PRIVACY POLICY FOR THE Copy Th-AD WEBSITE
Subject
This privacy policy (the Privacy Policy) is established by Copy Th-AD, with registered office at Heirbaan 115 3350 Drieslinter, registered in the Crossroads Bank for Enterprises under the number BE0657.963.470 (hereinafter referred to as the “Data Controller”).
The Privacy Policy informs visitors of the following website: www.copyth-ad.be (hereinafter referred to as the “Website”) about the way personal data is collected and processed by the Data Controller.
The Privacy Policy is an expression of the Data Controller’s intention to act in all transparency, in accordance with the Law on the protection of natural persons with regard to the processing of personal data in accordance with 30 July 2018 and with Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation”).
The Data Controller pays particular attention to the protection of the privacy of its users and therefore undertakes to take all necessary and reasonable measures to protect the personal data of these persons against loss, theft, dissemination or unauthorized use thereof.
“Personal data” refers to all information about an identified or identifiable natural person. An identifiable person is considered to be a natural person who can be identified directly or indirectly.
If the user wishes to respond to one of the provisions mentioned below, he can contact the Data Controller at the postal address or e-mail address shown in the “contact details” point of the Privacy Policy.
What data do we collect?
The Data Controller collects and processes, according to the modalities and principles described below, the following personal data:
the domain of the user (automatically picked up by the server of the Data Controller), including the dynamic IP address; the user’s e-mail address if the user has previously entered it, for example by posting messages or asking questions on the Website, by communicating via e-mail with the Data Controller, by participating in discussion forums, by identifying himself to gain access to a restricted part of the Website, etc.; all information relating to the pages visited by the user on the Website; all information that the user has voluntarily communicated, for example in the context of surveys and/or registration on the Website, or by identifying himself to gain access to a restricted part of the Website. The Data Controller may also collect data that does not have a personal character. These data are qualified as non-personal data and do not allow a particular person to be identified directly or indirectly. These data can therefore be used for any purpose, for example to improve the Website, to improve the products and services offered or to improve the publications of the Data Controller.
In the hypothesis where personal data are combined with data without a personal character, so that it is possible to identify the persons concerned, these data will be processed as personal data until the persons concerned can no longer be identified on the basis of the conscious data, because the link between the personal data and non-personal data has been destroyed.
Method of data collection
The Data Controller collects the data in the following ways:
via a contact form via the subscription to a newsletter via the customer area via the webshop Purposes of the processing
The personal data are collected and processed for the purposes mentioned below:
ensure the management and control of the execution of the services offered; send and follow up orders and invoices; send promotional information relating to the products and services by the Data Controller; send promotional material; answer questions from users; realize statistics; improve the quality of the Website and the products and/or services by the Data Controller; forward information relating to new products and/or services by the Data Controller; commercial prospecting; allow the interests of the user to be better identified. We also collect and process personal data for the following purposes:
The Data Controller may be brought to carry out processing operations that have not yet been included/provided for in this Privacy Policy. In such a case, the Data Controller will contact the user before using his personal data, in order to inform the user of the changes and to give him the possibility, if necessary, to refuse such use.
Legitimate interests
Certain processing operations by the Data Controller are based on the legal basis of his legitimate interest. These legitimate interests are proportional to the compliance with the rights and freedoms of the user. If the user wishes more information about the processing purposes based on the legitimate interest, he is invited to contact the Data Controller (see “contact details” in this Privacy Policy).
Duration of storage
The Data Controller generally only stores personal data for the period that is reasonably necessary to achieve the proposed objectives and in accordance with legal and regulatory requirements.
The personal data of a customer are kept for a maximum of 10 years after termination of the contractual relationship that binds the customer to the Data Controller.
At the end of the retention period, the Data Controller will make every effort to ensure that the personal data have been made unavailable and inaccessible.
Exercise of rights
With regard to all the rights mentioned below, the Data Controller reserves the right to verify the identity of the person concerned.
This additional information will be requested within a period of one month after the request by the person concerned.
Access to data and copies
The user can obtain his written correspondence free of charge or a copy of his personal data processed by the Data Controller.
The Data Controller may require the user to pay all reasonable costs, based on the administrative costs for each additional copy requested by the user.
As soon as the user submits this request electronically, the information will also be delivered electronically, unless the user wishes otherwise.
Unless otherwise stipulated in the General Data Protection Regulation, the copy of his data will be communicated to the person concerned no later than one month after receipt of his request.
Right to rectification
The user can request the correction of his personal data free of charge if these contain errors, are incomplete or irrelevant, as well as request that his data be supplemented if these appear to be incomplete.
Unless otherwise stipulated in the General Data Protection Regulation, the request will be processed within a month of its submission.
The right to object to processing
The user can at any time, for reasons related to his personal situation, object free of charge to the processing of his personal data:
when the processing is necessary for the performance of a task of general interest or for a task in the exercise of public authority;
when the processing is necessary for the pursuit of the legitimate interests of the Data Controller, provided that the interest or the fundamental rights and freedoms of the data subject do not prevail over that interest (especially when the data subject is a child). The Data Controller may refuse to execute the user’s objection if he establishes the existence of compelling and legitimate reasons justifying the processing, which prevail over the interests or the rights and freedoms of the user, or when these are used for a dispute in law, the conduct of a defense in law or for the exercise of rights. In case of dispute, the user can appeal against this in accordance with what was determined in the point “objection and complaints” of the Privacy Policy.
The user can at any time, without any justification and free of charge, object to the processing of his personal data, if these data were collected for commercial prospecting purposes (including profiling).
If the personal data are used in the context of scientific or historical research or for statistical purposes in accordance with the General Data Protection Regulation, the user has the right to object to the processing of his personal data, this for reasons related to his personal situation, unless the processing would be necessary for a task in the exercise of public authority.
Unless otherwise stipulated in the General Data Protection Regulation, the Data Controller is obliged to respond within a reasonable period and at the latest within a month to the user’s request and must motivate his answer if he intends not to give a favorable outcome to the user’s request.
The right to limit processing
The user can obtain the limitation of the processing of his personal data, in the following cases:
when the user disputes the accuracy of a piece of data and only for the period that the Data Controller needs to check this;
when the use is unauthorized or when the user prefers the limitation of the operation over the deletion of the data;
when the user needs this limitation for a dispute, exercise or defense in law, although this is no longer necessary for the continuation of the purposes of the processing;
during the period necessary to investigate the validity of a request for opposition, in other words, the period that the Data Controller needs to make a balance between the legitimate interests of the Data Controller and those of the user. The Data Controller will inform the user as soon as the limitation of the operation is lifted.
The right to erasure (right to be forgotten)
The user can obtain the erasure of his personal data, if one of the motives mentioned below applies:
the data are no longer necessary in relation to the purposes of the processing; the user has withdrawn his consent for processing his data and there is no legal basis for further processing;
the user objects to the processing and there is no compelling legitimate reason for further processing and/or the user exercises his special right to object with regard to direct marketing purposes (including profiling);
the personal data have been subject to unauthorized use;
the personal data must be erased in order to comply with a legal obligation (of the law of the European Union or the law of a Member State) to which the Data Controller is subject;
the personal data were collected in the context of an offer for the provision of services aimed at children. However, the deletion of the data does not apply in the following cases:
as soon as the processing is necessary for the exercise of the right to freedom of expression and the right to information;
as soon as the processing is necessary to be able to comply with a legal provision that requires processing as provided for by the law of the European Union or by the law of one of the Member States to which the Data Controller is subject, or when the processing is necessary for the performance of a task of general interest or for a task in the exercise of public authority;
as soon as the processing is necessary for reasons of general interest in the field of public health;
as soon as the processing is necessary for archiving purposes of general interest, for scientific or historical research or for statistical motives, and provided that the right to erasure can make the realization of the purposes of the processing impossible or seriously hinder it;
as soon as the processing is necessary for the dispute, exercise or defense in law. Unless otherwise stipulated in the General Data Protection Regulation, the Data Controller is obliged to respond within a reasonable period and at the latest within a month, to the request for erasure of the user and must motivate his answer if he intends not to give a favorable outcome to the user’s request.
The right to “data portability”
The user can at any time request to obtain his personal data free of charge in a structured and commonly used format, readable by machines, with a view to transferring it to another data controller:
if the processing of the data is carried out using automated processes; and
if the processing is based on the user’s consent or on an agreement that was concluded between the latter and the Data Controller. Under the same conditions and following the same modalities, the user also has the right to demand from the Data Controller that the personal data concerning him be transferred directly to another responsible for the processing of personal data, as far as this is technically possible.
The right to data portability is not applicable to the processing that is necessary for a task of general interest or that forms part of the exercise of the public authority entrusted to the Data Controller.
Recipients of the Data and Disclosure to Third Parties
The recipients of the collected and processed data are, in addition to the Data Controller itself, the employees or other subcontractors, the carefully selected commercial partners, located in Belgium or the European Union, who collaborate with the Data Controller in the context of marketing products or providing services.
In the event that the data is disclosed to third parties for direct marketing purposes or commercial prospecting purposes, the user will be informed in advance to allow them to accept or decline the processing of their data by third parties.
Since this transfer is based on the user’s consent, the latter can withdraw their consent at any time.
The Data Controller complies with all applicable legal and regulatory provisions and will ensure that its partners, employees, subcontractors, and other third parties who have access to the personal data comply with this Privacy Policy.
The Data Controller reserves the right to disclose the user’s personal data if a law, legal procedure, or order from a public authority requires this disclosure.
No transfer of personal data will take place outside the European Union by the Data Controller.
Security
The Data Controller ensures appropriate technical and organizational measures to guarantee a security level concerning the processing of the collected data, in accordance with the risks that may arise regarding the data processing and tailored to the nature of the data to be protected. The Data Controller considers the state of knowledge, the costs of the implementation, and the nature, scope, context, and purpose of the processing, as well as the risks to the rights and freedoms of the users.
The Data Controller always uses encryption technology recognized within the IT sector as the industry standard when receiving or sending data on the Website.
The Data Controller has taken the necessary security measures to protect the information obtained through the Website and to avoid loss, misuse, or alteration.
In the event of a breach of the personal data processed by the Data Controller, it will act promptly to determine the cause and remedy the situation.
The Data Controller will inform the user when the law requires it.
Objections and Complaints
The user can file an objection with the Belgian Data Protection Authority at the following address:
Data Protection Authority
Drukpersstraat 35, 1000 Brussels
+32 (0)2 274 48 00 +32 (0)2 274 48 35 contact(at)apd-gba.be
The user can also file a complaint with the competent courts.
Contact Information
For any questions and/or complaints, particularly regarding the clarity and accessibility of the Privacy Policy, the user can contact the Data Controller:
By email: info@copyth-ad.be
By mail: Heirbaan 115, 3350 Drieslinter
Applicable Law and Jurisdiction
This privacy policy is subject to Belgian law.
The courts of the following judicial district have jurisdiction in case of a dispute: Drieslinter
Miscellaneous Provisions
The Data Controller reserves the right to modify the provisions of this Privacy Policy at any time. The changes will be published with an indication of their effective date.
This version of the Privacy Policy is dated 11/06/2024.