This Data Protection Policy (the “Policy”) explains how Chocolaterie Guylian NV, with offices at Europark-Oost 1, B-9100 Sint-Niklaas, Belgium and with company number 0405.986.273 (hereafter “Guylian”), as a controller, processes your personal data in relation to the website www.guylian.com (hereafter the “Website”) and our products and services.
The references to “we” “our” and “us” in this Policy are references to Guylian. “You” and “your” refer to any person whose Personal Data we process when he or she uses our Website, provides us Personal Data by contacting us.
II. How do we collect personal data?
Guylian may collect your Personal Data either from you directly or indirectly as website visitor, consumer or business contact. For instance, Guylian collects your Personal Data when you contact us by phone, e-mail, letter or through our contact form on the Website or via social media regarding our products and services, when you visit our Website or social media platforms on which we operate.
III. Which personal data do we collect?
contact details, such as name and surname, telephone number, address details, e-mail address;
social media-related information, such as your user ID, profile name or username;
other personal details you may share with us.
We do not process special categories of personal data as referred to in Article 9(1) of the GDPR.
IV. For which purposes do we process your personal data and on which legal bases?
Guylian will only process your Personal Data for a specific purpose based on a legal ground, and in particular we may process your Personal Data for:
Functioning of the website: On the basis of our legitimate interest, we may process your Personal Data for the correct functioning of the Website and to improve the use of the Website to offer you a better user experience;
Communication: On the basis of our legitimate interest we may process your personal data for answering your questions, for instance regarding our products and services;
Legal obligations: On the basis of the necessity to comply with legal obligations we may process your Personal Data to comply with any legal obligations to which we may be subject.
V. Who has access to your personal data?
Our employees may process your Personal Data but only to the extent necessary for their duties. They are bound by an obligation of confidentiality with respect to the processing of your Personal Data.
In addition, the following persons may have access to your Personal Data:
Third party service providers: We may disclose your Personal Data to third party service providers, such as IT service providers who build and maintain the Website, providers of website hosting services, communication or marketing consultants, auditors, attorneys, etc., to the extent necessary to assist us in carrying out the aforementioned services.
Competent authorities or judicial bodies: We may disclose your Personal Data to the competent authorities or judicial bodies if we are legally obligated to do so.
VI. Cross-border transfers of your personal data
Your Personal Data will not be transferred to other countries both inside and outside of the EU and the EEA. If this would change, we will only transfer to countries outside the EEA if we are satisfied that adequate levels of protection are in place to protect any information held in that country.
VII. Retention of your personal data
We apply a general rule of keeping your Personal Data only for as long as required to fulfill the purposes for which it was collected.
In some circumstances we may retain Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, tax or accounting obligations or in the event of complaints or challenges, in or outside of the court.
VIII. Security measures
We will hold your Personal Data securely whilst it is under our control, including where it is processed by third party service providers on our behalf. We train our employees in respect of their obligations under data protection laws, and we ensure that only our relevant employees, contractors and agents have access to your Personal Data.
We take the security of our physical premises, our servers and the Website seriously and we take all appropriate technical measures using recognized security procedures and tools in accordance with good industry practice to protect your Personal Data across all of these platforms.
IX. Your rights as data subject
As a data subject, you are entitled to request access to your Personal Data and, provided that the legal conditions be met, rectification or erasure of their personal data, restriction of processing, portability of the personal data and you have the right to object to the processing of your personal data on grounds relating to your particular situation.
X. How to contact us
To exercise your rights, or if you have questions or complaints about the processing of your Personal Data by Guylian you can contact us by email at firstname.lastname@example.org or by letter (Guylian NV, Europark-Oost 1, B-9100 Sint-Niklaas, Belgium).
If you believe that we do not comply with the provisions of this Policy or the applicable laws, we welcome your complaints or observations so we try to find a solution with which you are comfortable. If you are not satisfied with your response, you are entitled to submit a complaint to the Data Protection Authority (Drukpersstraat 35, 1000 Brussel, Belgium; tel: +32 (0)2 274 48 00 / email email@example.com).