Privacy statement Abbey Sint-Sixtus
The web application (hereinafter referred to as the “Application”) is offered by:
Abbey Sint-Sixtus (hereinafter referred to as “Sint-Sixtus”, “We” and “Us”)
Donkerstraat 12
8640 Westvleteren
Belgium
VAT BE0405.530.472
E-mail: privacy@sintsixtus.be
Abbey Sint-Sixtus (hereinafter referred to as “Sint-Sixtus”, “We” and “Us”)
Donkerstraat 12
8640 Westvleteren
Belgium
VAT BE0405.530.472
E-mail: privacy@sintsixtus.be
Do not hesitate to contact us if you have any privacy-related questions. We promise you a quick answer.
Please use the above contact information only for your privacy-related questions. Beer reservations can only
be done through the beer reservation system on the Application. Such questions will therefore not be
answered via this mailbox.
1. Why this privacy statement?
Any person placing an order through our application and as such making use of our services (hereinafter referred to as the "Customer") will inevitably release certain personal data. This personal information constitutes information that allows us to identify you as a natural person, whether or not we actually do this. You are identifiable as soon as it is possible to create a direct or indirect link between one or more personal data and you as a natural person.
We use and process your personal data in accordance with the GDPR and other relevant legal provisions. Any reference in this privacy statement to the GDPR is a reference to the regulation of 27 April 2016 on the protection of individuals with regard to the processing of personal data and concerning the free movement of such information (General Data Protection Regulation).
This privacy statement will inform each Customer of the processing activities that Sint-Sixtus may carry out with his or her personal data. Sint-Sixtus reserves the right to modify this privacy statement at any time. Any substantial change will be clearly reported to the Customer. We recommend that the Customer consults this document on a regular basis.
2. Who processes your personal data?
2.1. Controller
Sint-Sixtus determines which personal data are collected from you, as well as the purpose and means of processing such personal data. Consequently, Sint-Sixtus is a "Controller" within the meaning of the GDPR.
Sint-Sixtus has taken appropriate technical and organisational measures to protect the personal data of its Customers. Sint-Sixtus uses various appropriate security technologies and procedures to protect your personal information from unauthorised access, use or disclosure. Sint-Sixtus ensures that the personal data supplied are kept securely in a controlled environment. Keep in mind, however, that no method of transmission via the Internet is completely safe. You are responsible for maintaining the confidentiality of your password.
2.2. Processor (s)
Sint-Sixtus appeals to carefully selected "data processors" for the processing of Customers’ personal data. A processor is a natural or legal entity who processes personal data at the request of or in the name of the Controller. The processor is obliged to ensure the safety and confidentiality of the personal data. The processor always acts in accordance with the instructions of the Controller.
In this instance, Sint-Sixtus will appeal to processors for ICT technical support and hosting purposes, for administrative purposes and for analytical purposes.
In order to ensure the optimum protection of the Customer's personal data, Sint-Sixtus has made the necessary contractual arrangements with the above-mentioned data-processors to make sure that they apply the same high standards as Sint-Sixtus.
A transfer of personal data to a processor outside the European Economic Area (EEA) may take place only to countries where the data protection authority in Belgium has determined that they provide the same level of protection or, if this is not the case, provided that Sint-Sixtus has made the necessary contractual arrangements with this processor, taking into account the standard provisions imposed by the Data Protection Authority in Belgium.
3. On what legal basis are your personal data processed?
In accordance with the GDPR we process personal data on the basis of the following legal grounds:
* On the basis of the implementation of the agreement as agreed with the Customer, or the exercise of pre-contractual steps taken at the request of the Customer; or
* On the basis of compliance with legal or regulatory provisions, with respect to the management of the contractual relationship with the Customer, in particular the invoicing;
* On the basis of our legitimate interest in responding to Customer requests for information;
4. What personal data are processed?
Sint-Sixtus undertakes to collect and process only those personal data which are relevant and necessary for the
purposes for which they are processed.
How much and what personal data Sint-Sixtus collects about you depends on your use of our services. The collection of personal data is further expanded as more intensive use is made of our application. Specifically, we process the following categories of personal data:
* Personal identification details such as name, forename and address;
* Contact details (telephone number and e-mail address);
* Data for the verification when you pick up your order like the license plate of your car;
* Your date of birth.
For WHAT PURPOSES ARE YOUR PERSONAL DATA USED?
The processing of your personal data is essential in the context of our beer sales. We only use your information in the context of this service and under no circumstances to send you subsequent promotional offers. Your personal data is collected to properly handle our Customer administration and to do order management and billing.
We always ask for your license plate when ordering so that we can verify your identity when you pick up your
crates.
Finally, your date of birth is always requested so that we can determine whether or not you are of age. Our beer cannot be ordered if you are a minor. In this case, it will not be possible to register you on our application.
Furthermore, the personal data of the Customer can also be used for the management of disputes and for protection against fraud and violations.
In addition, we use cookies to recognize (the IP address of) Customers and provide them with a personal user experience, to remember their technical choices and to detect and correct any errors on the application. Please refer to our cookie statement for more information on how we use cookies.
When you visit the application, some data are collected for statistical purposes. Such data are necessary to optimize the use of our application. These data are: presumed place of consultation, date and time of consultation, which pages were visited, etc. In order to optimally protect your privacy, these data are always anonymised.
We do not collect sensitive personal data, such as information about your race, political opinions, health, religious and other beliefs, sexual orientation, etc.
The client always provides the personal data to Sint-Sixtus and can thus exercise a certain control. Sint-Sixtus reserves the right to suspend or cancel certain operations if the required personal data are missing, incorrect or incomplete.
5. Who receives your personal data?
Your personal data will exclusively be processed for internal use within Sint-Sixtus. Your personal data will not be sold, passed on or communicated to third parties, except if you have given us your explicit consent in advance or if the transfer is necessary for the execution of the contractual or statutory obligation.
6. How long do we keep your personal data?
Your personal data will be retained for as long as it is necessary to pursue the objectives set out in article 5. They are removed from our database when they are no longer required to pursue these goals or if the Customer applies the right to remove the personal data. In any case, your contact details will be kept for three years from the sale, corresponding to the shelf life date of the beer. In this way, we can contact you again in the context of the relevant food legislation.
7. What are you rights?
7.1 Guarantee of lawful and safe processing of personal data
Your personal data will always be processed for legitimate purposes as set out in article 5. They are collected and processed in an appropriate, relevant and proportionate manner, and are not retained longer than necessary to achieve the objectives set.
7.2 Right to access
If you can prove your identity, you obtain the right to obtain information about the processing of your personal data. Thus, you have the right to access the purposes of the processing, the categories of personal data, the categories of recipients to which the personal data are sent, the criteria that determine the period of data retention and the rights that you can exercise in relation to your personal data.
7.3 Right to rectification
Inaccurate or incomplete information can be corrected. In the first instance, it is the Customer's responsibility to make the necessary adjustments to his "user profile". The Customer can also contact us with a request for modification.
7.4 Right to delete your personal data
You also have the right to obtain the removal of your personal data, in the following cases:
- Your personal data are no longer required for the intended purpose;
- You revoke your consent to the processing of your personal data and there is no other legal basis for the processing of your personal data;
- You have lawfully lodged an objection against the processing of your personal data;
- Your personal data are processed unlawfully;
- Your personal data must be removed on the basis of a legal obligation.
7.5 Right to limitation of processing
In some cases, you have the right to request restrictions on the processing of your personal data. This is particularly true in the event of a dispute regarding the accuracy of personal data, if the personal data are necessary in the course of a legal procedure or during the time necessary for Sint-Sixtus to determine that you can validly exercise your right of removal.
7.6 Right to object
You have the right at all times to oppose the processing of your personal data for ”direct marketing” purposes, for profiling purposes or for purposes resulting from the legitimate interests of the Controller. Sint-Sixtus will cease to process your personal data unless Sint-Sixtus can demonstrate that there are compelling legal reasons for processing your personal data that prevail on your right to oppose.
7.7 Right to data transfer
You have the right to obtain the personal data provided to Sint Sixtus in a structured, common and machine-readable form. In addition, you also have the right to transfer this personal data to another Controller, unless this is technically impossible.
8. How can you exercise your rights?
If you wish to exercise your rights, you must send a written request and proof of identity by registered letter to Sint-Sixtus Abbey, Donkerstraat 12, 8640 Westvleteren, Belgium or via e-mail to privacy@sintsixtus.be. We will reply as soon as possible, no later than one (1) month after receiving your request.
9. Possibility of lodging a complaint
If you have any comments or complaints about how we handle your personal data, please report it to us first. In this way, we can reach an amicable solution by mutual agreement.
If, after this report, you are not yet satisfied with the processing of your personal data by Sint-Sixtus, you have the right to lodge a complaint with the competent supervisory authority (for Belgium: https://www.dataprotectionauthority.be/ )