PRIVACY POLICY

1 INTRODUCTION

1.1 GENERAL

OMG Antwerpen BVBA, company nr. 0670.481.519, d/b/a David Gotlib (hereinafter “We” or “Us”) respects the privacy of every visitor to our Website (hereafter: Visitor) www.davidgotlib.be and every person who places an order and relies on our services (hereafter: Customer). Accordingly, We will only collect and use personal data in the manner described herein and in accordance with our obligations and rights under applicable privacy laws.
Transparency is a crucial part of this privacy legislation and forms the basis of this Privacy Policy. We also take into account principles such as proper and careful processing.
Accordingly, this Privacy Policy is therefore applicable when We act as controller for the processing of personal data through our Website, in other words, when We determine the purpose and means of processing that personal data.
Please read this Privacy Policy carefully and make sure you understand it well.


1.2 WHAT ARE PERSONAL DATA?


Personal data is defined in the GDPR as any information about a natural person that can be directly or indirectly identified. It may include obvious information, such as your name and contact details, but also less obvious information, such as identification numbers, electronic location data and other online identifiers.


2 CONTACT DETAILS


You can contact Us:
(a) by post, to the following postal address; or
OMG Antwerpen BVBA
Schupstraat 18
B-2018 ANTWERP
Belgium
(b) via the contact form on our Website.


3 WHAT PERSONAL DATA DO WE

PROCESS, AND HOW ARE THESE DATA USED?


3.1 INFORMATION PROCESSING


Personal data Processing purpose Legal basis Retention period (*)
Usage Data from Users and Customers:
IP address;
geographical location;
browser type and version;
operating system;
reference source;
duration of your visit;
page views and website navigation paths, as well as information about the timing, frequency, and pattern of your use of the service.
We process the usage data via cookies. These usage data can be processed so that the Website can function technically properly and to analyse the use of the Website and services.
Consent (for not strictly necessary cookies);
Our legitimate interests, so that the Website functions technically properly in accordance with the necessary cookies as referred to in Our Cookie Policy.
See the Cookie Policy on this Website.
Communication Data from Users and Customers:
Name
Email address

The source of the communication data is the information you provide to Us when you contact Us. The communication data may be processed for the purpose of communicating with you and maintaining records.
Legitimate interest, to respond to requests, questions or comments or to contact you for inquiries of any kind (e.g. when you contact us via Our contact form).
Personal information is retained until we believe you are satisfied with our response.
Transaction Data from Customers:
Contact details
Card details

The source of the transaction data is the information You provide to Us when You make purchases through Our Website.
Transaction Data may be processed for the purpose of delivering the purchased goods and services and keeping proper records of those transactions.
Execution of a contract between You and Us;
At your request, taking steps to enter into such a contract.
Personal data will be kept for the duration of the contract. After termination of the agreement, personal data will be kept for another seven years in order to comply with the legal obligation (tax obligation).
Customer data:
Name;
First name;
Address;
Telephone number;
E-mail address;
Log-in details.
Customer management: customer administration, order management, deliveries, invoicing, checking creditworthiness, support and complaint monitoring.
Execution of a contract between You and Us;
At your request, taking steps to enter into such a contract.
Personal data will be kept for the duration of the contract. After termination of the agreement, personal data will be kept for another seven years in order to comply with the legal obligation (tax obligation).
(*) Notwithstanding the above, We may retain your personal information when necessary to comply with a legal obligation to which We are subject, or to protect your vital interests or the vital interests of another natural person.


3.2 PROCESSORS


A processor is someone who processes personal data at the request of or on behalf of Us. We may sometimes enter into a contract with this party to provide certain products and/or services. In other words: We make use of processors, when this is necessary for the provision of services. In this case, We will enter into a written agreement with the processor whereby the security of your personal data is guaranteed by the processor. The processor always acts according to our instructions.
Moreover, our sister company of the United States, David Gotlib (New York), can have access to the EU data. To this end, we have entered a written agreement with the United States’ entity, having the capacity of processor when accessing EU data.
We appeal to the following categories of processors:
Companies we have engaged for ICT technical support and hosting purposes;
Companies we have engaged for analytical purposes;
Our affiliate (sister company) (United States – headquarter New York)
Companies we have engaged for marketing purposes;
Companies we have engaged for administrative purposes (e.g. CRM system);
Companies we have engaged for logistic purposes (e.g. order picking, delivery, etc.); and
Companies we have engaged for payment purposes.


4 PROVIDING YOUR PERSONAL DATA TO THIRD PARTIES


In principle, We will not share your personal data with third parties (other than processors) for any purpose, unless you have given us your explicit and informed consent beforehand or when We are subject to the exception below.
In some circumstances, We may be required by law to share certain personal data, including yours, if We are involved in legal proceedings or to comply with legal obligations, a court order, or the instructions of an authorized government agency.


5 INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA


In principle, we process personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states plus Norway, Iceland and Liechtenstein. This means that your personal data will be fully protected under the GDPR or equivalent legal standards.
Our sister company in the United States has access to EU customer data. The EU customer data is stored in a datacenter in the EU, but Our sister company in the US has screen access (for operational purposes) to the EU data. This means that there is a transfer of EU data to the US. This means that We will take extra steps to ensure that your personal data is treated as safely and securely as it is in the EEA. We will enter into Standard Contractual Clauses (SCCs, approved by the European Commission) with Our sister company and take additional measures to protect our customer data from unauthorized access.


6 SECURITY OF YOUR PERSONAL DATA


We will take appropriate technical and organizational measures to secure your personal data and to prevent the loss, misuse or alteration of your personal data.


7 MODIFICATIONS


We may update this policy from time to time by publishing a new version on our Website. This may be necessary, for example, if the law changes, or if We change things in a way that affects the protection of personal data. We encourage you to check this page from time to time to ensure that you are happy with any changes to this privacy policy.
If We are in possession of your e-mail address in case you are a customer, We will undertake to notify you of any significant changes to our Privacy Policy by e-mail.


8 YOUR RIGHTS


Some rights are complex and not all details are included here. Therefore, please read the relevant provisions and guidelines of supervisory authorities for a full explanation of these rights.
Your most important rights under the GDPR are:
the right of access;
the right of rectification;
the right to erasure (right to be forgotten);
the right to restriction;
the right to object;
the right to data portability;
the right to lodge a complaint to a supervisory authority; and
the right to revoke your consent.
You may exercise your rights with respect to your personal data by notifying us in writing.
We will respond to your request within one month of receiving it. We normally aim to provide a full response within that time. However, in some cases, especially if your request is more complex, more time may be required, up to a maximum of three months from the date We receive your request. You will be kept fully informed of progress.


8.1 THE RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY


If you believe that our processing of your personal data violates data protection laws (GDPR), you have the right to lodge a complaint with the supervisory authority:
Data Protection Authority
Drukpersstraat 35, 1000 BRUSSELS
+32 (0)2 274 48 00
[email protected]
https://www.gegevensbeschermingsautoriteit.be


8.2 THE RIGHT TO REVOKE YOUR CONSENT


Insofar as the legal basis for our processing of your personal data is consent, you have the right to revoke this consent at any time. Revocation does not affect the lawfulness of the processing prior to revocation.


9 UPDATING YOUR PERSONAL DATA


Let us know if the personal information We hold about you needs to be corrected or updated.