Preamble
At DALLOZ INDUSTRIE LAPIDAIRE (DIL), the protection of your personal data is a top priority. In compliance with the General Data Protection Regulation (GDPR) and applicable legislation, we are committed to ensuring the security, confidentiality, and integrity of the information you entrust to us.
This Privacy Policy aims to transparently inform you about how we collect, use, store, and protect your personal data in the course of our business activities.
DIL reserves the right to amend or update this Privacy Policy at any time to reflect legislative, regulatory, technical, or organizational changes that may affect the processing of your personal data.
Any updates will take effect as soon as they are published online. We therefore encourage you to consult this Policy regularly, accessible from all pages of our website, to stay informed of the latest version.
1. Why does DIL collect your data?
DIL only collects personal data strictly necessary for the conduct of its commercial activities and for maintaining quality relationships with professional clients.
The purposes include:
- Creating and managing your professional customer account
- Processing and tracking your orders on our online platform
- Issuing contractual documents such as quotes and invoices
- Organizing product delivery
- Providing after-sales support or managing specific requests, including quotes
- Sending communications about our updates, services, or offers — if you have given your consent
Some data may also be used in anonymized form for statistical analysis, performance monitoring, or continuous improvement of our website and services.
2. What data does DIL collect?
2.1 Data collected directly from you
2.1.1 When placing an order
Creating a customer account is required to place an order on our site. This process involves collecting professional information to identify the customer, formalize the business relationship, and fulfill contractual obligations.
2.1.2 When requesting a quote
Creating an account is not required to request a quote, but professional information is still collected for business and contractual purposes.
2.1.3 When subscribing to the newsletter
We only collect your professional email address for newsletter subscription.
This is based on your explicit consent, which you may withdraw at any time via the unsubscribe link in our emails or by contacting us directly.
No additional data is collected for this purpose, and your email address is only used to send updates, promotions, or editorial content.
2.2 Data collected via cookies
2.2.1 Optional cookies
During your browsing, certain information may be collected automatically via cookies, such as those from Google Analytics. This data is anonymized and used solely for statistical purposes to improve user experience and site performance.
These cookies do not personally identify you.
2.2.2 Cookies exempt from consent
Certain cookies are technically essential for the site’s operation (e.g., session management, security, cart memory, language preference). These do not require prior consent.
2.2.3 Managing your preferences
You can personalize your cookie settings or opt out of non-essential cookies at any time via the “Cookie Management” tool at the bottom of the page [https://dalloz-stones.com]. Consent can be withdrawn at any time.
3. What is the legal basis for data processing?
DIL only processes your data when a legal basis justifies it, in accordance with GDPR requirements:
- Contract performance:
Required to fulfill the contract between DIL and the professional client (e.g. account creation, order management, invoicing, delivery, quote processing). - Legal obligation:
Some data must be collected and stored for legal compliance (e.g. commercial and tax records, electronic commerce laws, official authority requests). - Legitimate interest:
For example, improving our services, fraud prevention, website security, or internal statistical analysis — always respecting your fundamental rights. - Consent:
Required for newsletter subscription and non-essential cookies (e.g. advertising, personalization).
4. How long is your data stored?
Data retention periods are defined based on operational needs and legal requirements.
In certain cases, data must be retained longer, e.g. for accounting, tax, or legal purposes (up to 5 years per article L.110-4 of the French Commercial Code).
Data may be stored in restricted, secure intermediate archives after the end of the business relationship.
After the applicable retention periods, data is either securely deleted or irreversibly anonymized.
5. What are your rights and how can you exercise them?
Depending on the legal basis for processing, you have the right to:
- Access
- Rectify
- Portability
- Restrict processing
- Erasure
- Object on legitimate grounds
You may exercise these rights by contacting our Data Protection Officer (DPO):
📧 dpo@dalloz.services
📮 To the attention of the DPO, Place Dalloz, 39310 SEPTMONCEL LES MOLUNES
If you feel your rights have not been respected, you can lodge a complaint with the French data protection authority (CNIL):
3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07
6. Who does DIL share your data with?
We do not sell your personal data.
Your information is only shared with:
- Technical service providers (e.g. website hosting, payment processing)
- Logistics providers handling delivery
- Public authorities, when required by law
DIL ensures that all providers are contractually bound to comply with GDPR requirements.
7. Are your data transferred outside the EU?
Data is hosted on servers located in France.
No data is transferred outside the European Union unless strictly necessary, and in such cases, appropriate safeguards are applied.
8. How does DIL secure your data?
We implement robust technical, software, physical, and organizational measures to protect your data from unauthorized access, accidental disclosure, alteration, or destruction.
Access is strictly limited to authorized individuals (internal staff or external partners), bound by contractual confidentiality obligations and restricted to their specific duties.
If data transfers outside the EU are necessary, we ensure adequate protections are in place, such as:
- Transfers to countries with EU adequacy decisions
- Use of Standard Contractual Clauses approved by the European Commission
These guarantees ensure your data enjoys the same level of protection as required under the GDPR.