Our privacy policy
Updated on January 26, 2026
Personal Data – Website Management
Activities relating to the website www.galibier.com involve the processing of personal data.
However, when you place an order with a delivery address outside France and Belgium, you are redirected to the payment interface of our partner Global-e, which acts as the Merchant of Record for this transaction.
In this case, your personal data is collected directly by Global-e, which shares part of it with us. Specific provisions then apply to the processing of your personal data.
Please refer to the section “Orders Delivered Outside France and Belgium” below.
What Is This Personal Data Policy About?
This policy informs you about the characteristics of these processing activities and your rights regarding your personal data.
This privacy policy is drafted in accordance with French Law No. 78-17 of January 6, 1978 (“Data Protection Act”) and the General Data Protection Regulation (“GDPR”) No. 2016/679.
Who Is Responsible for This Policy?
The data controller is:
GALIBIER, a simplified joint-stock company (SAS) with share capital of €10,000, whose registered office is located at 65 rue des Tuiliers, 38430 Saint Jean de Moirans, France, registered under number 985 047 489, represented by Éric Forestier.
Contact details of the data controller:
Reference person: Julien RIAILLE
Address: 65 rue des Tuiliers – 38430 Saint Jean de Moirans
Telephone: +33 4 85 40 00 38
Email: service@galibier.com
The joint data controller is:
ETABLISSEMENTS RICHARD PONTVERT ET COMPAGNIE, a public limited company (SA) with share capital of €823,834, whose registered office is located at 65 rue des Tuiliers – 38430 Saint Jean de Moirans, registered under number 060 500 147.
Who Is This Policy Intended For?
This policy applies to users of the website www.galibier.com, specifically:
- newsletter subscribers
- customers of the online store
- persons entrusted with technical services (hosting, maintenance, security)
- persons with access to the site back office
- persons contacting us via the contact form or online chat
- persons submitting specific requests (warranty extension, expertise, shoe repair services)
- website visitors
- persons providing satisfaction ratings
Purposes (Why Data Is Collected)
GALIBIER processes personal data only for specific and legitimate purposes, including:
- technical website management (maintenance, hosting, security)
- website administration
- online account management
- online order management
- handling inquiries via contact form or chat
- handling specific requests
- newsletter subscriptions
- after-sales service and product returns
- satisfaction assessments
- customer understanding and analysis
Cookies and Other Trackers
GALIBIER uses trackers for various purposes (audience measurement, cart recovery, language preference, etc.).
For more information, please consult the cookie policy.
Legal Bases for Processing
Depending on purpose:
- newsletter: consent
- customer accounts: contract and legitimate interest
- orders: contract
- after-sales service: contract
- technical management: legitimate interest and service contracts
- website administration: legitimate interest
- inquiries: legitimate interest or contract
- specific requests: contract
- cookies: consent (where required)
- customer evaluations and analysis: legitimate interest
Data Retention Periods
Data is retained only as long as necessary:
- newsletter: 3 years after collection or last contact (renewable)
- customer accounts: while active, then 2 years after last activity; 6 months after deletion request
- online orders: 10 years; bank data: 30 days
- after-sales service: 10 years
- technical data: duration of operation; IP/logs max 13 months
- website administration: duration of administration access
- inquiries: 3 years unless customer
- specific requests: 10 years
- cookies: max 25 months; trackers 13 months
- customer evaluations: 5 years
Categories of Data Processed
Depending on purpose, GALIBIER may process:
- identification data (name, email, phone, address, etc.)
- login credentials
- purchase and return history
- payment card data
- technical connection data (IP, browser, logs)
- satisfaction data (age, title)
Mandatory or Optional Data
Data is generally mandatory except:
- order notes
- certain optional fields for specific requests (date of birth, proof of purchase, postal address, etc.)
Data Sources
For France/Belgium orders: data provided directly by the customer.
For orders outside France/Belgium: data collected by Global-e and partially transmitted to us (excluding payment data).
Data Recipients
Data may be shared with subcontractors strictly for stated purposes, including:
- hosting provider (o2switch)
- payment providers (PayPal, Apple Pay, Sofort, Bancontact, iDeal, Multibanco, Satispay, MyBank, etc.)
- carriers (DHL)
- Brevo (newsletter)
- Zendesk (customer service)
- Directus and Prios (logistics)
- Directus (repairs)
- Richard Pontvert (shoe repair)
- Global-e Online Ltd (international orders)
Orders Delivered Outside France and Belgium – Global-e
Context
For deliveries outside France/Belgium, Global-e acts as Merchant of Record.
Role of Global-e
Global-e:
- collects your personal data
- processes payment
- manages customs and taxes
- handles refunds
Global-e acts as an independent data controller.
Data Collected by Global-e
- identification data
- delivery address
- order details
- payment information
- ID documents where legally required
Data Shared With Us
- identification data
- delivery address
- order information and status
Payment data is not shared.
Legal Basis (Our Processing)
Contract performance and legitimate interest (after-sales service, accounting, service improvement).
Global-e Processing Purposes
- order fulfillment
- payments and refunds
- customs and tax compliance
- customer service
- fraud prevention
- analytics
- marketing (subject to consent)
Internal Access
Our logistics, customer service, and accounting teams access the Global-e portal as required.
Retention
Order data (excluding payment info) is stored in our ERP/CRM/CMS for 10 years.
International Transfers
Global-e servers are in Ireland. Transfers may occur to:
- Israel (adequacy decision)
- United States (Data Privacy Framework / SCCs)
- destination country (carriers/customs)
Cookies
Global-e cookies apply on their checkout interface.
Rights With Global-e
Requests may be sent to:
dataprotection@global-e.com
dpo@global-e.com
https://global-e.privacy.saymine.io/Global-e
EU representative: Rickert Rechtsanwaltsgesellschaft mbH, Bonn.
Security Measures
Appropriate technical and organizational measures are implemented to ensure data security.
Automated Decision-Making
No fully automated decisions are made. For Global-e orders, refer to their privacy policy.
Rights After Death – Access, Rectification, Erasure, Portability
Individuals may define instructions regarding their data after death and exercise rights of access, objection, rectification, deletion, portability, and consent withdrawal.
Requests must include identification and be sent to:
Julien RIAILLE – GDPR Contact
Galibier
65 rue des Tuiliers
38430 Saint Jean de Moirans
service@galibier.com
Complaints
You may lodge a complaint with the French supervisory authority (CNIL):
