Default Image

Our privacy policy

Updated 30th January 2025 – Download the PDF version

 

Personal data – Website management

 

Activities relating to the www.galibier.com website involve the processing of personal data.

 

What does the personal data use policy cover?

 

This policy informs you of the nature of this processing and of your rights concerning your personal data.   This privacy policy is drawn up pursuant to Law no. 78-17 of 6 January 1978 (known as the “Loi informatique et libertés” or “LIL”) and the General Personal Data Protection Regulation (“GDPR”) no. 2016/679.

 

Who is the manager of this policy?

 

The data controller is:

GALIBIER SAS [equiv. limited joint stock company] with a capital of ten thousand euros (€10,000), whose registered office is at 65 rue des Tuiliers, 38430 Saint-Jean-de-Moirans, France, registered under number 985 047 489, and whose legal representative is Éric Forestier.

 

The contact details of the data controller are as follows:

Contact:  Julien Riaille

Address: 65 rue des Tuiliers – 38430 Jean de Moirans – France

Telephone: +33 4 85 40 00 38

Email: service@galibier.com

 

The joint data controller is:

ETABLISSEMENTS RICHARD PONTVERT ET COMPAGNIE, SA [Equiv. Public Limited Company] with a capital of €823,834, whose registered office is at 65 rue des Tuiliers – 38430 Saint-Jean-de-Moirans, registered under number 060 500 147.

 

Who does this policy concern?

 

This policy concerns users of the www.galibier.com website.

More specifically it concerns:

-persons who subscribe to the newsletter

-customers of our online store

-persons to whom we have entrusted technical services (hosting service, maintenance, website security)

-persons with access to the website’s back office for its administration

-persons who contact us via the website’s contact form or online chat

-persons who contact us for specific requests (requests for extended warranties, expertise requests, and shoe repair requests) -persons browsing the website (internet users)

-persons sharing reviews

 

Purpose (what the data collected is used for)

 

The purpose of data processing corresponds to the objective pursued by the data controller.

 

The data controller undertakes to process personal data for determined and legitimate purposes only.

 

GALIBIER determines the following purposes:

-technical management of the website (maintenance, hosting and website security)

-website administration -management of online accounts

-management of customer orders via the online shop

-management of requests for information via the contact form or online chat

-management of specific requests (requests for extended warranties, expertise requests, and shoe repair requests)

-management of newsletter subscriptions

-management of after-sales service and product returns

-management of customer evaluation

-management of customer understanding

 

Cookies and other trackers used on the website

 

GALIBIER uses trackers for various purposes (measuring audiences, basket reminders, language preferences, etc.)

More details are set out in the cookies policy.

 

Legal basis for processing: what gives us the right to process data

 

For each purpose, one or more legal bases authorise the company to carry out the relevant processing.

GALIBIER’s legal basis for processing is as follows:

-for the management of newsletter subscriptions, the legal basis is the subscriber’s consent

-for the management of online customer accounts, the legal basis is the order placed by these customers (the contract) and the legitimate interest

-for the management of orders via the online shop, the legal basis is the order placed by these customers (the contract)

-for the management of after-sales service and product returns, the legal basis is the order placed by these customers (the contract)

-for the technical management of the website (maintenance, hosting and website security), the legal basis is the legitimate interest and the contracts entered into with the service providers

-for website administration, the legal basis is the legitimate interest

-for the management of requests for information via the contact form and online chat, the legal basis is the legitimate interest (to enable online communication) or orders placed by customers (the contract)

-for the management of specific requests, the legal basis is the order placed by these customers (the contract)

-for the management of cookies and trackers on the website, the legal basis is the consent of the persons concerned when this consent is compulsory

-for the management of customer reviews and the management of customer understanding, the legal basis is the legitimate interest.

 

Data retention period

 

Data subject to processing are retained for a period not exceeding that necessary for the purposes for which they are recorded (processing minimisation principle).

 

The maximum retention periods are as follows:

-for the management of newsletter subscriptions): 3 years from the date of data collection or the last contact from the user: clicking on a hyperlink contained in a message, etc. At the end of this period, the person will be contacted to establish whether they wish to continue receiving information. If the response is positive, the user’s personal data will be retained for another 3-year period. In the absence of a positive and clear response, the personal data must be deleted or archived

-for the management of online customer accounts: whilst the account is active. Data is then retained for a period of 2 years from the last activity. After 2 years of inactivity, an email is sent to the person to establish what they would like to do with their account. If the User requests account deletion, their data is retained for 6 months

-for the management of orders via the online store: 10 years from the end of the order. Bank details are retained for 30 days. -for the management of after-sales service and product returns: 10 years from the order date. -for the technical management of the website (maintenance, hosting and website security): data is stored only for the duration necessary for technical operations (a few months), 13 months maximum for IP addresses and connection logs.

-for website administration: for as long as the persons concerned administer the website.

-for the management of requests for information via the contact form and online chat: 3 years from the request, unless the person becomes a customer.

-For the management of specific requests: 10 years from the request. -for the management of website cookies: data is retained for a maximum of 25 months. Trackers have a maximum lifespan of 13 months. At the end of this period, consent is requested again.

-for the management of customer feedback and understanding: 5 years from receiving the information.

 

Personal data subject to processing by GALIBIER

 

The data controller processes the following categories of data:

  • for the management of newsletter subscriptions: email address, name, country and language

 

  • for the management of online customer accounts:

-login credentials

-identification data (professional or individual, title, full name, email, telephone, date of birth, billing address)

-data relating to purchases, returns and pending credit notes

 

  • for the management of orders via the online store

-identification data (professional or individual, title, full name, email address, telephone, delivery address, billing address, order note)

-bank card details)

-data concerning the order (product, order number, etc.)

 

  • for the management of after-sales service and product returns:

-identification data (full name, email address, telephone)

-location data (postcode, address)

-financial data (bank details)

-data concerning the order (product, order number, etc.)

 

  • for the technical management of the website (maintenance, hosting and website security):

-data stored on the website

-connection data (IP addresses, device type, browser, logs, usernames)

 

  • for website administration:

-data stored on the website

-connection data (IP addresses, device type, browser, logs, usernames)

 

  • for the management of requests for information via the contact form:

-identification data (full name, email address, telephone, subject, message)

 

  • for the management of specific requests:

-identification data (full name, email address, telephone, title, date of birth)

-location data (postcode, address)

-financial data (bank details)

-data concerning the order, mandatory or optional depending on the request (ordered product, proof of purchase, purchase date)

 

  • for the management of website cookies:

-connection data (IP addresses, device type, browser, logs, usernames)

 

  • for the management of customer reviews, feedback and understanding:

-identification data (title, age)

 

Compulsory or optional nature of data collection

 

The data collected are compulsory in order to achieve the processing purposes, except in the following cases:

-For online orders, order notes

-For the management of specific requests (requests for extended warranties, expertise requests, and shoe repair requests), certain associated data are not compulsory:  date of birth, date of purchase and proof of purchase for shoe repair services, item related to the request, postal address, and free text area  for warranty extension requests

 

Data sources

 

Data are transferred directly by the person concerned to GALIBIER.

 

Data recipients

 

As the data controller, GALIBIER undertakes not to transmit the collected personal data unless it is necessary to fulfil the previously defined purposes.

 

In this context, the data controller may call upon third parties who may have access to certain data. These third parties include, in particular:

-persons responsible for technical website services (o2switch)

-online payment service providers (Paypal, Apple Pay, Sofort, Bancontact, iDeal, Multibanco, Satispay, MyBank, etc.)

-carriers (DHL)

-Brevo for the newsletter

-Zendesk for customer service

-Directus and Prios for the logistical management of shipments

-Directus for the repair service -Richard Pontvert for shoe repairs

 

What security measures are in place?

 

The data controller implements appropriate technical and organisational measures in order to ensure a level of security appropriate to the risk.

 

The data controller takes measures to ensure that any natural person acting under the authority of the data controller or under that of the subcontractor, who has access to personal data, does not process them except upon instruction from the data controller, unless obliged to do so.

 

The existence or not of data transfers to countries outside the European Union and associated guarantees

 

The data controller may be required to transfer personal data outside the European Union, via sub-contractors listed in the paragraph ” Data recipients “.

 

Personal data may be stored and/or data may be transferred outside the European Union to countries where legislation may provide less protection of individuals’ rights and freedoms.

 

The data controller undertakes to ensure these transfers are made:

  • to countries that provide a level of protection deemed to be adequate by the European data protection authorities, or
  • with appropriate guarantees in accordance with Article 46 of the GDPR (covering the implementation of standard contractual clauses in particular), or
  • in accordance with Article 49 of the GDPR

 

Automated decision making

 

No decisions are made in a fully automated manner.

 

What happens to personal data after death – Right of access, to the rectification, erasure and portability of data

 

Data subjects may set instructions concerning the retention, deletion and disclosure of their personal data after their death. These instructions may be general or specific.

 

Data subjects also have the right of access, to the restriction of processing, to rectification, erasure and, under certain conditions, to the portability of their personal data. Data subjects have the right to withdraw their consent at any time if consent constitutes the legal basis for processing.

 

Requests must indicate the full name, email or postal address of the person concerned, and must be signed and accompanied by valid proof of identity.   These rights may be exercised by contacting: Julien Riaille, GDPR contact – Galibier, 65 rue des Tuiliers, 38430 Saint Jean de Moirans, France – email: service@galibier.com

 

Complaints

 

Data subjects have the right to lodge complaints with the supervisory authority (CNIL): https://www.cnil.fr/fr/webform/adresser-une-plainte]]>