Privacy Policy

Paris, 12 November 2025

Information on the Processing of Personal Data (Privacy Policy)

At DIOIB SAS (“DIOIB”, “we”, “our” or “us”), the protection and confidentiality of personal data are top priorities. This Privacy Policy applies to our processing of personal data, including on our website www.dioib.fr. It describes the processing of your personal data by DIOIB SAS and provides the information you are entitled to under French data protection law, including the GDPR.

Controller and Contact Details
DIOIB SAS
7 rue Saint-Claude, 75003 Paris, France
SIRET: 982 319 931 00019
Email: contact@dioib.fr

2. Processing Activities

2.1 Purchase of Products
When you purchase products from us, we process your personal data for the following purposes:

  • Delivery and invoicing of products, handling of complaints, exchanges, or returns;

  • Compliance with legal obligations under French law, including bookkeeping requirements;

  • Compilation of statistics and other purposes for managing our business, improving products, and ensuring effective customer service;

  • Communication regarding your orders, including service messages.

To achieve these purposes, we process the following categories of personal data if you purchase products from us:

(a) Name
(b) Address
(c) Email address
(d) Phone number
(e) Purchase information and purchase history

If you are a business purchasing products for resale, we process the following personal data about your contact person:

(a) Name
(b) Contact details (business address, phone, and email)

We may also process the following information about the company you represent:

(a) Company registration / VAT number
(b) Agreed commercial terms
(c) Your DIOIB contact
(d) Transaction history
(e) Current account status with us
(f) Other comments or conditions regarding our business relationship

Legal Basis:

  • GDPR Article 6(1)(b): processing necessary for the performance of a contract;

  • GDPR Article 6(1)(c): processing necessary to comply with legal obligations;

  • GDPR Article 6(1)(f): processing necessary for our legitimate interest in managing and developing our business and customer relationships.

We retain order information for five years from the end of the year in which the order was placed. Other information is retained for five years from the end of the year we last processed an order from you or your company.

2.2 Handling Inquiries
If you contact us, we process the following personal data to respond to your request:

(a) Name
(b) Email address
(c) Phone number
(d) Information you provide in your correspondence

Legal Basis: GDPR Article 6(1)(f), as processing is necessary for our legitimate interest in responding to your request.

Data is retained for two years from the end of the year in which your inquiry was processed, except where the inquiry resulted in a financial transaction, in which case data is retained for five years.

2.3 Newsletters and Marketing
If you consent to receive marketing communications, we process the following data to send newsletters and other marketing materials:

(a) Name
(b) Email address

Legal Basis: GDPR Article 6(1)(f), as processing is necessary for our legitimate interest in sending marketing to consenting recipients.

Data and consent will be deleted two years after withdrawal of consent or after 12 months of inactivity in receiving marketing.

2.4 Contests and Events
If you participate in contests or events, we process:

(a) Name
(b) Email
(c) Address
(d) Phone number
(e) Other information relevant to the contest/event

Legal Basis: GDPR Article 6(1)(f), for our legitimate interest in managing participation and notifying winners.

Data is deleted one year after the end of the contest or event.

2.5 Website Operation
We use cookies and tracking technologies to optimize website performance. Information collected may include:

  • IP address

  • Device and software used

  • Website usage, including clicked links

You can learn more about cookies and third-party services in our Cookie Policy.

2.6 Other Business Relations
If you are a supplier or partner, or otherwise in contact with us, we process:

(a) Name
(b) Contact information
(c) Nature of the relationship
(d) Correspondence history
(e) Other relevant information

Legal Basis: GDPR Article 6(1)(b) for contracts, or Article 6(1)(f) for legitimate interest in managing business relations.

Financial transaction data is retained five years, other data five years from the last transaction.

Data Retention
Retention periods above apply generally. Data may be retained longer if required by law or to establish, exercise, or defend legal claims.

Disclosure and Transfer
We may disclose personal data to logistics companies, legal and accounting advisors, authorities as required by law, and third-party processors supporting our operations.

Transfers outside the EU/EEA
Data may be processed by subcontractors outside the EU/EEA, primarily in the United States. Transfers are based on EU standard contractual clauses and additional measures as necessary.

Your Rights
You have the right to:

  • Access your personal data

  • Object to processing

  • Rectify or delete data (subject to legal exceptions)

  • Restrict processing

  • Object to marketing

  • Receive a copy of your data in a structured format and request portability

  • Withdraw consent at any time

Complaints may be filed with the French data protection authority (CNIL).

Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Updates will be dated at the bottom and made available on www.dioib.fr. Significant changes will be communicated by email.

Last updated: November 2025