Privacy Policy
1. Preamble
This privacy policy describes how UTOPYA collects, uses, retains and protects the personal data of natural persons entering into a relationship with the company in the context of its business of selling spare parts and accessories for mobile telephony to professionals.
As the UTOPYA.FR website is exclusively reserved for professionals, the majority of the information collected concerns the legal entity wishing to place an order (company name, SIRET number, company address, etc.) and does not, in this respect, constitute personal data within the meaning of the General Data Protection Regulation. Certain information relating to natural persons acting on behalf of these entities (surname, first name, professional email address, professional telephone number) is nevertheless processed and is the subject of this policy.
2. Data Controller
The controller of the personal data collected via the UTOPYA.FR website is:
UTOPYA SAS, a simplified joint-stock company with share capital of €100,000. Registered office: 54/56 avenue Hoche, 75008 Paris. Paris Trade and Companies Register 791 460 660. Represented by its President, Mr Aldric Meneghel.
3. Data Protection Officer
For any question relating to the processing of your personal data or to the exercise of your rights, you may contact:
Dyaa Amer, UTOPYA — 54/56 avenue Hoche, 75008 Paris. Email: [email protected]
4. Data Collected
In the context of your commercial relationship with UTOPYA, we may collect the following categories of data:
- Identification data of the professional contact: surname, first name, position
- Professional contact data: email address, telephone number, postal address
- Data relating to your company: company name, legal form, SIREN/SIRET number, intra-EU VAT number, registered office address, NAF/APE code
- Order and billing data: order history, invoices, payment methods and details (full bank details do not pass through our servers and are processed directly by our payment service providers)
- Connection data: username and encrypted password, IP address, connection dates and times
- Data arising from your exchanges with our teams: content of support tickets, email exchanges, quote requests
This data is collected directly from you, with the exception of data relating to the legal status of your company (existence, deregistration, modifications), which we verify periodically against INSEE's Sirene database.
5. Purposes and Legal Bases
Your data is processed for the following purposes:
| Purpose | Legal basis |
|---|---|
| Verification of your professional status and of the legal existence of your company | Legitimate interest |
| Creation and management of your customer account | Performance of the contract |
| Processing of your orders, invoicing, delivery | Performance of the contract |
| Management of after-sales service and warranties | Performance of the contract |
| Bookkeeping and retention of invoices | Legal obligation (Commercial Code, General Tax Code) |
| Sending commercial communications to our customers | Legitimate interest |
| Sending newsletters and commercial communications to prospects | Consent |
| Audience measurement and improvement of the website | Consent |
| Fraud prevention and website security | Legitimate interest |
| Management of any disputes | Legitimate interest |
6. Recipients of the Data
Your data is accessible to authorised persons within UTOPYA's internal departments (customer service, sales department, accounting, management, technical team).
It may also be communicated to processors acting on behalf of UTOPYA, strictly within the scope of the purposes described above:
- Website host and IT service providers
- Emailing solution: Brevo
- Payment service providers: Stripe and PayPal
- Google tools: Google Workspace, Google Analytics
- Cookie consent management solution: Axeptio
- Accounting firm and statutory auditors
- Carriers (for the delivery of your orders)
Each of these processors is contractually bound to comply with the applicable obligations regarding data protection and to process the data only on UTOPYA's instructions.
7. Data Transfers Outside the European Union
As some of our processors are established outside the European Union, in particular in the United States, your data may be transferred outside the European Economic Area. These transfers are governed by the appropriate safeguards provided for in Articles 45 and 46 of the GDPR:
- Google LLC (Google Workspace, Google Analytics): Data Privacy Framework and standard contractual clauses of the European Commission
- Stripe and PayPal: standard contractual clauses and PCI-DSS certification
Our providers Brevo and Axeptio are, for their part, established in the European Union and host your data on servers located within the European Economic Area.
You may obtain a copy of the safeguards implemented by contacting our officer at the address indicated in Section 3.
8. Retention Periods
UTOPYA applies a retention policy compliant with the recommendations of the CNIL and with the legal obligations in force.
8.1 Active customer account
Your customer account is maintained as active for as long as you place at least one order within a rolling period of 24 months. Only the date of your last paid order is taken into account to assess the activity of your account; browsing the website or logging into your customer area does not, in itself, constitute commercial activity within the meaning of this paragraph.
8.2 Inactive customer account
After 22 months without an order, you receive a first notification by email informing you of the upcoming closure of your account. A reminder is sent to you at 23 months. Without a new order within the two months following the first notification, your account is permanently closed at 24 months.
This closure is deferred if an operation is in progress on your account: an order awaiting processing, an active support ticket, a quote within its validity period, or a dispute or unpaid amount being processed.
8.3 Invoices and accounting documents
Invoices and accounting documents are retained for 10 years from the close of the accounting year, in accordance with Article L123-22 of the Commercial Code. This legal obligation applies even after the closure of your customer account. Throughout this period, your historical invoices remain available upon simple request addressed to our officer.
8.4 Other periods
- Contractual and order data: 5 years from the end of performance of the contract, in accordance with Article L110-4 of the Commercial Code
- Commercial prospecting data: 3 years from your last contact (an order, a request for information, a response to a solicitation — merely opening an email does not constitute a contact)
- Connection data and technical logs: 12 months
- Audience measurement cookies: 13 months maximum
- Data relating to a dispute: the duration of the proceedings, plus 5 years after their conclusion
At the end of the periods indicated, the data is permanently deleted or irreversibly anonymised.
9. Verification of Your Company's Legal Status
UTOPYA carries out a weekly automated verification of your company's status via INSEE's Sirene database. This verification makes it possible to detect any deregistrations, modifications or cessations of activity.
In the event of a detected deregistration, and after manual verification by a member of our team, you are notified at the email address associated with your account. Without a response from you within a period of 30 days, or in the event of confirmation of cessation of activity, your account is permanently closed.
In accordance with our general terms and conditions of sale, you are required to notify UTOPYA, within a period of 48 hours, of any change affecting the registration or legal situation of your company (change of SIREN number, company name, legal form, registered office, legal representative, or cessation of activity).
10. Automated Decisions
No decision producing legal effects concerning you or significantly affecting you is taken on a fully automated basis. Account closure operations, whether linked to prolonged inactivity or to deregistration from the Trade and Companies Register, are systematically subject to prior validation by an authorised UTOPYA operator, in accordance with Article 22 of the GDPR.
11. Definitive Nature of Account Closure
For compliance and security reasons, the closure of a customer account is definitive and irreversible. If you subsequently resume commercial activity with UTOPYA, a new customer account will have to be created. Your historical invoices are nevertheless retained for the legal period of 10 years and may be sent to you upon simple request addressed to our officer.
12. Your Rights
In accordance with Articles 15 to 22 of the GDPR and the provisions of the French Data Protection Act, you have the following rights at any time:
- Right of access: to obtain communication of the data concerning you
- Right of rectification: to have inaccurate or incomplete data corrected
- Right to erasure: to request the deletion of your data, subject to the legal retention obligations that apply to UTOPYA
- Right to restriction of processing
- Right to portability: to receive your data in a structured, commonly used and machine-readable format
- Right to object, in particular to processing for commercial prospecting purposes (an unsubscribe link appears in each of our mailings)
- Right to withdraw your consent at any time for the processing that depends on it
- Right to define post-mortem directives relating to the retention, erasure and communication of your data after your death
To exercise these rights, contact our officer at [email protected].
We undertake to respond to your request within one month, which may be extended by two additional months in the event of a complex request or a multiplicity of requests. For any request, proof of identity may be requested in order to authenticate the person making the request.
You also have the right to lodge a complaint with the French Data Protection Authority (CNIL):
CNIL — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr
13. Cookies
The UTOPYA.FR website uses two categories of cookies:
- Cookies strictly necessary for the operation of the website (management of the session, the basket, security, language preferences). These cookies are exempt from consent and cannot be disabled without preventing the normal operation of the website.
- Audience measurement and performance cookies (in particular Google Analytics). These cookies are placed only after obtaining your prior consent.
The management of your consent is handled by our provider Axeptio. On your first visit, a banner allows you to accept or refuse each category of non-essential cookies. You may modify your preferences at any time via the "Manage my cookies" button accessible in the footer.
The lifespan of these cookies does not exceed 13 months.
14. Data Security
UTOPYA implements all appropriate technical and organisational measures to ensure the security and confidentiality of your personal data, in particular to prevent it from being damaged, lost, misappropriated or accessed by unauthorised third parties.
In the event of a security incident affecting your personal data, UTOPYA undertakes to comply with its notification obligations, in particular to the CNIL within the 72-hour period provided for in Article 33 of the GDPR, and to the data subjects where the situation so requires.
15. Amendments to the Policy
This policy may be amended at any time to take account of legislative, regulatory or practical developments at UTOPYA. The date of the latest update appears at the top of this document.
Any substantial amendment will be notified to you by email or via a notice posted on the website.