Privacy and Cookies Policy

Version dd. 12/12/2017

1. Object

 

This Policy has been drawn up by the SPRL-Starter FONTAINE DE MOTS (and subsequently FONTAINE DE MOTS SPRL once the former has become a full-fledged SPRL), with registered office in 4317 Faimes (BELGIUM), rue de Huy, 271, registered with the Crossroads Bank for Enterprises under no. 0641.942.436 (hereinafter referred to as the “Data Controller”).

 

The purpose of this Policy is to inform Users of the website www.fontainedemots.com about the manner in which the Data Controller collects and processes data.

 

The term “User” refers to any and all users, i.e. any natural or legal person who consults the website or its content, who downloads and uses files, who registers via any form published on the website, who subscribes to any of the Data Controller’s services or who enters into a contractual relationship with the Data Controller.

 

This Policy reflects the Data Controller’s wish to act in all transparency, in accordance with the Data Protection Act of 8 December 1992 and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “General Data Protection Regulation”).

 

The Data Controller attaches great importance to the privacy of its Users and, accordingly, undertakes to take all reasonable measures to protect Users’ personal data against loss, theft, disclosure or unauthorised use.

 

Users who wish to respond to any one of the practices described below can contact the Data Controller at the address listed under point 18, “Contact details”, of this Policy.

 

2. Consent

 

By accessing and using the website, the User confirms that he has read the information described below, that he agrees to this Policy and that he expressly authorises the Data Controller to collect and process, in accordance with the terms and principles set out in this Policy, any of the personal data he communicates via the website and/or in the context of the services offered, for the purposes set out hereafter.

 

Users are free to withdraw their consent at any time. The withdrawal of such consent shall not in any way affect the legality of the processing based on the consent previously obtained.

 

3. Data collected

 

By visiting and using the website, the User expressly authorises the Data Controller to collect and process, in accordance with the terms and principles set out hereafter, the following personal data:

a) the User’s domain (which the Data Controller’s server detects automatically), including the User’s dynamic IP address;

b) the User’s e-mail address if the User has previously disclosed it by any means, more specifically by communicating with the Data Controller by e-mail, etc.;

c) any information relating to the pages the User has visited on the website;

d) any information the User has disclosed of his own accord, including his surname and first name, his domicile and/or work address, his telephone number, e-mail address, geolocation, age, gender, etc.

 

The Data Controller may also collect non-personal data. Non-personal data are data that cannot in any way identify people, whether directly or indirectly. Data such as these may be used for a variety of purposes, for instance to enhance the website, the products and services offered or the Data Controller’s advertisements.

 

Where non-personal data are combined with personal data, so that the persons in question could potentially be identified, the data in question shall be processed like personal data until such time as they can no longer be linked with the person concerned.

 

4. Collection methods

 

The Data Controller collects personal data via:

a) various types of contact forms the User completes voluntarily, freely and manually;

b) the use of cookies;

c) Facebook;

d) other social networks, as the case may be.

 

5. Purposes of the processing

 

Personal data are collected and processed for the following purposes only:

a) to manage and monitor the performance of the services offered;

b) to send out promotional information (via newsletters) about the Data Controller’s products and services;

c) to, potentially, offer services on preferential terms;

d) to answer the User’s questions;

e) to compile statistics;

f) to enhance the quality of the website and the products and/or services the Data Controller offers;

g) to provide information about any new services the Data Controller offers;

h) for direct marketing purposes;

i) to better identify the User’s interests,

j) to send out invoices and facilitate online payment for the services provided.

 

In time, the Data Controller may carry out processing operations that are not yet covered by this Policy. In that case, the Data Controller undertakes to contact the User before reusing his personal data so as to inform him of the changes and, as appropriate, to give him the opportunity to refuse any such re-use.

 

6. Retention period

 

The Data Controller shall only store personal data for as long as is reasonably required for the purposes pursued and in accordance with the statutory and regulatory requirements.

 

Users’ personal data shall be stored for a maximum of three years after the contractual relationship between the User and the Data Controller has come to an end.

 

For certain categories of data, such as traffic data which are kept for 12 months only, a shorter data retention period applies.

 

Once the retention period has expired, the Data Controller shall do everything in its power to ensure that the personal data have been made unavailable.

7. Data access and copy

 

By means of a dated and signed written request, addressed to the Data Controller and sent to the address listed under point 18, “Contact details”, of this Policy, any User who provides proof of his identity (by enclosing a copy of his identity card) may, free of charge, obtain written communication or a copy of the personal data that have been collected about him.

 

The Data Controller may charge a reasonable fee based on the administrative costs for any additional copy the User may require.

 

If the User submits this request via the email address listed under point 18, “Contact details”, of this Policy, the information shall be provided in a commonly used electronic format, unless the User requests otherwise.

 

The User shall be provided with the copy of his personal data within one month of his request having been received.

 

8. Right of rectification

 

By means of a dated and signed written request, addressed to the Data Controller and sent to the address listed under point 18, “Contact details”, of this Policy, any User who provides proof of his identity (by enclosing a copy of his identity card) may, free of charge, without undue delay and at the latest within one month, have any personal data that are incorrect, incomplete or irrelevant rectified and completed if they prove to be incomplete.

 

9. Right to object to the processing of personal data

 

By means of a dated and signed written request, addressed to the Data Controller and sent to the address listed under point 18, “Contact details”, of this Policy, any User who provides proof of his identity (by enclosing a copy of his identity card) has the right, at any time and free of charge, on grounds relating to his particular situation, to object to the processing of his personal data, if:

  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of the official authority vested in the Data Controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the person concerned which require the personal data to be protected (in particular where the person in question is a child).

 

The Data Controller may refuse to implement the User’s right to object if it demonstrates that there are compelling and legitimate reasons for the processing which override the User’s interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. In the event of dispute, the User can lodge an appeal pursuant to point 17, “Claims and complaints”, of this Policy.

 

By means of a dated and signed written request, addressed to the Data Controller and sent to the address listed under point 18, “Contact details”, of this Policy, any User who provides proof of his identity (by enclosing a copy of his identity card) may, at any time, without justification and free of charge, object to his personal data being processed for direct marketing purposes (profiling included).

 

Where personal data are processed for scientific or historical research purposes or statistical purposes in accordance with the General Data Protection Regulation, the User has the right to object, on grounds relating to his particular situation, to his personal data being processed, unless the processing is necessary for the performance of a task carried out in the public interest.

 

The Data Controller is obliged to respond to the User’s request without undue delay and at the latest within one month and to give reasons if it does not intend to comply with a request of this nature.

 

10. Right to restriction of processing

 

By means of a dated and signed written request, addressed to the Data Controller and sent to the address listed under point 18, “Contact details”, of this Policy, any User who provides proof of his identity (by enclosing a copy of his identity card) has the right to obtain restriction of processing of his personal data in any of the following cases:

a) if the User contests the accuracy of the data and then only for the period the Data Controller needs to verify their accuracy;

b) if the processing is unlawful and the User prefers the data processing to be restricted rather than the data erased;

c) if the Data Controller no longer needs the personal data for processing purposes but the User requires them to establish, exercise or defend a legal claim even if the data in question are no longer needed for processing purposes;

d) for the period of time needed to verify the validity of the objection the User has made, in other words, for the time the Data Controller needs to weigh up the legitimate interests of the Data Controller and those of the User.

 

The Data Controller shall inform the User as soon as the restriction of processing has been lifted.

 

11. Right to erasure (‘right to be forgotten’)

 

By means of a dated and signed written request, addressed to the Data Controller and sent to the address listed under point 18, “Contact details”, of this Policy, any User who provides proof of his identity (by enclosing a copy of his identity card) has the right to have his personal data erased where one of the following grounds apply:

a) the data are no longer necessary for processing purposes;

b) the User has withdrawn his consent to process his personal data and there is no other legal ground for the processing;

c) the User objects to the processing and there are no overriding legitimate grounds for the processing and/or the User exercises his specific right to object to his data being processed for direct marketing purposes (profiling included);

d) the personal data have been processed unlawfully;

e) the personal data must be erased to comply with a legal obligation (under European Union law or the law of a Member State) which the Data Controller is governed by;

f) the personal data have been collected in the context of the offer of information society services for children.

 

The Data Controller may oppose the erasure of personal data in the cases provided for by the General Data Protection Regulation or any other legal standard prevailing at the time the request to have the data erased is submitted.

 

The Data Controller is obliged to respond to the User’s request without undue delay and at the latest within one month and to give reasons if it does not intend to comply with a request of this nature.

 

Under the same conditions, the User also has the right to obtain, free of charge, the deletion or a ban on the use of any personal data which, given the purpose of the processing, are incomplete or irrelevant, or whose recording, disclosure or retention is prohibited or which have been retained beyond the time required and authorised.

 

12. Right to data portability

 

By means of a dated and signed written request, addressed to the Data Controller and sent to the address listed under point 18, “Contact details”, of this Policy, any User who provides proof of his/her identity (by enclosing a legible copy of his/her identity card) has the right to recover his personal data, at any time and free of charge, in a structured, commonly used and machine-readable format, in particular with a view to transmitting them to another Data Controller, where:

  • the processing is carried out by automated means; and
  • the processing is based on the User’s consent or on a contract the User has concluded with the Data Controller.

 

Under the same terms and conditions, the User has the right to have his personal data transmitted directly to another Data Controller, where this is technically feasible.

 

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of the official authority vested in the Data Controller.

 

13. Recipients of the data and disclosure to third parties

 

Other than the Data Controller, the recipients of the data collected and processed are the Data Collector’s appointees or other subcontractors, its carefully selected partners, based in Belgium or the European Union, working with the Data Controller in the context of the marketing of products or the supply of services.

 

Where the data are disclosed to third parties for direct marketing or market development purposes, the User shall be informed beforehand so that he can choose whether or not to agree to his data being processed by third parties.

 

By means of a dated and signed written request, addressed to the Data Controller and sent to the address listed under point 18, “Contact details”, of this Policy, any User who provides proof of his identity (by enclosing a copy of his identity card) has the right to object, at any time and free of charge, to his data being disclosed to third parties.

 

The Data Controller undertakes to act in compliance with the prevailing legislation and regulations and shall in all cases see to it that its partners, appointees, subcontractors and any other third parties who have access to the personal data in question abide by the present Policy.

 

The Data Controller reserves the right to disclose the User’s personal data in cases where such disclosure is required by law, in the context of legal proceedings or by order of a public authority.

 

Personal data shall not be transmitted to anyone based outside the European Union.

 

14. Use and management of cookies

 

General principles. This article provides information on the website’s use of cookies.

 

This cookies management policy is applicable to FONTAINE DE MOTS. Cookies are managed by the Data Controller.

 

FONTAINE DE MOTS uses cookies to make browsing more relevant and reliable. Some of these cookies are essential to the functioning of the website, and others are used to enhance the User’s experience.

 

To personalise the management of cookies, the User will need to change his browser settings. For further information, please refer to “Cookie management” in this clause.

 

By browsing the website, the User expressly agrees to the cookies management policy set out hereafter.

 

Definition of cookies. A “cookie” is a data or text file that an application or Web server writes to the User’s equipment (hard drive of the computer, tablet, smartphone or similar device) via the User’s browser, either temporarily or permanently. Cookies may also be installed by third parties whom the Data Controller works with.

 

Cookies keep track of various bits of information, for instance the User’s language preference. Other cookies gather statistical data about Users or ensure that the graphics are displayed correctly and the applications work as they should. Still others are used to tailor the content and/or the advertisements on an application or a website to individual Users.

 

Use of cookies on the website. FONTAINE DE MOTS uses various types of cookies:

a) Essential or technical cookies: these are indispensable if the website is to operate correctly as they ensure effective communication and are designed to facilitate browsing;

b) Statistical or analytical cookies: these cookies facilitate visitor recognition and are used to count the number of visitors and capture their browsing behaviour as they use and browse the website. They make it possible to enhance Users’ browsing experience and help them to find what they are looking for more easily;

c) Functional cookies: these cookies activate specific website functionalities, make the website more user-friendly and enhance Users’ browsing experience, for instance by keeping track of certain preferences (e.g. language);

d) Performance cookies: these cookies collect information about the manner in which visitors use the website. They are used to assess and improve the content and performance of the website (for instance, by counting the number of visitors or identifying the most popular pages or clicks), and to better tailor business proposals to Users’ individual preferences;

e) Advertising or commercial cookies: these are files that collect data about Users’ profiles and can be installed or read by third parties whom the Data Controller works with so that the effectiveness of a particular ad or page can be measured and better tailored to Users’ individual interests;

f) Tracking cookies: FONTAINE DE MOTS uses tracking cookies via Google Analytics and Facebook Analytics to enable the Data Controller to establish how Users interact with the content of the website and to generate visitor statistics in a strictly anonymous manner. These statistics are used to continuously improve the website and to offer Users relevant content. The Data Controller uses Google Analytics and Facebook Analytics to compile reports on website activity, to establish the origins of that website activity and to check which pages have been visited. This means that Google and Facebook act as subcontractors. The information Google Analytics and Facebook Analytics collect is generated as anonymously as possible. For instance, it is impossible to identify the people who visit the website. For further information, Users can check the Google privacy policy which can be found at the following address:

https://support.google.com/analytics/answer/6004245?hl=fr, and the Facebook privacy policy which has been published at the following address: https://www.facebook.com/policies/cookies/.

 

The Data Controller may also use cookies and tags to compile information about Users’ browsing habits on the various websites and applications within its advertising network.

 

A tag is an invisible image file that follows a User’s browsing on one or more websites and/or applications. Furthermore, advertisers can also install other commercial cookies when they post their ads.

 

Commercial cookies do not contain any personal data. The information that is collected by means of cookies and tags is used to measure advertising effectiveness and to personalise ads on the website and other websites within the advertising network or on websites the Data Controller ensures advertising services for.

 

The length of time cookies are stored for varies according to their type: in general, essential cookies are stored until the browser is closed while functional cookies remain valid for one year and performance cookies for four years.

 

Cookie management. Most browsers have been configured to automatically accept cookies but all will allow Users to tailor their settings to their own preferences.

 

Users who do not want the website to install cookies on their mobile device can easily manage or delete them by changing their browser’s settings. Users can also program their browser to ensure that they are notified whenever a cookie is transmitted and then decide whether or not to accept it.

 

Users can block and/or manage certain cookies by clicking the relevant browser link:

Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies

Chrome: https://support.google.com/accounts/answer/61416?hl=en

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Safari: http://support.apple.com/kb/PH5042

 

Users who do not wish to accept Google Analytics and/or Facebook Analytics cookies can adjust their browser settings to reject the cookies in question. To disable tracking by Google Analytics across all websites, Users can consult the following website: http://tools.google.com/dlpage/gaoptout or the following Facebook page if they no longer wish to be tracked by Facebook Analytics: https://www.facebook.com/policies/cookies/.

 

If the User disables certain cookies, some parts of the website may become partially or completely unavailable and/or unusable.

 

15. Security

 

The Data Controller shall employ the appropriate technical and organisational measures in place to ensure a level of security appropriate to the risks presented by the processing of the data collected and the nature of the personal data to be protected. It does so taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks to Users’ rights and freedoms that it poses.

 

The Data Controller shall always use encryption technologies recognised as being the industrial standards within the IT sector when transmitting or collecting data to/from the website.

 

The Data Controller has put the appropriate security measures in place to safeguard against the loss, misuse or alteration of any information received on the website.

 

16. Communications by post, e-mail or telephone

 

Communication by post. If the User provides the Data Controller with his postal address, his details will be saved to the controller’s address file to allow the controller to respond to the User’s query and to keep the User informed of the Controller’s products and services. Unless the User objects, the Data Controller may also pass on the User’s details to third parties (such as corporate groups and business partners) for direct marketing purposes. If the User does not want his data to be used for direct marketing purposes, he can contact the Data Controller at any time at the address listed under point 18, “Contact details”, of this Policy, making sure to include his name and exact address (spelled correctly).

 

The User may at any time consult his personal data that the Data Controller has on file and have them corrected or deleted. To do so, he will need to contact the Data Controller at the address listed under point 18, “Contact details”, of this Policy, making sure to include his name and exact address (spelled correctly). The Data Controller undertakes to remove the User’s data from the list it shares with other companies or organisations.

 

Communication by telephone. If the User provides the Data Controller with his telephone number, he may be contacted by phone:

  • by the Data Controller to provide him with information about the Data Controller’s products, services or upcoming events;
  • by corporate groups and business partners the Data Controller has a contractual relationship with.

 

If the User does not wish to receive any (further) phone calls he can contact the Data Controller at the address listed under point 18, “Contact details”, of this Policy, making sure to include his name and exact address (spelled correctly). The Data Controller undertakes to remove the User’s data from the list it shares with other companies or organisations.

 

If the User provides the Data Controller with his mobile number via the website, he will only receive messages (SMS/MMS) from the Controller in response to his queries.

 

Communication by e-mail. If the User provides the Data Controller with his e-mail address, he may receive:

  • e-mails from the Data Controller to provide him with information about the Data Controller’s products, services or upcoming events (for direct marketing purposes), provided the User has given his express consent or because he already is a client of the controller and has provided the Data Controller with his e-mail address;
  • e-mails from corporate groups and companies/organisations the Data Controller has a contractual relationship with, for direct marketing purposes, provided the User has given his express consent.

 

If the User does not wish to receive any (further) e-mails he can contact the Data Controller at the address listed under point 18, “Contact details”, of this Policy, making sure to include his name and exact address (spelled correctly). The Data Controller then undertakes to remove the User’s details from the list it shares with other companies or organisations.

 

17. Claims and complaints

 

The User may lodge a complaint with the Belgian Privacy Commission at the following address:

Privacy Commission

Rue de la Presse, 35

1000 Brussels

Tel. + 32 2 274 48 00

Fax + 32 2 274 48 35

commission@privacycommission.be

 

The User may also file a claim with the Court of First Instance with jurisdiction over his domicile.

 

For further details about the available complaints and appeal procedures, the User is welcome to consult the website of the Belgian Privacy Commission at the following address: https://www.privacycommission.be.

 

18. Contact details

 

In the event of questions and/or a complaint, in particular in relation to the clarity and the accessibility of this Policy, the User can contact the Data Controller:

By e-mail: info@fontainedemots.be

By post: 271 rue de Huy, 4317 Faimes (BELGIUM).

 

19. Applicable law and competent jurisdiction

 

The present Policy is governed by Belgian law. Any disputes relating to the interpretation or performance of this Policy are governed by Belgian law and shall be exclusively adjudicated on by the courts of the judicial district where the registered office of the Data Controller is located.

 

20. Miscellaneous provisions

 

The Data Controller reserves the right to amend the provisions of the present Policy at any time. The amendments will be published and Users will be notified when they will come into effect.

 

This Policy version dates from 12 December 2017.

 


Translation French>English: translation agency Fontaine de Mots

Translated by: Dominique Vervaet
Edited by: Philip Lucien