PRIVACY POLICY

www.beyabane.com

Last updated: February 2026


PREAMBLE

GLOBAL CORP places great importance on protecting your personal data and respecting your privacy.

This Privacy Policy informs you how we collect, use, share and protect your personal data in accordance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and the amended French Data Protection Act.


1. DATA CONTROLLER

The data controller responsible for processing your personal data is:

GLOBAL CORP

  • Legal form: SASU (Single-Member Simplified Joint-Stock Company)
  • Registered office: 6 rue André Lalande, 91000 Évry-Courcouronnes, France
  • SIREN: 100 165 372
  • SIRET: 100 165 372 00010
  • RCS: Évry B 100 165 372
  • Email: [email protected]
  • Phone: 09 73 41 08 93

2. PERSONAL DATA COLLECTED

2.1 Data we collect

We collect the following categories of personal data:

A) Identification data

  • First and last name
  • Email address
  • Phone number

B) Delivery and billing data

  • Delivery postal address
  • Billing postal address

C) Connection and navigation data

  • IP address
  • Connection logs
  • Browser type
  • Operating system
  • Pages visited
  • Duration of visit
  • Traffic source

D) Transaction data

  • Order history
  • Purchase amounts
  • Products ordered
  • Payment method used
  • Order status

E) Cookies and tracers

  • Technical cookies (shopping cart, session)
  • Analytical cookies (Google Analytics)

2.2 Data we do NOT collect

We never collect:

  • ❌ Your complete banking data (handled by our secure payment providers)
  • ❌ Your passwords in plain text (encrypted)
  • ❌ Sensitive data (racial origin, political opinions, health, etc.)

3. HOW DO WE COLLECT YOUR DATA?

We collect your personal data in various ways:

3.1 Data provided directly by you

  • When creating your customer account
  • When placing an order
  • When signing up for our newsletter
  • When contacting our customer service
  • When leaving reviews and comments

3.2 Data collected automatically

  • Through cookies when you browse our website
  • Through our server connection logs
  • Through analytics tools (Google Analytics)

3.3 Data from third parties

  • None: we do not receive any data concerning you from third parties

4. WHY DO WE USE YOUR DATA?

4.1 Processing purposes and legal bases

We use your personal data for the following purposes, each based on a specific legal basis:

PurposeGDPR Legal BasisRetention Period
Processing and managing your ordersContract performance (art. 6.1.b)10 years (accounting obligation)
Product deliveryContract performance (art. 6.1.b)10 years
Invoicing and accountingLegal obligation (art. 6.1.c)10 years
After-sales service managementContract performance (art. 6.1.b)2 years after resolution
Legal warranty managementLegal obligation (art. 6.1.c)2 years (legal warranty)
Fraud preventionLegitimate interest (art. 6.1.f)5 years
Improvement of our servicesLegitimate interest (art. 6.1.f)3 years
Statistics and analyticsLegitimate interest (art. 6.1.f)13 months (cookies)
Sending marketing newslettersConsent (art. 6.1.a)Until unsubscription
Management of your customer accountContract performance (art. 6.1.b)3 years after last activity

4.2 Details of purposes

Contract performance: We must process your data to execute the sales contract you have concluded with us (process your order, deliver products, manage after-sales service).

Legal obligation: We must retain certain data to comply with our legal and regulatory obligations (invoicing, accounting, legal warranties).

Consent: For certain processing (newsletter, analytical cookies), we ask for your explicit consent which you can withdraw at any time.

Legitimate interest: We process certain data based on our legitimate interest (improvement of services, fraud prevention, statistical analyses), in respect of your rights and freedoms.


5. WITH WHOM DO WE SHARE YOUR DATA?

5.1 Recipients of your data

Your personal data is accessible to the following categories of recipients:

A) Authorized GLOBAL CORP personnel

  • Sales teams (order management)
  • Customer service (after-sales service, complaints)
  • Accounting department (invoicing)
  • Management (reporting, analyses)

B) Service providers (GDPR data processors)

Type of providerNamePurposeLocation
Web hostingHetzner Online GmbHWebsite and data hostingGermany (EU) 🇩🇪
PaymentStripe, PayPalPayment processingEurope / USA 🇺🇸
DeliveryLa Poste, Chronopost, UPSPackage deliveryEurope
AnalyticsGoogle AnalyticsVisit statisticsUSA 🇺🇸

C) Legal and regulatory authorities

We may be required to communicate your data to competent authorities in case of:

  • Court order
  • Legal or regulatory obligation
  • Fraud prevention

5.2 What we NEVER do

We NEVER sell your personal data to third partiesWe NEVER rent your personal dataWe do not share your data with third parties for commercial purposes

5.3 Guarantees applicable to data processors

All our service providers (data processors under GDPR):

  • ✅ Are contractually obligated to comply with GDPR
  • ✅ Process your data only on our instructions
  • ✅ Implement appropriate security measures
  • ✅ Are selected for their GDPR compliance

6. DATA TRANSFERS OUTSIDE THE EUROPEAN UNION

6.1 Principle: Data hosted in Europe

The majority of your data is hosted and processed in Europe:

  • ✅ Website hosting: European Union — Germany (Hetzner)
  • ✅ Customer database: European Union — Germany (Hetzner)
  • ✅ Orders and invoicing data: European Union — Germany (Hetzner)

6.2 Transfers to the United States

Certain services used involve data transfers to the United States:

Services affected:

  • Google Analytics: audience measurement (USA servers)
  • Stripe / PayPal: payment processing (USA/Europe servers)

6.3 Guarantees implemented

These transfers to the United States are governed by appropriate safeguards in accordance with GDPR:

A) EU-USA Data Privacy Framework

  • Google, Stripe and PayPal are certified under the Data Privacy Framework (successor to Privacy Shield)
  • This mechanism was validated by the European Commission in July 2023
  • Certification verifiable at: https://www.dataprivacyframework.gov/

B) Standard Contractual Clauses (SCCs)

  • All our American providers have signed the Standard Contractual Clauses approved by the European Commission
  • These clauses impose strict data protection obligations

C) Additional security measures

  • Encryption of data in transit and at rest
  • Strict access controls
  • Pseudonymization where possible
  • Limitation of transferred data to what is strictly necessary

6.4 Your rights regarding transfers

You can:

  • Request a copy of the safeguards in place (standard contractual clauses)
  • Object to certain transfers (e.g. Google Analytics, if you refuse cookies)
  • Contact our customer service for more information: [email protected]

6.5 No other transfers

Apart from the United States (for the services mentioned above), none of your personal data is transferred to any other countries outside the European Union.


7. HOW LONG DO WE RETAIN YOUR DATA?

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

7.1 Detailed retention periods

Data TypeRetention PeriodLegal Basis
Active customer accountThroughout the duration of activityContract performance
Inactive customer account3 years after last activityLegitimate interest
Order data10 yearsLegal accounting and tax obligation
Invoices10 yearsLegal obligation (Commercial Code art. L.123-22)
Payment dataNEVER retainedManaged by PCI-DSS service providers
Bank card numberNEVER (cryptogram prohibited)GDPR + PCI-DSS
Newsletter / marketing3 years after last activity or unsubscribeConsent / Legitimate interest
Cookies13 months maximumCNIL recommendation
Connection logs12 months maximumLegal security obligation
Warranty data2 years after end of warrantyLegal obligation
Fraud data5 years after detectionLegitimate interest

7.2 Data Deletion

Upon expiration of retention periods:

  • Your data is permanently deleted from our systems
  • Or anonymized (rendered completely anonymous and non-reidentifiable) for statistical analysis

Upon your deletion request:

  • We will delete your data within a maximum of 1 month
  • Except where there is a legal retention obligation (e.g., invoices for 10 years)

8. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

In accordance with the GDPR and the Data Protection Act, you have the following rights concerning your personal data.

8.1 Right of Access (Article 15 GDPR)

You have the right to obtain:

  • Confirmation that we process (or do not process) your personal data
  • A copy of your personal data
  • Information about the processing (purposes, recipients, retention periods)

How to exercise it: Send an email to [email protected] with the subject “GDPR Access Right”

8.2 Right of Rectification (Article 16 GDPR)

You have the right to:

  • Correct your inaccurate personal data
  • Complete your incomplete personal data

How to exercise it:

  • Directly in your customer account for your contact details
  • By email to [email protected] for other data

8.3 Right to Erasure / “Right to be Forgotten” (Article 17 GDPR)

You have the right to request the deletion of your personal data in the following cases:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent (for consent-based processing)
  • You object to the processing and there is no compelling legitimate reason
  • The data has been unlawfully processed
  • The data must be deleted to comply with a legal obligation

Limitations: We will not be able to delete your data if we must retain it for:

  • Compliance with a legal obligation (e.g., invoices for 10 years)
  • Establishing, exercising or defending legal claims
  • Reasons of public interest

How to exercise it: Email to [email protected] with the subject “Right to Erasure”

8.4 Right to Restrict Processing (Article 18 GDPR)

You have the right to request the restriction of processing of your data in the following cases:

  • You contest the accuracy of your data (during verification)
  • The processing is unlawful but you prefer to restrict use rather than deletion
  • We no longer need the data but you need it for a legal claim
  • You have objected to the processing (pending verification)

Consequence: Your data will be retained but can no longer be used (except legal exceptions)

How to exercise it: Email to [email protected] with the subject “Right to Restrict Processing”

8.5 Right to Data Portability (Article 20 GDPR)

You have the right to:

  • Receive your personal data in a structured, commonly used and machine-readable format (e.g., CSV, JSON)
  • Transmit this data to another data controller

Conditions:

  • This right applies only to data you provided to us
  • Based on your consent or a contract
  • Processed automatically

How to exercise it: Email to [email protected] with the subject “Right to Data Portability”

8.6 Right to Object (Article 21 GDPR)

You have the right to object at any time:

A) Objection to commercial marketing (absolute right)

  • You can object to receiving our newsletters and commercial offers
  • How: Click “Unsubscribe” at the bottom of each email OR email to [email protected]

B) Objection for legitimate reasons (processing based on legitimate interest)

  • You can object to processing for reasons related to your particular situation
  • We will cease processing unless there are compelling legitimate reasons or legal claims

How to exercise it: Email to [email protected] with the subject “Right to Object”

8.7 Right to Withdraw Your Consent

For processing based on your consent (newsletter, analytical cookies):

  • You can withdraw your consent at any time
  • This does not affect the lawfulness of processing carried out before withdrawal

How to exercise it:

  • Newsletter: “Unsubscribe” link in each email
  • Cookies: Cookie settings on the website or browser
  • Email: [email protected]

8.8 Right to Establish Post-Mortem Directives

You have the right to establish directives regarding the fate of your data after your death:

  • General directives (registered with a trusted third party)
  • Specific directives (with GLOBAL CORP)

How to exercise it: Email to [email protected] with the subject “Post-Mortem Directives”

8.9 How to Exercise Your Rights?

By email (recommended):

  • Address: [email protected]
  • Subject: “Exercise of my GDPR rights – [Type de droit]”
  • Content:
    • Your specific request
    • Your contact information (name, first name, email)
    • A copy of your identity document (for verification)

By postal mail:

  • GLOBAL CORP
  • 6 rue André Lalande
  • 91000 Évry-Courcouronnes
  • France

Response timeframe: We undertake to respond to you within 1 month of receipt of your request.

This deadline may be extended by 2 additional months in view of the complexity and number of requests. We will inform you within one month of receiving the request.

Free of charge: The exercise of your rights is entirely free of charge.


9. SECURITY OF YOUR DATA

9.1 Technical Security Measures

GLOBAL CORP implements all appropriate technical measures to protect your personal data:

A) Website Security

  • SSL/TLS Certificate: Secure HTTPS connection throughout the site
  • Data Encryption: Encryption of data in transit (TLS 1.3)
  • Application Firewall: Protection against web attacks (WAF)
  • Anti-DDoS Protection: Against denial of service attacks

B) Payment Security

  • No Retention of complete banking data
  • PCI-DSS Certified Providers (Stripe, PayPal)
  • 3D Secure: Strong cardholder authentication
  • Tokenization: Banking data replaced by tokens

C) Hosting Security

  • Secure Hosting: Hetzner (ISO 27001 certifications)
  • Daily Backups: Automatic data backup
  • 24/7 Monitoring: Server monitoring
  • Regular Updates: Security patches applied

D) Database Security

  • Encryption at Rest: Data encrypted in the database
  • Hashed Passwords: bcrypt algorithm with salt
  • Restricted Access: Principle of least privilege
  • Access Logs: Traceability of data access

9.2 Organizational Measures

A) Access Control

  • Strong Authentication: Access protected by complex passwords
  • Rights Management: Data access limited to needs
  • Traceability: Logging of sensitive data access

B) Staff Awareness

  • GDPR Training: Staff trained in data protection
  • Confidentiality: Confidentiality clauses in employment contracts
  • Internal Procedures: Documented data management processes

C) Incident Management

  • Response Plan: Procedure in case of data breach
  • CNIL Notification: Notification within 72 hours if necessary
  • Individual Notification: Communication to persons concerned if high risk

9.3 In Case of Data Breach

If your personal data is subject to a breach:

  1. We will notify the CNIL within 72 hours
  2. We will inform you without delay if the breach presents a high risk to your rights
  3. We will take all necessary measures to limit the consequences

10. COOKIES AND TRACERS

10.1 What is a cookie?

A cookie is a small text file stored on your device (computer, smartphone, tablet) when you visit a website.

It allows us to:

  • Remember your preferences
  • Facilitate your navigation
  • Measure site traffic
  • Personalize content and advertisements

10.2 Types of cookies used

A) Strictly necessary cookies (no consent required)

These cookies are essential for the website to function:

  • Session cookie: Maintains your browsing session
  • Shopping cart cookie: Saves products in your cart
  • Security cookie: Protection against CSRF attacks
  • Load balancing cookie: Distributes traffic between servers

Duration: Session (deleted when browser closes) or maximum 24 hours

B) Analytics cookies (consent required)

These cookies help us understand how you use the site:

  • Google Analytics: Traffic measurement, page views, visit duration, bounce rate
  • Data collected: Pages visited, traffic source, device type, approximate geolocation

Duration: Maximum 13 months (CNIL recommendation)

10.3 Managing your cookies

A) Via the consent banner

On your first visit, a banner allows you to:

  • Accept all cookies
  • Refuse non-essential cookies
  • ⚙️ Customize your cookie choices individually

You can change your choices at any time by clicking the “Cookie Settings” link at the bottom of the page.

B) Via your browser settings

You can configure your browser to:

  • Refuse all cookies
  • Be notified of each cookie and decide whether to accept it
  • Delete existing cookies

Instructions by browser:

  • Google Chrome: Settings > Privacy and security > Cookies and other site data
  • Mozilla Firefox: Options > Privacy & Security > Cookies and site data
  • Safari: Preferences > Privacy > Block all cookies
  • Microsoft Edge: Settings > Privacy, search and services > Cookies

Warning: Refusing certain cookies may limit access to some site features (e.g., shopping cart).

10.4 Learn more

For more information about cookies and their management:

  • CNIL website: https://www.cnil.fr/fr/cookies-et-autres-traceurs
  • Your browser help: “Help” or “Settings” section

11. SPECIFIC RIGHTS OF MINORS

11.1 Minimum age

Our site is intended for adults (18 years and older in France).

If you are under 18 years old, you cannot create an account or place an order without authorization from your parents or legal guardians.

11.2 Protection of minors

We do not knowingly collect personal data concerning minors under 18 years of age.

If you are a parent or guardian and discover that your child has provided us with personal data without your consent, please contact us immediately at [email protected] and we will delete it.


12. CHANGES TO THE PRIVACY POLICY

12.1 Updates

We reserve the right to modify this Privacy Policy at any time to:

  • Reflect changes in our data processing practices
  • Comply with new legal or regulatory requirements
  • Improve transparency and clarity

12.2 Notification of changes

In case of material changes:

  • We will notify you by email (if you have a customer account)
  • And/or by notification on the site on your next visit
  • The new version will be permanently accessible on this page

Effective date: Changes will take effect upon publication on this page.

We encourage you to review this page regularly to stay informed of our data protection practices.


13. FILING A COMPLAINT WITH THE CNIL

13.1 Right to lodge a complaint

If you believe that the processing of your personal data by GLOBAL CORP does not comply with the GDPR, you have the right to file a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés), the French data protection authority.

13.2 CNIL contact information

CNIL 3 Place de Fontenoy – TSA 80715 75334 Paris Cedex 07 France

Phone: 01 53 73 22 22 (Monday to Thursday 9am to 6:30pm, Friday 9am to 6pm)

Website: https://www.cnil.fr

Online complaint form: https://www.cnil.fr/fr/plaintes

13.3 Before filing a complaint with the CNIL

We encourage you to contact us first at [email protected] to try to resolve the issue amicably.

If we cannot reach a satisfactory solution, you can then file a complaint with the CNIL.


14. CONTACT – DATA PROTECTION OFFICER

14.1 For any questions about your personal data

If you have any questions about this Privacy Policy, the processing of your personal data, or the exercise of your rights, you can contact us:

By email (recommended): 📧 [email protected]

By phone: 📞 09 73 41 08 93 (Mon-Fri, 9am-6pm)

By mail: 📮 GLOBAL CORP – Data Protection Department 6 rue André Lalande 91000 Évry-Courcouronnes France

14.2 Data Protection Officer (DPO)

For companies the size of GLOBAL CORP, the appointment of a Data Protection Officer (DPO) is not mandatory under the GDPR.

However, all questions relating to the protection of your data can be addressed directly to [email protected] and will be handled by our dedicated team.


15. ADDITIONAL INFORMATION

15.1 Profiling and automated decision-making

We do NOT engage in profiling or automated decision-making that produces legal effects concerning you or significantly affects you.

Statistical analyses: We conduct aggregate and anonymous statistical analyses to improve our services, but these analyses do not allow us to identify you individually.

15.2 Links to third-party websites

Our site may contain links to third-party websites (social networks, partner sites, etc.).

We are not responsible for the privacy practices of these third-party sites. We encourage you to read their privacy policies before providing them with your personal data.

15.3 Social media

If you interact with our pages on social networks (Facebook, Instagram, etc.), your interactions are subject to the privacy policies of these platforms.

We encourage you to review their policies:

  • Facebook: https://www.facebook.com/privacy/
  • Instagram: https://help.instagram.com/privacy/

SUMMARY OF YOUR RIGHTS

For your convenience, here is a summary of your main rights:

RightDescriptionHow to exercise it
AccessObtain a copy of your dataEmail to [email protected]
RectificationCorrect your inaccurate dataCustomer account or email
ErasureRequest deletion of your dataEmail to [email protected]
RestrictionLimit the processing of your dataEmail to [email protected]
PortabilityReceive your data in exportable formatEmail to [email protected]
ObjectionObject to the processing of your dataEmail or unsubscribe link
Withdraw consentWithdraw your consent (cookies, newsletter)Cookie settings / email link
File a complaintFile a complaintCNIL: https://www.cnil.fr

Response time: Maximum 1 month Free of charge: Exercise of your rights is completely free



TikTok Integration — Data Privacy Notice (English)

This section is written in English for the purposes of TikTok’s Developer Platform app review. The definitive privacy policy above (in French) remains the operative document for users in France and the European Economic Area.

1. What the integration does

Beyabane uses TikTok’s official developer APIs — specifically Login Kit and the Content Posting API — for the sole purpose of publishing our own short product showcase videos to our own TikTok business account (@beyabane). The integration is internal to Beyabane. It is not offered to third parties and does not process data belonging to any TikTok user other than the authorised Beyabane account holder.

2. TikTok data we access

Through the integration, Beyabane accesses the following data belonging to the Beyabane TikTok account only:

  • Account identifiers — the TikTok open_id, display_name and avatar_url of the Beyabane account, obtained via the user.info.basic scope. This information is used to confirm that the OAuth connection is established with the correct account.
  • Publishing metadata — the publish_id and processing status returned by TikTok after each upload, obtained via the video.upload and video.publish scopes.

We do not access, request or store any personal data of TikTok viewers, followers, commenters or any other third-party TikTok user.

3. How we use this data

The data described above is used exclusively to:

  • Verify that our publishing requests are directed at the correct TikTok account.
  • Track whether each video we upload has been successfully published by TikTok.
  • Generate internal operational logs (pin IDs, upload timestamps) to help diagnose failed publications.

No TikTok data is used for advertising, profiling, resale, or any purpose unrelated to publishing videos from our own catalogue to our own TikTok account.

4. Data retention

TikTok access tokens are stored on our server in encrypted form and refreshed in accordance with TikTok’s OAuth 2.0 token lifecycle. Account identifiers (open_id, display_name, avatar_url) and publishing metadata are retained for up to 24 months for operational and audit purposes, and are deleted earlier if the integration is removed.

If Beyabane revokes the TikTok connection (either from within our server-side admin tools or from TikTok → Settings → Security and login → Manage connected apps), the access and refresh tokens are deleted immediately. Operational logs are retained for a maximum of six months after revocation.

5. Data sharing

We do not share TikTok-derived data with third parties. TikTok data is not transferred outside the European Union. The data is handled only by authorised GLOBAL CORP personnel and by our infrastructure provider (Hetzner Online GmbH, Germany), acting as a sub-processor under a GDPR-compliant Data Processing Agreement.

6. Security

We protect TikTok access tokens and operational data with industry-standard measures: encrypted storage, restricted server access, TLS 1.2+ in transit, firewalled infrastructure, automated intrusion detection (Fail2ban), and routine security updates.

7. Your rights and how to revoke access

Because the integration only concerns Beyabane’s own TikTok account, there are no third-party user rights to exercise under this integration. Nevertheless, any person who believes that TikTok-related data is processed about them may contact us at [email protected] to exercise their GDPR rights (access, rectification, erasure, restriction, portability, objection) as described in the main policy above.

The connection between Beyabane and the TikTok platform can be terminated at any time by the account holder:

  1. Open the TikTok mobile app.
  2. Go to Settings and privacy → Security and login → Manage connected apps.
  3. Select “Beyabane” and tap Remove.

Once removed, Beyabane will no longer be able to publish to the TikTok account. Our stored tokens are automatically invalidated.

8. Compliance with TikTok policies

Beyabane complies with the TikTok Developer Terms of Service, the TikTok Privacy Policy and the TikTok Community Guidelines. We commit not to use TikTok’s APIs to build a competing service, to scrape user data, or for any purpose other than the publishing workflow described in this notice.

9. Contact

For any question about this TikTok notice, please contact:

  • GLOBAL CORP (SASU) — 6 rue André Lalande, 91000 Évry-Courcouronnes, France
  • Email: [email protected]
  • Phone: +33 7 82 59 46 05