top of page

Privacy policy

The purpose of this privacy policy is to explain why we collect your data and how we are committed to protecting it. Boat & Co is committed to protecting your personal data and privacy. As such, and in application of the General Data Protection Regulation, hereinafter referred to as the GDPR, we inform you below of the conditions under which your personal data is called upon to be processed by us.


- Contact details (e.g. surname, first name, telephone number, email)
- Technical and location information generated in the course of using our services


We may collect and store your personal data for the following purposes:

- Process and reply to your messages
- Manage your subscriptions to our newsletters
- Establish and monitor the commercial relationship that may result from your messages
- Improve our customer service
- Manage the smooth running and personalization of our services
- Send you commercial and advertising information according to your preferences
- Detect attacks and take legal action against fraud
- Remember your choices regarding the use of cookies
- To process and respond to your requests to exercise your rights
- To meet regulatory requirements in force or in the process of being adopted.

The processing of personal data is based :

Either on the consent of the data subject (Article 6.1.a of the RGPD) for all processing that requires prior collection of consent. In online forms, mandatory fields are marked with an asterisk. If you fail to answer the mandatory questions, we will not be able to provide you with the requested services.
For the performance of a contract or pre-contractual measures,
Or for the pursuit of a legitimate interest (Article 6.1.e of the RGPD).
Or to comply with a legal or regulatory obligation;

Your data is kept for the time necessary to fulfill the purposes mentioned above.

The length of time customer personal data is kept depends on the purpose concerned. In this context, customers' personal data is kept for the time necessary to fulfill their request. Failing this, personal data will be deleted within the timeframe recommended by the Commission Nationale Informatique et Libertés (CNIL), after a period of three years from the date of collection, subject to :


- legal archiving possibilities and obligations,
- obligations to retain certain data for evidentiary purposes, and/or to make it anonymous.

The customer's personal data collected and processed for the purposes of executing offers are kept for the time required to manage the contractual relationship.
By way of derogation, personal data required to establish proof of a right or a contract are archived in accordance with legal provisions (5 or 10 years after the end of the commercial relationship, depending on the case).


Our internal departments:
They are processed by the staff of our various departments, such as the sales department or the department in charge of IT security. Trusted companies or persons: they process your information for us for the purposes set out above, in accordance with our instructions as described in our Privacy Policy and any other appropriate use cases in terms of confidentiality and security, Technical subcontractors: Personal data concerning you may be transferred to our technical subcontractors (within the meaning of Article 4.8 of the RGPD) in a strictly supervised manner. In the event of a transfer, we ensure that the subcontractors comply with the RGPD and take technical and organizational measures to guarantee data protection (art. 28 of the RGPD).

Traffic analysis (such as Google Analytics).
We must sometimes allow our partners to process, on our behalf, the personal information we hold about you for the purposes set out in this policy or for any other reason required by law.

The personal data collected from customers is hosted in France.
In the event of using a service provider located outside the European Union, we undertake to verify that appropriate measures have been put in place to ensure that personal data benefit from an adequate level of protection.


We implement all organizational and technical measures to ensure an appropriate level of security for your personal data, and in particular to prevent any loss of confidentiality, integrity or accessibility.

As far as possible, we restrict access to personal information to those who need to process it. We ensure that these third parties guarantee the same level of protection for your personal data, and we put in place technical and organizational measures to ensure that customer personal data is kept securely for as long as is necessary for the purposes for which it is to be used.


In accordance with Applicable Regulations, you have the following rights:
A right of rectification: you have the right to obtain the rectification of inaccurate data concerning you. You also have the right to complete incomplete data concerning you, by providing an additional declaration. Should you exercise this right, we undertake to communicate any rectification to all recipients of your data,
A right of deletion: in certain cases, you have the right to obtain the deletion of your data. However, this is not an absolute right, and we may retain your data for legal or legitimate reasons.

A right to the limitation of processing: in certain cases, you have the right to obtain the limitation of the processing of your data.

A right to data portability: you have the right to receive the data you have provided to us, in a structured, commonly used and machine-readable format, for your personal use or for transmission to a third party of your choice. This right only applies where the processing of your data is based on your consent, on a contract or is carried out by automated means.

A right to object to processing: you have the right to object at any time to the processing of your data for processing based on our legitimate interest, a mission of public interest and those for commercial prospecting purposes. This is not an absolute right, and we may refuse your request for legal or legitimate reasons.

The right to withdraw your consent at any time: you may withdraw your consent to the processing of your data where the processing is based on your consent. Withdrawal of consent does not compromise the lawfulness of processing based on consent carried out prior to such withdrawal.

The right to lodge a complaint with a supervisory authority: you have the right to contact your data protection authority to complain about our personal data protection practices,

Pursuant to the GDPR, the conditions for exercising these rights may vary depending on the lawfulness basis of the processing mentioned in the first paragraph.
We will respond to any exercise of rights as soon as possible and in any event within 30 days of receipt of the request.

We reserve the right to:

- To request proof of the applicant's identity in the event of reasonable doubt, in order to respect the applicant's obligation of confidentiality,
- Extend the response time by two months, informing the applicant of the extension and the reasons for the postponement within one month of receipt of the request,
- To refuse to respond to a request if it is considered abusive (in view of its number, repetitive or systematic nature).

If, despite our efforts and commitments, you feel that your rights concerning your personal data have not been respected, you may submit a complaint to the Commission Nationale Informatique et Libertés: CNIL 3 Place de Fontenoy TSA 80715 75334 Paris Cedex 07.

Data protection policy subject to change

This Privacy Policy may change from time to time. As we are constantly developing our services, we reserve the right to modify this Privacy Policy, in accordance with the legal provisions in force. Any changes will be published on this document in due course. We advise you to check this page regularly for any changes or updates to our Privacy Policy.

bottom of page