Privacy Policy

Revision date: May 20th, 2023

1. Preamble

EQOLUX is committed to protecting the confidentiality of the data entrusted to it by users of the EQOLUX platform (the “Platform”). As a France-based company, EQOLUX adheres to the principles set out in the General Data Protection Regulation (“GDPR”) and applicable French data protection laws.

This Privacy Policy describes how EQOLUX collects and processes data relating strictly to business entities registered on the Platform (the “Members”). EQOLUX does not collect or process personal data in the sense of data relating to individuals acting in a personal capacity. The information collected pertains only to professional or company-related data required for using the Platform and its services.

EQOLUX SAS is a simplified joint-stock company (SAS), with a share capital of €5,425, registered with the RCS of Saint-Malo under number 883 206 146, with headquarters at 37 rue de l’ancienne gare, 22240 Plévenon, France.

2. Types of Data Collected

EQOLUX collects data that is strictly related to the business identity of Members and their representatives, such as:

  • Company account information: business email and login credentials (passwords are securely hashed and not stored in plain text);

  • Corporate profile data: company name, legal status, registration number, VAT number, headquarters address, and general business contact details;

  • Representative and contact data: names and professional contact information (email, phone) of authorised persons or legal representatives acting on behalf of the company;

  • Order-related data: products purchased, transaction numbers, delivery addresses;

Additional usage data may be collected during use of the Platform, including:

  • Interactions between Members;

  • Feedback or reviews submitted on the Platform;

  • Email tracking related to administrative or order-related notifications.

No personal data from individuals acting in a private or consumer capacity is collected or processed.

3. Purposes and Legal Basis

EQOLUX collects this data solely for the purpose of:

• Providing access to the Platform and its features;

• Facilitating order processing, communication, and payments between business Members;

• Fulfilling legal and contractual obligations;

• Improving service functionality.

All data is processed under the legal basis of contract performance and legitimate business interest, in accordance with GDPR.

4. Recipients of Data

The business-related data collected may be shared with:

  • Authorized EQOLUX staff under confidentiality obligations;

  • Other business Members, when needed to complete transactions (e.g. delivery address of buyer to seller);

  • Subcontractors (e.g. payment providers, hosting services, email platforms) solely to perform technical or support services;

  • External professionals (legal, accounting) bound by confidentiality;

  • Authorities, in the event of legal or regulatory obligations;

  • Potential acquirers, in the case of corporate restructuring.

All third parties are contractually bound to handle data securely and exclusively for the specified purposes.

5. Data Retention

Business data is retained only as long as necessary for operational, contractual, and regulatory compliance purposes. Following this period, it may be archived with restricted access or securely deleted in accordance with our data retention policy.

6. Company Rights

As no personal data is processed, individual data subject rights (access, correction, deletion, objection) do not apply. However, company representatives may request updates or corrections to their business profile at any time by contacting us:

  • By post: EQOLUX SAS, 37 rue de l’ancienne gare, 22240 Plévenon, France

  • By email: support@eqolux.com

7. Data Hosting and Transfers

EQOLUX hosts data on secure infrastructure both within and outside the European Union. In all cases, data is stored and processed using industry-leading cloud platforms that are ISO/IEC 27001 and SOC 2 Type II certified, ensuring a high standard of data protection, operational integrity, and security controls.

When data is hosted outside the EU, EQOLUX ensures that such transfers are made in full compliance with applicable data protection laws, including the GDPR. This includes the use of appropriate safeguards such as Standard Contractual Clauses (SCCs), where required.

8. Changes to This Privacy Policy

This Privacy Policy may be updated at any time. The latest version will always be available on the Platform and will indicate the date of last revision.