PRIVACY POLICY
Mlle D'Errico
1. Who is responsible for your personal data?
The S.N.C. Mlle D'ERRICO ("Mlle D'Errico" or "the data controller"), having its registered office located at 28, Avenue Guillaume Gilbert, 1050 Ixelles, Belgium, registered with the Crossroads Bank for Enterprises under number 0722.933.575, and duly represented by Mlle D'Errico, administrator, founder, and legal representative, shall be understood, within the meaning of the General Data Protection Regulation ("GDPR"), as the data controller insofar as it processes the personal data of:
- Its B2C customers;
- Its potential future customers;
- The natural person representatives of its B2B customers;
- Its B2C prospects;
- The natural person representatives of its B2B prospects.
("you" or "the data subjects").
This Privacy Policy ("Policy") aims to inform you, in the most transparent manner possible, about how Mlle D'Errico processes, collects, and stores your personal data.
This Policy is purely informative and in no way affects the contractual provisions to which you are subject, including but not limited to, the General Terms and Conditions of Sale of Products of Mlle D'Errico. These documents therefore retain their full validity and enforceability.
2. Essential Definitions
For the purposes of this Policy, the following terms shall mean:
i. « personal data », any information that allows you to be identified, as a natural person, directly or indirectly.
For example: name, e-mail address, telephone number, national registry number, address, etc.
ii. « processing of personal data », any operation or set of operations performed or not performed using automated processes and applied to personal data or sets of personal data.
For example: collection, recording, organization, structuring, storage, adaptation or alteration, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
iii. « data controller », the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing.
In this case, it is the SNC Mlle D'Errico.
iv. « processor », the natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
v. « third party », any natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
vi. « recipient », the natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
3. What personal data does Mlle D'Errico process? And by what means does it have access to it?
a. Categories of data processed
To achieve the processing purposes listed below, Mlle D'Errico is required to process the following categories of personal data:
- Identification data: last name, first name, if applicable the company name, postal and delivery address;
- Electronic and telephone identification data: e-mail address and telephone number;
- Billing data (including VAT number if necessary);
- History of past orders;
- Banking information (provided for online payment);
- IP address;
- Data to create your user account on the webshop;
- Any other data voluntarily transmitted by the data subject to Mlle D'Errico, particularly in the sections where you can leave a review on Mlle D'Errico's products.
b. Special categories of data
In principle, Mlle D'Errico does not process special categories of personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning your sex life or sexual orientation, without your consent.
c. Non-personal data
Mlle D'Errico may also be required to collect non-personal data.
This data is qualified as non-personal data because it does not allow for the direct or indirect identification of a specific person. It may therefore be used for any purpose whatsoever.
However, in the event that non-personal data is combined with personal data such that identification of the data subjects is possible, this data will be treated as personal data until its association with a specific person is made impossible.
d. Collection methods
Direct. Most personal data concerning you is collected directly from you by Mlle D'Errico, notably through your orders on its webshop or other forms of contact you may have with it.
4. Why does Mlle D'Errico process your personal data? And on what legal basis(es) is it based?
| Legal Bases | Purposes |
|---|---|
| Processing on the legal basis of the performance of the contract between you and Mlle D'Errico |
As a customer of Mlle D'Errico's webshop (B2B and B2C), your personal data is processed, notably for the following purposes:
|
| Processing based on the legitimate interests of Mlle D'Errico |
|
| Processing based on compliance by Mlle D'Errico with a legal obligation to which it is subject |
Processing of personal data may result from a legal obligation requiring Mlle D'Errico, for example, to respond to a request from an authorized third party (see point 5b.§2), to take back products purchased following the activation of the consumer-customer's right of withdrawal, or to apply tax and social security obligations. |
| Processing based on your consent |
The sending of commercial prospecting / newsletters is subject to your consent. |
| Processing not yet envisaged |
Mlle D'Errico may be required to carry out processing that is not yet provided for in this Policy. In this case, you will be contacted by her before any reuse of your personal data to inform you of the processing not yet envisaged and to give you the possibility, if applicable, to refuse it. |
5. Who has access to your personal data?
a. Internal recipients
Access to your personal data is strictly limited within the SNC to Mlle D'Errico herself.
b. External recipients
In the course of its activities, Mlle D'Errico may share your data, notably with the following recipients:
- Its IT provider and host (Prestashop);
- Its online payment providers (Stripe, PayPal);
- Its logistics and delivery providers (Mondial Relay, Bpost).
It is also possible that Mlle D'Errico may be required to disclose some of your personal data to third parties authorized to know it, notably when legislative provisions, a court decision, or an order from a public authority make such communication necessary.
This may include communication to the following third parties: judicial or governmental authorities, banking institutions, labor inspections, tax services, police services, bailiffs, social secretariats, National Office for Annual Vacations, ONSS, ONEM, the SPF Finance, family allowance funds, sectoral social funds, etc.
None of your personal data is transferred to third countries located outside the European Union or to international organizations.
Should this become the case, Mlle D'Errico undertakes to take appropriate security measures to ensure a sufficient level of protection for your personal data.
6. How long does Mlle D'Errico keep your data?
In general, your personal data is kept only for the time necessary to achieve the purpose for which Mlle D'Errico processes it.
Mlle D'Errico ensures that these retention periods are relevant and comply with legal deadlines.
Regarding specific retention periods, Mlle D'Errico has defined the following durations:
- 10 years from the end of the contractual relationship between you and Mlle D'Errico;
- 3 years from the end of the commercial relationship regarding customer data used for commercial prospecting purposes;
- 3 years from their collection or from the last contact from the prospect regarding data relating to prospects used for commercial prospecting purposes. Mlle D'Errico may contact the prospect at the end of this period to ask if they wish to continue receiving commercial solicitations. In the absence of a positive and explicit response from the person, the data will be deleted or archived for a period in accordance with current provisions.
7. What security measures are in place for your personal data?
Mlle D'Errico implements appropriate technical and organizational measures to ensure an adequate level of security regarding the processing of your personal data, notably against loss, theft, misuse, or alteration of information received, unauthorized disclosure, or use.
This security level is established based on the risks presented by the processing and the nature of the data to be protected and includes, in particular, encryption measures, access restriction, and secure hosting.
In the unlikely and unfortunate event that your personal data should be compromised due to a security breach, Mlle D'Errico undertakes to act quickly to identify the cause of this breach and to take appropriate remedial measures.
If necessary, in accordance with applicable law, she will inform you of this incident.
8. Your rights
As a data subject regarding the processing of your personal data, you have a number of rights concerning the access and control of your personal data, including:
a. Right of access
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to said data.
b. Right to rectification
You have the right to obtain the rectification of inaccurate personal data concerning you.
c. Right to erasure ("right to be forgotten")
You have the right to obtain the erasure of personal data concerning you under certain conditions.
d. Right to restriction of processing
You have the right to obtain the restriction of processing in certain circumstances.
e. Right to data portability
You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.
f. Right to object
You have the right to object at any time to the processing of personal data concerning you based on legitimate interest.
g. Right to withdraw consent
Where processing is based on your consent, you have the right to withdraw that consent at any time.
How to exercise your rights?
If you wish to exercise any of these rights, you can contact Mlle D'Errico:
- By email: info@mllederrico.shop
- By postal mail: SNC Mlle D'ERRICO, 28 Avenue Guillaume Gilbert, 1050 Ixelles, Belgium
Your request must be accompanied by a copy of your identity card or any other document allowing your identity to be verified.
9. Questions, claims or complaints
If you wish to react to any of the practices described in this Policy, you are advised to contact the GDPR Referent of SNC Mlle D'Errico: Mademoiselle D'Errico herself, who is available at the e-mail address info@mllederrico.shop.
You may also lodge a complaint with the Belgian Data Protection Authority:
Data Protection Authority
Rue de la Presse, 35
1000 Brussels
Tel. + 32 2 274 48 00
Fax. + 32 2 274 48 35
contact@apd-gba.be
Finally, you have the possibility to lodge a complaint before the competent national courts.
10. Modification of the Policy
Mlle D'Errico reserves the right to modify this Policy, in particular to adapt it to new legal requirements.
Such modifications will take effect immediately after the update of this document.
This update will be communicated to you via Mlle D'Errico's webshop.