- Policy Summary and Treatment Overview
- Data Controller
1 rue aux Laines, 1000 Brussels
Belgian Trade and Companies Register n°0763.773.842
- Recipients of the personal data
- Shopify, our website building and hosting tool.
- Google services, including google mail
- Instagram and Facebook, social media platforms we use to build and gather our community
- Data subject's rights
- Right to access your data;
- Right to rectify, update and complete data;
- Right to erase your data;
- Right to a limitation of the processing;
- Right to the portability of your data;
- Right to object to the processing;
- Right to withdraw your consent.
- Transfer of personal data to a third country
Yes, USA and Canada, where Shopify, Stripe, Shopify Email, Facebook & Instagram are based.
- General Provisions
Sophie Derom is committed to protecting and respecting your privacy.
According to the Applicable Data Protection Laws, you may be entitled to file a complaint with your local Supervisory Authority or the lead Supervisory Authority, such as the Belgian Data Protection Authority (address: Rue de la presse 35, 1000 Bruxelles, email: email@example.com). This will generally be the case when you are located within the European Economic Area (hereinafter the “EEA”), which includes Belgium. We would appreciate it however that, prior to filing any complaint, you contact us for us to assist you with your request or concern.
Please note that the Services may contain links to other websites, digital platforms or Internet resources which may collect personal data voluntarily or through cookies or other technologies. Sophie Derom has no responsibility, liability for, or control over those other websites or Internet resources or their collection, use and disclosure of your personal data. Sophie Derom recommends that you review the privacy policies of those other websites, tools and Internet resources to understand how they collect and use personal data.
- Data Processed by Sophie Derom
The categories of personal data which can be processed by Sophie Derom depend on the relationship you have with Sophie Derom:
- If you agree to receive our Newsletter
In a nutshell: Sophie Derom offers you the possibility to keep in touch and receive the newsletter of Sophie Derom from time to time, for example by filling out the form available on our website.
Personal data processed: email address.
Purpose of the processing: sending a newsletter.
Legal basis for the processing: your consent will be expressly asked (and can be removed at any time – just sent us an email to firstname.lastname@example.org).
- If you contact Sophie Derom
In a nutshell: you are filling out the contact form available on our website in order to receive additional information.
Personal data processed: first name, last name, e-mail address, and any relevant personal data you provided Sophie Derom with in this context.
Purpose of the processing: reaching out to you with the requested information and/or answering your questions.
Legal basis for the processing: we rely on our legitimate interest.
While we make every effort to ensure that your personal data is accurate, complete and up to date, you can help us considerably in this by promptly notifying us if there are any changes to your data by contacting our date controller as indicated under section 1.
Data collected via automated means: In addition to the above, we might collect certain information by using automated means, such as cookies, when you visit our website, pages or use other of our Services.
Users can’t disclose personal data to Sophie Derom about another person unless this person has given consent. (except when it comes to minimal personal data needed to provide a third party with a gift).
Sophie Derom will not collect any sensitive data. This includes data such as: data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation from Users. Sophie Derom will, if necessary, obtain your explicit consent to collect such data.
The User undertakes to communicate correct personal data to Sophie Derom. The User can change provided personal data at any time. Sophie Derom cannot be held liable for any malfunctioning in the Services due to erroneous personal data communicated by the User or modifications to the User’s personal data by third-party management tools.
Sophie Derom ensures that its direct marketing activities comply with the applicable legislation. Sophie Derom does not sell or rent personal data to marketing agencies or third parties.
- Your rights
Under Applicable Data Protection Law, you may have certain rights regarding the personal data we process about you.
You can choose not to provide personal data to us. You also may refrain from submitting data directly to us. However, if you do not provide your personal data when requested, or if you exercise your rights, you may not be able to benefit from the Services (as applicable), and we may not be able to provide you with information about Services.
You have the right to:
- obtain access to the personal data held about you;
- ask for incorrect, inaccurate or incomplete personal data to be corrected;
- request that personal data be erased, for example when it’s no longer needed;
- object to the processing of your personal data in specific cases;
- request the restriction of the processing of your personal data in specific cases;
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
- withdraw consent at any time, if the processing is based on consent.
If you have any questions on these rights, or if you wish to exercise these rights, please contact us at the following address email@example.com
- We will then provide information to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
- These rights will be exercised free of charge unless the requests are manifestly unfounded or excessive. In the latter cases, Sophie Derom can either charge a reasonable fee or refuse the requested action.
- Disclosure of personal data
Although Sophie Derom may transfer personal data to so-called business partners, consultants or other service providers for the performance of the Services (as applicable) or any other contract we enter into with them or you, we will not share data with third parties for secondary or unrelated purposes unless otherwise stated when collecting these data.
Recipients Sophie Derom may share collected personal data with:
- Shopify, software as a service for our website building and hosting,
- Stripe, our online payment tool,
- Shopify Email, our emailing service,
- Instagram and Facebook, social media platforms we use to build and gather our community.
If Sophie Derom gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business to another company, we may share your information with that company before and after the transaction closes.
Where appropriate or required, Sophie Derom will be entitled to transmit personal data to law enforcement authorities, regulatory or other government agencies, or third parties where necessary or desirable to comply with legal or regulatory obligations or in the context of the above-mentioned purposes.
As the case may be, one or more of the above may be located outside of the EEA. Where applicable, your personal information will be processed in compliance with section 6.
- Retention period
Sophie Derom does not store the data longer than legally admissible and in any case not longer than required for the purposes for which it was collected unless otherwise required or authorized by Applicable Data Protection Law. We take measures to delete or permanently de-identify your personal data if required by law or if your personal data is no longer required for the purpose for which we collected it.
The retention period is the following:
- All personal data we collect in the framework of our contractual relationship with you as a client, are stored as long as you are a client, and will be deleted 7 years after your last use of our service,
- In the case where you gave your consent to receive the newsletter, the data will be processed, and the newsletter will be sent, as long as you do not unsubscribe from the newsletter/remove your consent.
- International data transfers
To offer and perform our Services, Sophie Derom may potentially need to transfer your personal data among several countries. The personal data that we collect from you is in principle not transferred to, and stored at, a destination outside the EEA, excepted when it comes to, Shopify our website building and hosting software, Stripe, our online payment tool, and Google services, our emailing service, that are all based in the United States of America (USA) and Canada.
More information can be accessed here:
- Security of data
The security of personal data is important to us. Sophie Derom shall take all reasonable and appropriate technical and organizational measures to protect the security, confidentiality and integrity of personal data. In particular, Sophie Derom will take appropriate measures to prevent any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or other digital assets, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not without any risks. The User consequently acknowledges that we cannot guarantee the security of her/his personal data to our website or other digital assets (such as our applications, tools, …); any transmission is at your own risk. We will however do our best to protect your personal data once we have received it and will use strict procedures and security features to try to prevent unauthorized access.