Privacy Policy

Privacy policy

Last updated on January 2, 2026

This Privacy Policy is addressed to you in your capacity as a user and customer of the online store (hereinafter the “E-store”). It is intended to describe and inform you about the processing activities that may be carried out when you use the E-store.

The E-store is published by Affective, whose details are available in the “Legal Notice” section.

EGIS is the data controller of the personal data collected and processed through the use of the E-store (hereinafter “We”), in accordance with applicable data protection laws and regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (the “General Data Protection Regulation” or “GDPR”) and French Law No. 78-17 of January 6, 1978 as amended (together referred to as the “GDPR”).

For any questions relating to the processing of your personal data, please contact our service provider Affective, which manages this E-store on our behalf:

  • By email: rgpd@affective.com
  • By post: Affective – GDPR – 9 rue des Augustins, 59800 Lille, France
What personal data do We process, on what legal bases, for what purposes, and for how long do We retain your data?

Order management and product delivery
Including payment management
Data subjects: EGIS employees

Legal basis: Performance of contractual obligations

Retention period: For the duration of the contract binding us to Affective (manager of the E-store) + 5 years (to handle after-sales requests and claims and to defend legal actions). Accounting and tax documents are retained for 10 years in accordance with French law.

Recipients: Authorized staff of Affective and its authorized sub-processors, as well as product suppliers and carriers.

Where does your personal data come from?

We collect your personal data from the following sources:

  • Data you provide when creating your account and using the E-store,
  • Data lawfully obtained from third parties (e.g., payment service providers, social media providers),
  • Data relating to Egis users that you provide when placing orders.
Who may your data be disclosed to?

Your data may be accessed by the following authorized entities:

  • Affective – E-store publisher and manager (France)
  • Cegid – ERP / order management (France)
  • Sellsy – CRM (France)
  • Zendesk – After-sales service management tool (Frankfurt – transfers may rely on the Data Privacy Framework and Standard Contractual Clauses)
  • Naitways – Hosting provider (France)
  • Inexweb – Accounting management (European Union – AWS hosting may involve transfers to the United States under the Cloud Act)
Where is your data stored and is it transferred outside the European Economic Area (EEA)?

Your data is stored in a database located in France. We undertake to use our best efforts not to transfer your data outside the European Economic Area (EEA).

If such a transfer were necessary, appropriate safeguards would be implemented, such as an adequacy decision by the European Commission or the use of the latest Standard Contractual Clauses.

International orders: In case of delivery outside the EEA, certain personal data strictly necessary for delivery (carriers, customs authorities) may be transferred to the destination country. Such transfers rely on Article 45, 46, or 49 of the GDPR, as applicable.

What measures are implemented to ensure the integrity, confidentiality and availability of your data?

We and our processors implement appropriate technical and organizational measures to ensure the security and confidentiality of your personal data in accordance with GDPR and applicable French law.

Security measures include:

  • HTTPS certification,
  • Daily backups,
  • Business continuity plan,
  • Separation of pre-production and production environments,
  • Continuous integration and automated deployments,
  • Corrective and preventive maintenance actions,
  • Punch Out authentication for Egis users,
  • Logging and traceability of Punch Out connections and transactions with anomaly alerts,
  • Regular security updates,
  • Vulnerability scans and code reviews,
  • Encrypted off-site backups,
  • Ongoing cybersecurity awareness training for staff.
What are your rights?

You have the right to:

  • Access your personal data,
  • Request rectification,
  • Request erasure,
  • Request restriction of processing,
  • Request data portability,
  • Object to processing,
  • Provide instructions regarding the handling of your data after your death.

To exercise your rights, please contact: dpo.egis@egis-group.com or by post: EGIS SA / DPO – Legal Department 15 avenue du Centre, CS 20538 Guyancourt 78286 Saint-Quentin-en-Yvelines, France.

Changes to this Policy

This Policy may be amended, supplemented or updated to comply with legal, regulatory, technical or case law developments.

We aim to inform you regularly of any updates to ensure you remain fully informed about how we protect your personal data.