Privacy Charter
Protecting your privacy is our main priority at Moaistone (hereinafter, ‘Moaistone’ or ‘We’). Which is why We commit to respect the personal data of our customers, potential customers and online users (hereinafter, ‘You’), to process Your data carefully and to ensure the best possible protection in accordance with the Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, ‘GDPR’) and to all the other applicable legal or regulatory provisions.
This Privacy Charter is aimed to answer the following questions:
1. Who is processing your personal data?
2. Why do We process Your personal data and on what legal basis?
3. What are the personal data We process?
4. With whom do we share your personal data?
5. How long do we keep your personal data?
6. What rights do you have as regard Your personal data and how can You exercise these rights?
7. Are your personal data transferred abroad?
8. Would you like to contact us about this Charter on the protection of your personal data or would you like to submit a complaint to a data protection authority?
9. How can you find out whether this Charter on the protection of your personal data has been modified?
10. Explanatory glossary of the main legal terms used in this Charter
…………………………………………………………………………………………….
Last modification date: January 2020
1. Who is responsible for processing Your personal data?
SPRL Laurent, Résidence La Prairie 17, 7011 Ghlin, BCE 0401.185.664 (hereinafter ‘We’ or ‘Moaistone’), is the controller for Your personal data, as described in this Privacy Charter.
As the data controller (see the definition in the glossary, here under), We must respect various legal duties such as: the guarantee of Your rights, the security breach notification, the establishment of a register, etc.
You can address Us any question or request about the processing of Your personal data to the following e-mail address: info@moaistone.com
2. Why do We process Your personal data and on what legal basis?
We process Your personal data for various purposes, in accordance with one of the legal bases that have been determined by the GDPR (for instance, the respect of a legal duty to which We are subject or the execution of a contract concluded with You).
The table below more specifically lists the purposes for which Moaistone uses Your personal data and the corresponding legal basis.
Purposes for the collection and the processing of Your personal data | Legal basis for the processing of Your personal data |
---|---|
The management of the pre-contract relationships with potential customers |
We have a legitimate interest to process the personal data of potential customers in order to respond to their demand and/or questions (Article 6.1.f of the GDPR). This may also include processing necessary for pre-contractual measures (cf. Article 6.1.b of the GDPR). |
Marketing with regard to Our customers and potential customers, in particular: |
We have a legitimate interest in processing the personal data of Our customers (in particular those obtained directly in the context of the sale of a product) to inform them about the products and the promotions available on the site. In application of Article XII. 13 of the Economic Code, We process, after having obtained prior consent, the personal data relating to the electronic contact details of potential customers to inform them of the products and the promotions available on the site. In order to provide You with the best possible experience, Moaistone can personalise Your e-mail, Your online experience and other notifications, provided that We obtained Your prior explicit consent (article 6.1.a of the GDPR). To that end, Your orders, and/or interactions with Moaistone will be analysed. |
Customer and order management We process personal data in order to carry out operations related to customer management: contracts; orders; deliveries; invoices; accounting and in particular the management of customer accounts. |
The execution of a contract concluded with You (Article 6.1.b. of the GDPR). |
Assessment of Our products, services and content |
We have a legitimate interest to process Our customers’ personal data in order to identify the strengths and weaknesses of the products offered (article 6.1.f of the GDPR) |
Dispute management |
We have a legitimate interest in processing personal data for the purpose of defending Our interests, in particular, but not exclusively for the purpose of contesting or taking legal action (article 6.1.f of the GDPR). The execution of the contract concluded with You is the basis of the processing operation carried out for this purpose (article 6.1.b of the GDPR). |
Statistics ‘Statistical purposes’ means any practice of collecting and processing of personal data, which is necessary for statistical surveys or the production of statistical results. These statistical results may also be used for various purposes, including improving Our programs and projects. Statistical purposes imply that the result of processing for statistical purposes does not allow any identification of those persons whose information has been used. |
We have a legitimate interest in processing Our customers’ personal data in order to improve the services offered and to have a better understanding of its target audiences (Article 6.1.f. of the GDPR) |
3. What are the personal data We process?
Below, the type of personal data We process, sorted by data collection purposes and methods (data provided directly by You, collected with Your consent or collected by Our IT systems)
Purpose of the collection | Personal data collected | Data collection methods |
---|---|---|
The management of the pre-contract relationships with potential customers, and of the assessment of Our products, services and content |
|
In the context of this purpose, the data are collected directly from You. |
Marketing with regard to Our customers and potential customers |
|
As part of this purpose, the data are collected directly from You or indirectly via a third party to whom You have given consent to pass on Your data to Moaistone. |
Customer relationship and order management |
|
In the context of this purpose, the data are collected directly from You. |
Dispute management |
|
In the context of this purpose, the data are collected directly from You. |
Statistics |
|
In the context of this purpose, the data are collected directly from You. |
4. With whom do We share Your personal data?
The communication of Your personal data to subcontractors
In order to carry out the purposes for which Moaistone uses Your personal data stated in points 2 and 3, Moaistone may assign some processing tasks to ‘subcontractors’.
Subcontractors | Location of the subcontractor | Reasons for sharing Your personal data |
---|---|---|
DB Base | Rue du marais 19 - 7830 Silly | Serveur |
The communication of Your personal data to government authorities, in response to legal requests, including requirements regarding national security or the application of the law (such as tax administration, etc.).
The communication of Your personal data to some third parties, including providers involved in the order fulfilment, such as carriers (to the extent necessary for fulfilling the contract) or debt collection agencies, in the context of dispute management (and having regard to Moaistone’s legitimate interest).
5. How long do We keep Your personal data?
Moaistone has laid down precise rules on the storage period for Your personal data. This storage period varies depending on the objectives pursued and has to take account of any legal duty to keep some of Your data.
Below, a list of the purposes of processing and the storage periods:
The purpose of processing | Storage period |
---|---|
The management of the pre-contract relationships with potential customers |
The expiry date is XX years from the last action/reaction of the data subject |
Marketing |
The expiry date is XX years from the last action/reaction of the data subject |
Customer relationship management |
The expiry date is ten years from the last placement of order |
Dispute management |
The expiry date is ten years from the last placement of order |
6. What rights do You have as regards Your personal data and how can You exercise these rights?
We aim to inform You as clearly as We can about Your rights with regard to Your personal data. And We aim to ensure that You can easily exercise these rights. You may exercise Your rights with respect to and against Moaistone.
Please find below a summary of Your rights.
To exercise these rights, please contact Us by the e-mail to: info@moaistone.com or by letter to: Moaistone – Ets. Laurent, route de Wallonie 138, 7331 Baudour. Please indicate the subject of the request and provide all the relevant information (including Your contact details), and a copy of Your identity card. Unless You indicate otherwise, You will receive a response to Your request in an electronic format within one (1) month of receipt of the request, and within two (2) months if in-depth research has to be carried out to meet the request or if We receive an excessively large number of requests.
If Your request is imprecise or does not contain all the elements allowing Us to carry out the requested operations, We will invite You to provide them to Us as soon as possible.
Si votre demande est imprécise ou ne comporte pas tous les éléments Nous permettant de procéder aux opérations demandées, Nous vous inviterons à Nous les fournir dans les meilleurs délais.
A. Right of access
You can have access to all the following information with regard to:
- The categories of personal data that We collect and process about You,
- The reasons why We process these data,
- The categories of people with whom We share or will share Your personal data and in particular those who are located outside Europe,
- The periods for which Your personal data will be kept in our systems,
- Your right to ask Us to correct or delete Your personal data or to limit the use that We make of Your personal data and Your right to object to this use,
- Your right to submit a complaint to a data protection authority,
- The information about the source, when We have not collected your personal data directly from You,
- The way in which Your personal data are protected when they are transferred to countries outside Europe.
B. Right of correction
You can ask Ys to correct and/or update Your personal data.
C. The right to have data deleted
You can also ask us to delete the personal data that we process concerning You if You find Yourself in one of the following situations:
- Your personal data are no longer necessary for the reasons why they were collected or processed in a different way;
- You have withdrawn the consent on which the processing of Your personal data by Moaistone is based;
- Because You believe, for a specific reason, that further processing would adversely affect Your privacy and could cause excessive damage;
- You no longer wish to receive commercial offers from Us;
- Your personal data are not processed in accordance with the GDPR and the Belgian law;
- Your personal data have to be deleted to fulfil a legal duty laid down in the law of the European Union or the national law to which Moaistone is subject;
We may be unable to respond to Your request to exercise Your right to be forgotten. It is important to remember that this right is not absolute. We have to ensure that this right is balanced against other important rights and values, such as freedom of expression, compliance with a legal requirement to which We are subject or important reasons of public interest.
D. The right to object
You can object to the use of Your personal data for commercial requests, and more specifically advertisements.
You have the right to object to Our processing of Your personal data because You believe, for a specific reason, that further processing would adversely affect Your privacy and could cause excessive damage.
You cannot, under any circumstances, prevent Us from processing Your data:
-
- if the processing is necessary to conclude or fulfil Your contract;
- if the processing is required by a law or legal provision;
- if the processing is necessary to be able to establish, exercise or assert Your rights before the courts.
However, We may not be able to respond to Your request. In that case, We will, of course, reply to You as clearly as possible.
E. The right to the transferability of data
This right offers You the possibility of controlling Your personal data more easily Yourself and more specifically:
- retrieving Your personal data processed by Us for your personal use and for example storing them on a device or in a personal cloud.
- Transferring Your personal data from Us to another company, either doing this Yourself or having it done directly by Us, on condition that such a transfer is ‘technically possible’.
This right relates to data provided actively and knowingly such as the data You provide (e.g. personal identifying information) and the data We collect.
Conversely, the personal data derived, calculated or put together from the information provided by You, are excluded from the right of transferability of data.
You should know that We have the right to refuse Your request for the transferability of data. In fact, this right only applies to personal data that were collected on the basis of Your consent or the performance of a contract concluded with You (to find out more specifically about the personal data that may be the subject of the right to the transferability of data: please refer to the point above). Moreover, this right may infringe the rights and freedoms of third parties, whose data may form part of the data which would be transferred further to the request for transferability.
F. The right to limit processing
You have the right to ask Us to limit the processing of Your data, that is to say the marking of Your personal registered data, in order to limit future processing (for example, a temporary move of Your data to another processing system or a lock of Your data making them inaccessible).
You can call upon this right when:
- the accuracy of the data in question is disputed;
- Your personal data is not processed in accordance with the GDPR and the applicable law;
- the data is no longer necessary to achieve the original purposes but cannot yet be removed for legal reasons (in particular for the ascertainment, the execution or defence of Your rights in court);
- the decision regarding Your request to limit processing is in progress.
In case of processing limitations, Your personal data will no longer be subject to any treatment without Your prior consent, with the exception of their storage.
Your personal data may nevertheless still be processed for the purpose of ascertaining, exercising or defending legal rights, or for the protection of the rights of another legal or natural person, or for important reasons of public interest in the Union or the Member State.
In case of the limitation of the treatment of some of Your personal data, We will keep you informed about the timing when the measures are lifted.
7. Are Your personal data transferred abroad?
Data transfer within Europe
For the purpose of certain processing operations, some data are transferred to the territory of the European Union (see point 4.1).
Within the European Economic Area (EU member states, Iceland, Norway, Liechtenstein) remember that personal data will benefit from the same level of protection.
We do not transfer any of Your personal data outside the territory of the European Union or the European economic area.
8. Would You like to contact Us about this Charter on the protection of Your personal data or would You like to submit a complaint to a data protection authority?
Do You have a question or a suggestion about this Charter on the protection of Your personal data?
Do not hesitate to pass this on to Us by contacting Us by e-mail to: info@moaistone.com or by letter to: Ets. Laurent, route de Wallonie 138, 7331 Baudour.
We will be pleased to read from You and reply as soon as possible.
Do You think We do not protect your personal data sufficiently?
If You think Moaistone does not process your personal data in accordance with the GDPR and the applicable law, You have the right to submit a complaint to a data protection authority:
- The data protection authority of the European country in which You are usually resident, or
- The data protection authority of the European country in which You work, or
- The data protection authority of the European country in which the infringement of the GDPR was committed.
In Belgium, the contact details of the Data Protection Authority are:
The Belgian Data Protection Authority
Rue de la presse 35, 1000 Bruxelles
+32 (0)2 274 48 00
+32 (0)2 274 48 35
contact(at)apd-gba.be
9. How can You find out whether this Charter on the protection of Your personal data has been modified?
This Charter on the protection of Your personal data may be modified at any time, in particular to take account of any legal or statutory changes.
Any major changes that may be made will be announced via Our website or by e-mail, as far as possible at least thirty days before they come into force.
When We publish modifications to this Charter, We will adapt the date of the ‘most recent update’ at the top of the confidentiality policy and describe the modifications on the page entitled ‘My personal data processing and my rights related to it’.
We advise You to consult this Charter regularly to find out how We protect Your personal data.
10. Explanatory glossary of the main legal terms used in this Charter
Terms that are often used in this Charter | Definitions provided by the GDPR | Explanation of the terms in standard language |
---|---|---|
Data of a personal nature (hereinafter ‘personal data’) |
Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
All sorts of information relating to a natural person, that is an individual (You) who can be identified as a person, directly or indirectly who can be distinguished from other people. For example: a name, a photo, a fingerprint, an e-mail address, a telephone number, a social security number, an IP address, a voice mail, your browsing data on a website, data relating to an online purchase, etc. |
Data Protection Officer |
The Data Protection Officer (DPO) is not defined in the GDPR. |
The Data Protection Officer is particularly in charge of the application of the GDPR and the applicable national law as well as our policies and practices for managing your personal data, within the company. He/she is also in charge of the co-operation with the supervisory authority. The DPO is your point of contact for any request relating to your personal data. |
Processing |
An operation or set of operations which are performed on personal data or sets of personal data, whether or not by automated means, such collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
Any use of personal data, regardless of the procedure involved (recording, organisation, storage, adaptation, alignment with other data, transmission, etc. of personal data). For example, the use of your data to manage an order, a delivery, send a newsletter, etc. |
Controller |
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. |
The person, public authority, company or body which manages your data and determines how they are used. He/she decides whether to start or discontinue processing and determines why your data will be processed and to whom they will be transferred. He/she is the main party responsible for ensuring the protection of your data. |
Subcontractors |
The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. |
Any natural or legal person that performs processing tasks following the instructions and under the responsibility of the controller. |
Explanatory glossary of the other terms used in this Charter:
Customer |
A natural person (acting in the capacity of consumers or professional) with whom we visit the Site or with whom we already maintained a contractual relationship (in particular the purchase of a product on our website or by another means of communication). |