BOMY
fr/en

Privacy policy

BOMY CONCEPT SAS values your privacy. This policy describes how we process personal data on bomyconcept.com, in accordance with EU Regulation 2016/679 (GDPR) and the French Data Protection Act of 6 January 1978 as amended.

Data controller

BOMY CONCEPT SAS
7 rue du Cambodge, 75020 Paris, France
SIRET: 105 633 614 00018
Email: support@bomyconcept.com

Data we collect

Depending on how you interact with the site, we collect:

  • Contact form: name, email address, subject and message content, display language, IP address, browser identifier (user-agent).
  • Pre-launch / newsletter signup: email address, display language, signup date.
  • Customer account & orders (when available): first and last name, email, hashed password, shipping and billing addresses, order history.
  • Technical data: server logs, cookies strictly necessary for the site to function.

Purposes and legal bases

  • Respond to your contact requests — legitimate interest.
  • Manage your newsletter subscription — consent.
  • Process and track your orders — performance of a contract.
  • Secure the site, prevent fraud and meet legal/accounting obligations — legal obligation and legitimate interest.

Retention period

Contact-form messages are kept for 3 years after the last exchange. Newsletter subscriptions are kept until you unsubscribe. Order data is kept for 10 years to satisfy accounting obligations. Account data is kept while the account is active and deleted on request.

Recipients and processors

Your data is never sold. It is accessible only to authorized BOMY CONCEPT SAS staff and to the following technical providers, acting as processors under article 28 GDPR:

  • Amazon Web Services EMEA SARL (eu-west-3, Paris region) — site, API hosting, PostgreSQL database and S3 media storage.
  • Stripe Payments Europe Ltd. — online payment processing.
  • hCaptcha (Intuition Machines, Inc.) — bot protection on the contact form.

Transfers outside the EU

Hosting takes place in France (AWS Paris region, eu-west-3). However, some processors (hCaptcha, Stripe for certain operations) may process data in the United States. These transfers are covered by the European Commission's Standard Contractual Clauses and, where applicable, EU-US Data Privacy Framework certification.

Your rights

Under GDPR, you have the right to access, rectify, erase, restrict and port your data, as well as to object to processing and withdraw your consent at any time. To exercise these rights, email support@bomyconcept.com, attaching proof of identity if necessary.

You may also lodge a complaint with the French data protection authority (CNIL) — 3 place de Fontenoy, 75007 Paris — www.cnil.fr.

Cookies

The site uses only technical cookies strictly necessary for its operation (session, cart, authentication). No advertising or third-party analytics cookies are set without your explicit consent.

Data security

We implement appropriate technical and organisational measures (TLS encryption, password hashing, access control, encrypted backups) to protect your data against unauthorised access, loss or alteration.

Policy changes

We reserve the right to modify this policy at any time. The last update date is shown below. In the event of a material change, you will be informed by email or via an in-site notice.

Last updated: June 2026.