PRIVACY POLICY
Updated March 18, 2023

Parties and object

Villamagdalena.be through Amewo vof (hereinafter “The Owner” or the “Controller”)
Gentsesteenweg 83, 9900 Eeklo

KBO/BTW: BE 0832.624.739
E-Mail: contact@villamagdalena.be
Phone: +32(0)9 310 80 12

The Owner establishes this Privacy Policy, the purpose of which is to transparently inform Users about the website hosted at the following address: www.villamagdalena.be, (hereinafter the “Site”), and how personal data are collected and processed by the Owner.

The term “User” refers to any user, whether natural or legal, who visits or interacts in any way with the Site.

In its capacity as data controller, The Owner determines all technical, legal and organizational means and purposes for processing the Users’ personal data. The Owner undertakes to take all necessary measures to ensure that the processing of personal data is carried out in accordance with the Law of July 30, 2018 on the protection of natural persons with regard to the processing of personal data (hereinafter the “Law”) and the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (i.e., the General Data Protection Regulation (GDPR) or “GDPR”; hereinafter the “Regulation”).

The Owner is free to choose a natural or legal person to process the users’ personal data at its request and on its behalf (hereinafter the “Processor” or “Subcontractor”). Where appropriate, The Owner undertakes to select a Processor that provides sufficient guarantees regarding the technical and organizational measures for processing personal data, in accordance with the Law and the Regulation.

Processing of personal data

Users’ use of the Site may result in the collection of personal data. The processing of such data by The Owner, in its capacity as Controller or by service providers acting on behalf of and for the account of The Owner, shall be carried out in accordance with the Act and the Regulation.

Personal data is processed by The Owner, in accordance with the purposes listed below, through the following methods:

Forms (including for newsletter), bookings, and contact – cookies for analytical purposes

Purpose of processing personal data

In accordance with Article 13 of the Regulation, the purposes of processing personal data are communicated to the User. Those purposes are as follows:

the proper display of pages on the Site, making appointments, processing messages, processing products ordered, processing data for analytical purposes

Personal data that may be processed

The User agrees that, in the course of visiting and using the Site, The Owner collects and processes the following personal data:

name, address, phone number, email, ip address, and other necessary data inherent to the purpose for which they serve

The Owner collects and processes this personal data in accordance with the terms and principles described in this Privacy Policy.

Permission

By accessing and using the Site, the User certifies that he/she has read and given his/her free, specific, informed and unambiguous consent to the processing of his/her personal data. This agreement covers the contents of this Privacy Policy.

Consent is given by the positive and active act by which the User checked the privacy policy box in ‘hypertext link’. This consent is an essential condition for performing certain actions on the Site or for enabling the User to enter into a contractual relationship with The Owner. Any agreement binding The Owner and a User regarding the services and goods offered on the Site is subject to the User’s acceptance of the Privacy Policy.

The User agrees that the Controller, in accordance with the terms and principles set forth in this Privacy Policy, collects and processes his/her personal data that he/she provides on the Site or in connection with the services offered by The Owner, for the purposes set forth above.

The User has the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on the prior consent.

Retention period of the Users’ personal data

In accordance with Article 13(2) of the Regulation, the Controller shall retain personal data only for as long as is reasonably necessary to achieve the purposes for which they are processed.

This duration will not exceed 5 years in all cases.

Data recipients and disclosure to third parties

Personal data may be disclosed to employees, employees, subcontractors, processors or suppliers of The Owner to the extent that adequate safeguards are provided for data security and to the extent that they cooperate with The Owner for marketing the products or providing services. They act under the direct authority of The Owner, and in particular are responsible for collecting, processing or outsourcing this data.

In all cases, the recipients of the data and those to whom the data is provided comply with the contents of this Privacy Policy. The Owner will ensure that they process such data only for its intended purposes and in a discreet and secure manner.

In the event that the data would be provided to third parties for purposes of direct marketing or prospecting, the User will be informed in advance so that he or she can give prior and express consent to this use of personal data.

Rights of Users

The User may exercise his/her rights at any time by sending a message by e-mail to the following address: info@villamagdalena.be, or a letter by post accompanied by a copy of his/her identity card to the following address: Gentsesteenweg 83, 9900 Eeklo.

  • Right of access

In accordance with Article 15 of the Regulation, The Owner guarantees the User’s right to access their personal data. The User has the right to access this personal data and the following information:

the categories of personal data involved;

The recipients or categories of recipients to whom the personal data have been or will be disclosed;

in case the recipients are located in third countries or are international organizations, the appropriate or suitable safeguards;

if possible, the proposed storage period for personal data or, if not possible, the criteria by which this period is determined;

the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the Regulation and, at least in such cases, relevant information on the underlying logic, as well as the significance and expected consequences of such processing for the data subject.

The Controller may claim a reasonable fee based on the administrative costs for additional copies requested by the User.

If the User makes this request electronically (e.g., via email address), the data will be provided in electronic form and for general use, unless the User requests otherwise.

The copy of the data will be communicated to the User no later than one month after receipt of the request.

  • Right of rectification

The Owner guarantees the right to rectification and deletion of personal data to the User.

In accordance with Article 16 of the Regulation, incorrect, inaccurate or irrelevant data may be corrected or deleted at any time. The User first makes the necessary changes himself from his user account, unless they cannot be made independently, in which case the request may be directed to The Owner.

In accordance with Article 19 of the Regulation, the controller shall notify any recipient to whom the personal data have been disclosed of any rectification of the personal data, unless such rectification proves impossible or involves disproportionate efforts. The controller shall provide the data subject with information about these recipients if the data subject so requests.

  • Right of erasure

The User has the right, in the cases mentioned in Article 17 of the Regulation, to obtain the deletion of his personal data as soon as possible.

Where the Controller has disclosed the personal data and is required to erase it pursuant to the preceding paragraph, the Controller, taking into account available technologies and implementation costs, shall take reasonable measures, including technical measures, to notify other controllers processing such personal data that the data subject has been requested by such controllers to erase the connection with such personal data or a copy or reproduction thereof.

The two preceding paragraphs shall not apply to the extent that such processing is necessary:

the exercise of the right to freedom of expression and information;

to comply with a legal obligation to process under Union law or the law of the Member State to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;

the determination, exercise or defense of legal claims.

In accordance with Article 19 of the Regulation, the controller shall notify any recipient to whom the personal data have been disclosed of any deletion of personal data or any restriction of their processing, unless such disclosure proves impossible or involves a disproportionate effort. The controller shall provide the data subject with information about these recipients if requested by the data subject.

  • Right to restrict processing

The User has the right to have the processing of his personal data restricted in the cases specified in Article 18 of the Regulation.

In accordance with Article 19 of the Regulation, the controller shall notify any recipient to whom the personal data have been disclosed of any restriction on the processing carried out, unless such disclosure proves impossible or involves a disproportionate effort. The controller shall provide the data subject with information about these recipients if requested by the data subject.

  • Right to data portability

In accordance with Article 20 of the Regulation, Users are entitled to receive from The Owner their personal data in a structured, commonly used and machine-readable format. Users have the right to transfer this data to another data controller without preventing The Owner from doing so, in the cases provided for in the Regulation.

When the User exercises his right to data portability under the previous paragraph, he has the right to have personal data transferred directly from one controller to another, insofar as this is technically possible.

The exercise of the right to data portability does not affect the right to erasure. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right to data portability does not affect the rights and freedoms of third parties.

  • Right to object and automated individual decision-making

The User has at all times the right to object to the processing of his/her personal data due to his/her specific situation, including the automation of data by The Owner. In accordance with Article 21 of the Regulation, The Owner will no longer process personal data unless there are legitimate and compelling reasons for the processing that override the interests and rights and freedoms of the User, or for the establishment, exercise or defense of legal rights.

When processing personal data for prospecting purposes, the User has the right to object at any time to the processing of personal data concerning him/her for such prospecting purposes, including profiling insofar as it relates to such prospecting.

Where the data subject objects to processing for prospecting purposes, personal data will no longer be processed for that purpose.

  • Complaint Law

The User has the right to lodge a complaint regarding the processing of his personal data by The Owner, to the Data Protection Authority competent for the Belgian territory. More information can be found on the website: https://www.gegevensbeschermingsautoriteit.be/.

Complaints can be filed at the following addresses:

Data Protection Authority
Press Street 35, 1000 Brussels
Tel. + 32 2 274 48 00
Fax. + 32 2 274 48 35
E-mail: contact@apd-gba.be

The User may also file an action for cessation with the president of the court of first instance of his residence.

Cookies

The Site uses cookies to distinguish Users of the Site. This makes it possible to provide users with a better browsing experience and improvement of the Site and its content. The purposes and methods of cookies are included in this article.

  • General principles

A “Cookie” is a file that is temporarily or permanently placed on the User’s device when viewing the Site for the purpose of subsequent connection. Thanks to cookies, the server recognizes the User’s device.

Cookies may also be installed by third parties with whom The Owner works.

Some of the cookies used by The Owner are necessary for the proper operation of the Site; others are necessary to enhance the User’s experience.

The User can modify or disable cookies.

By using the Website, the User expressly agrees to the management of cookies as described in this article.

  • Types of cookies and purposes pursued

Different types of cookies are used by The Owner on the Site:

Technical cookies: these are necessary for the operation of the Site, enable the communication of the data entered and are intended to facilitate the User’s navigation;

Analytical and audience cookies: these cookies allow User recognition and are used to count the number of Users of the Website over a certain period of time. Because they also indicate browsing behavior, they are an effective way to enhance the User’s browsing experience by displaying suggestions and offers that may be of interest to the User. They also allow The Owner to identify and correct any bugs on the Site;

Functional cookies: these cookies facilitate the use of the Site by maintaining certain choices entered (for example, username or language).

  • Cookie retention period

Cookies are kept for the time necessary to achieve the intended purpose. The cookies that may be stored on the User’s hard drive and the storage period are as follows:

-‘go’: 1 year (analytical cookies)
-‘_gid’: only during the session (functional cookies)
– third-party cookies: 2 years

  • Management of cookies

If the User does not want the Website to place cookies on their hard drive, they can easily manage or delete them by adjusting their browser settings. Browser programming also allows the User to receive notification as soon as a website uses cookies and thus decide whether to accept or reject them.

If the User disables certain cookies, he accepts that the Site may not function optimally. Some parts of the Site may not be usable or partially usable.

If the User wishes to manage and/or delete certain cookies in this manner, they may do so through the following link(s):

For Users with a browser:

Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies

Microsoft Edge: http://windows.microsoft.com/en-gb/windows-10/edge-privacy-faq

Chrome: https://support.google.com/accounts/answer/61416?hl=fr

Firefox: https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences

Safari: https://support.apple.com/kb/ph21411?locale=fr_CA

Limitation of the Controller’s liability

The website may contain links to other third-party websites not linked to The Owner. The content of these sites and compliance with the Regulation and the Act are not the responsibility of The Owner.

The holder of parental authority must give his or her express consent to the minor under 16 years of age to disclose personal information or data through the Site. The Owner strongly encourages persons exercising parental authority over minors to promote responsible and safe use of the Internet. The Controller cannot be held liable for the collection and processing of personal information and data of minors under 16 years of age whose consent is not effectively covered by that of their legal parents, nor for inaccurate data – especially regarding age – entered by minors. In no case will personal data be processed by the Controller if the user indicates that he/she is under 16 years of age.

The Owner is not responsible for loss, damage or theft of personal data, especially due to the presence of viruses or following computer attacks.

Safety and security

The Controller shall implement technical and organizational measures to ensure an appropriate level of security for the processing and collection of data. These security measures depend on the implementation costs related to the nature, context and purposes of processing personal data.

The Controller uses standard encryption technologies within the IT industry when transmitting or collecting data on the Site.

Modification of Privacy Policy

The Owner reserves the right to modify this Privacy Policy to comply with legal obligations in this regard. The User is therefore requested to consult the Privacy Policy regularly to be informed of any changes and modifications. Any such changes will be posted on the Site or emailed to ensure objectionability.

Applicable law and competent court

This Privacy Policy is governed exclusively by Belgian law. Any dispute shall be submitted to the courts of the judicial district of The Owner’s registered office.

Contact

For any question or complaint regarding this privacy policy, the User may contact the Controller at the following address: contact@villamagdalena.be.