Privacy Policy

BoNoPandas (hereinafter "we") operates the restaurant located at 14 rue Temponières, 31000 Toulouse, France, and the website www.bonopandas.com. This policy describes how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

BoNoPandas
14 rue Temponières, 31000 Toulouse, France
Email: contact@bonopandas.com
Phone: +33 9 78 80 78 62

2. Data Collected

We collect only strictly necessary data:

• Click & Collect order: first name, phone number (optional), order details, pickup slot, payment method.
• Loyalty card: phone number only, managed by Square Loyalty.
• Communications: if you contact us by email, your address and message content.
• Technical data: IP address, browser type, pages visited (anonymized analytics).

3. Purposes of Processing

• Processing your Click & Collect orders and sending SMS confirmations.
• Managing your loyalty card (points accumulation, rewards).
• Responding to your requests via email or phone.
• Improving our site and services (anonymous statistics).
• Compliance with legal obligations (accounting, invoice retention).

4. Legal Bases

• Contract performance: processing your order.
• Consent: loyalty card registration, non-essential cookies.
• Legitimate interest: service improvement, site security.
• Legal obligation: invoice retention for 10 years.

5. Sub-processors and Recipients

Your data may be processed by the following service providers, selected for their GDPR compliance:

• Square, Inc. (USA, GDPR-certified sub-processor) — Click & Collect payments, product catalog, loyalty card.
• Twilio Inc. (USA, GDPR-certified sub-processor) — order confirmation SMS.
• Vercel Inc. (USA, GDPR-certified sub-processor) — website hosting.
• Supabase Inc. (EU/USA, GDPR sub-processor) — internal database.
• Google LLC (USA) — analytics tools, Google Business Profile, Maps.
• Meta Platforms Inc. (USA) — displaying public Instagram feed on the homepage.

Your data may be transferred outside the EU (notably to the United States). These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission or by EU-US Data Privacy Framework certifications.

6. Retention Period

• Order data: 10 years (accounting legal obligation).
• Loyalty card: as long as the account is active, then 3 years after last interaction.
• Contact emails: 3 years after last interaction.
• Technical logs: 1 year.

7. Your Rights

In accordance with GDPR, you have the following rights:

• Right of access to your data
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object
• Right to withdraw consent at any time
• Right to lodge a complaint with the CNIL (www.cnil.fr)

To exercise your rights, contact us at: contact@bonopandas.com. We commit to responding within one month.

8. Cookies

Our site uses essential cookies for functionality (cart, session, security). No advertising or profiling cookies are placed without your explicit consent.

9. Security

We implement technical and organizational measures to protect your data: HTTPS encryption, encrypted storage, restricted access, regular backups.

10. Changes

We may update this policy at any time. The last update date is shown at the top of the page. Substantial changes will be notified to you by email if you have provided your address.

11. Contact

For any questions about this policy or data processing, contact us:

contact@bonopandas.com
BoNoPandas — 14 rue Temponières, 31000 Toulouse, France