Policies management personal data

The purpose of this privacy policy is to inform you in a clear, simple and transparent manner of the processing carried out on the personal data that you entrust to us, or that we may be led to collect during your browsing on our website (hereinafter the "Site"), of their possible transfer to third parties, and of the rights and options available to you to control your personal information and protect your privacy.

DIVABOX, SAS DIVABOX, a simplified joint stock company with a capital of 40,000 Euros, registered with the RCS of AJACCIO under the number 301 242 772 001 37, whose registered office is located at 20090 AJACCIO is responsible for processing the personal data collected on the Site within the meaning of the applicable regulations on personal data and in particular Law No. 78-17 of 6 January 1978 known as "Informatique et Libertés" and EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR").

I. Purpose of the Processing :

DIVABOX collects and processes your data in order to:

  •  enable you to create an account on our Site and to subscribe to our newsletter;
  •  manage your access to your account on the Site;
  •  process and manage orders placed with DIVABOX;
  •  manage the payment of your order;
  •  ensure the delivery of the products and services you order;
  •  ensure the security of online transactions, prevent fraud, payment incidents and manage collections (see our Terms and Conditions of Sale for more details), in particular through the automated processing of your data;
  •  to manage the member relationship in the context of requests for information or complaints that you may send us via our website;
  •  to trace and manage product recalls and withdrawals;
  •  To carry out marketing operations (loyalty, promotions) and to send e-mail advertisements to our customers who have not objected or who have accepted it :
    • On products similar to those they have ordered. Carry out statistical analyses to develop steering, measurement and reporting tools to adapt and improve our sales and marketing activities;
    • On other products offered by the company. For example, if a customer buys a dress, a body cream may be offered.
  • Transmit the data of our customers who have accepted it to our commercial partners, to enable them to send them advertising (see below).
  • ensure the exercise of your rights in accordance with this Notice;

DIVABOX informs you that you may at any time modify your choices in terms of communications on the Site, via the NEWSLETTER section of your account.

II. Collection of data

We may collect your personal data during :

  • the creation of your member account on our Site,
  • placing an order on the Site;
  • the payment of your order;
  • subscribing to our newsletter;
  • your answers to surveys or satisfaction surveys about your customer experience;
  • your participation in a competition or other event that we organise;

III. Categories of data collected

In the course of our business we may collect certain data directly from you for the purposes detailed in Section II of this Policy.

The information we may collect from you is as follows :

  • Identity: title, surname, first name, address, delivery address, telephone number, e-mail address, date of birth, internal processing code allowing customer identification, data relating to registration on opposition lists.
  • Data relating to orders: transaction number, details of purchases, amount of purchases, data relating to the settlement of invoices (payments, outstanding payments, discounts), return of products.
  • Information relating to your means of payment when you place an order on our Site. Please note that your bank details do not pass in clear text on DIVABOX's servers. Payments are made via a secure payment platform provided by HiPay SAS, a simplified joint stock company with a capital of 1,014,561 euros, whose registered office is located at 94 Rue de Villiers, 92300 Levallois-Perret, registered with the Paris Trade and Companies Register under number 390 334 225.
  • Information that you may need to communicate to our Customer Service Department in order to manage your requests for information or your complaints;
  • Information that you provide when you leave an opinion on a product or service on our Site;
  • Data necessary to carry out loyalty and prospecting actions: purchase history.

IV. Legal basis for the processing

Order management: the legal basis of the processing is the performance of a contract (see Article 6.1.b) of the European Data Protection Regulation).

Sending newsletters, commercial solicitations by e-mail on products similar to those ordered by customers: the legal basis of the processing is the legitimate interest of the company (Cf. article 6.1.f) of the European Data Protection Regulation), i.e. to promote our products to our customers.

Sending newsletters, commercial solicitations by e-mail about other products offered by DIVABOX to customers: the legal basis of the processing is consent (Cf. article 6.1.a) of the European Data Protection Regulation), as required by article L. 34-5 of the French Postal and Electronic Communications Code.

Sending newsletters, commercial solicitations by email to non-customers: the legal basis of the processing is consent (Cf. article 6.1.a) of the European Data Protection Regulation), as required by article L. 34-5 of the French Post and Electronic Communications Code.

V. Who are the recipients of your personal data ?

Your personal data is processed by DIVABOX staff. We ensure that only authorised persons within DIVABOX can access your personal data when this is necessary for the purposes of managing our business relationship or our legal obligations.

We may also disclose your personal data to subcontractors such as:

  • our hosting and maintenance service providers for the site and our dematerialised solutions for collecting personal data;
  • our payment service providers;
  • our fraud prevention and control service providers;
  • our transport service providers;
  • our business development management and social network communication service providers;

DIVABOX may also communicate your data to third parties to comply with legal, regulatory or contractual obligations, or to respond to requests from the legally authorised authorities.

VI. Duration of data retention

Data required for order management and invoicing: for the entire duration of the business relationship and ten (10) years for accounting purposes.

Data required for customer loyalty actions and prospecting: for the entire duration of the commercial relationship and three (3) years from the last purchase.

Data relating to means of payment: this data is not kept by DIVABOX; it is collected during the transaction and is immediately deleted as soon as the purchase is paid for.

Data necessary for the implementation of loyalty actions and canvassing for non-customers: three (3) years from the date of subscription to the newsletter.

Data concerning opposition lists to be received from prospecting: three (3) years.

VII. Your rights

If you no longer wish to receive advertising from DIVABOX (exercise of the right of opposition or withdrawal of consent already given), please contact us Contact form.

You can access, rectify or have data concerning you deleted. You also have a right to portability and a right to limit the processing of your data (Consult the website for more information on your rights).

To exercise these rights or if you have any questions about the processing of your data in this system, you can contact our DPO.

Contact our Data Protection Officer by e-mail : [email protected]

Contact our Data Protection Officer by post :


A l’attention du Délégué à la protection des données

CS 14001


France métropolitaine

If, after contacting DIVABOX, you feel that your "Information Technology and Freedom" rights have not been respected, you can make a complaint online to the CNIL.