Privacy statement

  1. Welcome

Thank you very much for your interest in our company. In this privacy declaration, we would like to inform you about the processing of your personal data when using our website and our services.

  1. Why this privacy statement?

Each natural person who visits our website or uses our services, provides certain personal data. These personal data allow us to identify you as a natural person, regardless of whether we actually do so. You are identifiable on the basis of personal data as soon as it is possible to establish a direct or indirect connection between one or more data and yourself as a natural person.

We always process these personal data in accordance with the applicable legal provisions regarding the protection of personal data, specifically Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) and the national implementing legislation.

If these legal provisions would change, or if we intend another use of your personal data, we shall modify this Privacy Statement, but any substantial change will be clearly notified. Nevertheless, we advise you to consult the last version of this privacy statement on our website.

  1. Who processes your personal data?

The controller of your personal data is Gudrun Commercial NV, Industriestraat 18, 2500 Lier, RLE Mechelen, registered with the Belgian Crossroads Databank of Enterprises under company number 0476.530.118, telephone number: +32 (0)3 491 91 91, E-mail adress: info@chocolates.be. This means that we determine what personal data are collected and that we define the purpose and methods of the processing of these personal data.

  1. When do we collect your personal data

We collect your personal data:

  • when you visit our website;
  • when you contact our company;
  • when you make use of our services;
  • when you provide us with feedback about our company;
  • when you subscribe to our newsletter;

Our website also processes certain personal data automatically via cookies.

It is our intention not to collect any personal data of persons younger than 16 years old. These young people are not allowed to provide us with any personal data or a statement of consent without permission from the person who has parental authority.

What personal data do we process, why, and on what legal basis

In the table below you can see what categories of personal data we process, why we do this (the ‘purposes’) and on what legal basis.

All processing of personal data takes place for one or more specific purposes. In addition, there must always be a demonstrable legal basis for each processing. The numbers you can find in the ‘legal basis’ column mean the following:

  1. a) you have given consent for the processing of personal data for one or more specific purposes;
  2. b) the processing is necessary for the performance of an agreement to which you are a party;
  3. c) the processing is necessary for compliance with a legal obligation to which we, as the controller, are subject;
  4. d) the processing is necessary to protect our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
 

Categories of personal data

Purposes

Legal basis

The visited website, the date and time of access to the site, the amount of sent data, the source/reference from which you have accessed our site, the used browser, the operating system, the IP or IMEA adress

To improve stability and functionality of the website

d)

Identification and contact data (first name and surname, user name, e-mail address, home address, invoice address, telephone number, VAT number), payment information, IP address and IMEI code

To handle your question to our company, on the telephone, via the contact form on our website or via e-mail

d)

Identification and contact data (first name and surname, user name, e-mail address, home address, invoice address, telephone number, VAT number), payment information, IP address and IMEI code

To manage and execute your order, to perform our agreement (including invoicing), service before, during and after sale, complaint handling

b)

Identification and contact data (first name and surname, user name, e-mail address, home address, telephone number, VAT number), invoice address, IP address and IMEI code

To collect product feedback to improve our products and services

d)

Identification and contact data (first name and surname, user name, e-mail address, home address, invoice address), IP address and IMEI code

To inform you, as a customer, about our products and services by means of related communication (e.g. a newsletter)

d)

Identification and contact data (first name and surname, user name, e-mail address, home address, invoice address), IP address and IMEI code

To inform you, as a prospect, about our products and services by means of related communication (e.g. a newsletter)

a)

Identification and contact data (surname, first name, home address, invoice address, VAT number) and payment information

To comply with legal, regulatory and administrative obligations

c)

Identification and contact data (surname, first name, address), payment information and invoices

To defend and protect our rights

d)

 Cookie policy

 6.1. What are cookies?

 A cookie is a small text and number file that is stored in the browser or on the hard drive of the computer of the website visitor during a visit to the website. This file stores information, such as the language selection of the website visitor. When this website visitor visits the website again later on, this information will be sent again to the website. This way the website recognises the website visitor and, for example, their language selection can be automatically adjusted.

6.2. Types of cookies

In general, cookies can be classified as follows:

Essential cookies

These cookies are, merely for technical reasons, necessary for the proper functioning of a website. They are placed as soon as the website is visited. The use of these cookies cannot be refused.

Functional cookies

These cookies optimise the use of the website. They are placed as soon as a choice to accept the cookies is made. The use of these cookies cannot be refused.

 

Analytical cookies

These cookies allow us to analyze your use of the website in order to provide a better service. They are placed as soon as a choice to accept the cookies is made. U are free to accept these cookies or not.

Social Network Cookies

These cookies allow to share the content of a website via social media with others. There are being placed as soon as there is made a choice to accept cookies. U are free to accept these cookies or not.

Tracking cookies

These cookies allow that, on the basis of surfing behavior, a profile is built, in order to make personalized content or advertisements appear on the website. They are placed as soon as there is made a choice to accept cookies. You are free to accept these cookies or not.

Some cookies remain permanently saved on the website visitor’s device (permanent cookies), other cookies disappear when the website visit has ended (session cookies).

Some cookies are being placed and managed by us (Essential, Functional and Analytical cookies). Other cookies are being placed and managed by third parties, and thus ensure that certain data from a visit to our website are transferred to third parties (Social network cookies and tracking cookies). For these cookies we would like to refer you to the statements that these parties give on their respective websites. We cannot influence the content of these statements or the content of the cookies of these third parties.

6.3. Which cookies do we use

We use functional and analytical cookies. The data processed by these cookies is stored for 48 hours.

6.4. Accepting cookies

During your first visit to our website there will appear a cookie banner, in which we inform you about the use of cookies on our website and we ask your consent to the use of cookies other than essential and functional cookies.  You are free to grant your permission or not.

6.5. Managing cookies

You can alter your consent to the use of cookies other than essential and functional cookies, at any time on the privacy page of our website.

  1. Who receives your personal data?

Your personal data will not be sold, transferred or communicated to third parties, unless we are obliged to do so based on mandatory legal provisions or if you have given us your explicit consent to do so in advance. We have taken all legal and technical precautions to prevent unauthorised use of data.

Within our company we see to it that your personal data are only accessible to persons who need them to comply with our contractual and legal obligations. In certain cases, our employees are assisted in their work by external service providers, called processors.

Each processor is under the obligation to guarantee the safety and confidentiality of your personal data and always acts in accordance with our instructions. We will only use processors that provide adequate guarantees as to the application of appropriate technical and organisational measures to ensure that the processing meets the requirements of the GDPR and the protection of your rights is guaranteed.

  1. How long do we store your personal data?

Your data will be stored as long as this is necessary to achieve the aforementioned purposes. Please take into account that numerous (legal) storage periods result in the fact that personal data (must) remain stored. Insofar as there is no storage obligation, personal data will be removed from the database when they are no longer necessary to achieve these purposes or when you exercise your right to deletion of the data in a valid manner.

In addition, we may store personal data if you have given us your consent to do so, or if we may need these data in the context of a legal claim. In the latter case, we need to use certain personal data as evidence. To this end, we store certain personal data, in accordance with the period of limitation, which may be up to thirty years; however, the usual period of limitation in relation to personal claims is ten years.

  1. Security of personal data?

We have taken all reasonable and adequate technical and organisational security measures to protect your personal data as best as possible against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. For instance, we store your personal data at a single central and secured location on our server to prevent third parties from having access to your personal data.

  1. What are your rights?

10.1 Guarantee of a lawful and secure processing of personal data

Your personal data will always be processed for legitimate purposes, as explained in section 4. They will be collected and processed in an appropriate, relevant and proportional manner, and they will not be stored any longer than necessary to achieve the purposes defined.

10.2 Right of access

If you can prove your identity, you have the right to obtain information about the processing of your data. Specifically, you then have the right to receive information about the purposes of the processing, the categories of data, the categories of recipients to whom the data are sent, the criteria that determine the period of storage of the data, and the rights you can exercise in relation to accessing your data.

10.3 Right to rectification and completion of personal data

Inaccurate or incomplete information can be corrected. First of all, it is your responsibility to make the necessary adjustments in your ‘user area’. You can also contact us with a request for rectification.

10.4 Right to be forgotten or right to erasure of your personal data

You also have the right to have your personal data erased, in the following cases:

  • Your personal data are no longer necessary for the purpose defined;
  • You revoke your consent to the processing of your data and there is no other legal basis for the processing of your data;
  • You have exercised your right to oppose in the prescribed manner;
  • Your personal data have been unlawfully processed;
  • Your personal data must be deleted by virtue of a legal obligation.

The deletion of data is mainly related to visibility. It is possible that the deleted data remain stored for some time.

10.5 Right to restriction of the processing of your personal data

In some cases you have the right to ask for the restriction of processing of your personal data. This certainly applies in case of a dispute relating to the accuracy of data, when the data are required in the context of legal proceedings, or during the time necessary for us to determine that you can validly exercise your right to deletion.

10.6 Right to object to the processing of your personal data

You have the right to object to the processing of your personal data for ‘direct marketing’ purposes at any time. We will stop processing your personal data unless it can demonstrate that there are imperative legal reasons for the processing which override your right to oppose.

10.7 Right to data portability

You have the right to obtain the personal data provided to us in a structured, current and machine-readable format. You also have the right to transfer these personal data to another controller, unless this is technically impossible.

10.8 Right not to be subject to automated decision-making

You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you.

In three situations you cannot exercise this right:

  1. when a law allows it (e.g. to prevent tax fraud);
  2. when the decision-making is based on your explicit consent;
  3. when the decision is necessary for entering into, or performance of, a contract (please note: in this case we always study, for each individual case, whether there are less privacy-intrusive methods for entering into or performance of the contract).

10.9 Right to withdraw your consent

You have the right to withdraw your consent at any time, for example for direct marketing purposes.

  1. How can I exercise my rights?

If you wish to exercise your rights, you must send a written request and proof of your identity by registered letter to the address listed above. We will reply as soon as possible, no later than (1) month after receiving your request. 

  1. Transfers to third countries?

We only transfer your personal data to processors or controllers in third countries insofar as it is legally authorised to do so.

Insofar as such transfers are necessary, we take the necessary measures to ensure that your personal data are highly protected and that all transfers of personal data outside the EEA take place in a lawful manner. If a transfer takes place to a country outside the EEA for which the European Commission has not determined that it offers an adequate level of protection, the transfer shall always be subject to an agreement that complies with all requirements for transfers to third countries, such as the standard provisions on data protection approved by the European Commission. You can consult the standard provisions approved by the European Commission via the following hyperlink: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_nl.

  1. Possibility of filing a complaint

If you are not happy about the processing of your personal data by us, you have the right to file a complaint with the competent Data Protection Authority (https://www.privacycommission.be/).