-
Privacy policy
1. Parts and Object of the Privacy Charter
1.1. The data controller is SRL “Les Potjes d’Eugène” with its registered office at Avenue Georges Henri 410, 1200 Brussels, Belgium (hereinafter referred to as “Les Potjes d’Eugène” or “the Data Controller”).
1.2. The Data Controller establishes this Privacy Charter to inform users of the website hosted at www.eugenechocolatier.be (hereinafter, the “Website”) transparently about how their personal data is collected and processed by the Data Controller. Users must necessarily review the Privacy Charter.
1.3. The term “User” refers to any user, whether a natural or legal person, registered or not on the Website, who consults the Website or its content, inserts personal data on the Website, subscribes, or registers via any form available on the Website.
1.4. In this capacity, the Data Controller and/or its service providers, acting on its behalf and for its account, determine(s) all technical, legal, and organizational means and purposes of the processing of Users’ personal data. The Data Controller undertakes to take all necessary measures to ensure that the processing of personal data complies with the Law of July 30, 2018, on the protection of individuals with regard to the processing of personal data (hereinafter, the “Law”) and with the European Regulation of April 26, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR”).
1.5. The Data Controller is free to choose any natural or legal person who processes personal data of Users at its request and on its behalf (hereinafter “the Processor”). If applicable, the Data Controller undertakes to select a Processor who provides sufficient guarantees regarding the technical and organizational security measures for the processing of personal data, in accordance with the Law and the GDPR.
2. Processing of Personal Data
2.1. The use of the Website by Users may involve the communication of personal data. The personal data that may be processed is specified in point 4. The processing of this data by “Les Potjes d’Eugène” as Data Controller, and/or by providers acting on behalf and for the account of the Data Controller, will comply with the Law and the GDPR.
2.2. Personal data will be processed by the Data Controller, in accordance with the purposes stated in point 3, via:
- An automated procedure;
- The order form.
3. Purposes of the Processing of Personal Data
In accordance with Article 13 of the GDPR, the purposes of the processing of personal data are communicated to the User. The data is processed in order to:
- Ensure the execution of the services offered and agreed upon on the Website;
- Ensure monitoring of the execution of the services offered;
- Carry out marketing activities and promotional information after the User’s prior consent and until the withdrawal of this consent, such as sending promotions on the products and services of the Data Controller;
- Respond to inquiries from the User;
- Conduct statistics to improve the Website, the services offered, and the internal organization of “Les Potjes d’Eugène”;
- Improve the quality of the Website and the products and/or services offered by the Data Controller;
- Enable better identification of the User’s interests.
4. Personal Data that may be processed
When visiting and using the Website, the User agrees, in accordance with point 5, that the Data Controller collects and processes, according to the modalities and principles described in this Charter, the following personal data:
- Information provided by Users to the Data Controller for contractual purposes and to enable the proper performance of reciprocal obligations, such as name, surname, email address, phone number, and more generally, any information voluntarily provided by the User;
- Information provided by Users by filling out forms or contacting the Data Controller by phone, email, or other means, such as the name, address, email address, and phone number of Users;
- Regarding each visit of Users to the Website, automatically collected information includes:
- IP address, type and model of browser, time zone, operating system;
- All information about the pages that the User has visited on the Website, including the URL and browsing time.
5. Consent
5.1. By accessing and using the Website, the User declares that they have read and agreed freely, specifically, informed, and unequivocally to the processing of personal data concerning them. This agreement concerns the content of this Charter.
5.2. This consent is an essential condition to perform certain operations on the Website and to allow the User to enter into a contractual relationship with the Data Controller. Any contract between the Data Controller and a User concerning the services and goods offered on the Website is subject to the User’s acceptance of the Charter.
5.3. The User consents to the Data Controller processing and collecting, in accordance with the modalities and principles set out in this Charter, the personal data communicated on the Website and/or on the occasion of the services offered by the Data Controller, for the purposes indicated in point 3.
5.4. The User has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on the prior consent given. This right is exercised in accordance with point 8 of this Charter.
6. Retention Period of Users’ Personal Data
In accordance with Article 13, paragraph 2 of the GDPR, a), the Data Controller provides the data subject with information on the retention period of personal data. In this case, such data will be retained only for as long as reasonably necessary for the fulfillment of the purposes for which they are processed, and for a maximum of twelve (12) months after the end of the contractual relationship between this User and the Data Controller.
7. Recipients of Data and Disclosure to Third Parties
7.1. Personal data may be transmitted to employees or collaborators of the Data Controller who, located in Belgium or in the European Union, collaborate with the Data Controller in the context of marketing products or providing services. They act under the direct authority of the Data Controller and are responsible, in particular, for collecting, processing, or subcontracting this data. Personal data may also be disclosed to employees or collaborators of controllers if they decide to do so.
7.2. In all cases, the recipients of the data and those to whom this data has been disclosed comply with the content of this Charter. The Data Controller ensures that they will process this data for the purposes set out in point 3, discreetly and securely.
7.3. Disclosure to Third Parties for Direct Marketing or Prospecting
In the event that data is disclosed to third parties for direct marketing or prospecting purposes, the User will be informed in advance via email so that they can give their consent to the use of their personal data.
8. User Rights
At any time, the User can exercise their rights by sending a letter by post to SRL “Les Potjes d’Eugène”, Avenue Georges Henri 410, 1200 Brussels, Belgium, attaching a copy of their identity card or via email to the following address: contact@eugenechocolatier.be
1. Right of Access
8.1.1. In accordance with Article 15 of the GDPR, “Les Potjes d’Eugène” guarantees the User’s right of access to their personal data. The User has the right to obtain access to said personal data as well as the following information:
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients established in third countries or international organizations;
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the User.
8.1.2. The Controller may require the payment of reasonable fees based on administrative costs for any additional copies requested by the User.
8.1.3. When the User submits this request electronically (via email, for example), the information shall be provided in a commonly used electronic format, unless otherwise requested by the User.
8.1.4. A copy of their data shall be provided to the User no later than one month after receipt of the request.
2. Right to Rectification
8.2.1. “Les Potjes d’Eugène” guarantees the User’s right to rectify personal data.
8.2.2. In accordance with Articles 16 and 17 of the GDPR, incorrect, inaccurate, or irrelevant data can be corrected or erased at any time. The User can request this from “Les Potjes d’Eugène”.
8.2.3. In accordance with Article 19 of the GDPR, the Controller shall notify each recipient to whom the personal data have been disclosed of any rectification of personal data, unless such communication proves impossible or requires disproportionate effort. The Controller shall provide the User with information about these recipients upon request.
3. Right to Erasure
8.3.1. The User has the right to obtain the erasure of their personal data without undue delay when one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- The User withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal ground for the processing;
- The User objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the User objects to the processing pursuant to Article 21(2) of the GDPR;
- The personal data have been unlawfully processed;
- The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject; or
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
8.3.2. Where the Controller has made the personal data public and is obliged to erase it pursuant to the preceding paragraph, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other Controllers processing the personal data that the User has requested erasure of any links to, or copy or replication of, those personal data.
8.3.3. Paragraphs 8.3.1 and 8.3.2 shall not apply to the extent that processing is necessary:
- For exercising the right of freedom of expression and information;
- For compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- For reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) of the GDPR;
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR insofar as the right referred to in paragraph 8.3.1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- For the establishment, exercise or defense of legal claims.
4. Right to Restriction of Processing
8.4.1. The User has the right to obtain restriction of processing of their personal data where one of the following applies:
- The accuracy of the personal data is contested by the User, for a period enabling the Controller to verify the accuracy of the personal data;
- The processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
- The Controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defense of legal claims; or
- The User has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Controller override those of the User.
8.4.2. In accordance with Article 19 of the GDPR, the Controller shall notify each recipient to whom the personal data have been disclosed of any restriction of processing carried out, unless this proves impossible or involves disproportionate effort. The Controller shall provide the User with information about these recipients upon request.
5. Right to Data Portability
8.5.1. In accordance with Article 20 of the GDPR, Users have the right to receive from “Les Potjes d’Eugène” personal data concerning them which they have provided to the Controller in a structured, commonly used and machine-readable format. Users have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided.
8.5.2. Where technically feasible, the User has the right to have the personal data transmitted directly from one Controller to another, where this is requested by the User and technically feasible.
8.5.3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
8.5.4. The right referred to in paragraph 8.5 shall not adversely affect the rights and freedoms of others.
6. Right to Object and Automated Individual Decision-Making
8.6.1. The User has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. “Les Potjes d’Eugène” shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defense of legal claims.
8.6.2. Where personal data are processed for direct marketing purposes, the User has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
8.6.3. Where the User objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
7. Right to Lodge a Complaint
8.7.1. The User has the right to lodge a complaint concerning the processing of their personal data by “Les Potjes d’Eugène” with the competent data protection authority in Belgium. Further information can be found on the website: https://www.autoriteprotectiondonnees.be/.
8.7.2. Complaints can be lodged at the following addresses: Data Protection Authority 35 Rue de la Presse 1000 Brussels, Belgium Tel. +32 2 274 48 00 Fax +32 2 274 48 35 Email: contact@apd-gba.be
8.7.3. The User may also lodge a complaint with the court of first instance in their place of residence.
9. Limitation of the Controller’s Liability
9.1. The Website may contain links to other websites owned by third parties not affiliated with “Les Potjes d’Eugène”. The content of these sites and their compliance with the Law and the GDPR are not the responsibility of the Controller.
9.2. Legal guardians must give explicit consent for minors under the age of 13 to disclose information and/or personal data on the Website. “Les Potjes d’Eugène” strongly advises legal guardians of minors to promote responsible and safe use of the Internet. The Controller shall not be liable for the collection and processing of information and personal data of minors under the age of 13 whose consent is not effectively covered by that of their legal guardians, or for incorrect data – particularly concerning age – entered by minors. Under no circumstances shall personal data be processed by the Controller if the User specifies they are under 13 years of age.
9.3. “Les Potjes d’Eugène” is not responsible for the loss, corruption, or theft of personal data caused by the presence of viruses or as a result of cyberattacks, in accordance with point 10.
10. Security
10.1. The Controller implements organizational and technical measures to ensure an appropriate level of security for the processing and collection of data. These security measures depend on the costs of implementation in relation to the nature, context, and purposes of the processing of personal data.
10.2. The Controller uses standard encryption technologies within the IT sector during the transfer or collection of data on the Website.
11. Amendment of the Privacy Policy
“Les Potjes d’Eugène” reserves the right to amend this Privacy Policy to comply with legal obligations. Users are therefore invited to regularly consult the Privacy Policy to be informed of any modifications and adaptations. Such modifications will be posted on the Website for enforceability purposes.
12. Applicable Law and Jurisdiction
In the event of a dispute between the parties regarding the validity, interpretation, or performance of this Privacy Policy, the parties shall first attempt to resolve the dispute amicably. If such a solution cannot be found, for any reason whatsoever, the parties may bring the dispute before the courts of Brussels.