Privacy policy


(Version 07.10.2023)

Your privacy is very important to us!

This privacy statement aims to give you all the information you need on how your personal data is processed when you visit our Website (www.nathalievleeschouwer.be, hereinafter referred to as the ‘Website’) and its associated online shop. We comply with our obligations as Controller in accordance with the European General Data Protection Regulation of 27 April 2016 (GDPR) and its implementing Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.

This privacy statement gives you more information about which personal data we process, why we process it, how we obtain it, how long we store it for and who we share it with. This privacy statement applies to all visitors to our Website and online shop.

*Please read this privacy statement carefully.*

We reserve the right to adjust the provisions of this privacy statement to the needs of our company, the evolution of our policies and the changes that occur in legislation, the perspectives of the authorities or case law. The latest version of this privacy statement is the only valid one.

  1. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

 

Natale BV is the Controller with regard to the processing of your Personal Data. We unilaterally or jointly make the decisions regarding the purpose and resources for processing your personal data.

NATALE BV

Tulpstraat 104

2060 Antwerp (BE)

Tel.: 0032 3 202 50 70

E-mail: info@nathalievleeschouwer.be

Co. Reg. No.: BE0473798280

 

For specific enquiries relating to this privacy statement, please contact the following e-mail address: info@nathalievleeschouwer.be . Please always state ‘GDPR’ as a reference to guarantee that your enquiry is handled as efficiently as possible.

  1. DEFINITIONS
  • Personal Data: all information concerning an identified or identifiable natural person. (For example: Name, address, telephone number, e-mail address, members of the household, evaluations, ID number, location, factors specific to the physical, genetic, psychological, economic, cultural or social identity of that natural person).
  • Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
  • Data Subject(s): visitors to our Website and online shop, including clients who place an order, former clients and those who intend to place an order.
  • Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes of and resources for the processing of personal data. (For example: the owner of the online shop)
  • Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. (For example: the online shop software administrator)
  • Recipient: the natural or legal person, public authority, agency or another body, whether a third party or otherwise, to whom the personal data is disclosed. (For example:
  • Third party: the natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, is authorised to process personal data; (For example: the sender of your products)
  • Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes in which they, by means of a statement or a clear affirmative action, accept the processing of personal data relating to them;

 

  1. WHAT PERSONAL DATA IS PROCESSED?

We undertake only to collect the Personal Data necessary for our pre-established objectives and means for the processing of your Personal Data. We process Personal Data within the following categories:

Category 1: Name and address details

Category 2: Contact details and communication

Category 3: Invoice details

Category 4: Profile information

Category 5: Direct marketing

  1. WHAT ARE THE LEGITIMATE PURPOSES FOR PROCESSING YOUR PERSONAL DATA?

We process your Personal Data for the following purposes and on the following basis:

Category of personal data

Purposes

Legal basis

Category 1: Name and address details

-          Administration

-          Calculating supply and demand

-          Preparing the purchase contract

-          Delivering products and services

-          Sending newsletters to subscribed clients

-          Front of ID card for identification purposes

Fulfilling the purchase contract (Article 6, paragraph 1, b) of the GDPR)

Consent (Article 6, paragraph 1, a) of the GDPR) for the newsletter

Category 2: Contact details and communication

-          Delivering products and services

-          Communicating with clients regarding orders, purchases, their account and support

-          Sending newsletters to subscribed clients

Performing the purchase contract

(Article 6, paragraph 1, b) of the GDPR)

Consent (Article 6, paragraph 1, a) of the GDPR) for the newsletter

Category 3: Invoice details

-          Preparing invoices for individuals and companies

-          Accounting

Legal obligation

(Article 6, paragraph 1, c) of the GDPR)

Category 4: Profile information

-          Setting up an account for future orders

-          Protecting the account with a username and password

-          Storing different client preferences

Consent

(Article 6, paragraph 1, a) of the GDPR)

Category 6: Direct marketing

-          Sending e-mails, text messages or letters containing product information and/or offers to people

-          Providing a newsletter about the products and services

-          Suggesting promotions based on the profile

Consent

(Article 6, paragraph 1, a) of the GDPR)

 

  1. ARE YOU OBLIGED TO SHARE YOUR PERSONAL DATA?

You are obliged to share Personal Data where it is required for the fulfilment of the contract and for us to fulfil our legal obligations. If you do not wish to share this Personal Data, no purchase contract can be entered into. Your order on our online shop will therefore not go through.

However, you are not obliged to set up an account. You can place an order without setting up an account. Setting up an account may, however, be useful if you wish to place another order in future.

If you are a child under 13, we are not allowed to process your Personal Data. A parent or guardian can, however, place or an order or make an enquiry for you. If you are a parent or guardian and discover that a child under your care who is under 13 has given us their Personal Data, please inform us immediately so that we can take the appropriate measures.

  1. WHO RECEIVES YOUR PERSONAL DATA?
    • Categories of recipients

Your Personal Data is primarily processed for internal use only. However, we have to rely on the following recipients to ensure that our Website/online shop work properly, and for the fulfilment of the purchase contract:

  • Online shop/website administrator for the IT administration of our online shop/Website;
  • Payment service providers for completing online payments;
  • Delivery services for delivery of your order including our sister company From Foetus to Hero BV
  • Accountant for our accounting;
  • Bailiff for the collection of unpaid invoices or compensation;
  • Courts for taking any necessary legal action.

If one of the following Recipients is a Processor, we will enter into a processing agreement with the Processor to protect your Personal Data. However, as the Controller, we are still responsible for your Personal Data.

  • Court order or legal obligation

Under exceptional circumstances, we may be obliged to transmit your Personal Data following a court order or to adhere to mandatory legal provisions and/or requirements. If reasonably possible, we will try to inform you of this in advance, unless there are legal restrictions to prevent us from doing so.

  • Transfer to third parties within and outside the EEA

Your Personal Data will not be sold, transferred or in any other way communicated to third parties, except in situations in which this is provided for in the latest privacy policy or unless you have expressly consented to this in advance.

Your Personal Data will not be transferred to third parties outside the European Economic Area (EEA).

  1. DOES AUTOMATED PROCESSING TAKE PLACE?

The processing of your Personal Data to set up an account happens by automated means. The logic behind this automation, its importance and consequences, are as follows:

  • Logic: An account is set up by filling in the necessary information with the client’s consent. For this, the client has to provide an e-mail address and password. Previous orders and purchases are also stored in this profile. It may be possible to save a product as a favourite.
  • Importance: The client gets a better online shopping experience and does not need to go through the entire procedure again when placing a new order.
  • Consequences: We are able to gain insight into this client’s purchases and we also need to store the necessary profile information for this account.

 

  1. ARE COOKIES USED?

We only use functional cookies to improve how our Website/online shop work. For example, we use a cookie to store your login details and language preferences, as well as the contents of your shopping basket.

  1. FOR HOW LONG IS YOUR PERSONAL DATA STORED?

Your personal data is not stored or further processed for longer than strictly necessary for the purposes for which it was collected. This means that we delete your Personal Data when it is no longer necessary for our purposes, or when you duly exercise your right to have this Personal Data deleted.

The amount of time for which the Personal Data is stored may differ depending on its category:

Category of personal data

Storage

Reason/Legal basis

Category 1: Name and address details

5 years after the end of the contract or for as long as you have not withdrawn your express and specific consent to receive the newsletter.

 

The front of an ID card is only used to identify the person who is exercising their rights.

Expiry of period for taking legal action.

End of consent.

 

 

Legal obligation.

Category 2: Contact details and communication

5 years after the end of the contract or for as long as you have not withdrawn your express and specific consent to receive the newsletter.

 

Expiry of period for taking legal action.

End of consent.

Category 3: Invoice details

7 years from 1 January following the year of the invoice due date

Article 60 §§ 1 and 4 Wb. VAT See also circular AAFisc Nr. 14/2014 (Nr. E.T. 120.000) dated 4 April 2014.

Category 4: Profile information

For as long as your account is active.

End of consent through activation of your account

Category 5: Direct marketing

For as long as you have not withdrawn your express and specific consent.

End of consent

 

  1. WHAT ARE YOUR RIGHTS?

You can exercise the rights stipulated below by sending an e-mail to: info@nathalievleeschouwer.be stating which right you would like to exercise. You can also send us your request by post to the following address: Natale BV, Tulpstraat 104, 2060 Antwerp. Please use the word ‘GDPR’ in the subject of your e-mail or letter. Please also add a copy of the front of your ID card. That allows us to identify you. Without valid ID, we are unable to handle your request to exercise your rights.

In principle, you may exercise your rights free of charge.

We will respond to your request within 1 month and take the appropriate action, which may include rejecting your request, with good reason. Depending on the complexity of your request, this term may be extended by 2 months. We will in any case update you within a month of receiving your request.

Please also take into account any potential, more specific provisions, depending on the right you wish to exercise.

  • Right of access

As the Data Subject, you have a right to access your Personal Data.

If possible, we will provide you with a copy of your Personal Data after your request. If this is not possible, we will provide you with an overview of your Personal Data that has been processed. Any additional copies may be subject to a reasonable payment to cover administrative fees. This information/copy will be sent to you digitally, unless you request a paper copy in good time.

This right of access is granted without prejudice to the rights or freedoms of others, including trade secrets or intellectual property and in particular the copyright protecting the software. If a third party (e.g. IT administrator, supplier, clients, staff etc.) features in the documents you request, the identity of this person will be blanked out before they are transferred.

  • Right to correction and completion

As the Data Subject, you have the right to have your incorrect Personal Data corrected, or to have incomplete Personal Data completed.

Following your request for correction or completion, we will verify the accuracy of this information and amend it where necessary.

  • Right to erasure (right to be forgotten)

As the Data Subject, you have the right to have your Personal Data erased without undue delay in the following cases:

  • the Personal Data is no longer necessary for the purposes for which it was collected;
  • the Data Subject withdraws consent for the processing of certain Personal Data;
  • the Data Subject objects to the processing of certain Personal Data on the grounds of legitimate interests;
  • the Personal Data was processed unlawfully;
  • the Personal Data must be erased pursuant to an obligation under European Union or Member State law.

Where we have made the Personal Data public and must erase it in accordance with the above, taking account of available technology and the cost of implementation, we shall take the necessary measures to inform other controllers processing the Personal Data of this requested erasure.

Notwithstanding the right to erasure, we have the right to store the Personal Data for longer if this is necessary to exercise the right of freedom of expression and information, for the performance of a task carried out in the public interest or in the exercise of official authority, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.

  • Right to object

As the Data Subject, you have the right to object, on grounds relating to your particular situation, at any time, to the processing of your Personal Data. You may object to the processing of your Personal Data on the grounds of:

  • public interest or;
  • a legitimate interest;
  • direct marketing

 

We may reject this right to object if we can demonstrate compelling legitimate grounds for the processing of this Personal Data and that these grounds override the interests, rights and freedoms of the Data Subject. We may equally reject this right if we can prove that the processing of this Personal Data is for the establishment, exercise or defence of legal claims.

 

  • Right to restriction of processing

As the Data Subject, you have the right to obtain restriction of processing of your Personal Data in the following cases:

  • you have exercised your right to correction, for the amount of time we need to verify the accuracy of your Personal Data;
  • you have duly exercised your right to object, pending a response from us;
  • the processing is unlawful but you would rather restrict the processing than erase the Personal Data concerned;
  • we no longer need this Personal Data but you need it for the establishment, exercise or defence of legal claims.

When you have duly exercised your right to restrict processing, we will only further process this Personal Data in the following cases:

  • with the Data Subject’s consent or;
  • for the establishment, exercise or defence of legal claims or;
  • to protect the rights of another natural or legal person or;
  • on important grounds of public interest for the European Union or a Member State.

This restriction does not apply to the storage of your Personal Data.

If we plan to cancel the processing restriction, you will be informed in advance.

  • Right to data portability

As the Data Subject, you have the right to receive a copy of your Personal Data in order to transfer it, directly or indirectly, to another Controller. This right to data portability only applies to Personal Data:

  • processed on the basis of the Data Subject’s express consent;
  • processed by automated means (For example: profile).

This right can only be exercised if this is technically feasible for us and if the processing of this Personal Data is not necessary to meet any of our legal obligations.

  • Right to withdraw consent

If, pursuant to Article 4 of this privacy statement, certain Personal Data is processed based on your express consent, you have the right to withdraw this consent at any time. At the time of consent, you will always be shown how you can withdraw your consent (for example: at the bottom of the e-mail containing the newsletter).

However, this is without prejudice to the legitimacy of the processing of this Personal Data before your withdrawal of consent.

  1. IS YOUR PERSONAL DATA SAFE?

We have taken the necessary and appropriate technical and organisational measures to be able to guarantee appropriate security of your Personal Data.

We also take the necessary technical and organisational security measures to prevent destruction, loss, falsification, alteration, unauthorised access or accidental communication to third parties. Only our authorised persons and/or employees for whose tasks it is necessary may access your Personal Data. We require the same level of security from our Recipients.

You must always adhere to the necessary security standards yourself by preventing any unauthorised access or use of your login and password. You bear the sole responsibility for the use of our Website/online shop, your IP address and your identification data, as well as for the confidentiality of the latter.

  1. WHERE CAN I LODGE A COMPLAINT?

If you are not satisfied with the way in which we handle your Personal Data, you may lodge a complaint with the supervisory authority. In Belgium, you may lodge this complaint with the Belgian Data Protection Authority

Belgian Data Protection Authority

Drukpersstraat 35

1000 Brussels

Tel: +32 2 274 48 00

E-mail: contact@apd-gba.be

Website: https://www.dataprotectionauthority.be/citizen

 

If you have suffered loss or damage as a consequence of a breach of the GDPR by us, you may be due compensation for the damage or loss suffered. However, if we can prove that we are in no way responsible for the event giving rise to the loss or damage, we cannot be held liable.

The proceedings must be lodged with the competent court for our registered office. Belgian law applies to these proceedings.