Privacy Policy

Compliant with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and amended French law n°78-17 of 6 January 1978 relating to information technology, files and freedoms.

1. Data Controller

The data controller for personal data collected on the johya.com website is:

JOHYA, SAS, 44 rue Rennequin, 75017 Paris

Contact: administratif@johya.com

2. Data Collected

When using the website and making purchases, JOHYA may collect the following categories of data:

• Identification data: name, first name, date of birth if applicable
• Contact data: postal address, email address, phone number
• Order data: products purchased, amounts, history
• Payment data: processed directly by the payment provider (JOHYA does not store credit card numbers)
• Connection data: IP address, logs, browsing data
• AML/CFT data: for transactions subject to due diligence obligations, copy of identity document, proof of address, proof of origin of funds

3. Purposes of Processing

The data is collected for the following purposes:

• Order management, delivery, and after-sales service
• Customer account management
• Invoicing and accounting
• Compliance with legal obligations (accounting, AML/CFT, taxation)
• Sending commercial information and newsletters (subject to consent)
• Website improvement and usage statistics
• Fraud prevention

4. Legal Bases

The processing is based on the following legal bases:

• Performance of the sales contract (Article 6.1.b GDPR) for order management
• Legal obligation (Article 6.1.c GDPR) for accounting, tax, and AML/CFT obligations
• Consent (Article 6.1.a GDPR) for newsletters and certain non-essential cookies
• Legitimate interest (Article 6.1.f GDPR) for fraud prevention and website improvement

5. Recipients of Data

The collected data is intended for JOHYA and may be transmitted to:

• Shopify International Limited, the website host and e-commerce provider
• Payment providers (Shopify Payments subcontractors)
• Carriers responsible for delivery
• JOHYA's accounting firm
• Competent authorities in case of legal obligation (TRACFIN, tax administration, judicial authorities)

JOHYA does not sell or transfer personal data to third parties for commercial purposes.

6. Transfers Outside the European Union

Certain providers (notably Shopify) may process data outside the European Union. These transfers are governed by appropriate safeguards in accordance with Articles 44 et seq. of the GDPR (standard contractual clauses, adequacy decisions).

7. Retention Period

Data is retained for the following periods:

• Order and billing data: 10 years from the end of the financial year (accounting obligation)
• Inactive customer account data: 3 years from the last contact
• AML/CFT data: 5 years from the end of the business relationship
• Cookies: variable duration, see Cookie Policy
• Prospecting data: 3 years from the last contact with the prospect

8. Rights of Data Subjects

In accordance with Articles 15 to 22 of the GDPR, the Client has the following rights:

• Right to access their data
• Right to rectification
• Right to erasure ("right to be forgotten"), within the limits of legal retention obligations
• Right to restriction of processing
• Right to data portability
• Right to object, particularly to commercial solicitation
• Right to withdraw consent at any time when processing is based on it
• Right to define directives regarding the fate of their data after their death

These rights can be exercised by sending an email to administratif@johya.com, accompanied by a copy of an identity document if there is any doubt about the applicant's identity.

The Client also has the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, or via the website www.cnil.fr

9. Security

JOHYA implements appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access.