Legal Notice

GDPR RULES – ONLINE STORE

1. Purpose

The purpose of these rules is to ensure the compliance of the e-commerce site with the General Data Protection Regulation (GDPR) applicable in the European Union.

The online store is committed to protecting the personal data of users, customers, and prospects.

2. Personal Data Collected

The site may collect the following data:

  • First and last name

  • Email address

  • Postal address

  • Phone number

  • Payment information

  • Order history

  • IP address

  • Browsing data

  • Marketing preferences

The collected data must be strictly necessary for the operation of the service.

3. Purposes of Collection

Personal data is collected for the following purposes:

  • Order management

  • Product delivery

  • Customer service management

  • Billing

  • Sending transactional emails

  • Sending newsletters with consent

  • Improving user experience

  • Securing the website

  • Compliance with legal obligations

4. Consent

User consent must be:

  • Freely given

  • Informed

  • Specific

  • Explicit

The checkboxes related to:

  • newsletters,

  • marketing SMS,

  • advertising cookies,

must never be pre-checked.

Users can withdraw their consent at any time.

5. User Rights

In accordance with the GDPR, each user has the following rights:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restriction of processing

  • Right to object

  • Right to data portability

  • Right to withdraw consent

Any request must be processed within a maximum period of one month.

6. Data Security

The online store implements all necessary technical and organizational measures to protect personal data.

These measures notably include:

  • Use of HTTPS protocol

  • Password security

  • Regular backups

  • Restriction of data access

  • Protection against unauthorized access

  • Regular system updates

In the event of a personal data breach, the company will notify the competent authority within 72 hours where necessary.

7. Data Retention

Personal data is retained for a limited period.

Generally applied retention periods:

  • Customer data: duration of the commercial relationship

  • Invoices: 10 years

  • Prospects: 3 years

  • Cookies: 13 months maximum

After these periods, data is deleted or anonymized.

8. Cookie Management

The site uses cookies for:

  • site operation,

  • statistics,

  • personalization,

  • advertising.

A cookie banner allows the user to:

  • accept,

  • refuse,

  • customize cookies.

No non-essential cookies can be placed before consent.

9. Subcontractors

The online store may use subcontractors for:

  • hosting,

  • payments,

  • emailing,

  • logistics,

  • marketing tools.

All subcontractors must comply with the GDPR and guarantee the security of personal data.

10. Data Transfer

Personal data may only be transferred outside the European Union if appropriate safeguards are in place in accordance with the GDPR.

11. Record of Processing Activities

The company maintains a record of processing activities containing:

  • categories of data collected,

  • purposes,

  • retention periods,

  • security measures,

  • recipients of the data.

12. Data Controller

The data controller is:

Company name: RIVHEX

Address: 85 Chemin de mendi alde 64240 Hasparren

Email: support@rivhex-shop.com

13. Complaints

Users can submit a complaint to the competent data protection authority.

In France, the competent authority is the CNIL.

14. Rules Updates

The online store reserves the right to modify these GDPR rules to ensure their compliance with current regulations.

The updated version will be published on the website.

15. Acceptance

Use of the site implies acceptance of these rules regarding personal data protection.