This privacy policy concerns all data that are collected and used by the company TONER DE PRESSE, based at rue Courtois 22, 4000 LIEGE, BELGIUM, VAT number BE 0475.649.101, in connection with its website http://www.tonerdepresse.be/. The intention of this policy is to inform the person concerned of the purposes and legal grounds that apply to the processing of their personal data.
Supervisory authority : A supervisory authority designated by the Member State under Article 51 of the GDPR. In Belgium, this is the “Data Protection Authority”.
Client : The natural or legal person who places an order with the data controller or to whom the data controller offers goods or services.
Personal data (or data) : Any information related to an identified or identifiable natural person (hereinafter a “data subject”). An “identifiable natural person” is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, psychological, economic, cultural, or social identity.
Sensitive data : Personal data related to sensitive aspects such as racial or ethnic origin, political opinions, religion or any other beliefs, health or any medical condition, criminal history, trade-union membership or sexual orientation. Sensitive data may be processed with the consent of the data subject. If the data subject provides sensitive data, they consent to the processing of such data by the data controller.
Supplier : A natural or legal person who usually provides certain products and services to the data controller.
Internet user : A natural person who visits the website/web pages at http://www.tonerdepresse.be/
Notification : The provision by the data controller of information to the Authority, in accordance with Article 33 of the GDPR, in the event of a breach of personal data.
Privacy policy : The present policy, which is related to the protection of personal data.
Data controller : The natural or legal person, public authority, department, or any other body that determines the purposes and means of the processing, which in this case is the company TONER DE PRESSE, based at rue Courtois 22, 4000 LIEGE, BELGIUM, VAT number BE 0475.649.101
Sub-contractor : The natural or legal person, public authority, department or any other body that processes personal data on behalf of the data controller.
Processing : Any operation or set of operations that may or may not be performed by automated means, upon personal data or sets of personal data, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or other means of making the data available, the alignment or combination, limitation, deletion, or destruction.
Breach : A breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
In accordance with GDPR, data are collected for specific purposes.
The collection of data must also be based on one of the legal grounds provided for in Article 6 of the GDPR.
If the data controller decides to use the data for a purpose other than that stated in the present policy, they shall inform the data subject in advance about this other purpose.
– Personally identifiable information :
Initial information may be collected in the course of communications with the data controller, in particular when a client account is being set up. The data collected are the following personally identifiable information:
• Surname
• First name
• Telephone number
• E-mail address
• Work address
These data are collected because they are necessary for the fulfilment of the contract and because they allow the data controller to manage their clients (to manage client accounts, as well as orders, payments, and so on).
They may also be collected to enable the data controller to perform its tasks (complaints management, loyalty schemes, and marketing).
– Data related to lifestyle and preferences:
The data controller may also collect lifestyle data such as:
• Preferences (in terms of brands, products, interests, and so on)
• Information related to purchases (order reference, details of items purchased, delivery status, method of payment)
• Customer-service notification
The data are processed to enable the data controller or a third party to perform its tasks (improvement of the user experience, prospecting purposes, and so on), or in the context of the fulfilment of the contract (execution of, and follow-up on, orders).
– Financial identification data:
The data controller may collect financial-identification data, i.e., bank-account number, name of the bank, and so on, as long as it is necessary for the execution of the contract and for the processing of payments.
– Electronic-identification data:
The data controller also collects electronic-identification data, i.e., anonymised IP addresses, screen resolution, type of device, the operating system used, information about the browser used, location of the connection (country), preferred language on the website, the date and time the pages where consulted, the tracking of mouse movements, the keyboard keys used, and so on.
These data are collected to enable the data controller or a third party to perform its tasks (improvement of the user experience, measurement of the number of visitors, improvement of website security, and so on).
The data subject may also consent to the processing of their data.
The data processed by the data controller on the basis of consent depend on the reason for said consent. Typical reasons include, for example:
• subscription to a newsletter
• taking part in surveys and market research
The data controller shall keep the data as long as it is needed for processing.
Retention periods are determined on the basis of several criteria such as the type of processing, the purpose of the processing, the place where the data is stored, the nature of the data subject, and the type of data collected. The retention period for a particular data-processing operation may be communicated to the data subject upon request.
In any event, the data controller shall keep the data in compliance with the legal retention periods.
The data may be collected by the data controller through the site host or by the data controller’s subcontractors. The data are then passed on to the data controller. The list of intermediaries can be consulted on request.
La liste des intermédiaires peut être consultée sur demande.
Some intermediaries may be based in a third country outside the European Economic Area (EEA), which can guarantee an adequate level of personal-data protection, as required by the European Commission.
When the intermediaries are based in countries that do not comply with an equivalent level of personal data protection, the data controller shall take specific measures in accordance with legislation on the protection of data that is in force in the EEA to protect personal data.
Data are collected when they are communicated to the data controller via the website or via subcontractors.
Data can also be collected through cookies.
Data are collected mainly for the purpose of the proper fulfilment of the contract.
Data may, in particular, be used for client management and the management of contracts for the provision of services by said clients.
Data may also be used to:
• Respond to information requests, and to follow up on them
• Provide information about possible changes in services offered and/or applicable documentation such as the terms and conditions or the confidentiality policy
Data is also collected in order to comply with legal obligations, in particular with regard to accounting, to comply with a court order, to respond to a request from the public authorities, to protect the interests of the data controller, as well as those of partners and clients, and to protect its services; to ensure compliance with the general conditions, the confidentiality policy, and any applicable documentation; and to formulate a possible appeal or limit any prejudice that the data controller may suffer.
Finally, the data may be collected to enable the data controller or a third party to do their work, in particular for canvassing or to ensure the security of the data controller’s site or of networks and information.
The data may be communicated to third parties who have a direct relation with the data controller when necessary and, in particular, to the entities listed below:
Service providers chosen by the data controller, who are in charge of hosting websites, providing infrastructure, IT services, e-mail services, auditing services and any other similar services, in order to enable them to provide said services
• The service providers chosen by the data controller to ensure deliveries in the context of online orders
• To a potential buyer, in the event of a total or partial transfer of the data controller’s activities (merger, sale, transfer of assets, judicial reorganisation, etc.)
• In the event of a dispute, the data may be transmitted to a third party in charge of managing disputes (a law firm, a collection company, etc.), who will also ensure compliance with the applicable legislation regarding this information
• An accountant, a public authority, etc., in order to comply with the data controller’s legal obligations (communication of data to the accountant, responding to a request from the public authorities, complying with a court order, etc.)
The list of service providers is available on request.
Appropriate technical and organisational measures have been put in place to ensure a level of security appropriate to the risks, including, as required:
• the means to ensure the continued confidentiality, integrity, availability, and resilience of processing systems and services
• the means to restore the availability of, and access to, personal data within an appropriate timeframe in the event of a physical or technical incident
Details of these security measures are available on request.
Depending on the type of processing performed on their personal data, the data subject may exercise several of the following rights:
A. The right to be informed
Any data subject has the right to be informed about the data collected on them. It is in particular through this privacy policy that the data controller wishes to provide this information.
A data subject who would like to obtain more information about the personal data collected on them may find their request refused in the following cases:
• The data subject already has this information.
• The request requires disproportionate effort or proves to be impossible to achieve.
• Providing this information would seriously undermine the purpose of the processing.
B. The right of access
All data subjects have the right of access to their personal data.
To do so, the data subject must make a request to the relevant department of the data controller so that the latter can detail the precise data held about them, subject to the rights and freedoms of others, which cannot be compromised.
A reply must be given within one month of the request’s being made by the data subject. However, this period may be extended by a further month depending on the complexity and the number of requests. In the latter case, the data subject will be informed within one month of their request for access.
The data controller is entitled to require payment of “reasonable costs” in relation to the administrative costs incurred in issuing these documents in the event that requests are repetitive, unfounded or manifestly intended to abuse this right of access.
C. The right to rectification
Any data subject has the right to secure from the data controller, as soon as possible, the rectification of personal data concerning him/her that are inaccurate.
The data subject may also request that incomplete data be completed, in particular by providing an additional declaration.
The data controller shall notify the data subject of the completion of this procedure.
D. The right to erasure
A data subject can claim the right to erasure of their data whenever one of the following reasons arises:
• The data are no longer necessary for the purposes for which they were collected or processed by the data controller;
• The data subject wishes to withdraw their consent and there is no other legal basis for such processing;
• The data subject object to the processing required for the legitimate interests being pursued by the data controller or by a third party;
• The data subject has a right to object and is making use of this right;
• The data has been unlawfully processed;
• The data has to be erased in order to comply with a legal obligation laid down by EU law or by the law of the Member State to which the data controller is subject.
In the event of such a request, the data controller shall take reasonable measures to remove such data, within one month of the request.
The data controller shall notify the data subject of the completion of these measures.
In the event that the data controller does not wish to comply with the request, reasons shall be given for the refusal.
The right to erasure does not apply insofar as the processing of such data is necessary:
• to exercise the right to freedom of expression and of information
• to comply with a legal obligation that requires processing under EU law or the law of the Member State to which the data controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller
• for the establishment, exercise, or defence of legal rights
• for archival or statistical purposes as set out in Article 89 of the GDPR
E. Right to have processing restricted
The data subject has the right to have the data controller restrict processing when one of the following applies:
• the accuracy of the personal data is contested by the data subject, for a period allowing the data controller to check the accuracy of such personal data
• the processing is unlawful, and the data subject objects to the erasure, and demands instead that their use be restricted
• the data controller no longer needs the personal data for the purposes of processing, but the data is still needed by the data subject for the establishment, exercise, or defence of legal rights
• the data subject has objected to the processing by virtue of their right to object, while it a check is being carried out on whether the legitimate grounds being pursued by the data controller prevail over those of the data subject.
This request to have processing restricted implies that the personal data may, with the exception of storage, be processed only with the consent of the data subject, or for the establishment, exercise, or defence of legal rights, or for the protection of the rights of another natural or legal person, or on strong grounds of the public interest of the EU or of a Member State.
The data controller shall inform the data subject when this procedure has been completed.
F. Right to data portability
Where the processing of the personal data of the data subject is based on the consent given by the latter, or on a contract, and where such processing is carried out by automated means, and provided that the data have not been made anonymous, the data subject may ask to received such data in a structured, commonly used, and machine-readable format.
The data subject shall be able to pass on these data to another data controller, without the data controller’s being able to prevent this.
G. Right to object
The data subject shall have the right to object at any time, on grounds related to their particular situation, to the processing of their personal data based on the public interest or the legitimate interest of the data controller, including profiling based on such interests.
The data subject may also object to the processing of data based on their consent or on a contract, provided that the data were collected for the purposes of prospecting or for archival and statistical purposes.
The data controller shall no longer process such data unless it can demonstrate legitimate and compelling grounds for doing so that override the interests and rights and freedoms of the data subject, or for the establishment, exercise, or defence of legal rights.
An information request can be made internally, via e-mail: info@tonerdepresse.be
In the event of an unsatisfactory response to your request, you can exercise one of the rights provided for above, or lodge a complaint with the Data Protection Authority.
You can contact them in the following ways:
• Telephone: (+32) (0)2 274 48 00
• E-mail : contact@apd-gba.be
• Online contact form : https://www.dataprotectionauthority.be/citizen/actions/lodge-a-complaint
• Address: Data Protection Authority, Rue de la Presse 35, 1000 Brussels, Belgium
• Fax: (+32) (0)2 274 48 35
Last update: June 2024.
TONER DE PRESSE SA
Rue Courtois, 22
4000 Liège (Belgium)
TONER DE PRESSE
at Seed Factory
Avenue des Volontaires, 19
1160 Brussels (Belgium)
RPM Liège – VAT BE 0475 649 101
©Toner de Presse 2024 – Designed by Visible.be
