Privacy Policy
Last updated: January 1, 2025 — In accordance with the General Data Protection Regulation (GDPR — EU 2016/679) and the French Data Protection Act.
Data Controller
The data controller for personal data collected on the EGIDYA platform is:
EGIDYA SASU
91 rue du Faubourg Saint-Honoré, 75008 Paris
SIRET: 88796868300011 — Share capital: €1,500
Represented by Chiraz BOUAZIZ
Email: info@egidya.fr — Tel.: 06 03 86 86 36
Data Collected
Data provided directly
- Identification data: last name, first name, email address, password (encrypted)
- Contact details: postal address, phone number
- Transaction data: order history, delivery preferences
- Communication data: messages sent to customer service, published reviews
Automatically collected data
- Navigation data: IP address, browser type, pages visited, duration of visit
- Cookie and tracker data (see article 9)
- Data related to the device used (mobile, computer, tablet)
EGIDYA only collects data strictly necessary for the provision of its services. We never collect sensitive data (ethnic origin, political opinions, health data, etc.).
Purposes of Processing
Your personal data is collected and processed for the following purposes:
- Creation and management of your user account
- Processing and tracking of your orders
- Communication related to your purchases (confirmations, invoices, deliveries)
- Customer service and complaint management
- Platform improvement and experience personalization
- Sending marketing communications (with your prior consent)
- Fraud prevention and transaction security
- Compliance with our legal and accounting obligations
- Anonymized traffic statistics
Legal Bases for Processing
- Contract execution: order processing, account management, customer service
- Legal obligation: retention of accounting and tax data
- Legitimate interest: fraud prevention, platform improvement, anonymized statistics
- Consent: marketing communications, non-essential cookies
Data Retention Period
- Active account data: for the entire duration of the business relationship
- Inactive account data: 3 years after the last activity
- Order and invoice data: 10 years (legal accounting obligation)
- Navigation data and cookies: maximum 13 months
- Customer service data: 3 years after file closure
- Marketing data: until consent withdrawal or 3 years without interaction
Data Sharing
EGIDYA may share your data with the following categories of recipients:
- Partner sellers: only data necessary for processing your order (name, delivery address, ordered products)
- Payment providers: to secure transactions — banking data is processed directly by the certified provider
- OVH host: for managing the technical infrastructure of the platform
- Competent authorities: in case of a legal obligation or judicial decision
EGIDYA never sells your personal data to third parties for commercial purposes. Any data transfer to a partner is governed by a strict confidentiality agreement.
International Transfers
Wherever possible, your data is hosted and processed within the European Union. In case of transfer outside the EU, EGIDYA ensures that appropriate safeguards are in place, in accordance with GDPR requirements:
- Standard contractual clauses approved by the European Commission
- Adequacy decisions recognized by the European Commission
- Any other transfer mechanism authorized by applicable regulations
Your Rights
In accordance with the GDPR, you have the following rights regarding your personal data:
Right of Access
Obtain a copy of the personal data we hold about you.
Right to Rectification
Correct your inaccurate, incomplete, or outdated data.
Right to Erasure
Request the deletion of your data in cases provided by law.
Right to Restriction of Processing
Restrict the processing of your data in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to the processing of your data, especially for marketing purposes.
To exercise these rights, please contact us at info@egidya.fr. We will respond within one month. In case of an unresolved dispute, you may refer the matter to the CNIL: www.cnil.fr
Cookie Policy
Essential Cookies
These cookies are essential for the operation of the site (session management, shopping cart, security). They cannot be deactivated and do not require your consent.
Analytical Cookies
With your consent, we use cookies to analyze traffic and improve our platform. Retention period: maximum 13 months.
Marketing Cookies
With your consent, these cookies allow us to personalize the advertisements and content presented to you on the platform and on partner sites.
You can manage your cookie preferences at any time via the consent banner displayed during your first visit, or via your browser settings.
Data Security
EGIDYA implements appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction:
- SSL/TLS encryption of all communications between your browser and our servers
- Passwords stored in hashed and salted form — never in plain text
- Access to data strictly limited to authorized personnel who need to access it
- Secure hosting on OVH infrastructure based in Europe
- Regular and encrypted data backups
- Payments processed according to PCI-DSS standard by certified providers
In the event of a data breach likely to pose a risk to your rights and freedoms, EGIDYA undertakes to inform you as soon as possible, in accordance with Article 34 of the GDPR, and to notify the CNIL within 72 hours.
Contact & Complaints
For any questions regarding this privacy policy or to exercise your rights:
EGIDYA SASU — Data Protection Officer
91 rue du Faubourg Saint-Honoré, 75008 Paris
Email: info@egidya.fr
Phone: 06 03 86 86 36
You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the competent French supervisory authority: www.cnil.fr