific purposes following the data controller's instructions and never for their own purposes. 

  • Advisors bound by professional secrecy (legal, accounting, banking, insurance)

  • Third parties upon request from a public or administrative authority, or to comply with legal requirements or procedures, or to defend its interests in court. 


Article 4. Data Transfer Outside the European Union 

The data controller may share your data with providers that may be located outside the European Economic Area (EEA). 

In these circumstances, the data controller ensures that your data is transferred to countries whose level of personal data protection has been deemed adequate by the European Commission or, if this is not the case, that it takes appropriate safeguards to ensure secure transfer of your data, such as signing standard contractual clauses approved by the European Commission with the recipient party of the data.

 

Article 5. Data Security 

The data controller takes appropriate technical and organizational measures to prevent the disclosure of data, deterioration of data, or access to data by unauthorized third parties. 

When you transmit credit card information during payment, SSL encryption technology is used to secure your transactions.



Article 6. Rights and How to Exercise Them 

Your rights

  • Right of access to data (GDPR Article 15): Users can obtain confirmation that their data is being processed, and if so, access their data and information about the circumstances of processing;

  • Right to rectification of data (GDPR Article 16): Users can obtain from the Data Controller the rectification of their data when it is inaccurate or incomplete, as soon as possible; 

  • Right to restriction of processing (GDPR Article 18): Users can obtain from the Data Controller restriction of processing of their data (freezing the data without using it, but without deleting it);

  • Right to object to processing (GDPR Article 21): Users can object at any time to the processing of their data by the Data Controller, unless the latter has legitimate and compelling reasons for processing their data;

  • Right to withdraw consent at any time (e.g., unsubscribe from the newsletter);

  • Right to data portability (GDPR Article 20): Users can receive the data that the Data Controller processes automatically and that was provided on the basis of a contract or consent;

  • Right to provide instructions regarding the fate of data after death. 


How to Exercise Your Rights

You can exercise your rights by sending a request to:

  • By email to: contact@gyn1957.com By mail to: SAS GYN 1957, Richeplaine, Sainte-Anne 97180 Guadeloupe


Your request will be processed within one month of receipt. In case of doubt about your identity, we reserve the right to request proof of identity. A copy of the ID will be kept for one year. Other data related to processing your request (gender, name, nature of the request, response provided) will be kept for 3 years.


The data controller undertakes to respect your instructions regarding the retention, deletion, and communication of your personal data after death. In the absence of instructions from you, the data controller will honor requests from heirs as set out in the applicable provisions of the Data Protection Act.


If you believe that your personal data or your requests to exercise your rights related to your personal data are not being processed in accordance with legal provisions by the Data Controller, you have the right to lodge a complaint with the CNIL at the following address: CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.



Article 7. Updates


Cookie name

Cookie category and purpose

Retention period


Session duration


Session duration


Session duration

This policy may be updated at any time, particularly in the event of new data processing, in application of legal and/or regulatory provisions and/or possible CNIL recommendations. We therefore invite you to consult the latest version of this page before browsing. 



Article 8. Cookie Management Policy 


The data controller uses cookies. A "cookie" is a small text file that contains information specific to the Site user. It is stored on the user's hard drive and can only be read by the server that provided it.


For example, cookies help us remember your username on your next visit, understand your interactions with our content, and improve it based on the information collected.

Some cookies are essential for the site to function. Other cookies are optional. Their deposit on your browsing terminal then requires your consent. 

You can set your browser to block all cookies, but blocking essential cookies may hinder the proper functioning of the site.