Privacy Policy
Bonpoint takes the protection and confidentiality of personal data (hereinafter referred to as "personal data" or "data") very seriously. We are committed to respecting your privacy and protecting access to your personal data by collecting and using it exclusively in compliance with applicable legal provisions.
This Privacy Policy (hereinafter the “Policy”) applies to all visitors to the website https://www.bonpoint.com (hereinafter the “Site”), customers and/or prospects visiting stores directly operated by Bonpoint or making a remote purchase in stores directly operated by Bonpoint (hereinafter “you” or “your”), and aims to inform you in a clear, simple, and complete manner about Bonpoint’s use of your personal data as well as your rights. We therefore invite you to read it carefully and review it before each interaction with us.
Bonpoint may update this Policy from time to time to reflect legal and regulatory changes as well as to keep you informed of any modifications to practices regarding the processing of your personal data. Any significant modification substantially affecting the way we use your data will be notified to you by email and/or information on the Site (e.g., a banner, pop-up window, or push notification) so that you may review, assess, and, where applicable, object to or withdraw from a service or feature.
Who are we?
“Bonpoint,” “we,” “our,” or “us” refers to Bonpoint Rive Droite, a simplified joint-stock company registered under number 348 890 476 R.C.S. Paris, with its registered office at 62 avenue d’Iéna, 75116 Paris, France.
Unless otherwise specified, Bonpoint is the data controller of the processing operations identified in this Policy within the meaning of the applicable data protection regulations, in particular EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”).
Any personal information you provide directly or indirectly to Bonpoint (e.g., via its subsidiaries) is subject to the applicable data protection regulations.
Bonpoint has appointed a Data Protection Officer responsible for ensuring compliance with this Policy and more generally with applicable data protection laws. You may contact us for any questions regarding this Policy as indicated in the “Who to contact?” section.
What data do we collect and use?
Bonpoint collects, stores, processes, uses, and shares personal data about you when you use our Site, visit our social media pages, make purchases in Bonpoint stores, contact Bonpoint, and more generally when you join the Bonpoint community.
Personal data refers to all information relating to an identified or identifiable natural person. An identifiable person is someone who can be identified, directly or indirectly, in particular by reference to an identifier or to one or more factors specific to their physical, physiological, psychological, economic, cultural, or social identity.
For the purposes described below, Bonpoint collects and processes the following categories of personal data:
· Identification and contact details: first name, last name, gender, postal address, phone number, email, date of birth, first names and birth dates of your children, login details and encrypted passwords (stored only for authentication on the Site), and the details of recipients of purchases.
· Banking and financial data related to transactions: order number, payment method, credit card number and expiration date, bank account details, cardholder’s name and address.
· Browsing data: IP address, device location, identifiers and information from cookies or other tracking technologies, browser, pages visited, actions carried out on the Site, preferences, interests.
· Commercial and purchase-related data: customer number, information relating to your customer account and loyalty account, exchanges with customer service, product reviews, recordings of telephone conversations, purchase history, habits and preferences, returns and exchanges, etc.
· Data from the use of personalized services: age, size, weight, gender, photos, measurements.
· In-store video surveillance.
How is the data collected?
In general, your personal data is collected directly from you, but it may also be collected from third parties.
Data is collected when you provide it to us (i) while browsing the Site, (ii) during an order process (online or in-store), (iii) through a contact form or product review, (iv) when opening a customer account, (v) during events we organize (fashion shows or private sales), (vi) when subscribing to our newsletter.
For what purposes do we use your data and on what legal bases?
To comply with our legal or regulatory obligations:
· We implement security measures to prevent abuse and fraud (e.g., payment control);
· We ensure accounting follow-up of purchases;
· We handle requests relating to the exercise of your rights.
To perform the contract concluded with you:
· We manage your customer account on the Site;
· We deliver your orders and facilitate order processing (tracking);
· We provide after-sales service (handling complaints, refunds, returns, etc.);
· We organize contests and ensure their management and follow-up.
To pursue our legitimate interests:
· We maintain a centralized and up-to-date database of customers and prospects to optimize relationship management;
· We manage our social media pages (interactions, content moderation, statistics, etc.);
· We conduct analyses and statistics to better understand our customers and improve our services (website, newsletter, advertising campaign performance, etc.);
· We carry out satisfaction and review surveys, and manage and publish customer reviews on our products;
· We ensure the security of our stores;
· We inform you of new services or changes to our Site;
· We improve the operation and security of the Site and personalize certain features to enhance your experience.
Based on your consent:
· We carry out marketing operations and offer personalized advertising for our products;
· We send you event invitations, communications, and commercial offers.
With whom do we share your data?
Within Bonpoint. Your personal data is accessible to employees:
(i) from the following departments: communication, legal, finance and accounting, purchasing, logistics, digital, communication;
(ii) from Bonpoint’s affiliated companies or subsidiaries.
Bonpoint employees are authorized to access personal data only as part of their professional duties. Controls are in place to ensure the adequacy between the granted access and the needs of their functions.
External sharing. We may transfer your personal data externally to third-party processors, service providers/partners who need to know it in order to fulfill the purposes described in this Policy, such as:
· Technical providers and technology service suppliers (hosting and maintenance);
· Financial institutions, fraud detection and prevention providers, mandated banking service providers, and payment solutions;
· Technical providers (cookies, personalized size recommendation solutions on the Site, etc.);
· Logistics providers (transport and delivery), returns and exchanges management providers;
· Communication, marketing, and advertising service providers and partners, in particular social media platforms and other targeted advertising providers;
· Event management providers;
· Judicial or financial authorities, state agencies, or public bodies, upon their request and within the limits permitted by law;
• Regulated professionals such as auditors, statutory auditors, legal advisors, insurers.
This excludes, however, the sale, rental, sharing, or any other disclosure of personal information for commercial purposes in violation of the commitments set forth in this Policy.
Where is your personal data transferred?
If you access the Site from a country outside the European Union where data collection, use, and transfer laws differ from those in the EU, please note that our Site is governed by French law, and by using it, you consent to the transfer of your personal data to the European Union and its processing in accordance with French law.
We prioritize transferring personal data within the European Union. However, we may also transfer your data to companies located outside the EU, always in line with the purposes described above. In such cases, we ensure before transfer that these entities provide an adequate level of protection, in compliance with applicable legislation.
In other circumstances, we inform you that transfers of your personal data to entities outside the EU are governed by appropriate safeguards to ensure confidentiality and security during the transfer. We may, for instance, rely on contractual clauses consistent with European Commission recommendations, ensuring adequate data protection. Where the legislation of the third country does not provide equivalent protection, we implement additional measures to guarantee a level of protection essentially equivalent to that provided in the EU and to ensure its effectiveness.
For what purposes do we use Cookies, targeting, and social plugins?
We use cookies and similar devices on our Site to facilitate your browsing, understand how you interact with us, and, with your consent (when required), to provide advertising tailored to your preferences.
A cookie (or more generally a tracker) is a text file stored in a dedicated space on your device (computer, tablet, smartphone, etc.) when you visit a website or application. It allows its issuer to identify the device during the cookie’s validity or storage period.
When you visit the Site for the first time, if Bonpoint plans to place a cookie on your device, and your consent is required, you will be informed via an information banner (CMP). You can set your cookie preferences by clicking on the button provided in the banner.
You may change your cookie settings at any time. Below is more information about the types of cookies we use and how to manage them:
· Strictly necessary cookies: enable the functioning of the Site and facilitate navigation.
· Functionality cookies: improve and personalize your browsing and shopping experience.
· Performance cookies: measure Site audience and analyze visitor navigation. They are also used to detect navigation issues.
· Advertising cookies: placed on our Site by our advertising partners, they may be used to build a profile of your interests and provide relevant ads on other websites. These are subject to their own cookie policies, available on the relevant third-party websites.
Some Site features (e.g., content sharing on social networks, direct video playback) rely on third-party services that may place cookies to track browsing, measure audience, analyze interests, and provide targeted offers. These cookies are only deposited with your consent.
You may also delete cookies already placed on your device at any time. However, this may limit certain Site features and affect performance, for which we disclaim liability.
Our Site uses social plugins from Facebook, Instagram, and WhatsApp. If you do not want Facebook or Instagram to directly link data collected via our Site to your profile, please log out of the relevant service before visiting our Site. You can also block plugins entirely with browser add-ons such as the “NoScript” script blocker (http://www.noscript.net/ Personal data you provide via these third-party sites, or collected by them, is not covered by this Policy. We encourage you to review their privacy policies.
Our Newsletters and marketing communications
If you have consented, you will receive our newsletter and regular updates about our commercial offers and products.
We use the Scal-e service to send newsletters.
Your data allows us to contact you in the context of marketing campaigns (by email or mail) and keep you informed about news or new products that may interest you.
You may revoke your consent at any time, without providing any justification, by clicking on the unsubscribe link included in our communications.
How long do we retain your data?
We do not keep your personal data longer than necessary for the purposes for which it was collected. Retention periods are limited based on the processing purpose and applicable law.
In particular, your personal data is retained by Bonpoint (without prejudice to mandatory retention obligations or statutes of limitations):
· Product purchases: for the duration necessary to perform the sales contract (including online orders, delivery, and warranty period);
· Customer account creation or in-store registration: for the duration of the commercial relationship, or three (3) years of inactivity (for marketing/prospecting purposes);
· Newsletter subscription: until you unsubscribe, or three (3) years of inactivity;
· Requests, complaints, or interactions: for the time needed to respond (e.g., until product availability alerts are sent);
· In-store video surveillance: recordings are retained for a maximum of one (1) month, unless required for legal proceedings, in which case they are kept for the duration of the procedure;
· Cookies: some are session-based and deleted upon browser closure, others are persistent (up to 12 months).
Certain personal data is retained to comply with legal obligations (e.g., accounting, tax), exercise our rights, or defend our interests (e.g., in legal proceedings), for the period required by law or the applicable statute of limitations.
Data is then permanently deleted from our systems or anonymized.
How do we secure your personal data?
We protect and secure collected personal data to ensure confidentiality and prevent it from being altered, damaged, destroyed, or accessed by unauthorized third parties.
We have implemented appropriate physical, electronic, and organizational measures to prevent loss, misuse, unauthorized access or disclosure, alteration, or destruction of personal data.
For payments, your transactions are secured with 3D Secure double authentication, requiring a one-time code sent by SMS. Bonpoint never stores your banking details; bank transmissions are encrypted and secured.
Despite our efforts, we cannot guarantee absolute security due to unavoidable risks inherent in data transmission over the Internet. We therefore advise caution to prevent unauthorized access to your personal data—for example, logging out after shared computer use. You remain responsible for the confidentiality of your password and account details.
What are your rights?
In compliance with data protection regulations, you may exercise the following rights at any time:
· Right to information: to obtain clear, transparent, and understandable information about how your data is used and about your rights.
· Right of access: to confirm whether Bonpoint processes your data and obtain a copy.
· Right of rectification: to correct inaccurate or outdated data or complete incomplete data.
· Right to erasure (“right to be forgotten”): to delete your data under certain conditions.
· Right to object: to object to processing based on Bonpoint’s legitimate interest, for reasons related to your situation.
· Right to object to marketing: to stop receiving marketing communications at any time.
· Right to withdraw consent: to withdraw consent for processing based on consent, at any time.
· Right to restriction of processing: to temporarily suspend data processing under certain conditions.
· Right to data portability: to request your data in a format that can be reused in another system.
· Right to define post-mortem directives: to set instructions on the use of your data after your death.
Who to contact?
You may exercise your rights or ask questions about your personal data or this Policy:
By email: gdpr@bonpoint.com
By mail: Bonpoint – Legal Department, 62 avenue Iéna, 75116 Paris, France
We will respond within a maximum of one (1) month, extendable by two (2) months depending on complexity and number of requests. Proof of identity may be requested if necessary.
You also have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 Paris Cedex 07, France, or with the supervisory authority in your country of residence within the EU.
Update on the 2nd of September 2025
