Privacy policy
1. Object
This Policy is established by TREEBIKE SRL located AVENUE LOUISE 251 in 1050 BRUSSELS, listed under registration number: 0745.791.923 (hereinafter referred to as "the controller").
The purpose of this Policy is to inform visitors to the website hosted at the following address: www.treebike.eu (hereinafter referred to as the “website”) of the way in which data is collected and processed by the controller.
This Policy is in line with the wish of the controller to act in complete transparency, in compliance with its national provisions and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (hereinafter referred to as the "General Data Protection Regulation").
The data controller pays particular attention to the protection of the privacy of its users and therefore undertakes to take the reasonable precautions required to protect the personal data collected against loss, theft, disclosure or unauthorized use.
“Personal data” is defined as all personal data concerning the user, that is to say any information which makes it possible to identify him directly or indirectly as a natural person.
If the user wishes to react to one of the practices described below, he can contact the data controller at the postal address or at the email address specified in the "contact details" point of this Policy.
2. What data do we collect?
The data controller collects and processes the following personal data in accordance with the methods and principles described below:
-
its domain (automatically detected by the controller server), including the dynamic IP address;
-
his e-mail address if the user has previously disclosed it, for example by sending messages or questions on the website, by communicating with the controller by e-mail, by participating in discussion forums, by accessing the restricted part of the website by identification, etc. ;
-
all the information concerning the pages that the user has consulted on the website;
-
any information that the user has given voluntarily, for example in the context of information surveys and / or registrations on the website, or by accessing the restricted part of the website with identification.
It is possible that the controller is also required to collect non-personal data. These data are qualified as non-personal data because they do not directly or indirectly identify a particular person.
They can therefore be used for any purpose whatsoever, for example to improve the website, the products and services offered or the advertising of the controller.
In the event that non-personal data is combined with personal data, so that the identification of the data subjects is possible, these data will be treated as personal data until their reconciliation with a particular person is made impossible.
3. Collection methods
The data controller collects personal data as follows:
-
Web form
4. Purposes of processing
Personal data is only collected and processed for the purposes mentioned below:
-
ensure the management and control of the execution of the services offered;
-
dispatch and follow-up of orders and invoices;
-
sending promotional information on the products and services of the controller;
-
sending of promotional material;
-
answer user questions;
-
compile statistics;
-
improve the quality of the website and the products and / or services offered by the controller;
-
to transmit information on new products and / or services of the controller;
-
with a view to commercial prospecting;
-
allow better identification of the user's areas of interest.
The data controller may be required to carry out processing operations which are not yet provided for in this Policy. In this case, he will contact the user before reusing his personal data, in order to inform him of the changes and give him the possibility, if necessary, to refuse this reuse.
5. Legitimate interests
Some of the processing carried out by the controller is based on the legal basis of the latter's legitimate interests. These legitimate interests are proportionate to respect for the rights and freedoms of the user. If the user wishes to be informed of the details of the purposes based on the legal basis of legitimate interests, it is recommended that he contact the data controller (see point relating to “contact data”).
6. Retention period
In general, the controller only keeps personal data for the time reasonably necessary for the purposes pursued and in accordance with legal and regulatory requirements.
The personal data of a client are kept for a maximum of 10 years after the end of the contractual relationship between this client and the controller.
At the end of the retention period, the data controller does everything to ensure that the personal data has indeed been made unavailable and inaccessible.
7. Application of rights
For all the rights listed below, the data controller reserves the right to verify the identity of the user for the application of the rights listed below.
This request for additional information will be made within a period of one month from the introduction of the request by the user.
8. Data access and copying
The user can obtain free of charge the written communication or a copy of the personal data concerning him which have been collected.
The controller may require payment of a reasonable fee based on administrative costs for any additional copies requested by the user.
When the user submits this request electronically, the information is provided in a commonly used electronic form, unless the user requests otherwise.
Unless otherwise provided for by the general data protection regulation, the copy of his data will be communicated to the user no later than one month after receipt of the request.
9. Right to rectification
The user can obtain free of charge, as soon as possible and at the latest within one month, the rectification of his personal data which is inaccurate, incomplete or irrelevant, as well as complete them if they prove to be incomplete. .
With the exception of the general data protection regulations, the request for the application of the right to rectification is processed within one month of its introduction.
10. Right to object to processing
The user may at any time, for reasons relating to his particular situation, object free of charge to the processing of his personal data, when:
◦ processing is necessary for the performance of a task of public interest or relating to the exercise of public authority vested in the controller;
◦ processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail (in particular when the person concerned is a child).
The data controller may refuse to implement the user's right of opposition when he establishes the existence of compelling and legitimate reasons justifying the processing, which take precedence over the interests or rights and freedoms of the user, or for the establishment, exercise or defense of legal claims. In the event of a dispute, the user may lodge an appeal in accordance with the point “complaints and complaints” of this Policy.
The user can also, at any time, object, without justification and free of charge, to the processing of personal data concerning him when his data is collected for the purposes of commercial prospecting (including profiling).
When personal data is processed for scientific or historical research purposes or for statistical purposes in accordance with the general data protection regulation, the user has the right to object, for reasons relating to his particular situation , to the processing of personal data concerning him, unless the processing is necessary for the performance of a task of public interest.
Unless otherwise provided for by the general data protection regulation, the controller is required to respond to the user's request as soon as possible and at the latest within one month and to justify his response when he intends not to act on such a request.
11. Right to restriction of processing
The user can obtain the limitation of the processing of his personal data in the cases listed below:
◦ when the user disputes the accuracy of a data and only for the time that the controller can check it;
◦when the processing is unlawful and the user prefers the limitation of processing to erasure;
◦ when, although no longer necessary for the pursuit of the purposes of the processing, the user needs them for the establishment, exercise or defense of their legal rights;
◦during the time necessary to examine the merits of a request for opposition submitted by the user, in other words the time that the controller checks the balance of interests between the legitimate interests of the controller and those of the user.
The controller will inform the user when the restriction of processing is lifted.
12. Right to erasure (right to be forgotten)
The user can obtain the erasure of personal data concerning him, when one of the following reasons applies:
◦ the data are no longer necessary for the purposes of the processing;
◦ the user has withdrawn their consent to their data being processed and there is no other legal basis for the processing;
◦ the user objects to the processing and there are no compelling legitimate grounds for the processing and / or the user exercises his specific right of opposition in direct marketing (including profiling);
◦ the personal data have been processed unlawfully;
◦ personal data must be erased in order to comply with a legal obligation (under Union law or the law of the Member State) to which the controller is subject;
◦ the personal data have been collected in the context of the offer of information society services aimed at children.
However, the erasure of data is not applicable in the following cases:
◦when the processing is necessary for the exercise of the right to freedom of expression and information;
◦ when the processing is necessary to comply with a legal obligation which requires the processing provided for by Union law or by the law of the Member State to which the controller is subject, or to perform a task of public interest or coming under the exercise of public authority vested in the person responsible;
◦ when the processing is necessary for reasons of public interest in the field of public health;
◦ when the processing is necessary for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes and insofar as the right to erasure is likely to make impossible or seriously compromise the realization the purposes of the processing in question;
◦ when the processing is necessary for the establishment, exercise or defense of legal claims.
Unless otherwise provided for by the general data protection regulation, the controller is required to respond to the user's request as soon as possible and at the latest within one month and to justify his response when he intends not to act on such a request.
13. Right to "data portability"
The user may at any time request to receive their personal data free of charge in a structured, commonly used and machine-readable format, in particular with a view to transmitting them to another controller, when:
◦ the data processing is carried out using automated processes; and when
◦ the processing is based on the user's consent or on a contract concluded between the user and the controller.
Under the same conditions and according to the same modalities, the user has the right to obtain from the controller that the personal data concerning him be transmitted directly to another responsible for the processing of personal data, insofar as this is technically possible.
The right to data portability does not apply to processing which is necessary for the performance of a task of public interest or relating to the exercise of public authority vested in the controller.
14. Recipients of data and disclosure to third parties
The recipients of the data collected and processed are, in addition to the controller himself, his employees or other subcontractors, his carefully selected business partners, located in the European Union, and who collaborate with the controller in the for the marketing of products or the provision of services.
In the event that the data is disclosed to third parties for the purposes of direct marketing or commercial prospecting, the user will be informed in advance so that they can choose to accept the transfer of their data to third parties.
As soon as this transfer is based on the user's consent, the user can, at any time, withdraw his consent for this specific purpose.
The controller complies with the legal and regulatory provisions in force and will in all cases ensure that its partners, employees, subcontractors or other third parties having access to this personal data comply with this Policy.
The data controller discloses the user's personal data in the event that a law, legal procedure or order of a public authority would make this disclosure necessary.
No transfer of personal data outside the European Union is made by the controller.
15. Security
The data controller implements the appropriate technical and organizational measures to guarantee a level of security for the processing and the data collected with regard to the risks presented by the processing and the nature of the data to be protected adapted to the risk. It takes into account the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of users.
The data controller always uses encryption technologies that are recognized as industry standards within the IT sector when transferring or receiving data on the website.
The data controller has put in place appropriate security measures to protect and prevent the loss, misuse or alteration of information received on the website.
In the event that the personal data that the controller controls should be compromised, he will act quickly to identify the cause of this violation and take appropriate remedial measures.
The data controller informs the user of this incident if the law requires it.
16. Complaints and complaints
If the user wishes to react to one of the practices described in this Policy, it is advisable to contact the data controller directly.
The user can also lodge a complaint with his national supervisory authority, whose contact details are listed on the official website of the European Commission: http://ec.europa.eu/news room / article29 / item-detail.cfm ? item_id = 612080.
In addition, the user has the possibility to lodge a complaint before the competent national courts.
17. Contact details
For any question and / or complaint relating to this Policy, the user can contact the data controller:
By email: jek@treebike.eu.
By mail: Treebike srl - avenue Louise 251 - 1050 Brussels.
18. Modification
The data controller reserves the right to modify the provisions of this Policy at any time. The changes will be published directly on the website of the data controller.
19. Applicable law and competent jurisdiction
This Policy is governed by the national law of the main place of establishment of the controller.
Any dispute relating to the interpretation or execution of this Policy will be submitted to the jurisdictions of this national law.
This version of the Policy dates from 01/10/2020.