PRIVACY POLICY
www.beyabane.com
Last updated: February 2026
PREAMBLE
GLOBAL CORP places great importance on the protection of your personal data and the respect of your privacy.
This Privacy Policy informs you of how we collect, use, share and protect your personal data in accordance with the General Data Protection Regulation (GDPR – Regulation EU 2016/679) and the amended Data Protection Act.
1. DATA CONTROLLER
The data controller for personal data is:
GLOBAL CORP
- Legal form: SASU (Sole-shareholder simplified joint-stock company)
- Registered office: 6 rue André Lalande, 91000 Évry-Courcouronnes, France
- SIREN: 100 165 372
- SIRET: 100 165 372 00010
- RCS: Évry B 100 165 372
- Email: [email protected]
- Telephone: 09 73 41 08 93
2. PERSONAL DATA COLLECTED
2.1 Data we collect
We collect the following categories of personal data:
A) Identification data
- Name and surname
- Email address
- Telephone number
B) Delivery and billing data
- Delivery postal address
- Billing postal address
C) Connection and browsing data
- IP address
- Connection logs
- Browser type
- Operating system
- Pages visited
- Visit duration
- Traffic source
D) Transaction data
- Order history
- Purchase amount
- Products ordered
- Payment method used
- Order status
E) Cookies and tracers
- Technical cookies (shopping basket, session)
- Analytical cookies (Google Analytics)
2.2 Data we do NOT collect
We never collect:
- ❌ Your complete banking data (managed by our secure payment providers)
- ❌ Your passwords in plain text (encrypted)
- ❌ Sensitive data (racial origin, political opinions, health, etc.)
3. HOW DO WE COLLECT YOUR DATA?
We collect your personal data in various ways:
3.1 Data provided directly by you
- When creating your customer account
- When placing an order
- When subscribing to our newsletter
- When contacting our customer service
- When leaving reviews and comments
3.2 Data collected automatically
- Via cookies when you browse the website
- Via our server connection logs
- Via analytics tools (Google Analytics)
3.3 Data from third parties
- None: we do not receive data about you from third parties
4. WHY DO WE USE YOUR DATA?
4.1 Processing purposes and legal bases
We use your personal data for the following purposes, each based on a specific legal basis:
| Purpose | GDPR legal basis | Retention period |
|---|---|---|
| Processing and management of your orders | Contract performance (art. 6.1.b) | 10 years (accounting obligation) |
| Delivery of products | Contract performance (art. 6.1.b) | 10 years |
| Invoicing and accounting | Legal obligation (art. 6.1.c) | 10 years |
| After-sales service management | Contract performance (art. 6.1.b) | 2 years after resolution |
| Legal warranty management | Legal obligation (art. 6.1.c) | 2 years (legal warranty) |
| Fraud prevention | Legitimate interest (art. 6.1.f) | 5 years |
| Improvement of our services | Legitimate interest (art. 6.1.f) | 3 years |
| Statistics and analyses | Legitimate interest (art. 6.1.f) | 13 months (cookies) |
| Sending marketing newsletters | Consent (art. 6.1.a) | Until unsubscription |
| Management of your customer account | Contract performance (art. 6.1.b) | 3 years after last activity |
4.2 Details of purposes
Contract performance: We must process your data to perform the sales contract you have concluded with us (process your order, deliver the products, manage after-sales service).
Legal obligation: We must retain certain data to comply with our legal and regulatory obligations (invoicing, accounting, legal warranties).
Consent: For certain processing (newsletter, analytical cookies), we ask for your explicit consent which you can withdraw at any time.
Legitimate interest: We process certain data based on our legitimate interest (service improvement, fraud prevention, statistical analyses), in respect of your rights and freedoms.
5. WITH WHOM DO WE SHARE YOUR DATA?
5.1 Recipients of your data
Your personal data are accessible to the following categories of recipients:
A) Authorised GLOBAL CORP personnel
- Sales teams (order management)
- Customer service (after-sales service, complaints)
- Accounting department (invoicing)
- Management (reporting, analyses)
B) Service providers (GDPR data processors)
| Type of provider | Name | Purpose | Location |
|---|---|---|---|
| Web hosting | Hetzner Online GmbH | Website and data hosting | Germany (EU) 🇩🇪 |
| Payment | Stripe, PayPal | Payment processing | Europe / USA 🇺🇸 |
| Delivery | La Poste, Chronopost, UPS | Parcel delivery | Europe |
| Analytics | Google Analytics | Visit statistics | USA 🇺🇸 |
C) Legal and regulatory authorities
We may be required to communicate your data to the competent authorities in case of:
- Judicial order
- Legal or regulatory obligation
- Fraud prevention
5.2 What we NEVER do
❌ We NEVER sell your personal data to third parties ❌ We NEVER rent your personal data ❌ We do not share your data for commercial purposes with third parties
5.3 Guarantees applicable to data processors
All our service providers (data processors under GDPR):
- ✅ Are contractually bound to comply with GDPR
- ✅ Only process your data on our instructions
- ✅ Implement appropriate security measures
- ✅ Are selected for their GDPR compliance
6. DATA TRANSFERS OUTSIDE THE EUROPEAN UNION
6.1 Principle: Data hosted in Europe
The majority of your data is hosted and processed in Europe:
- ✅ Website hosting: European Union — Germany (Hetzner)
- ✅ Customer database: European Union — Germany (Hetzner)
- ✅ Order and invoice data: European Union — Germany (Hetzner)
6.2 Transfers to the United States
Certain services used involve data transfers to the United States:
Services concerned:
- Google Analytics: audience measurement (USA servers)
- Stripe / PayPal: payment processing (USA/Europe servers)
6.3 Guarantees implemented
These transfers to the United States are governed by appropriate safeguards in compliance with GDPR:
A) EU-USA Data Privacy Framework
- Google, Stripe and PayPal are certified under the Data Privacy Framework (successor to the Privacy Shield)
- This mechanism was validated by the European Commission in July 2023
- Certification verifiable at: https://www.dataprivacyframework.gov/
B) Standard Contractual Clauses (SCC)
- All our US service providers have signed the Standard Contractual Clauses approved by the European Commission
- These clauses impose strict data protection obligations
C) Additional security measures
- Encryption of data in transit and at rest
- Strict access controls
- Pseudonymisation where possible
- Limitation of transferred data to the strictly necessary
6.4 Your rights regarding transfers
You may:
- Request a copy of the safeguards implemented (standard contractual clauses)
- Object to certain transfers (e.g. Google Analytics, if you refuse cookies)
- Contact our customer service for more information: [email protected]
6.5 No other transfers
Outside the United States (for the services mentioned above), none of your personal data is transferred to other countries outside the European Union.
7. HOW LONG DO WE RETAIN YOUR DATA?
We retain your personal data only for as long as necessary for the purposes for which it was collected, or in accordance with legal obligations.
7.1 Detailed retention periods
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Active customer account | Throughout the entire period of activity | Contract performance |
| Inactive customer account | 3 years after last activity | Legitimate interest |
| Order data | 10 years | Legal accounting and tax obligation |
| Invoices | 10 years | Legal obligation (Commercial Code art. L.123-22) |
| Payment data | NEVER retained | Managed by PCI-DSS service providers |
| Bank card number | NEVER (security code prohibited) | GDPR + PCI-DSS |
| Newsletter / marketing | 3 years after last activity or unsubscription | Consent / Legitimate interest |
| Cookies | Maximum 13 months | CNIL recommendation |
| Connection logs | Maximum 12 months | Legal security obligation |
| Legal warranty data | 2 years after warranty ends | Legal obligation |
| Fraud data | 5 years after detection | Legitimate interest |
7.2 Data deletion
Upon expiry of retention periods:
- Your data is permanently deleted from our systems
- Or anonymised (made completely anonymous and non-identifiable) for statistical analysis
If you request data deletion:
- We will delete your data within 1 month maximum
- Except where a legal obligation to retain data applies (e.g. invoices for 10 years)
8. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
In accordance with the GDPR and the Data Protection Act, you have the following rights concerning your personal data.
8.1 Right of access (Article 15 GDPR)
You have the right to obtain:
- Confirmation that we are (or are not) processing your personal data
- A copy of your personal data
- Information about processing (purposes, recipients, retention periods)
How to exercise it: Send an email to [email protected] with the subject “GDPR Right of access”
8.2 Right of rectification (Article 16 GDPR)
You have the right to:
- Correct inaccurate personal data
- Complete incomplete personal data
How to exercise it:
- Directly in your customer account for your contact details
- By email to [email protected] for other data
8.3 Right to erasure / “right to be forgotten” (Article 17 GDPR)
You have the right to request deletion of your personal data in the following cases:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw your consent (for consent-based processing)
- You object to processing and there is no compelling legitimate reason
- The data has been unlawfully processed
- The data must be deleted to comply with a legal obligation
Limitations: We will not be able to delete your data if we must retain it for:
- Compliance with a legal obligation (e.g. invoices for 10 years)
- Establishing, exercising or defending legal claims
- Reasons of public interest
How to exercise it: Email to [email protected] with the subject “Right to erasure”
8.4 Right to restrict processing (Article 18 GDPR)
You have the right to request restriction of processing of your data in the following cases:
- You dispute the accuracy of your data (during verification)
- Processing is unlawful but you prefer to restrict use rather than deletion
- We no longer need the data but you need it for legal proceedings
- You have objected to processing (pending verification)
Consequence: Your data will be retained but cannot be used (except where legally required)
How to exercise it: Email to [email protected] with the subject “Right to restrict processing”
8.5 Right to data portability (Article 20 GDPR)
You have the right to:
- Receive your personal data in a structured, commonly used and machine-readable format (e.g. CSV, JSON)
- Transmit this data to another data controller
Conditions:
- This right applies only to data you provided to us
- Based on your consent or on a contract
- Processed in an automated manner
How to exercise it: Email to [email protected] with the subject “Right to data portability”
8.6 Right to object (Article 21 GDPR)
You have the right to object at any time:
A) Objection to direct marketing (absolute right)
- You can object to receiving our newsletters and commercial offers
- How: Click “Unsubscribe” at the bottom of each email OR email [email protected]
B) Objection on grounds of legitimate interest (legitimate interest-based processing)
- You can object to processing for reasons relating to your particular situation
- We will cease processing unless we have compelling legitimate reasons or legal rights to assert
How to exercise it: Email to [email protected] with the subject “Right to object”
8.7 Right to withdraw your consent
For processing based on your consent (newsletter, analytical cookies):
- You can withdraw your consent at any time
- This does not affect the lawfulness of processing carried out before withdrawal
How to exercise it:
- Newsletter: “Unsubscribe” link in each email
- Cookies: Cookie settings on the site or browser
- Email: [email protected]
8.8 Right to set post-mortem directives
You have the right to set directives concerning what happens to your data after your death:
- General directives (registered with a trusted third party)
- Specific directives (with GLOBAL CORP)
How to exercise it: Email to [email protected] with the subject “Post-mortem directives”
8.9 How to exercise your rights?
By email (recommended):
- Address: [email protected]
- Subject: “Exercise of my GDPR rights – [Type de droit]”
- Content:
- Your specific request
- Your details (name, first name, email)
- A copy of your identity document (for verification)
By post:
- GLOBAL CORP
- 6 rue André Lalande
- 91000 Évry-Courcouronnes
- France
Response deadline: We undertake to respond to you within 1 month from receipt of your request.
This deadline may be extended by 2 additional months in view of the complexity and volume of requests. We will inform you of this within the month following receipt of your request.
Free of charge: Exercise of your rights is entirely free of charge.
9. SECURITY OF YOUR DATA
9.1 Technical security measures
GLOBAL CORP implements all appropriate technical measures to protect your personal data:
A) Website security
- ✅ SSL/TLS certificate: Secure HTTPS connection throughout the site
- ✅ Data encryption: Encryption of data in transit (TLS 1.3)
- ✅ Web application firewall: Protection against web attacks (WAF)
- ✅ Anti-DDoS protection: Against denial of service attacks
B) Payment security
- ✅ No retention of complete banking data
- ✅ PCI-DSS certified service providers (Stripe, PayPal)
- ✅ 3D Secure: Strong cardholder authentication
- ✅ Tokenisation: Banking data replaced by tokens
C) Hosting security
- ✅ Secure hosting: Hetzner (ISO 27001 certified)
- ✅ Daily backups: Automatic data backup
- ✅ 24/7 monitoring: Server monitoring
- ✅ Regular updates: Security patches applied
D) Database security
- ✅ Encryption at rest: Data encrypted in the database
- ✅ Hashed passwords: bcrypt algorithm with salt
- ✅ Restricted access: Principle of least privilege
- ✅ Access logs: Traceability of data access
9.2 Organisational measures
A) Access control
- ✅ Strong authentication: Access protected by complex passwords
- ✅ Rights management: Data access limited according to need
- ✅ Traceability: Logging of access to sensitive data
B) Staff awareness
- ✅ GDPR training: Staff trained in data protection
- ✅ Confidentiality: Confidentiality clauses in employment contracts
- ✅ Internal procedures: Documented data management processes
C) Incident management
- ✅ Response plan: Procedure in case of data breach
- ✅ CNIL notification: Notification within 72 hours if required
- ✅ Information to individuals: Communication to affected persons if high risk
9.3 In case of data breach
If your personal data is subject to a breach:
- We will notify the CNIL within 72 hours
- We will inform you without undue delay if the breach presents a high risk to your rights
- We will take all necessary measures to limit the consequences
10. COOKIES AND TRACKERS
10.1 What is a cookie?
A cookie is a small text file deposited on your device (computer, smartphone, tablet) when you visit a website.
It allows us to:
- Remember your preferences
- Facilitate your navigation
- Measure site audience
- Personalise content and advertisements
10.2 Types of cookies used
A) Strictly necessary cookies (no consent required)
These cookies are essential for the site to function:
- Session cookie: Maintaining your browsing session
- Shopping cart cookie: Recording products in your cart
- Security cookie: Protection against CSRF attacks
- Load-balancing cookie: Traffic distribution between servers
Duration: Session (deleted when you close your browser) or maximum 24 hours
B) Analytical cookies (consent required)
These cookies allow us to understand how you use the site:
- Google Analytics: Audience measurement, page views, visit duration, bounce rate
- Data collected: Pages visited, traffic source, device type, approximate geolocation
Duration: Maximum 13 months (CNIL recommendation)
10.3 Managing your cookies
A) Via the consent banner
On your first visit, a banner allows you to:
- ✅ Accept all cookies
- ❌ Refuse non-essential cookies
- ⚙️ Personalise your cookie choices individually
You can change your choices at any time by clicking on the “Cookie settings” link at the bottom of the page.
B) Via your browser settings
You can configure your browser to:
- Reject all cookies
- Be informed of each cookie and decide whether to accept it or not
- Delete existing cookies
Instructions according to your browser:
- Google Chrome: Settings > Privacy and security > Cookies and other site data
- Mozilla Firefox: Options > Privacy and Security > Cookies and site data
- Safari: Preferences > Privacy > Block all cookies
- Microsoft Edge: Settings > Privacy, search and services > Cookies
Warning: Refusing certain cookies may limit access to some site features (e.g. shopping cart).
10.4 For more information
For more information about cookies and how to manage them:
- CNIL website: https://www.cnil.fr/fr/cookies-et-autres-traceurs
- Your browser’s help: “Help” or “Settings” section
11. SPECIFIC RIGHTS OF MINORS
11.1 Minimum age
Our site is intended for adult persons (18 years and over in France).
If you are under 18, you cannot create an account or place an order without the authorisation of your parents or legal guardians.
11.2 Protection of minors
We do not knowingly collect personal data concerning minors under 18 years of age.
If you are a parent or guardian and discover that your child has provided us with personal data without your consent, contact us immediately at [email protected] and we will delete it.
12. AMENDMENTS TO THE PRIVACY POLICY
12.1 Updates
We reserve the right to modify this Privacy Policy at any time in order to:
- Reflect changes in our data processing practices
- Comply with new legal or regulatory obligations
- Improve transparency and clarity
12.2 Notification of amendments
In case of substantial amendment:
- We will inform you by email (if you have a customer account)
- And/or by notification on the site on your next visit
- The new version will be permanently accessible on this page
Effective date: The amendments will take effect upon publication on this page.
We encourage you to consult this page regularly to stay informed about our data protection practices.
13. COMPLAINT TO THE CNIL
13.1 Right to lodge a complaint
If you believe that the processing of your personal data by GLOBAL CORP does not comply with the GDPR, you have the right to lodge a complaint with the CNIL (National Commission for Data Protection and Liberties), the French supervisory authority.
13.2 CNIL contact details
CNIL 3 Place de Fontenoy – TSA 80715 75334 Paris Cedex 07 France
Telephone: 01 53 73 22 22 (Monday to Thursday 9am to 6:30pm, Friday 9am to 6pm)
Website: https://www.cnil.fr
Online complaint form: https://www.cnil.fr/fr/plaintes
13.3 Before contacting the CNIL
We encourage you to contact us first at [email protected] to attempt to resolve the issue amicably.
If we cannot reach a satisfactory solution, you can then contact the CNIL.
14. CONTACT – DATA PROTECTION OFFICER
14.1 For any questions about your personal data
If you have questions about this Privacy Policy, the processing of your personal data or the exercise of your rights, please contact us:
By email (recommended): 📧 [email protected]
By telephone: 📞 09 73 41 08 93 (Mon-Fri, 9am-6pm)
By post: 📮 GLOBAL CORP – Data Protection Department 6 rue André Lalande 91000 Évry-Courcouronnes France
14.2 Data Protection Officer (DPO)
For companies the size of GLOBAL CORP, the appointment of a Data Protection Officer (DPO) is not mandatory under the GDPR.
However, all questions relating to the protection of your data can be sent directly to [email protected] and will be handled by our dedicated team.
15. ADDITIONAL INFORMATION
15.1 Profiling and automated decision-making
We do NOT carry out profiling or automated decision-making that produces legal effects concerning you or affecting you in a significant manner.
Statistical analysis: We conduct aggregated and anonymised statistical analysis to improve our services, but these analyses do not allow us to identify you individually.
15.2 Links to third-party websites
Our site may contain links to third-party websites (social networks, partner sites, etc.).
We are not responsible for the privacy practices of these third-party sites. We encourage you to read their privacy policies before providing them with your personal data.
15.3 Social networks
If you interact with our pages on social networks (Facebook, Instagram, etc.), your interactions are subject to the privacy policies of these platforms.
We encourage you to consult their policies:
- Facebook: https://www.facebook.com/privacy/
- Instagram: https://help.instagram.com/privacy/
SUMMARY OF YOUR RIGHTS
For your convenience, here is a summary of your main rights:
| Right | Description | How to exercise it |
|---|---|---|
| Access | Obtain a copy of your data | Email to [email protected] |
| Rectification | Correct your inaccurate data | Customer account or email |
| Erasure | Request the deletion of your data | Email to [email protected] |
| Restriction | Restrict the processing of your data | Email to [email protected] |
| Portability | Receive your data in an exportable format | Email to [email protected] |
| Objection | Object to the processing of your data | Email or unsubscribe link |
| Withdrawal of consent | Withdraw your consent (cookies, newsletter) | Cookie settings / email link |
| Complaint | Lodge a complaint | CNIL: https://www.cnil.fr |
Response time: Maximum 1 month Free of charge: Exercise of your rights is entirely free of charge
TikTok Integration — Data Privacy Notice (English)
This section is written in English for the purposes of TikTok’s Developer Platform app review. The definitive privacy policy above (in French) remains the operative document for users in France and the European Economic Area.
1. What the integration does
Beyabane uses TikTok’s official developer APIs — specifically Login Kit and the Content Posting API — for the sole purpose of publishing our own short product showcase videos to our own TikTok business account (@beyabane). The integration is internal to Beyabane. It is not offered to third parties and does not process data belonging to any TikTok user other than the authorised Beyabane account holder.
2. TikTok data we access
Through the integration, Beyabane accesses the following data belonging to the Beyabane TikTok account only:
- Account identifiers — the TikTok
open_id,display_nameandavatar_urlof the Beyabane account, obtained via theuser.info.basicscope. This information is used to confirm that the OAuth connection is established with the correct account. - Publishing metadata — the
publish_idand processing status returned by TikTok after each upload, obtained via thevideo.uploadandvideo.publishscopes.
We do not access, request or store any personal data of TikTok viewers, followers, commenters or any other third-party TikTok user.
3. How we use this data
The data described above is used exclusively to:
- Verify that our publishing requests are directed at the correct TikTok account.
- Track whether each video we upload has been successfully published by TikTok.
- Generate internal operational logs (pin IDs, upload timestamps) to help diagnose failed publications.
No TikTok data is used for advertising, profiling, resale, or any purpose unrelated to publishing videos from our own catalogue to our own TikTok account.
4. Data retention
TikTok access tokens are stored on our server in encrypted form and refreshed in accordance with TikTok’s OAuth 2.0 token lifecycle. Account identifiers (open_id, display_name, avatar_url) and publishing metadata are retained for up to 24 months for operational and audit purposes, and are deleted earlier if the integration is removed.
If Beyabane revokes the TikTok connection (either from within our server-side admin tools or from TikTok → Settings → Security and login → Manage connected apps), the access and refresh tokens are deleted immediately. Operational logs are retained for a maximum of six months after revocation.
5. Data sharing
We do not share TikTok-derived data with third parties. TikTok data is not transferred outside the European Union. The data is handled only by authorised GLOBAL CORP personnel and by our infrastructure provider (Hetzner Online GmbH, Germany), acting as a sub-processor under a GDPR-compliant Data Processing Agreement.
6. Security
We protect TikTok access tokens and operational data with industry-standard measures: encrypted storage, restricted server access, TLS 1.2+ in transit, firewalled infrastructure, automated intrusion detection (Fail2ban), and routine security updates.
7. Your rights and how to revoke access
Because the integration only concerns Beyabane’s own TikTok account, there are no third-party user rights to exercise under this integration. Nevertheless, any person who believes that TikTok-related data is processed about them may contact us at [email protected] to exercise their GDPR rights (access, rectification, erasure, restriction, portability, objection) as described in the main policy above.
The connection between Beyabane and the TikTok platform can be terminated at any time by the account holder:
- Open the TikTok mobile app.
- Go to Settings and privacy → Security and login → Manage connected apps.
- Select “Beyabane” and tap Remove.
Once removed, Beyabane will no longer be able to publish to the TikTok account. Our stored tokens are automatically invalidated.
8. Compliance with TikTok policies
Beyabane complies with the TikTok Developer Terms of Service, the TikTok Privacy Policy and the TikTok Community Guidelines. We commit not to use TikTok’s APIs to build a competing service, to scrape user data, or for any purpose other than the publishing workflow described in this notice.
9. Contact
For any question about this TikTok notice, please contact:
- GLOBAL CORP (SASU) — 6 rue André Lalande, 91000 Évry-Courcouronnes, France
- Email: [email protected]
- Phone: +33 7 82 59 46 05
