Skip to content
Expedition offered from 250 € TTC Only in Europe, outside Italy, Malta, Cyprus, Crete & Greece | Express shipping in 72 hours
Expedition offered from 250 € TTC Summer closure until August 19 - Expedition from August 19 | Express shipping in 72 hours

Personal data charters

Data protection policy

Preamble

The purpose of this Personal Data Protection Policy (the " Policy ") is to formalise the commitment of the company PENNEL & FLIPO SA (the "Responsible Party") to respect the privacy of Users of the website https://orcaretail.com/ (the "Site"). It also describes how PENNEL & FLIPO SA collects, uses and stores the personal data (the " Data ") collected.

Article 1 - Scope

The Policy and the General Terms and Conditions of Use of the Site form a contractual whole, the same applies, where applicable, to the General Terms and Conditions of Sale.

In its capacity as data controller and in connection with the use of its services accessible on its website, Users' personal data are processed in accordance with Belgian law, and in particular the Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data. The Responsible Entity is also subject to the General Data Protection Regulation 2016/679 of 27 April 2016, which came into force on 25 May 2018 ("GDPR").

Article 2 : The data controller and data protection officer

Personal data collected on the Site is processed by :

PENNEL & FLIPO SA

102, Boulevard de l'Eurozone

7700 Mouscron

BELGIQUE

Email : retail@orca.eu

Represented by Emmanuel CAPRIGLIONE, Permanent Representative of the Managing Director Flex Composite Group S.A.

The company's data protection delegate is :

102, Boulevard de l'Eurozone

7700 Mouscron

BELGIQUE

Email : dpo@orca.eu

Article 3 : Definitions

Personal data means any information relating to an identified or identifiable natural person (Article 4 GDPR).

The Responsible Party only collects personal data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed. Users will therefore never be asked to provide personal data considered to be "sensitive", such as their racial or ethnic origins or their political, philosophical or religious opinions.

By browsing the Site, Users authorise the processing of their personal data in accordance with the Policy.

The processor is any legal or natural person who defines for what purpose and how personal data is used.

The sub-processor is the natural or legal person (company or public body) who processes data on behalf of another body (the controller), as part of a service or provision.

Article 4 : Acceptance of the Policy

The User accepts this Policy from the moment he connects to the Site for the first time and by continuing to use it, regardless of his method of connection, the country from which he connects, and regardless of his nationality. This is the case until the last connection or the removal of any data concerning the user from the database created via the Site.

By using the Site, the user acknowledges having read the terms of the Policy, and authorises the collection, use and processing of all personal data communicated, via this Site or any other medium, in accordance with the Policy.

If the user is a minor, he or she is invited to review this Policy with his or her parents or legal representatives, and carefully read with them the online Terms of Use, which they formally approve on his or her behalf.

We cannot collect data from minors under the age of 15 without the authorisation of the holders of parental authority. Internet users under the age of 15 must indicate whether they are under 15. If this is the case, the e-mail address of the person with parental authority must be provided in order to obtain that person's consent.

If the User does not accept the terms of this Policy, we invite them to disconnect from our Site.

Article 5 : Nature of the data collected

Depending on the nature and purpose of the interaction with the User, the Responsible Party is likely to collect the following data :

  • Identification, contact and content data : surname, first name, email address, postal address, telephone number may be requested on the collection forms if you wish, text, comment, image, photograph, video, or any type of file regardless of content or form.
  • User browsing and device data: anonymised IP address, browser used, browsing time, operating system used, language and pages viewed, geolocation, operator, battery level, phone make and model ;
  • Data concerning visits to the Site: traffic data and other data or communication resources that you use when accessing the Site.

It is the User's responsibility that the Data communicated to the Responsible Entity is complete and up to date.

In this context, the User undertakes to comply with the applicable laws and regulations and not to make any comments intended to be defamatory, insulting, invasive of privacy, inciting racial hatred, etc.which could fall under criminal law. Under no circumstances may such comments be tolerated, and the person responsible may take legal action to defend his rights against you in the event of any comments contrary to the stipulations herein.

Article 6 : The collection of data

The collection takes place during :

  • The creation of the user account;
  • The communication by the user through the forms present on the site;
  • The subscription to a newsletter;
  • Communication with employees directly by telephone, email or chat;
  • Taking an order on dedicated forms;
  • Exchanges and publications on the forum;
  • From the deposit of cookies (Stockist , Google Analytics and others).

We invite users to review the Cookie Policy (Cookie Policy - ORCA Retail by Pennel & Flipo), intended to help you better understand these technologies and our use of them on our Site.

Article 7 : Purposes and legal basis

The processing carried out with user data, are the following :

  • Management of customer orders (customer account) ;
    • Legal basis : Contractual (GCU and GTC)
  • Follow-up of users and technical problems :
    • Legal basis : Contractual (GCU and GTC)
  • Allowing navigation on the company's websites (cookies).
    • Legal basis : Consent
  • The sending of newsletters to which the user is formally subscribed ;
    • Legal basis : Consent
  • Forum user account management ;
    • Legal basis: consent
  • Respond to requests received via the contact form or by email ;
    • Legal basis : Consent

The User may withdraw consent without this calling into question the validity of the processing that has already taken place.

The Manager also uses your data to optimise its activities, in particular to :

  • Measure the site's audience and the rate of visits to the various pages ;
    • Legal basis : legitimate interest of the company
  • Analysing user behaviour ;
    • Legal basis : legitimate interest of the company
  • Manage the exercise of rights by users in application of the RGPD.
    • Legal basis : legitimate interest of the company

The data collected may not subsequently be used in a manner incompatible with these purposes. No personal data is collected without the knowledge or consent of the individual concerned.

Article 8 : Recipients

The Data are processed by authorised persons :

  • Webmaster
  • IT department
  • Sales department
  • Store: warehouse and order depot
  • Comptabilité
  • Marketing department

8.1 Transmission of data to subcontractors

As part of its services, the Responsible Party may call on subcontractors, to whom it transmits the data collected for the performance of tasks entrusted to them:

  • Technical subcontractors : hosting, processing, maintenance and analysis;
  • Activity subcontractors : payment management and delivery management.

The latter are bound by contractual obligations to respect the confidentiality of the Data. We will only pass on to them the information that is strictly necessary for the performance of their services.

8.2 Sharing with the authorities

The Data Controller may be required to disclose personal data to administrative or judicial authorities where disclosure is necessary for the identification, apprehension or prosecution of any individual likely to prejudice the rights of the Data Controller, any other user or those of third parties. Lastly, the Data Controller may be legally obliged to disclose personal data, in which case he may not object.

Article 9 : Transfer of data outside the European Union

The Controller shall ensure that the Company's service providers are established in Belgium or on the territory of the European Union, and are therefore subject to laws that grant a level of protection of personal data at least at the same level as those applicable in Belgium. If the company enters into agreements with service providers established in countries outside the European Union, the Data Controller will ensure that personal data is processed with a level of security at least equivalent to that required by Belgian law.

Article 10 : Data retention period

The Responsible Entity will only keep data for as long as is necessary for the purposes set out in Article 7 of this Policy.

This retention period is not the same depending on the Data in question, as the nature and purpose of the collection is likely to vary this period. Similarly, certain legal obligations impose a specific retention period.

When you contact the Manager using the contact form, email, or by any other means, your Data will be retained for three years from the last exchange with the Manager and then deleted

When you publish content on the forum, it is retained and accessible to other users until your consent is withdrawn.

When you have agreed to receive the Newsletter, your Data will be kept until you unsubscribe.

When you report unlawful content to the Responsible Entity, the period for which Data is retained is likely to vary depending on the infringement in question and the statute of limitations applicable to it.

Finally, with regard to Data collected by means of cookies, it will be kept for up to 13 months.

Article 11 : Data protection and security

Data is stored on secure servers protected by firewalls and antivirus software.

We have implemented technical and organisational measures designed to guarantee the security and confidentiality of your Data against accidental loss and against unauthorised access, use, modification and disclosure.

Given the inherent characteristics of the Internet, however, it is impossible for us to guarantee the optimum security of information exchanges on this network.

We strive to protect your Data, but we cannot guarantee the absolute security of information transmitted to the Site. You agree that you transmit your Data at your own risk.

We cannot be held responsible for non-compliance with the privacy settings or security measures in place on our Site.

Article 12 : The rights of persons affected by data processing

You can choose how to use the Data you provide to us :

  • The User of the site may browse the site without providing any Data

If so, certain features of the site will not be available, in particular the Newsletter and the contact form.

  • The User may decide to no longer receive the Newsletter.

You must proceed to unsubscribe via the link present in each mail that is sent by the Newsletter.

  • The User may decide to close his customer account.

To proceed with account deletion, the user must go to their profile and press "Delete my account".

In accordance with the provisions of the applicable regulations on the protection of personal data, in particular the European Data Protection Regulation 2016/679 (hereinafter the "RGPD") as well as the Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data, you have a right of access and a right to rectify your Data.

You also have the right to define directives concerning the fate of your Data in the event of your death.

In addition, subject to the conditions laid down by the said regulations for the exercise of these rights, you shall benefit:

  • A right of rectification ;
  • A right to the deletion of your Data;
  • A right to the limitation of the processing of your Data;
  • A right to object to the processing of your Data
  • A right to portability over the Data you have provided;

With regard to data processing carried out on the basis of consent, the User may withdraw consent at any time. However, any processing carried out before the withdrawal of consent remains perfectly valid.

However, in order to exercise these rights, The Manager, as data controller, reserves the right to ask you to provide proof of your identity.

For any questions relating to your data, you can contact the company at the following email : dpo@orca.eu

These rights may be exercised by handwritten letter accompanied by your official identification documents (surname, first name, email) and must be addressed to the Data Protection Officer at the following address:

PENNEL & FLIPO SA

102, Boulevard de l'Eurozone

7700 Mouscron, HAINAUT

BELGIQUE

In application of the GDPR, we have a period of one month to respond to any request relating to the exercise of your rights. This deadline may be extended by two months, depending on the complexity of the request.

Finally, you have the right to lodge a complaint with the Data Protection Authority, in particular on its website https://www.autoriteprotectiondonnees.be/citoyen.

Article 13 : External links

The Site may contain links to sites published by third parties, or partners, who may also collect, independently of us, personal data from users, in accordance with their own Privacy Policy. This Policy does not cover the practices and uses of these sites and the Responsible Entity may not be held liable in this respect.

Similarly, the Policy in no way covers data collected by third parties in the course of their own activities, which remain subject to their personal data protection policies.

Article 14 : Changes to the Privacy Policy

The Responsible Entity reserves the right to modify this Policy at any time. The User will be informed of any changes to this Policy via a message on the home page of the Site. We therefore recommend that you consult these pages regularly. Use of the Site after any modification means that the User accepts these modifications.

If any clause of this Policy should be declared invalid or contrary to regulation, it will be deemed unwritten but will not invalidate the other clauses of this Policy.

Article 15 : Competent jurisdiction and applicable law

This Personal Data Protection Policy is subject to Belgian law.

Any dispute, difference or claim, and in the event that an amicable agreement cannot be reached, shall be subject to the exclusive jurisdiction of the courts within the jurisdiction of the Hainaut Court of Appeal.

In the event of a breach of the legislation in force and relating to the protection of personal data, the User has a right of appeal to the Data Protection Authority.

Join our newsletter

Receive all our updates and promotions.