BuyStep

Privacy Policy

Last updated: December 16, 2024

Who responsible for processing your personal data when you use the Buystep marketplace

BUYSTEP is a B2B marketplace platform that connects buyers, manufacturers, and suppliers. When you use the Buystep marketplace, the entity responsible for processing your personal data is:

BUYSTEP S.A.S, domiciled at 3 rue des Cigognes 67960 ENTZHEIM, France.

For any questions regarding the processing of your personal data, you can contact us at info@buystep.com.

How can you contact us to exercise your rights?

In accordance with the General Data Protection Regulation (GDPR), you have the right to access, rectify, delete, and port your personal data. You also have the right to restrict and object to the processing of your data.

To exercise your rights, you can write to us at the following address: BUYSTEP S.A.S, 3 rue des Cigognes 67960 ENTZHEIM, France, or by email at info@buystep.com.

You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), the French supervisory authority for data protection.

Why do we use your personal data?

We process your personal data for the following purposes:

  • Management of your contract and customer loyalty (account creation, order management, delivery, after-sales service)
  • Monitoring of the commercial relationship (satisfaction surveys, product reviews)
  • Commercial canvassing (newsletters, promotional offers, personalized recommendations)
  • Fraud prevention and management of unpaid debts
  • Compliance with legal and regulatory obligations

Cookies

Our website uses technical and functional cookies that are necessary for the proper functioning of the site. These cookies allow us to ensure your navigation, remember your preferences, and provide you with the features you request.

Technical cookies do not require your prior consent as they are strictly necessary for the provision of the service. Functional cookies may be used to enhance your experience and personalize content.

What personal data do we collect and from which sources?

We collect personal data that you provide directly to us when you create an account, place an order, or contact us. This includes your name, email address, postal address, phone number, and payment information.

We also collect data from third-party service providers who help us operate our platform:

  • Stripe for payment processing
  • OVH for hosting services
  • Hootsuite for social media management

Additionally, if you interact with us through social networks, we may receive information from these platforms in accordance with their privacy settings and policies.

Who are the recipients of the data collected?

Your personal data may be shared with the following categories of recipients:

  • Our internal departments (sales, marketing, customer service, logistics)
  • Our technical service providers (hosting, payment, email delivery)
  • Our commercial partners, when you have given your consent
  • Competent authorities, in response to legal requests
  • Fraud prevention organizations

We do not sell your personal data to any third party.

Is your personal data transferred outside the European Union?

Some of our service providers may transfer your personal data outside the European Union, particularly to the United States and Canada.

Stripe participates in the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection for transfers to the United States.

Hootsuite is based in Canada, which benefits from an adequacy decision by the European Commission, recognizing that Canada provides an adequate level of data protection.

What are the legal bases and retention periods for your personal data?

PurposeLegal BasisRetention Period
Contract management and customer loyaltyExecution of contractDuration of contractual relationship
Legal and accounting obligationsLegal obligationLegal retention period (10 years)
Commercial canvassingLegitimate interest or consentUntil consent is withdrawn or 3 years from last contact

When processing is based on our legitimate interest, we ensure that this interest does not override your fundamental rights and freedoms. You may object to such processing at any time.

When processing is based on a legal obligation, the data is retained for the period required by applicable laws and regulations.

Your safety

We implement appropriate technical and organizational measures to ensure the security of your personal data, including:

  • Access control to personal data, limited to authorized personnel
  • Traceability of access and actions performed on personal data
  • Protection against unauthorized software and intrusion attempts
  • Encryption of data during transmission and at rest

Contact

For any request concerning a product or service, for any suggestions, information or reactions concerning this site:

For customer service inquiries, please review Your Account Settings, visit BuyStep's Support Center.