This Charter is established by JMF, located Avenue Louise 362 in 1050 Brussels, registered with the Banque Carrefour des entreprises under the number: 0718.644.690 (hereinafter referred to as "the controller").
The purpose of this Charter is to inform visitors to the website hosted at https://labonneetoile.cooking/ (hereinafter referred to as the "website") of the way in which the data are collected and processed by the data controller.
This Charter is in keeping with the wish of the controller to act in full transparency, in compliance with the law of 8 December 1992 on the protection of privacy with regard to the processing of personal data. and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing the directive 95/46 / EC (hereinafter referred to as the "General Data Protection Regulation").
The data controller pays particular attention to the protection of the privacy of its users and therefore undertakes to take the reasonable precautions required to protect the personal data collected against loss, theft, disclosure or unauthorized use.
If the user wishes to react to one of the practices described below, he can contact the data controller at the postal address or at the email address specified in the "contact data" section of this Policy.
By accessing and using the website, the user declares to have read the information described below, accepts this Charter and expressly consents to the data processing manager collecting and processing, in accordance with the terms and principles described in this Charter, his personal data which he communicates through the website and / or during the services offered on the website, for the purposes indicated below.
The user has the right to withdraw his consent at any time. The withdrawal of consent does not compromise the lawfulness of processing based on the consent previously given.
WHAT DATA DO WE COLLECT?
By visiting and using the website, the user expressly consents to the data controller collecting and processing, in accordance with the methods and principles described below, the following personal data:
- its domain (automatically detected by the controller server), including the dynamic IP address;
- his e-mail address if the user has previously disclosed it, for example by sending messages or questions on the website, by communicating with the controller by e-mail, by participating in discussion forums, by accessing the restricted part of the website by identification, etc. ;
- all information about the pages the user has visited on the website;
- any information that the user has given voluntarily, for example in the context of information surveys and / or registrations on the website, or by accessing the restricted part of the website by means of identification (access to his personal account ).
We also collect the following data:
- Personal data collected for a reservation (restaurant or event)
- Data when registering for the newsletter
The data controller may also need to collect non-personal data. These data are qualified as non-personal data because they do not directly or indirectly identify a particular person. They may therefore be used for any purpose whatsoever, for example to improve the website, the products and services offered or the advertising of the data controller.
In the event that non-personal data is combined with personal data, so that it is possible to identify the data subjects, these data will be treated as personal data until their reconciliation with a particular person is made impossible.
The data controller collects personal data as follows:
- Google analytics
- Newsletter subscription form
- Reservation forms (for the restaurant or for an event)
PURPOSES OF THE PROCESSING
Personal data is collected and processed only for the purposes mentioned below:
- ensure the management and control of the execution of the services offered;
- dispatch and follow-up of orders and invoices;
- sending promotional information on the products and services of the controller;
- sending, possibly, free samples or offering of services at preferential conditions;
- answer user questions;
- compile statistics;
- improve the quality of the website and the products and / or services offered by the controller;
- to transmit information on new products and / or services of the controller;
- for direct marketing actions;
- allow better identification of the user's areas of interest.
The data controller could be required to carry out data processing which is not yet provided for in this Policy. In this case, the data controller will contact the user before reusing his personal data, in order to inform him of the changes and give him the possibility, if necessary, to refuse this reuse.
THE DURATION OF THE CONVERSATION
The controller retains personal data only for the time reasonably necessary for the purposes pursued and in accordance with legal and regulatory requirements.
The personal data of a customer are kept for a maximum of 3 years after the end of the contractual relationship between this customer and the controller.
Shorter retention periods apply for certain categories of data, such as traffic data which is only retained for 12 months.
At the end of the retention period, the controller shall do everything possible to ensure that the personal data has indeed been made unavailable.
DATA ACCESS AND COPY
By means of a dated and signed written request sent to the data controller at the address referred to in the “contact details” point of this Policy, the user may, after having provided proof of his identity (including a copy of the identity card) , obtain free of charge written communication or a copy of the personal data concerning him that has been collected.
The controller may require payment of a reasonable fee based on administrative costs for any additional copies requested by the user.
When the user submits this request electronically, the information is provided in a commonly used electronic form, unless the user requests otherwise.
The copy of their data will be communicated to the user no later than one month after receipt of the request.
RIGHT OF CORRECTION
By means of a dated and signed written request sent to the data controller at the address referred to in the “contact details” point of this Policy, the user may, after having provided proof of his identity (by attaching a copy of the identity card ), obtain free of charge, as soon as possible and at the latest within one month, the rectification of his personal data which is inaccurate, incomplete or irrelevant, as well as complete them if they prove to be incomplete.
RIGHT TO OBJECT TO TREATMENT
By means of a dated and signed written request sent to the data controller at the address referred to in the “contact details” point of this Policy, the user may at any time, for reasons relating to his particular situation and after having justified his identity (by attaching a copy of the identity card), object free of charge to the processing of their personal data, when:
- processing is necessary for the performance of a task of public interest or falling within the exercise of public authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data (in particular when the affected person is a child).
The controller may refuse to implement the user's right to object when he establishes the existence of compelling and legitimate reasons justifying the processing, which take precedence over the interests or rights and freedoms of the user, or for the establishment, exercise or defense of legal claims. In the event of a dispute, the user may lodge an appeal in accordance with the point "complaints and complaints" of this Charter.
By means of a dated and signed written request sent to the data controller at the address referred to in the “contact details” point of this Policy, the user may, at any time and after having provided proof of his identity (by attaching a copy of the identity card), oppose, without justification and free of charge, the processing of personal data concerning him when his data is collected for direct marketing purposes (including profiling).
When personal data is processed for scientific or historical research purposes or for statistical purposes in accordance with the general data protection regulation, the user has the right to object, for reasons relating to his particular situation , to the processing of personal data concerning him, unless the processing is necessary for the performance of a task of public interest.
The controller is required to respond to the user's request as soon as possible and at the latest within one month and to justify his response when he intends not to follow up on such request.
RIGHT TO LIMITATION OF PROCESSING
By means of a dated and signed written request sent to the data controller at the address referred to in the “contact details” point of this Policy, the user may, after having provided proof of his identity (including a copy of the identity card) , obtain the limitation of the processing of his personal data in the cases listed below:
- when the user disputes the accuracy of a data and only for the time that the controller can control it;
- when the processing is unlawful and the user prefers the limitation of processing to erasure;
- when, although no longer necessary for the pursuit of the processing purposes, the user needs it for the establishment, exercise or defense of their legal rights;
- for the time necessary to examine the merits of a request for opposition submitted by the user, in other words the time for the controller to verify the balance of interests between the legitimate interests of the user controller and those of the user.
The controller will inform the user when the restriction of processing is lifted.
RIGHT TO ERASURE (RIGHT TO FORGET)
By means of a dated and signed written request sent to the data controller at the address referred to in the “contact details” point of this Policy, the user may, after having provided proof of his identity (including a copy of the identity card) , obtain the erasure of personal data concerning him, when one of the following reasons applies:
- the data are no longer necessary for the purposes of the processing;
- the user has withdrawn their consent to their data being processed and there is no other legal basis for the processing;
- the user objects to the processing and there are no compelling legitimate grounds for the processing and / or the user exercises their specific right of opposition in direct marketing (including profiling);
- the personal data have been the subject of unlawful processing;
- personal data must be erased to comply with a legal obligation (under Union law or Member State law) to which the controller is subject;
- the personal data has been collected as part of the provision of information society services to children.
However, the erasure of data is not applicable in the following 5 cases:
- when the processing is necessary for the exercise of the right to freedom of expression and information;
- when the processing is necessary to comply with a legal obligation which requires the processing provided for by Union law or by the law of the Member State to which the controller is subject, or to perform a task of public interest or falling under the exercise of
- the public authority with which the person responsible would be invested;
- when the processing is necessary for reasons of public interest in the field of public health;
- when the processing is necessary for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes and insofar as the right to erasure is likely to make impossible or seriously compromise, the realization the purposes of the processing in question;
- when the processing is necessary for the establishment, exercise or defense of legal claims.
The controller is required to respond to the user's request as soon as possible and at the latest within one month and to justify his response when he intends not to follow up on such request.
The user also has the right, under the same terms, to obtain free of charge the deletion or prohibition of the use of any personal data concerning him which, taking into account the purpose of the processing, would be incomplete or irrelevant or whose recording, communication or conservation would be prohibited or which has been kept beyond the necessary and authorized period.
RIGHT TO "DATA PORTABILITY"
By written, dated and signed request sent to the data controller at the address referred to in the “contact details” point of this Policy and after having provided proof of their identity (attaching a legible copy of the identity card), The user may at any time request to receive their personal data free of charge in a structured, commonly used and machine-readable format, in particular with a view to transmitting them to another controller, when:
- data processing is carried out using automated processes; and when
- the processing is based on the user's consent or on a contract concluded between the user and the controller.
Under the same conditions and according to the same modalities, the user has the right to obtain from the controller that the personal data concerning him be transmitted directly to another person responsible for the processing of personal data, insofar as this is technically possible.
The right to data portability does not apply to processing which is necessary for the performance of a task in the public interest or falling within the exercise of public authority vested in the controller.
RECIPIENTS OF DATA AND DISCLOSURE TO THIRD PARTIES
The recipients of the data collected and processed are, in addition to the data controller himself, his employees or other subcontractors, his carefully selected business partners, located in Belgium or in the European Union, and who collaborate with the data controller. processing in connection with the marketing of products or the provision of services.
In the event that the data is disclosed to third parties for direct marketing or prospecting purposes, the user will be informed in advance so that they can choose whether or not to accept this processing of their data by third parties.
By means of a dated and signed written request sent to the data controller at the address referred to in the “contact details” point of this Policy, the user may, at any time and after having provided proof of his identity (by attaching a copy of the identity card), object free of charge to the transmission of their data to third parties.
The data controller complies with the legal and regulatory provisions in force and will in all cases ensure that its partners, employees, subcontractors or other third parties having access to this personal data comply with this Charter.
The data controller reserves the right to disclose the user's personal data in the event that a law, legal procedure or an order of a public authority makes this disclosure necessary.
No transfer of personal data outside the European Union takes place.
USE AND MANAGEMENT OF “COOKIES”
This cookie management policy applies to the website. These are managed by the controller.
Most web browsers are configured to automatically accept cookies. If the user wishes to personalize their management, they must modify their browser settings. He will find further information on this subject under "cookie management" of this provision.
By visiting and using the website, the user expressly agrees with the management of cookies described below.
Definition of cookies.
A “cookie” is a data or text file that the server of a website stores temporarily or permanently on the user's equipment (hard drive of the computer, tablet, smartphone, or any other device. similar) through its browser. Cookies can also be installed by third parties with whom the data controller works.
Cookies retain a certain amount of information, such as the language preferences of visitors or the content of their shopping cart. Other cookies collect statistics about the users of a website or ensure that graphics appear correctly and that applications work well on the website. Still others allow the content and / or advertising of a website to be tailored to the user.
The website uses different types of cookies:
- Essential or technical cookies: these are cookies that are essential for the operation of the website, allowing good communication and intended to facilitate navigation;
- Statistical or analytical cookies: these cookies make it possible to recognize and count the number of visitors and to see their surfing behavior when they visit the website. This improves user navigation and makes it easier for them to find what they are looking for;
- Functional cookies: these cookies are used to activate specific features on the website in order to improve the user-friendliness and experience of the user, in particular by remembering their choice of preferences (for example the language);
- Performance cookies: these cookies collect information about how visitors use the website. They make it possible to evaluate and improve the content and performance of the website (for example by counting the number of visitors, by identifying the most popular pages or clicks), and to better match commercial proposals to personal preferences. of the user;
- Advertising or commercial cookies: these are files intended to collect data relating to the profile of visitors and likely to be installed or read by third parties with whom the data controller works in order to measure the effectiveness of an advertisement. or a web page and better adapt it to the user's interests;
- Tracking cookies: the website uses tracking cookies via Google Analytics, in order to help the data controller to measure the ways in which users interact with the content of the website, and which generates visit statistics strictly anonymous. These statistics are used to continuously improve the website and provide the user with relevant content. The controller uses Google Analytics to gain insight into website traffic, the origin of this traffic and the pages visited. This means that Google is acting as a processor. The information collected by Google Analytics is generated as anonymously as possible. For example, it is not possible to identify the people who visit the website. For more information, the user is invited to consult Google's data protection policy, available at the following address: https://www.google.com/intl/fr/policies/privacy/
- Use of sharing tools: Our website uses some social media tools in the form of sharing buttons that make it easy for visitors to share information with their friends on certain social networks. Therefore it is possible that, by visiting a page on which such a plug-in is included, you are confronted with cookies from these websites. These sites are not managed by JMF. By using these links, you agree to the privacy policies of those sites. These sites may also set a cookie if you are logged in to their services. In this way, they may also collect data in order to show you, on other sites, advertisements that they consider relevant to your interests.
A tag is an invisible image file that tracks user navigation on one or more websites and / or applications. In addition, other commercial cookies may be installed by advertisers when their ad is served.
Commercial cookies do not contain personal data. The information collected with the help of commercial cookies and beacons is used to measure the effectiveness of advertising and to better personalize advertising on the website and on other websites belonging to the advertising network or for which the data controller provides advertising services.
The retention period for cookies varies depending on their type: essential cookies are generally kept until the browser is closed, while functional cookies remain valid for 1 year and performance cookies for 4 years.
The controller authorizes public search engines to visit the website via 'spiders' with the sole purpose of making the access and content of the website accessible through their search engines, without the controller not grants the right to archive the website. The controller reserves the right to withdraw the authorization as formulated in this article at any time.
To make offers likely to interest the user, the controller is likely to enter into agreements with internet advertising agencies. They have received permission from the data controller to place advertisements on the website. When the user visits the website, advertising agencies can also collect information.
Management of cookies.
Most browsers are set to automatically accept cookies, but all allow you to customize settings to suit user preferences.
If the user does not want the website to place cookies on their computer / mobile device, they can easily be managed or deleted by changing their browser settings. The user can also program their browser to send them a notice when they receive a cookie and thus decide whether or not to accept it.
If the user wishes to block and / or manage certain cookies, he can do so by following the link linked to his browser:
Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
To no longer be tracked by Google Analytics on any website, the user is invited to visit the following website: http://tools.google.com/dlpage/gaoptout
In the event that the user disables certain cookies, it is possible that some parts of the website cannot be viewed and / or used, or that they are only partially so.
The controller implements the appropriate technical and organizational measures to guarantee a level of security of the processing and the data collected with regard to the risks presented by the processing and the nature of the data to be protected adapted to the risk. It takes into account the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of users.
The data controller always uses encryption technologies that are recognized as industry standards within the IT sector when transferring or receiving data on the website.
The data controller has implemented appropriate security measures to protect and prevent the loss, misuse or alteration of information received on the website.
COMMUNICATIONS BY POSTAL, ELECTRONIC OR TELEPHONE
Communication by post.
If the user communicates his postal address to the controller via the website, his data is recorded in the manager's address file to respond to his request and to keep him informed of the products and services offered by the manager. Unless the user objects, the controller may also communicate user data to third parties (such as groups of companies and business partners) for direct marketing purposes. If the user does not want their data to be used for direct marketing purposes, they can indicate this when registering on the website.
The user can at any time consult, correct or delete his data in the file of the controller. To do this, he must contact the data controller at the address referred to in the "contact data" point of this Policy, not forgetting to specify his name and his exact address (spelled correctly). The controller undertakes to delete his data from the list he shares with other companies or organizations.
Communication by telephone.
If the user provides the data controller with his phone number via the website, he may receive a phone call:
- the controller in order to communicate information about its products, services or upcoming events;
- groups of companies and business partners with which the controller is contractually bound.
If the user does not / no longer wish to receive such telephone calls, he can contact the data controller at the address referred to in the “contact details” point of this Policy, not forgetting to specify his name as well as his correct address (spelled correctly). The controller undertakes to delete his data from the list he shares with other companies or organizations.
If the user communicates his mobile number to the controller via the website, he will only receive messages (SMS / MMS) from the manager which are necessary to answer his questions or inform him about his orders made online.
Communication via e-mail.
If the user provides the controller with his e-mail address via the website, he can receive:
- e-mails from the data controller to communicate information about their products, services or upcoming events (for direct marketing purposes), provided that the user has expressly consented to this or that he is already a customer with the controller and that he has communicated his e-mail address to the controller;
- emails from groups of companies and from companies / organizations to which the controller is contractually bound, for direct marketing purposes, provided the user has expressly consented thereto.
If the user does not / no longer wish to receive such e-mails, he can contact the data controller at the address referred to in the “contact details” point of this Policy, not forgetting to specify his name as well. as its correct address (spelled correctly).
The data controller agrees to remove their contact details from the list they share with other companies or organizations.
The Robinson List.
If the user does not / no longer wish to receive mailings or phone calls from any company registered on the Robinson list, he can contact the Robinson service of the Belgian Direct Marketing Association:
- Free phone number: 0800-91 887;
- By post: ABMD, Liste Robinson, Buro & Design Center, Esplanade du Heysel B46, 1020 Brussels.
CLAIMS AND COMPLAINT
The user can lodge a complaint with the Belgian Commission for the Protection of Privacy at the following address:
Commission for the Protection of Privacy
Rue de la Presse, 35
Phone. +32 2 274 48 00
Fax. +32 2 274 48 35
The user can also lodge a complaint with the court of first instance of his domicile.
For more information on complaints and possible remedies, the user is invited to consult the following address of the Belgian Commission for the Protection of Privacy:
DATA PROTECTION OFFICER
The data protection officer of the controller is Casier Andreï.
Its contact details are as follows: Rue Américaine 61-65, 1050 Brussels.
For any question and / or complaint, in particular as to the clarity and accessibility of this Charter, the user can contact the controller:
By email : firstname.lastname@example.org
By post: Rue Américaine 61-65, 1050 Brussels.
APPLICABLE LAW AND COMPETENT JURISDICTION
This Charter is governed by Belgian law.
Any dispute relating to the interpretation or execution of this Charter will be subject to Belgian law and will fall under the exclusive jurisdiction of the courts of the judicial district of Brussels.
The data controller reserves the right to modify the provisions of this Charter at any time. The changes will be published with a warning as to their entry into force.
This version of the Charter dates from 25/05/2018.