Privacy Policy
1. Who responsible for processing your personal data when you use the Buystep marketplace
The BUYSTEP platform (hereinafter referred to as the "Marketplace") facilitates contact between buyers and sellers for the exchange of digital content and services. Buyers, sellers and simple visitors form what we call the "Users" of the Marketplace.
BUYSTEP, domiciled at 3 rue des Cigognes 67960 ENTZHEIM (info@buystep.com) is responsible for the processing of personal data collected during the use of the Marketplace by Users.
Where sellers manage buyers' personal data for direct sales, it is the sellers who are responsible for processing buyers' personal data.
2. How can you contact us to exercise your rights?
In accordance with the regulations on the protection of personal data, you may exercise your rights of access, modification, rectification, opposition, portability and limitation of processing with regard to information concerning you when using the Marketplace by contacting us either by e-mail (info@buystep.com) or by post at the following address: BUYSTEP, domiciled at 3 rue des Cigognes 67960 ENTZHEIM.
To enable us to respond quickly, please give us your surname, first name, email address, address and, if applicable, your customer reference, and specify the address to which you would like the reply to be sent. If necessary, we may verify your identity in order to guarantee the confidentiality and security of your data. In certain cases, you may be asked to provide a copy of an identity document bearing your signature. A reply will be sent to you within one month of receipt of the request.
We invite you to contact the Sellers directly to exercise your rights in relation to the processing of your personal data for which the Sellers are responsible.
You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), in particular at www.cnil.fr.
3. Why do we use your personal data?
We use your personal data for the following purposes:
- The management of our contracts and services, our loyalty programmes and our sales statistics, knowing your centres of interest to better offer you products adapted to your tastes;
- Monitoring the relationship with our Users;
- Our commercial canvassing activities (advertising messages, competitions, sponsorship, promotions, etc.).
- Combating fraud and ensuring the IT security of our services
- Compliance with our legal, tax and accounting obligations
4. Cookies
Our Marketplace only installs technical and functional cookies on your terminals. The purpose of these cookies is to collect personal information about you. These cookies enable us to provide our Services and/or facilitate electronic communication. These functional cookies are limited to the duration of your session. These cookies do not require your consent, but your browser settings may block them, with potentially negative effects on the operation of our Marketplace and Services.
5. What personal data do we collect and from which sources?
We collect the following personal data directly:
- For each User, either optional or mandatory*: title*, surname*, first name*, postal address, e-mail address*, telephone number, pseudonym*
- All sellers must provide their business details (SIRET number, etc.),
Other personal data may be collected by our IT and payment solution providers:
We refer you to their privacy policies for more information. We may have indirect access to certain personal data that you have communicated to these applications when using the Marketplace, in particular when paying our content and services or when identifying yourself when connecting to the Marketplace.
We are likely to collect also for our own account certain information and personal data in connection with your activity on the pages of the social networks of BUYSTEP or the BUYSTEP sites and applications which use the services of the social networks. This data is used for statistical analyses (use of our pages and applications) as well as for advertising purposes to improve our commercial relationship and the advertising which is addressed to you in order to offer a personalized and social experiment to you.
The information collected by BUYSTEP for its own account in connection with the social networks is governed by the present policy of confidentiality. On the other hand, BUYSTEP is not responsible for the subsequent use which is made of your data by the social networks for their own accounts.
We invite you to consult the personal data protection policies of our various partners (e.g. Facebook, Google, Instagram, Snapchat, etc.) to find out exactly what information is collected by these third parties. You can also configure access to and confidentiality of your data directly on the social networks.
6. Who are the recipients of the data collected?
The recipients of the personal data collected are solely :
- Our staff
- Our Users,
- Our IT and payment solutions providers, Stripe and Hootsuite
- Our subcontractors for administrative, accounting and tax management
- Our hosting provider OVH
Personal data may also be communicated to official authorities in application of a law or regulation or by virtue of a decision by a competent regulatory or judicial authority.
We will not sell or pass on your data to any other third party, unless you give us your express and special permission to do so.
7. Is your personal data transferred outside the European Union?
You are informed that data concerning you may be transmitted for the purposes of identification, use of social networks and payment in the United States and Canada.
The American company Stripe is DPF certified (https://www.dataprivacyframework.gov/ ), which means that your personal data can be legally transferred to the United States.
The Canadian company Hootsuite may legally be the recipient of your personal data, as Canadian legislation is deemed adequate by the European Commission.
8. What are the legal bases and retention periods for your personal data?
| PURPOSE | LEGAL BASIS | RECOMMENDED SHELF LIFE |
|---|---|---|
| Contract / loyalty programmes / customer relationship management | Execution of the contract | Duration of the contractual relationship |
| Legal and accounting obligations | Compliance a legal obligation to retain data | Legal retention period (e.g. accounting obligation of 10 years) |
| Commercial canvassing (advertising messages, competitions, sponsorship, promotions, etc.) | Interest or consent | Until consent is withdrawn or 3 years have elapsed since the individual's last contact with BUYSTEP |
We have a legitimate interest in processing your data as part of the fight against fraud and the IT security of our Marketplace where such processing is justified, balanced and does not infringe your privacy. With certain exceptions, you may object at any time to processing based on legitimate interests by notifying our services. If we need to collect a copy of your identity card, we will delete this copy as soon as our verification and action have been completed
Certain processing of your personal data is required by law (legal obligations). You may submit your comments to us at any time.
9. Your safety
We implement organisational and technical security measures to protect the confidentiality of your data. The level of security is adapted to the risks raised by the processing that we put in place.
Our security measures are based on :
- Access control for our staff,
- The implementation of traceability measures (access logging), data recording (identifier, date and time of connection, etc.) and storage,
- Software protection measures (antivirus, security updates and patches, testing),
- Data encryption (Marketplace accessible in HTTPS, use of TLS).
Contact information
If you have any questions, or comments about these Privacy Policy please contact BuyStep at:
For customer service inquiries, please review Your Account Settings, visit BuyStep's Support Center.