Privacy Policy

Last updated: April 3, 2026

Preamble

This Privacy Policy is intended to inform users of the website www.blueonyx.fr (hereinafter "the Website") about the conditions under which their personal data are collected, processed, and protected, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter "the GDPR") and French Law No. 78-17 of 6 January 1978 (as amended) on information technology, data files, and civil liberties (hereinafter "the French Data Protection Act").

By browsing the Website and submitting information through the forms provided, the user acknowledges having read and understood this Privacy Policy.

1. Data Controller

The controller of the personal data collected through the Website is:

Théodore Bailly, sole proprietor operating under the trade name Blue Onyx

SIREN: 103 304 283
Registered office: 173 rue de Courcelles, 75017 Paris, France
Email: contact@blueonyx.fr
Phone: +33 2 14 73 95 55

2. Personal Data Collected

2.1. Data Collected Directly from the User

Blue Onyx collects personal data when the user voluntarily fills in one of the forms available on the Website. The data collected are as follows:

a) Contact Form and Project Submission

Last name
First name
Email address
Phone number
Company name
Message / project description

b) Solution Configurator

Last name
First name
Email address
Phone number
Company name
Configuration choices (type of solution, selected options)

c) Appointment Booking (via Cal.com)

Last name
First name
Email address
Selected time slot
Any additional information provided during the booking process

d) Cancellation Form

Email address
Customer number or identifier
Reason for cancellation (where applicable)

2.2. Data Collected Automatically

During browsing on the Website, certain technical data are collected automatically:

IP address
Browser type and version
Operating system
Pages viewed and browsing path
Date and time of connection
Screen resolution and device type

These data are collected solely for technical purposes (proper functioning and security of the Website).

3. Purposes and Legal Bases for Processing

The personal data collected through the Website are processed for the following purposes:

Purpose of processing	Data concerned	Legal basis (GDPR)
Responding to contact requests and project submissions	Last name, first name, email, phone, company, message	Article 6(1)(b) – Performance of pre-contractual measures
Providing a pricing estimate via the configurator	Last name, first name, email, phone, company, configuration choices	Article 6(1)(b) – Performance of pre-contractual measures
Scheduling an appointment via Cal.com	Last name, first name, email, time slot	Article 6(1)(b) – Performance of pre-contractual measures
Processing cancellation requests	Email, customer identifier, reason	Article 6(1)(b) – Performance of the contract
Ensuring the technical operation and security of the Website	Connection data (IP address, browser, etc.)	Article 6(1)(f) – Legitimate interest

Blue Onyx does not use the collected data for any commercial prospecting purposes. No newsletters or commercial communications are sent to Website users.

4. Mandatory or Optional Nature of the Data

Fields marked with an asterisk (*) in the Website forms are mandatory. Failure to complete these fields will prevent Blue Onyx from processing the user's request.

Other fields are optional and enable Blue Onyx to better understand the user's needs.

5. Data Recipients

5.1. Internal Access

The personal data collected are intended exclusively for Théodore Bailly (Blue Onyx), in his capacity as data controller. They are under no circumstances sold, rented, exchanged, or otherwise shared with third parties for commercial purposes.

5.2. Sub-processors

In the course of operating the Website, Blue Onyx uses the following sub-processors, which may process personal data on behalf of Blue Onyx:

Sub-processor	Function	Data location	Safeguards
OVHcloud	Website hosting	European Union (France)	Servers located in France, GDPR-compliant
Cal.com, Inc.	Online appointment scheduling	United States	See Section 6 – Transfers outside the EU

These sub-processors are contractually bound to ensure the confidentiality and security of the personal data they process on behalf of Blue Onyx, in accordance with Article 28 of the GDPR.

5.3. Other Recipients

Personal data may also be disclosed to third parties in the following circumstances:

where required by a legal, regulatory, or judicial obligation;
in response to a requisition from a legally authorised authority.

6. Data Transfers Outside the European Union

The appointment scheduling service Cal.com is published by Cal.com, Inc., a company incorporated under the laws of the United States. The use of this service may result in the transfer of personal data to the United States.

In accordance with Chapter V of the GDPR (Articles 44 to 49), Blue Onyx ensures that appropriate safeguards govern such transfers, including:

the execution of Standard Contractual Clauses (SCCs) adopted by the European Commission (Implementing Decision 2021/914 of 4 June 2021);
and/or reliance on the EU-U.S. Data Privacy Framework, where applicable.

Users may obtain a copy of the safeguards in place by sending a request to: contact@blueonyx.fr.

7. Data Retention Periods

Personal data are retained for the period strictly necessary for the purposes for which they were collected:

Type of data	Retention period
Contact form and configurator data	3 years from the last exchange with the data subject
Appointment booking data (Cal.com)	3 years from the date of the appointment
Client data (contract performance)	For the duration of the contractual relationship, then 5 years from the end of the contract (Article 2224 of the French Civil Code)
Cancellation form data	5 years from the effective date of cancellation
Technical connection data	13 months in accordance with CNIL recommendations

At the end of these periods, data are deleted or irreversibly anonymised.

8. Rights of Data Subjects

In accordance with the GDPR and the French Data Protection Act, any person whose personal data are processed by Blue Onyx has the following rights:

Right of access (Article 15 GDPR): obtain confirmation as to whether personal data concerning them are being processed, and if so, obtain a copy thereof.
Right to rectification (Article 16 GDPR): request the correction of inaccurate data or the completion of incomplete data.
Right to erasure (Article 17 GDPR): request the deletion of their personal data, subject to legal retention obligations.
Right to restriction of processing (Article 18 GDPR): request the temporary suspension of the processing of their data in the circumstances provided for by the regulation.
Right to data portability (Article 20 GDPR): receive their personal data in a structured, commonly used, and machine-readable format, or request their direct transmission to another controller.
Right to object (Article 21 GDPR): object at any time to the processing of their data based on Blue Onyx's legitimate interest, on grounds relating to their particular situation.
Right to define directives regarding the fate of data after death (Article 85 of the French Data Protection Act).

8.1. Exercising Your Rights

These rights may be exercised at any time by sending a request accompanied by a valid proof of identity:

By email: contact@blueonyx.fr
By post: Théodore Bailly — Blue Onyx, 173 rue de Courcelles, 75017 Paris, France

Blue Onyx undertakes to acknowledge receipt of any request promptly and to respond within a maximum period of one (1) month from receipt of the request. This period may be extended by two (2) additional months where necessary, taking into account the complexity or number of requests, in accordance with Article 12(3) of the GDPR.

8.2. Complaint to the CNIL

In the event of difficulty in the management of their personal data, or if the user considers that their rights are not being respected, they may lodge a complaint with the French Data Protection Authority (Commission nationale de l'informatique et des libertés — CNIL):

Online: www.cnil.fr/fr/plaintes
By post: CNIL — 3, place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07
By phone: +33 1 53 73 22 22

9. Cookies and Trackers

9.1. Definition

A cookie is a small text file placed on the user's device (computer, tablet, smartphone) when visiting a website. It stores information relating to the user's browsing.

9.2. Cookies Used on the Website

The Website uses only strictly necessary cookies required for the technical operation of the Website. These cookies are essential for navigation and enable, in particular, the proper functioning of forms, the retention of language preferences, and the maintenance of connection security.

No audience measurement (analytics), advertising, profiling, social media, or behavioural tracking cookies are placed on the user's device.

9.3. Legal Basis

In accordance with Article 82 of the French Data Protection Act and the CNIL guidelines of 17 September 2020 on cookies and other trackers, strictly necessary cookies required for the provision of the service expressly requested by the user are exempt from the requirement to obtain prior consent.

9.4. Managing Cookies

The user may, at any time, configure their browser to accept, refuse, or delete cookies. Disabling strictly necessary cookies may impair the functioning of the Website.

Cookie management procedures vary depending on the browser used:

Google Chrome: support.google.com/chrome/answer/95647
Mozilla Firefox: support.mozilla.org
Safari: support.apple.com
Microsoft Edge: support.microsoft.com

For more information on cookies, users may visit the CNIL website: www.cnil.fr/fr/cookies-et-autres-traceurs.

10. Data Security

Blue Onyx implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, accidental or unlawful loss, or destruction, in accordance with Article 32 of the GDPR.

These measures include, in particular:

encryption of data in transit (HTTPS / TLS protocol);
restriction of data access to authorised persons only;
regular updates of the Website's software components;
regular data backups.

In the event of a personal data breach likely to result in a high risk to the rights and freedoms of data subjects, Blue Onyx undertakes to notify the CNIL within 72 hours in accordance with Article 33 of the GDPR, and to inform the data subjects concerned without undue delay in accordance with Article 34 of the GDPR.

11. Use of Artificial Intelligence

The phone number displayed on the Website (+33 2 14 73 95 55) is connected to a voice agent powered by artificial intelligence. In accordance with Article 50 of Regulation (EU) 2024/1689 ("AI Act"), the voice agent systematically informs the caller, at the beginning of the conversation, that they are interacting with an artificial intelligence system.

Phone conversations with the voice agent are not recorded, and no personal data are collected during these exchanges, unless the caller voluntarily provides information in the context of scheduling an appointment or making a contact request.

12. Minors

The Website and the services offered by Blue Onyx are intended exclusively for professionals (B2B). Blue Onyx does not knowingly collect personal data from minors under the age of 16. Should Blue Onyx discover that such data have been collected, they will be immediately deleted.

13. Changes to this Privacy Policy

Blue Onyx reserves the right to amend this Privacy Policy at any time in order to adapt it to legislative, regulatory, or technical developments.

In the event of a substantial modification, the "last updated" date at the top of this document will be updated. Users are encouraged to consult this page regularly to stay informed of any changes.

Any modification shall take effect upon its publication on the Website.

14. Contact

For any questions regarding this Privacy Policy or to exercise your rights, you may contact Blue Onyx:

By email: contact@blueonyx.fr
By post: Théodore Bailly — Blue Onyx, 173 rue de Courcelles, 75017 Paris, France