The Controller pays particular attention to the protection of the private life of its users and therefore undertakes to take all necessary and reasonable measures to protect the personal data of these persons against loss, theft, dissemination or unauthorised use.
Personal data” means any information relating to an identified or identifiable natural person. An identifiable person is a natural person who can be identified, directly or indirectly.
What data do we collect?
The Controller collects and processes, according to the modalities and principles described below, the following personal data:
- the domain of the user (automatically picked up by the server of the Processing Agent), including the dynamic IP address;
- The e-mail address of the user if the user has entered it in advance, for example by posting messages or asking questions on the Website, by communicating with the Controller by e-mail, by participating in discussion forums, by identifying himself in order to gain access to a restricted area of the Website, etc;
- The set of information relating to the pages visited by the user on the Website;
- all information voluntarily provided by the user, for example in the context of surveys and/or a registration on the Website, or by identifying oneself to gain access to a restricted area of the Website.
The Controller may also collect data that is not of a personal nature. This data is qualified as non-personal data and does not allow for the direct or indirect identification of any particular person. Consequently, this data can be used for any purpose, for example to improve the Website, to improve the products and services offered or to improve publications by the Processing Agent.
In the hypothesis where personal data are combined with data of a non-personal nature, so that it is possible to identify the persons concerned, these data will be processed as personal data until the persons concerned can no longer be identified on the basis of the data in question, since the link between the personal data and non-personal data has been eliminated.
Method of data collection
The Controller collects the data in the following ways:
Purposes of processing
Personal data is collected and processed for the purposes set out below:
- ensure management and control of the implementation of the services offered;
- Sending and following up orders and invoices;
- the sending of promotional information regarding the products and services by the Processing Agent;
- Sending out promotional material;
- answering questions from users;
- the realisation of statistics;
- the improvement of the quality of the Website and the products and/or services by the Controller;
- forward information regarding new products and/or servicesby the Processing Agent;
- commercial prospecting;
- allow for better identification of user interests.
Certain processing by the Controller is based on the legal basis of its legitimate interests. These legitimate interests are proportionate to the respect of the User’s rights and freedoms. If the user wishes more information
Duration of the detention
The Controller will generally only retain the personal data for the period reasonably necessary to achieve the intended purposes and in accordance with legal and regulatory requirements.
A customer’s personal data will be kept for a maximum of 10 years after the end of the contractual relationship that binds the customer to the Controller.
At the end of the retention period, the Processing Agent will make every effort to ensure that the personal data has been made unavailable and inaccessible.
Exercise of rights
With regard to all the rights listed below, the Controller reserves the right to verify the identity of the person concerned.
This additional information will be requested by the person concerned within a period of one month from the request.
Access to data and copies
The User may obtain, free of charge, his written correspondence or a copy of his personal data processed by the Controller.
The Controller may demand payment of all reasonable costs from the User, based on the administrative costs for each additional copy requested by the User.
As soon as the user submits this question electronically, the information will also be delivered electronically, unless the user requests otherwise.
Unless otherwise stipulated in the General Data Protection Regulation, the copy of his/her data will be communicated to the person concerned no later than one month after receipt of his/her request.
Right of improvement
The user may request, free of charge, that his personal data be corrected if they contain errors, are incomplete or irrelevant, or that his data be supplemented if they are incomplete.
Unless otherwise stipulated in the General Data Protection Regulation, the application shall be processed within one month of its submission.
The right to object to processing
The user may at any time, for reasons relating to his personal situation, object free of charge to the processing of his personal data:
- when the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
- when the processing is necessary for the purposes of protecting the legitimate interests of the Controller, provided that the interest or fundamental rights and freedoms of the data subject are not overriding (in particular when the data subject is a child).
The user may at any time, without any justification and free of charge, object to the processing of his personal data if such data are collected for the purpose of commercial canvassing (including profiling).
If the personal data are used for scientific or historical research purposes or for statistical purposes in accordance with the General Data Protection Regulation, the user has the right to object to the processing of their personal data for reasons relating to their personal situation, unless the processing is necessary for the performance of a task within the exercise of public authority.
Unless otherwise stipulated in the General Data Protection Regulation, the Processing Agent is obliged to respond to the User’s query within a reasonable period of time, at the latest within one month, and must provide reasons for its response if it intends not to give a favourable response to the User’s query.
The right to restrict processing
The user may obtain the restriction of the processing of his personal data in the following cases:
- when the user disputes the correctness of a piece of information and only for the period that the Processing Agent needs to verify it;
- if the use is unauthorised or if the user prefers the restriction of operation to the exchange of data;
- where the user needs this restriction for the purposes of litigation, exercise or defence, although it is no longer necessary for the purposes of the processing to continue;
- during the period necessary to investigate the merits of an objection, in other words, the period that the Processing Agent needs to weigh up the legitimate interests of the Processing Agent against those of the User.
The Controller will notify the User as soon as the restriction on operation is lifted.
Right to erasure (right to be forgotten)
The user may obtain the erasure of his personal data, if one of the following reasons applies:
- the data are no longer necessary in relation to the purposes of the processing;
- the user has withdrawn his consent for the processing of his data and there is no legal basis for further processing;
- the user objects to the processing and there is no compelling legitimate reason for further processing and/or the user exercises his special right to object with regard to direct marketing purposes (including profiling);
- the personal data has been the subject of an unauthorised use;
- the personal data must be erased in order to comply with a legal obligation (of the law of the European Union or the law of a Member State) to which the Controller is subject;
- the personal data were collected in the context of an offer of services aimed at children.
However, the exchange of data does not apply in the following cases:
- as soon as the processing is necessary for the exercise of the right to freedom of expression and the right to information;
- as soon as the processing is necessary for compliance with a legal provision that requires processing as provided for by European Union law or the law of one of the Member States to which the Controller is subject, or if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
- as soon as the processing is necessary for reasons of public interest in the area of public health;
- as soon as the processing is necessary for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, and provided that the right to erasure may render impossible or seriously jeopardise the achievement of the purposes of the processing;
- as soon as the processing is necessary for the purposes of litigation, exercise or defence.
Unless otherwise stipulated in the General Data Protection Regulation, the Processing Agent is obligated to respond to the User’s request for exchange within a reasonable period of time, and at the latest within one month, and must provide reasons for its response if it intends not to respond favourably to the User’s request.
The right to “data portability”.
The user may at any time request to receive, free of charge, his personal data in a structured and commonly used format, readable by machines, with a view to their transfer to another controller:
- if the processing of the data is carried out by means of automated processes;and
- if the processing is based on the User’s consent or on an agreement concluded between the latter and the Controller.
Under the same conditions and according to the same terms, the User is also entitled to demand from the Controller that the personal data relating to him/her be transferred directly to another controller, insofar as this is technically possible.
The right to data portability does not apply to processing that is necessary for a task carried out in the public interest or in the exercise of official authority vested in the Controller.
Appropriation of data and disclosure to third parties
The recipients of the data collected and processed are, in addition to the Controller itself, staff members or other subcontractors, carefully selected commercial partners, located in Belgium or the European Union, who cooperate with the Controller in the context of marketing products or providing services.
In the event that the data is disclosed to third parties for direct marketing purposes or for the purpose of commercial canvassing, the user will be informed thereof in advance in order to allow him to decide whether or not to accept the processing of his data by third parties.
As this transfer is based on the consent of the user, the latter may withdraw his consent at any time.
The Controller reserves the right to disclose the User’s personal data if a law, legal action or order from a public authority would make such disclosure necessary.
No transfer of personal data will take place outside the European Union by the Controller.
The Processing Manager will provide appropriate technical and organisational measures to ensure a level of security in the processing of the collected data, in accordance with the risks that may arise in connection with the processing of the data and adapted to the nature of the data to be protected. The Controller will take into account the state of knowledge, the cost of the work and the nature, scope, context and purpose of the processing, as well as the risks to the rights and freedoms of the users.
When receiving or sending data on the Website, the Processing Agent always uses encryption technology that is recognised as the industry standard within the IT sector.
The Controller has implemented the necessary security measures to protect the information obtained through the Website and to prevent its loss, misuse or alteration.
In the event that the personal data processed by the Controller is breached, it will act promptly to identify the cause and remedy the situation.
The Processing Agent will inform the User if required to do so by law.
Objections and complaints
The user may lodge an objection with the Belgian Data Protection Authority at the following address: Rue du Peinture, 35, 1000 Brussels. Tel. + 32 2 274 48 00. Fax. + 32 2 274 48 35, email@example.com.
The user may also file a complaint with the competent courts.
By e-mail: firstname.lastname@example.org.
By post: Brusselsesteenweg 359, 9230 Wetteren (Belgium).
Applicable law and competent jurisdiction
The courts of the following judicial district have jurisdiction in the event of a dispute: East Flanders (Ghent).