Data protection policy
Preamble
The purpose of this Personal Data Protection Policy (the "Policy") is to formalize the commitment of PENNEL & FLIPO SA (the "Responsible Entity") to respecting the privacy of Users of the website https://orcaretail.com/ (the "Site"). It also describes how PENNEL & FLIPO SA collects, uses and stores the personal data (the "Data") collected.
Article 1 - Scope of application
The Policy and the General Conditions of Use of the Site form a contractual whole, as do, where applicable, the General Conditions of Sale.
In its capacity as data controller and as part of the use of its services accessible on its website, Users' personal data are processed in accordance with Belgian law, and in particular with the Law of July 30, 2018 on the protection of individuals with regard to the processing of personal data. The Responsible Entity is also subject to the General Data Protection Regulation 2016/679 of April 27, 2016, which came into force on May 25, 2018 ("GDPR").
Article 2: The data controller and the data protection delegate
Personal data collected on the Site is processed by:
PENNEL & FLIPO SA
102, Boulevard de l'Eurozone
7700 Mouscron
BELGIUM
Email : retail@orca.eu
Represented by Emmanuel CAPRIGLIONE, Permanent Representative of the Managing Director Flex Composite Group S.A.
The company's Data Protection Officer is :
102, Boulevard de l'Eurozone
7700 Mouscron
BELGIUM
Email : dpo@orca.eu
Article 3 : Definitions
A personal data means any information relating to an identified or identifiable natural person (Article 4 of the GDPR).
The Manager only collects personal data that is adequate, relevant and limited to what is necessary with regard to the purposes for which it is processed. Thus, Users will never be asked to provide personal data considered "sensitive", such as their racial or ethnic origins, political, philosophical or religious opinions.
By browsing the Site, the User authorizes the processing of his/her personal data in accordance with the Policy.
Visit manager is any natural or legal person who defines how and for what purpose personal data is used.
Visit processor is the natural or legal person (company or public body) who processes data on behalf of another organization (the data controller), as part of a service.
Article 4: Acceptance of the Policy
The User accepts the present Policy from the moment he connects to the Site for the first time and continues to use it, whatever his connection method, the country from which he connects, and whatever his nationality. This is the case until the last connection or the removal of any data concerning the user from the database created via the Site.
By using the Site, the user acknowledges having read the terms of the Policy, and authorizes the collection, use and processing of all personal data communicated, via this Site or any other medium, in compliance with the Policy.
If the user is a minor, he/she is invited to familiarize himself/herself with the present Policy with his/her parents or legal representatives, and to read carefully with them the online terms of use, which they formally approve on his/her behalf.
We cannot collect data from minors under the age of 15 without the authorization of those exercising parental authority. Internet users under 15 must indicate whether they are under 15. If this is the case, the e-mail address of the person with parental authority must be communicated in order to obtain the latter's consent.
If the User does not accept the terms of the present Policy, we invite him/her to disconnect from our Site.
Article 5 : Nature of data collected
Depending on the nature and purpose of the interaction with the User, the Manager may collect the following data:
- Identification, contact and content data: Last name, first name, e-mail address, postal address, telephone number may be requested on collection forms if you wish, text, comment, image, photograph, video, or any type of file whatever the content or form.
- Data relating to navigation and user devicesData relating to browsing and user devices: anonymized IP address, browser used, browsing time, operating system used, language and pages viewed, geolocation, operator, battery level, make and model of telephone;
- Data concerning visits to the SiteData concerning visits to the Site: traffic data and other data or communication resources that you use to access the Site.
It is the User's responsibility to ensure that the Data communicated to the Manager is complete and up to date.
In this context, the User undertakes to comply with the applicable laws and regulations and not to make any defamatory, insulting, invasive of privacy, inciting to racial hatred, etc. remarks, which could fall within the scope of criminal law. Under no circumstances may such comments be tolerated, and the Manager may take legal action to defend its rights against you in the event of any comments contrary to the stipulations herein.
Article 6 : Data collection
Data is collected during :
- The creation of the user account;
- Communication by the user via the forms present on the site;
- Newsletter subscription;
- Communication with employees directly by telephone, e-mail or chat;
- Place an order on dedicated forms;
- Exchanges and publications on the forum;
- Deposit of cookies (Stockist , Google Analytics and others).
We invite users to read our Cookie Policy (Cookie policy - ORCA Retail by Pennel & Flipo) to help you better understand these technologies and how we use them on our Site.
Article 7: Purposes and legal basis
Users' data is processed for the following purposes:
- Customer order management (customer account);
- Legal basis: Contractual (GCU and GTC)
- Follow-up of users and technical problems :
- Legal basis: Contractual (GCU and GTC)
- To enable navigation on the company's websites (cookies)
- Legal basis: Consent
- The sending of newsletters to which the user has formally subscribed;
- Legal basis: Consent
- Forum user account management;
- Legal basis: Consent
- Respond to requests received via the contact form or by e-mail;
- Legal basis: Consent
The User may withdraw his consent without this calling into question the validity of the processing already carried out.
The Manager also uses your data to optimize its activities, in particular to :
- Measure the site's audience and the number of visitors to its various pages;
- Legal basis: legitimate interest of the company
- To analyze user behavior;
- Legal basis: legitimate interest of the company
- Manage the exercise of rights by users in application of the RGPD.
- Legal basis: legitimate interest of the company
The data collected may not subsequently be used in a manner incompatible with these purposes. No personal data is collected without people's knowledge and without them being informed.
Article 8: Recipients
Data is processed by authorized persons:
- Webmaster
- IT Department
- Sales department
- Warehouse and order depot
- Accounting
- Marketing department
8.1 Transmission of data to subcontractors
In the course of providing its services, the Manager may call upon the services of subcontractors, to whom it transmits the data collected in order to carry out the tasks entrusted to them:
- Technical subcontractors: hosting, processing, maintenance and analysis;
- Business subcontractors: payment and delivery management.
The latter are bound by contractual obligations to respect Data confidentiality. We will only disclose to them information that is strictly necessary for the performance of their services.
8.2 Sharing with authorities
The Data Controller may disclose personal data to administrative or judicial authorities when such disclosure is necessary for the identification, arrest or prosecution of any individual likely to harm the rights of the Data Controller, any other user or those of third parties. Finally, the Data Controller may be legally obliged to disclose personal data, in which case he may not object.
Article 9: Transfer of data outside the European Union
The Data Controller ensures that the company's service providers are established in Belgium or in the territory of the European Union, and are consequently subject to laws that grant a level of protection of personal data at least equal to those applicable in Belgium. If the company enters into agreements with service providers established in countries outside the European Union, the Data Controller will ensure that personal data is processed with a level of security at least equivalent to that required by Belgian law.
Article 10: Data retention period
The Data Controller only retains data for the time necessary to achieve the purposes set out in Article 7 of this Policy.
This retention period does not vary according to the Data in question, as the nature and purpose of the collection are likely to influence this period. Similarly, certain legal obligations impose a specific retention period.
When you contact the Manager using the contact form, by e-mail or by any other means, your Data will be kept for three years from the last exchange with the Manager, after which it will be deleted.
When you publish content on the forum, it is retained and accessible to other users until your consent is withdrawn.
When you have agreed to receive the Newsletter, your Data will be kept until you unsubscribe.
When you report unlawful content to the Responsible party, the period for which Data is retained may vary depending on the infringement in question and the applicable statute of limitations.
Finally, Data collected via cookies will be kept for up to 13 months.
Article 11: Data protection and security
Data is stored on secure servers protected by firewalls and antivirus software.
We have implemented technical and organizational measures to guarantee the security and confidentiality of your Data against accidental loss and against unauthorized access, use, modification and disclosure.
However, given the inherent characteristics of the Internet, it is impossible for us to guarantee the optimum security of information exchanges over this network.
While we strive to protect your Data, we cannot guarantee the absolute security of information transmitted to the Site. You agree that you transmit your Data at your own risk.
We cannot be held responsible for non-compliance with the confidentiality parameters or security measures in place on our Site.
Article 12: Rights of persons concerned by data processing
You may choose how to use the Data you send us:
- You can browse the site without providing any Data.
In this case, some of the site's functionalities will not be available, in particular the Newsletter and the contact form.
- The User may decide not to receive the Newsletter.
To unsubscribe, click on the link provided in each newsletter.
- The User may decide to close his customer account.
To proceed with account deletion, the User must go to his profile and press "Delete my account".
In accordance with the provisions of the applicable regulations on the protection of personal data, in particular the European Data Protection Regulation 2016/679 (hereinafter the "RGPD") as well as the Law of July 30, 2018 on the protection of individuals with regard to the processing of personal data, you have a right of access and a right to rectify your Data.
You also have the right to define directives concerning the fate of your Data in the event of your death.
In addition, subject to the conditions laid down by the aforementioned regulations for the exercise of these rights, you are entitled to:
- A right of rectification;
- a right to erasure of your Data;
- a right to limit the processing of your Data;
- the right to object to the processing of your Data.
- a right to portability of the Data you have provided;
In the case of data processing carried out on the basis of consent, the User may withdraw consent at any time. However, processing carried out prior to the withdrawal of consent remains perfectly valid.
However, in order to exercise these rights, Le Responsable, as data controller, reserves the right to request proof of your identity.
If you have any questions about your data, please contact the company at the following e-mail address: dpo@orca.eu
These rights may be exercised by handwritten letter accompanied by your official identification documents (surname, first name, email) and must be addressed to the Data Protection Officer at the following address:
PENNEL & FLIPO SA
102, Boulevard de l'Eurozone
7700 Mouscron, HAINAUT
BELGIUM
Pursuant to the RGPD, we have a period of one month to respond to any request relating to the exercise of your rights. This period may be extended by two months, due to the complexity of the request.
Finally, you have the right to lodge a complaint with the Data Protection Authority, in particular on its website https://www.autoriteprotectiondonnees.be/citoyen.
Article 13 : External links
The Site may contain links to sites published by third parties, or partners, who may also collect, independently of us, users' personal data, in accordance with their own Privacy Policy. The present Policy does not cover the practices and uses of these sites, and Le Responsable cannot be held responsible in this respect.
Similarly, the Policy does not cover data collected by third parties in the course of their own activities, which remain subject to their own personal data protection policies.
Article 14: Changes to the Privacy Policy
The Manager reserves the right to modify the present Policy at any time. The User will be informed of any changes to this Policy via a message on the Site's home page. It is therefore recommended that you consult these pages regularly. Use of the Site after any changes means that the User accepts these changes.
Should any clause of this Policy be declared invalid or contrary to regulations, it shall be deemed unwritten, but this shall not invalidate the other clauses of this Policy.
Article 15 : Jurisdiction and applicable law
This Privacy Policy is governed by Belgian law.
Any dispute, disagreement or claim, and in the event that an amicable agreement cannot be reached, is subject to the exclusive jurisdiction of the courts within the jurisdiction of the Hainaut Court of Appeal.
In the event of violation of current legislation relating to the protection of personal data, the User has the right to appeal to the Data Protection Authority.