GENERAL DATA PROTECTION REGULATION (GDPR)
BASTIDEAUX has always had a strong focus on protecting any data we collect and process. We appreciate the solidification of this through the European General Data Protection Regulation (GDPR) laws that enter into effect on May 25, 2018.
Below you'll read how GDPR applies to BASTIDEAUX and our customers.
Compliance in relation to our employees and vendors
BASTIDEAUX is the entity that owns and operates the BASTIDEAUX online store, a business located in the Newport Beach, CA, United States of America. This entity is fully GDPR compliant, which means we only request and process data based on legal bases as defined in the GDPR. In cooperation with our counsel, we have made a thorough assessment of all of our processes and data stores.
Where needed, we changed our internal policies and procedures to be in compliance with GDPR and deleted data that we didn't need or want. We also defined a new Privacy Policy.
Finally, we reached out to our vendors to request agreements to ensure that we remain compliant when using their services.
Compliance in relation to our customers
In relation to our customers, BASTIDEAUX is both a Data Controller and a Data Processor depending on the type of data collected.
DATA CONTROLLER
BASTIDEAUX is the Data Controller for the information we collect about our customers and visitors, which means that we determine the "purposes and means" of the data we collect as the Controller. Some examples: their name, their email address, their credit card number, and any other data that we collect based on the GDPR legal bases. This data is safeguarded by various policies and procedures.
When sharing data with vendors, we have made sure there are contracts in place that ensure they also receive and process this data in a lawful way.
You can read more about the data we collect for which purpose in our new Privacy Policy.
DATA PROCESSOR
Our customers are the Data Controllers for the data that their applications gather and send to BASTIDEAUX.
BASTIDEAUX processes that data on behalf of them, which makes us the Data Processor. To enable our customers to be fully GDPR compliant while using BASTIDEAUX, we have taken various measures.
In short: BASTIDEAUX doesn't wish to receive any personal data about your visitors and will provide the tools that enable you to strip this information before sending it to BASTIDEAUX for processing.
DATA REMOVAL PROCEDURE
When you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We refer to this information as “Order Information”. Order information is stored for billing and tax purposes.
Any details about your visit are stored have a retention 60 days. It means that if any personal data was collected accidentally, it will still be purged after a maximum of 60 days. After that, we only keep aggregated data.
If you would like us to remove your data, we have instated a procedure that allows us to do so when requested in an email to hello@bastideaux.com.