Privacy Policy

  1. Policy Summary and Treatment Overview 
  • Data Controller

Sophie Derom
1 rue aux Laines, 1000 Brussels
Belgian Trade and Companies Register n°0763.773.842

  • Recipients of the personal data
  1. Shopify, our website building and hosting tool.
  2. Google services, including google mail
  3. Instagram and Facebook, social media platforms we use to build and gather our community
  • Data subject's rights
  1. Right to access your data;
  2. Right to rectify, update and complete data; 
  3. Right to erase your data;
  4. Right to a limitation of the processing; 
  5. Right to the portability of your data;
  6. Right to object to the processing;
  7. Right to withdraw your consent.
  • Transfer of personal data to a third country
    Yes, USA and Canada, where Shopify, Stripe, Shopify Email, Facebook & Instagram are based.
  1. General Provisions 

The following Privacy Policy governs the processing of personal data by Collection by Sophie Derom, a company incorporated and existing under the laws of Belgium, with registered offices at 1 rue aux Laines, 1000 Brussels, listed in the Belgian Trade and Companies Register under n°0763.773.842, (hereinafter “Sophie Derom” or “we” or “us”). 

Sophie Derom is committed to protecting and respecting your privacy. 

The purpose of this Privacy Policy is to specify which categories of personal data Sophie Derom collects through its business activities, its website, applications, services and any other means relating to information or communication, including emails (hereinafter collectively referred to as the “Services”). It also describes how such data may be processed and disclosed to others. The Privacy Policy further sets out the different measures Sophie Derom has implemented to safeguard the security and confidentiality of the personal data it collects, how you can exercise your rights and how you can contact us about our privacy practices. 

Sophie Derom cares about the privacy of the users of its Services and all others whose personal data may be collected (hereinafter “User” or “you” or “your”) and will only collect and process personal data in accordance with the provisions of this Privacy Policy.

Sophie Derom is the Data Controller. Sophie Derom will act in compliance with the General Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016) and all other applicable data protection legislation such as the Belgian Act of 30 July 2018 regarding the protection of natural persons in relation to the processing of personal data, and as further detailed in the present Privacy Policy (“Applicable Data Protection Laws”). 

Should you have any questions about this Privacy Policy or the feeling that your interests are not or inadequately represented, you can contact us via email ( or by sending a letter to the above-mentioned address.

According to the Applicable Data Protection Laws, you may be entitled to file a complaint with your local Supervisory Authority or the lead Supervisory Authority, such as the Belgian Data Protection Authority (address: Rue de la presse 35, 1000 Bruxelles, email: This will generally be the case when you are located within the European Economic Area (hereinafter the “EEA”), which includes Belgium. We would appreciate it however that, prior to filing any complaint, you contact us for us to assist you with your request or concern.  

Sophie Derom may change this Privacy Policy from time to time. But when we do, we’ll let you know one way or another. For example, we may provide you with additional notice (such as adding a statement to our website’s homepage or sending you an email). These means of notification will depend on the extent of the modification (substantial change vs minor tweaks). Modified versions will have immediate effect, unless stated otherwise.

Please note that the Services may contain links to other websites, digital platforms or Internet resources which may collect personal data voluntarily or through cookies or other technologies. Sophie Derom has no responsibility, liability for, or control over those other websites or Internet resources or their collection, use and disclosure of your personal data. Sophie Derom recommends that you review the privacy policies of those other websites, tools and Internet resources to understand how they collect and use personal data. 

  1. Data Processed by Sophie Derom 

The categories of personal data which can be processed by Sophie Derom depend on the relationship you have with Sophie Derom:

  • If you agree to receive our Newsletter 

In a nutshell: Sophie Derom offers you the possibility to keep in touch and receive the newsletter of Sophie Derom from time to time, for example by filling out the form available on our website. 

Personal data processed: email address.

Purpose of the processing: sending a newsletter.

Legal basis for the processing: your consent will be expressly asked (and can be removed at any time – just sent us an email to 

  • If you contact Sophie Derom

In a nutshell: you are filling out the contact form available on our website in order to receive additional information.

Personal data processed: first name, last name, e-mail address, and any relevant personal data you provided Sophie Derom with in this context.

Purpose of the processing: reaching out to you with the requested information and/or answering your questions.

Legal basis for the processing: we rely on our legitimate interest. 

While we make every effort to ensure that your personal data is accurate, complete and up to date, you can help us considerably in this by promptly notifying us if there are any changes to your data by contacting our date controller as indicated under section 1. 

Data collected via automated means: In addition to the above, we might collect certain information by using automated means, such as cookies, when you visit our website, pages or use other of our Services. 

Users can’t disclose personal data to Sophie Derom about another person unless this person has given consent. (except when it comes to minimal personal data needed to provide a third party with a gift).

Sophie Derom will not collect any sensitive data. This includes data such as: data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation from Users. Sophie Derom will, if necessary, obtain your explicit consent to collect such data.

The User undertakes to communicate correct personal data to Sophie Derom. The User can change provided personal data at any time. Sophie Derom cannot be held liable for any malfunctioning in the Services due to erroneous personal data communicated by the User or modifications to the User’s personal data by third-party management tools. 

Sophie Derom ensures that its direct marketing activities comply with the applicable legislation. Sophie Derom does not sell or rent personal data to marketing agencies or third parties.

  1. Your rights 

Under Applicable Data Protection Law, you may have certain rights regarding the personal data we process about you. 

You can choose not to provide personal data to us. You also may refrain from submitting data directly to us. However, if you do not provide your personal data when requested, or if you exercise your rights, you may not be able to benefit from the Services (as applicable), and we may not be able to provide you with information about Services.

You have the right to: 

  • obtain access to the personal data held about you;
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request that personal data be erased, for example when it’s no longer needed;
  • object to the processing of your personal data in specific cases;
  • request the restriction of the processing of your personal data in specific cases;
  • receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
  • withdraw consent at any time, if the processing is based on consent.

If you have any questions on these rights, or if you wish to exercise these rights, please contact us at the following address 

  • We will then provide information to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. 
  • These rights will be exercised free of charge unless the requests are manifestly unfounded or excessive. In the latter cases, Sophie Derom can either charge a reasonable fee or refuse the requested action.
  1. Disclosure of personal data

Although Sophie Derom may transfer personal data to so-called business partners, consultants or other service providers for the performance of the Services (as applicable) or any other contract we enter into with them or you, we will not share data with third parties for secondary or unrelated purposes unless otherwise stated when collecting these data. 

Recipients Sophie Derom may share collected personal data with:

  • Shopify, software as a service for our website building and hosting,
  • Stripe, our online payment tool,
  • Shopify Email, our emailing service,
  • Instagram and Facebook, social media platforms we use to build and gather our community.

If Sophie Derom gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business to another company, we may share your information with that company before and after the transaction closes.

Where appropriate or required, Sophie Derom will be entitled to transmit personal data to law enforcement authorities, regulatory or other government agencies, or third parties where necessary or desirable to comply with legal or regulatory obligations or in the context of the above-mentioned purposes.

As the case may be, one or more of the above may be located outside of the EEA. Where applicable, your personal information will be processed in compliance with section 6.

  1. Retention period

Sophie Derom does not store the data longer than legally admissible and in any case not longer than required for the purposes for which it was collected unless otherwise required or authorized by Applicable Data Protection Law.  We take measures to delete or permanently de-identify your personal data if required by law or if your personal data is no longer required for the purpose for which we collected it. 

The retention period is the following:

  • All personal data we collect in the framework of our contractual relationship with you as a client, are stored as long as you are a client, and will be deleted 7 years after your last use of our service,
  • In the case where you gave your consent to receive the newsletter, the data will be processed, and the newsletter will be sent, as long as you do not unsubscribe from the newsletter/remove your consent.
  1. International data transfers

To offer and perform our Services, Sophie Derom may potentially need to transfer your personal data among several countries. The personal data that we collect from you is in principle not transferred to, and stored at, a destination outside the EEA, excepted when it comes to, Shopify our website building and hosting software, Stripe, our online payment tool, and Google services, our emailing service, that are all based in the United States of America (USA) and Canada.

We took all steps reasonably necessary to ensure that your personal data is processed and treated securely and in accordance with this Privacy Policy and with the Applicable Data Protection Law. Both companies comply with the EU-U.S. Privacy Shield Framework.

More information can be accessed here:

  1. Security of data

The security of personal data is important to us. Sophie Derom shall take all reasonable and appropriate technical and organizational measures to protect the security, confidentiality and integrity of personal data. In particular, Sophie Derom will take appropriate measures to prevent any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or other digital assets, you are responsible for keeping this password confidential.  We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not without any risks. The User consequently acknowledges that we cannot guarantee the security of her/his personal data to our website or other digital assets (such as our applications, tools, …); any transmission is at your own risk.  We will however do our best to protect your personal data once we have received it and will use strict procedures and security features to try to prevent unauthorized access.