Privacy policy

Who is responsible for the processing of personal data?

Elasta, with registered office at Textielstraat 15, 8790 Waregem, hereinafter referred to as ‘the data controller’, processes personal data in accordance with this privacy policy. For further information, questions or comments about this privacy policy, please visit info@elasta.be.

What does this Privacy Policy apply to?

This privacy policy applies when the data subject

  • visits the offices, showrooms, websites of the data controller.
  • uses apps and online tools of the data controller or interacts with the data controller in one way or another.
  • or where the data subject is a potential or former customer of the data controller.
     

The websites or social media channels of the data controller sometimes include links to third party websites (external websites, other social media, partner websites, organisers of events we sponsor, etc.) whose terms of use do not fall within the scope of this privacy policy. Consequently, the data controller does not assume any responsibility for any processing of personal data by  these third parties.

What personal data is processed?

The data controller declares that it only processes personal data that are relevant or necessary for the purposes for which they are processed. Depending on the specific purposes, the data controller processes the following personal data, among others. These are data relating to the data subject and which

  • are provided by the data subject himself/herself;
  • the data controller assigns to the data subject the use of its products and services;
  • the data controller obtains through the use of its products and services by the data subject or;
  • the data controller has received via third parties.
     

All data collected by the data controller may be combined to optimise its offers and services.

There are different types of personal data:

  • User data: allows the data controller to identify or contact the data subject. For example: name, address, telephone number, language preference, copy of the front of the identity card, photos of the data subject, gender, e-mail address, age, family composition and any other preferences that the data subject expresses through websites, social media, promotions, mobile applications, e-mails, competitions, etc., including their financial data and data related to their creditworthiness.
  • Technical data: the data controller needs these to ensure the proper functioning of its products and services.
  • Traffic data: these special technical data are required by the data controller to handle traffic over electronic communications networks, such as an anonymised IP address or MAC address.
  • Location data: these data enable the data controller to determine the location of the data subject's access to the Internet.
  • Data relating to the data subject's use: the data received by the data controller when the data subject uses its products and services. For example: which products the data subject purchases. Among other things, the data controller uses this information to correctly bill the data subject as a customer and to provide the data subject with a better and personalised experience.
     

The data controller does not process sensitive data such as data relating to the racial or ethnic origin, political opinions, sexual preferences and health of the data subject.

For what purposes are personal data processed?

The data controller collects and processes the personal data of the data subject for the following purposes, among others

  • Customer records
  • Follow-up of orders/deliveries or the execution of the agreement between the data subject and the data controller
  • Invoicing
  • Monitoring solvency
  • Profiling and sending out marketing and personalised advertising
  • Improving the products and services of the data controller
  • Requesting feedback on the services of the data controller
  • Complying with the legal obligations of the data controller
  • Studies, tests and statistics, including trend analysis
     

What is the legal basis for processing personal data?

Personal data is processed on the basis of the following articles of the General Data Protection Regulation:

  • Consent: The data subject gives permission to use their personal data for marketing purposes.
  • The processing is necessary for the performance of a contract to which the data subject is a party, or to take measures at the request of the data subject prior to the conclusion of a contract.
  • The processing is necessary to comply with a legal obligation incumbent on the data controller.
  • It is necessary to protect a legitimate interest.
     

Who receives the personal data?

If this is necessary for the fulfilment of the intended purposes, the data subject's personal data will be shared with other companies within the European Economic Area directly or indirectly linked to the data controller or with any other partner of the data controller.

The data controller guarantees that these recipients will take the necessary technical and organisational measures to protect the personal data.

With the exception of possible data processors as mentioned under point 1, acting solely on instructions from the data controller or certain subcontractors or suppliers depending on the concrete order given to the data controller, the data controller will process the data subject's personal data exclusively for its own purposes and for its own internal use. The personal data will not be sold, passed on or communicated to third parties, unless the data subject has given their explicit prior consent.

The data controller has also taken appropriate legal and technical measures to prevent unauthorised access and use of the data subject's personal data.

How long are personal data stored?

Personal data processed for customer management purposes will be stored for the period necessary to comply with legal requirements (e.g. in the field of accounting). Personal data processed for marketing purposes will be stored for a period of 365 days.

The data controller will store the personal data (i) for as long as is necessary or relevant for the purposes envisaged, (ii) for the period required by law or (iii) for as long as a contractual relationship is ongoing, or (iv) for as long as a legal dispute or investigations may arise in relation to the services or products provided by the data controller.

What rights do you have as a data subject?

Right to information

By means of this Privacy Policy, the data controller wishes to inform you as fully as possible about the processing of your personal data. Your data will be processed for legitimate purposes in an appropriate, relevant, secure and proportional manner, they will not be kept longer than necessary and this always with the utmost integrity and confidentiality. You can always ask the data controller for more information via the email address: info@elasta.be

Right to access

You have the right at any time to check the lawfulness of any processing activity of your personal data and to ask the data controller to provide you with information on the purposes of the processing, the categories of your personal data, the categories of recipients of your personal data, the retention period and the rights that you can exercise.

You also have the right to ask for a copy of the personal data that has been processed on your behalf. This copy will, in principle, be provided to you free of charge unless your request is unreasonable or excessive.

Right to correction

You have the right to correct incorrect data or to supplement incomplete data upon simple request to the data controller.

Right to data deletion

You have the right to request the data controller to delete your personal data if there is no longer a legitimate reason for the data controller to process them. You may exercise this right in the following case:

  • Your personal data are no longer necessary to fulfil the intended purpose
  • You prove that the data controller has processed your data unlawfully
  • Your personal data must be removed pursuant to a legal obligation
  • You revoke your consent to the processing of your personal data and there is no other legal basis for processing your data
  • You have successfully exercised your right of objection (see point 8.6)
     

However, the data controller reserves the right to refuse your request for deletion with justification and cannot be held liable for the fact that deleted personal data remain temporarily stored in a location that is unknown to it.

Right to restrict data processing

You have the right to demand the restriction of data processing in any of the following circumstances:

  • You contest the accuracy of the personal data processed by the data controller and the latter has been given a reasonable period of time to verify the accuracy of the personal data
  • You prove that the processing was unlawful and request a restriction
  • The data controller no longer needs the data, but you still need them for the purposes of legal proceedings
  • You exercise your right to object (see point 8.6)
     

Right to object to the data processing

You have the right to object at any time to the processing of your personal data for 'direct marketing' purposes. The data controller will cease processing your personal data unless it can establish compelling grounds that outweigh your rights and freedoms. If applicable, this will also be communicated to you.

Right to transferability of personal data

You have the right to obtain the data provided by you in a structured, common and machine-readable form and to re-use it for other services and thus to transfer it to another person responsible for processing it, unless this is technically impossible.

Right to be exempted from automated decision making

You have the right not to be subject to a fully automated decision - without human intervention - if it significantly affects you or has legal consequences. As of today, the data controller declares that you will not be subject to such an automated decision in any of the processing operations carried out by the data controller.

How can you exercise your rights?

In order to exercise the above rights, the data subject is requested to send an e-mail with proof of identity to the following e-mail address: info@elasta.be.

Does the data controller use cookies?

In addition to the data that the data subject voluntarily shares with the data controller when using its websites, the data controller also uses cookies and other technological means that may collect personal data. More information on the use of cookies and the consent requested can be found in the Cookie Policy.

The data subject may visit the websites of the data controller without communicating personal data, in which case no cookies are used that collect personal data of the website visitor. With their consent (provided there is no other legal basis), the data controller may inform the data subject, as a visitor to its websites, of a personalised supply of products and services. Some parts or functions are reserved for customers or visitors with an account. The data controller then identifies the anonymised IP address and links it to the customer data of the data subject.

How can you submit your complaint?

If you have certain complaints about the processing of your personal data, please contact us directly at info@elasta.be so that we can resolve this for you.

If, however, you are still dissatisfied, as a data subject you always have the right to submit a complaint to the Data Protection Authority (Drukpersstraat 35, 1000 Brussels, Belgium - commission@privacycommission.be).

Can this Privacy Policy change?

The data controller has the right to modify or improve this Privacy Policy at any time and the modifications will be immediately applicable as soon as it is published on its website. You must (re)review this Privacy Policy at regular intervals to ensure that you are aware of the changes. The continuation of your contractual relationship or use of our website or services, will be considered as acceptance of any changes made to this Privacy Policy.