The Company takes all reasonable measures to protect personal data that are processed under its responsibility.
Users are deemed to have accepted the terms and conditions set out below when providing their data and once they have accepted the terms and conditions.
ARTICLE 1: Information about the data controller
The Company is the data controller of the personal data that it manages.
The Company: SRL XML
Company enterprise number / VAT number: 0882.760.079
Postal address of the registered office: Avenue de Tervuren 120, box 3, 1150 Woluwe-Saint-Pierre, Belgium
Company e-mail address: firstname.lastname@example.org
ARTICLE 2: Categories of personal data processed
The personal data potentially processed by the Company are all information provided by users and may include the following:
- identification data: name, title, postal address, nationality, gender, e-mail, telephone number, national register number, identity card number;
- financial data: account numbers, card numbers;
- electronic data: IP and/or MAC address, computer model, web browser, screen resolution, location, IMEI, cookies, online behaviour, online purchasing habits, registration for promotional offers, login data, preferences, etc.
The Company records the date of communication of or any subsequent changes to personal data.
The Company does not process any sensitive/special personal user data such as race or ethnic origin, political opinion, religious belief or health data.
Users must refrain from communicating any personal data belonging to a third party.
Parental consent is required in the case of personal data relating to an individual under 13 years of age. The Company may request proof of such consent in order to process the minor’s personal data.
ARTICLE 3: Purposes and legal basis for the processing of personal data
On the basis of Article 6.1 a), b), c) and f) of Regulation No 2016/679, known as the General Data Protection Regulation (“GDPR”), the Company uses users’ personal data for the following purposes.
3.1. Basis and purposes connected with obtaining user consent
After obtaining the consent of users, the Company uses the personal data provided when users contact the Company for any reason.
The Company may also use the personal data of users to provide them with information about the e-shop and/or information of an administrative nature.
The personal data provided by users, subject to their consent, facilitate the internal functioning of the Company (analysis of trends and the efficiency of use, implementation of new services or products or promotions, improvement of the e-shop, etc.).
3.2. Basis and purpose connected with a legitimate interest
3.3. Basis and purposes connected with performance of the agreement (order, purchase, etc.)
To ensure the proper performance of the purchase agreement, the Company uses the personal data of users in order to monitor and process orders, the return of orders, complaints and repairs.
Use of users’ personal data also enables the Company to ensure optimal customer management (accounting, customer relations, etc.).
3.4. Basis and purpose connected with the Company’s legal obligations
As part of its accounting and tax obligations, the Company is required to transmit and retain certain personal data of users.
ARTICLE 4: Communication of the personal data of users to third parties
4.1. Categories of recipients (processors or third parties)
Processors that may have access to personal data provided by users to the Company include, but are not limited to, the following:
- customer service;
- advertising service;
- delivery service;
- online payment service;
- fraud control service;
- communication service (hosting, server, e-mail);
The Company may, pursuant to law and in a confidential manner, be authorised, obliged or requested to communicate certain personal data to a public authority or institution, including where the Company is undergoing a sale, merger, transfer, restructuring or other event.
4.2. Type of personal data provided
All personal data provided by users may be processed by a processor where such processing is relevant for the task to be performed (e.g. last name, first name, title in the case of customer service; credit/debit card number, cardholder name, expiry date for online card payment, etc.).
Any processing carried out by the Company’s processors is strictly done on the basis of the Company’s instructions.
The processing is carried out under a contractual obligation of confidentiality.
The processor is obliged to take all necessary measures to ensure optimal protection of users’ personal data.
In order to optimise the processing and protection of the data used by the processors, they may communicate information to users.
Such data is considered to be public.
ARTICLE 5: Transfer of users’ personal data outside the European Union
5.1. Category of recipient (processors or third parties)
See Article 4.1.
5.2. Type of personal data provided
See Article 4.2.
See Article 4.3.
In order to achieve a level of protection at least equivalent to that of the European Union, the transfer of data outside the EEA is protected by specific contractual obligations, in accordance with the GDPR.
ARTICLE 6: Retention period for users’ personal data
The maximum period of retention is three years, unless a longer period is permitted or required by law.
ARTICLE 7: Measures to protect users’ personal data implemented by the Company
The Company uses organisational and technical measures to prevent, insofar as possible, any unauthorised use and/or access to users’ personal data.
Only the necessary personnel and relevant data are used to carry out each of the Company’s purposes.
All processing is carried out in a confidential manner.
The Company cannot guarantee with certainty that any communication of personal data via the e-shop cannot be received by anyone other than the intended recipient.
In the event of a breach of personal data of users, the Company shall inform the Belgian Data Protection Authority.
ARTICLE 8: Rights of users (data subjects)
Users may withdraw their consent to the processing of personal data at any time.
Users have the following rights in respect of personal data held and/or processed by the Company:
- right to access and view;
- right to rectification;
- right to erasure;
- right to restriction of processing;
- right of portability;
- right to object to processing on the basis of a legitimate interest, processing for direct marketing and profiling purposes and processing for scientific or historical research purposes or for statistical purposes that are not in the public interest;
- right to object to decisions based solely on automated processing;
- right to file a complaint with the supervisory authority.
The aforementioned rights can be exercised in writing by sending an e-mail, accompanied by a copy of the user’s identity card, to the following address: email@example.com.
Users have the right to file a complaint with the Belgian Data Protection Authority via the following e-mail address: firstname.lastname@example.org.
ARTICLE 9: Links to external websites