00.
Version 1.0

Online release date: 01/06/2018

01.
Introduction to the policy and its role

This policy is designed to provide you with clear information about the processing of personal data (what types of data are processed, for what purpose, who processes them and where, for how long, what your rights are) in accordance with European data protection regulations, including the use of cookies.

Personal data: any data relating to an identified or identifiable natural person.

The processing concept covers any operation performed on personal data (collection, registration, storage, visitation, communication,...).

Your use of this site implies your acceptance of this policy.

A pop-up warning will automatically appear when you first visit a page on the site, as well as during subsequent visits, unless you have clicked the button in the pop-up to confirm that you no longer wish to see this warning message. This pop-up is used to let visitors know that this site features general terms and conditions of use, a privacy policy, and the use of cookies.

These 3 items are assumed to be accepted if you continue by visiting other pages on the website or interact with it (click, entering text,...).

Should you disagree with any of these terms and conditions, you should cease using this website.

02.
The party responsible

Identity of the party responsible for processing the personal data (also called "publisher" in the rest of this Policy): see contact details .

Personal data are stored by the data controller, as well as by the hosting service provider (see contact details) and certain subcontractors who provide us with a service as part of our business (current list: Mailchimp, TNT, GLS, OVH, Brainstorming, Stripe).

Should our company be taken over or merged with another company, your information may automatically be passed on to new buyers if they take over the same lines of business.

03.
What personal data are collected, for what purposes?

We collect and process personal data: first and last name, postal and electronic contact details, telephone number, IP address, navigation data, pages viewed, preferences, interests and previous choices, login and password for your member account, order history, any payment and delivery incidents, withdrawal and complaints.

We do not sell your personal information to private companies that are not subcontractors. We may provide consolidated statistical data about our customers, our sales, or our trade patterns to third parties but these statistics will never contain any data that directly identifies you.

Please note that certain items of personal data may, to the extent necessary, be disclosed pursuant to a law, regulation or decision of a competent regulatory or judicial authority or, if necessary, for the purpose of protecting our rights and interests, in particular if we believe that you have violated our general terms and conditions (payment or invoicing disputes, intellectual rights disputes,...).

The following is a more detailed description of the methods and purposes of these collections:

03.1. Automatic visitation data collection

Procedures

The website visitation process involves the exchange of data between your Internet connection terminal (your computer / smartphone/tablet and your web browser) and the web servers it consults. This exchange takes place automatically. Certain items of information are likely to identify you directly or by cross-referencing, and therefore, according to the definition of the current regulations, are considered to be personal data. This applies in particular to your IP address (identification number, assigned to your computer on the Internet. This number can be fixed or dynamic depending on your type of Internet subscription, the location information provided by the network and/or the Internet connection terminal, and certain technical data provided by this terminal. Certain characteristics of the hardware and software used are also transferred. However, the data we receive does not allow us to draw any conclusions about your identity.

Purpose of storing the data and how long it is kept

We undertake not to use this data to identify you for commercial purposes or to pass it on to subcontractors for such purposes, unless you have expressly given us your permission to do so.

However, we are required to process this data for lawful anti-fraud purposes, for a maximum period of 1 year.

03.2. Cookies

We are committed to meeting your expectations. Our website also uses a technical process, "cookie", to record information about your browsing habits, preferences, manage the shopping cart, and personalise our services and marketing initiatives.

This privacy policy and the pop-up information are used to let you know about these cookies.

A cookie is a text file that can be stored on the hard drive of your Internet access terminal (computer, smartphone,...), in the directory linked to the web browser or operating system used, when you visit websites. Cookies will not damage your terminal device or affect how it works. They never directly include information that could be used to contact you by telephone, e-mail or post.

More information about cookies is available at the information site www.allaboutcookies.org.

Different types of cookies are used. They are used on our site for three different purposes:

  1. cookies used for functional purposes: information is recorded in this text file, such as preferences / choices made: choice of language, pages visited. When you return to the site at a later date, the site in question may access this cookie in your browser and take account of the choices you made during your previous visits. These cookies are used to prevent the user from having to repeat the same entries during a subsequent visit, to provide a better overall browsing experience, in particular by customising the site visitation process and speeding up the site display. These cookies also help to manage the shopping cart, by remembering the products selected, the payment and delivery methods chosen,... These cookies are automatically installed on your computer, unless you have technically blocked them (see article on this subject).
  2. cookies used for analytical purposes: these are linked to a website visit analysis tool. We use this information for audience measurement purposes and to examine how the site is visited (geographical origin of visitors, type of view terminal, most frequented pages, the click stream path through the pages of the website, bounce rate, revisitation rate,....) in order to improve the tree structure and site content, and to identify visitor profiles. We use the Google Analytics tool. Consequently, the data collected are transmitted to this subcontractor. The data provided to us does not allow us to specifically identify the Internet user. The use of these cookies for analytical purposes requires your consent, which is obtained via a pop-up that will appear when you first browse the website.
  3. (customised) remarketing cookies (or pixels these cookies are linked to a service offered by a subcontractor. This service allows us to send you promotional information about our products when, after your visit to our site, you visit the website of a subcontractor partner. The use of these cookies for marketing purposes requires your consent, which is obtained via a pop-up that will appear when you first browse the website.
    In particular, we use Google Analytics, a web analytics service provided by Google Inc. (or simply Google). Google Analytics uses cookies to help our website analyse visitor usage. The data cookies generate about your use of the website (including your IP address, browser or operating system) is transmitted to and stored by Google on servers in the United States or elsewhere in the world. Google will use this information to assess your use of the website, to compile reports on website activity at our destination and to provide other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or when these third parties process the information on Google's behalf, including LANAFORM. Google will not associate your IP address with any other data held by Google. You can disable the use of cookies by selecting the appropriate settings in your browser. However, if you do so, you may not be able to use certain features on this site. Your use of this website implies your express acceptance of Google processing your personal data in the manner and for the purposes set out above.
    We also use Pixels Facebook and Google AdWords provided by Facebook, Inc. and Google, Inc. respectively (or simply Google) for retargeting or remarketing. These tracking pixels (also called clear gifs, web beacons or pixels) are small blocks of code on our website that allow websites to perform operations such as reading or inserting cookies. The connection can then provide information such as the user's IP address, the time the pixel is displayed and the type of browser used. We use these pixels when you visit our website to personalise how you use it and to analyse how people use our products and services. For example, we may use tracking pixels to find out if someone who used a specific browser displayed an ad on Facebook or via AdWords and then purchased a product on our website. We use pixels to facilitate the display of advertising on Facebook or elsewhere on the Internet. For example, we may notice that you visited our site and then posted an advertisement in your Facebook news feed or via advertising inserts provided by AdWords elsewhere on the Internet.
    We would like to make it clear that we do not try to establish the identity of visitors to our sites through cookies. However, we are required to process this data for lawful anti-fraud purposes, for a maximum period of 1 year.

03.3. Data from electronic newsletter registration forms

A form is available to allow you to register to receive the electronic newsletter published by the site. The only personal data required to obtain this service is your e-mail address. An asterisk is displayed in this field. Other personal data may be provided on an optional basis. More information about the electronic newsletter is included in a specific article featured in this Policy.

03.4. Order form data

To place an order, a form must be completed.

03.4.a. Obligatory data

  • Purpose: some personal data must be provided in order to comply with our legal obligations (drawing up an invoice which has to be kept for at least 7 full calendar years, invoking the 2-year legal warranty) and to fulfil the contract (delivery, being able to contact you to keep you informed about the progress of the order, as well as after-sales service and dispute management). This includes: your first and last name, postal details, telephone and/or e-mail contact details.
    This data may also be used for direct marketing purposes, via post and electronically but only to promote our own services (without any transferral to third parties), unless you have ticked the ad-hoc box to express your opposition to this direct marketing purpose.
  • Your undertaking: you agree to provide us with truthful information about yourself.
  • Identifying obligatory information: an asterisk is shown in the obligatory data collection fields.

03.4.b. Optional data

Other personal information may be requested in order to offer you additional services or to get to know you better.

  • Purpose: the aim is to provide you with commercial offers selected according to your profile. This information is optional. In other words, you are free or not to complete these fields marked with an asterisk. The undertaking to provide us with truthful information does not apply to such data. An order will of course be fulfilled even if this data are missing. If these are provided, we undertake not to pass on this data to third parties for marketing purposes.

03.5. "Member account" data

Registered users (members) can access the site by logging in using their login details (e-mail address specified when registering and password), using the authentication cookie, or optionally using systems such as third-party social network connection buttons.

Users are entirely responsible for protecting the password they have chosen. They are recommended to use complex passwords that are different from those used on other websites. Members who forget their password can create a new one. Confidential information contained in the "My account" section is guaranteed by this password and users are therefore not allowed to pass the information on or provide it to a third party. Users are asked to inform the publisher immediately about any unauthorised use of their account and any risk they may have been warned about that a third party may have discovered their password. If these various undertakings are not met, the site publisher may not be held liable for unauthorised access to a user's account.

In addition to allowing them to manage their orders, creating a "member account" will enable customers to consult their order history on the site. If data contained in the "member account" section were to disappear as a result of a technical failure or a case of force majeure, the site and its publisher may not be held liable, as this information has no conclusive force but is solely for information purposes. The pages concerning member accounts are freely available for printing by the account holder in question but in no way constitute proof, as they are only intended to provide information for the efficient management of the member's orders.

The publisher retains the exclusive right to delete the account of any member who has violated the general terms and conditions of use or the general terms and conditions of sale (in particular, but without this example being exhaustive in any way, when the member has knowingly provided incorrect information when registering and creating a personal area). The publisher will destroy any account that has been inactive for at least 2 years. This removal will not constitute damage for the excluded member, who will not be entitled to claim any compensation as a result. This exclusion does not rule out the publisher's right to take legal action against the member should the facts justify this action.

A user is free to close his or her member area ("account") on the site. To do so, the member must send an e-mail to notify the publisher of the decision to close the account. Any recovery of the member's data will then be excluded.

03.6. Data passed on to third parties for the purpose of fulfilling the order

03.6.a. Payment data

To make the payment, you will have to forward information concerning you to an online payment service provider, a subcontractor, through the party's own technical services. The information is collected using a secure form. We should make it clear that this information will not be available to us.

To carry out the payment operation, neither we nor the service provider will be required to ask for the PIN code for your bank cards. This code must never be submitted online, and must never be entered elsewhere than on an approved physical payment terminal.

As part of the fight against online payment fraud, the service provider may automatically provide a rating (analysis of the level of fraud risk for each operation) for the ac-ceptance/preparation/suspension/refusal of the operation, on the basis of the data provided, in the case of technical data collected during the connection, and optionally by asking a service provider specialising in risk prevention (the latter may also use the rating outcome in order to improve the party's own incident data). The service provider's "privacy policy" will provide you with additional information about the handling of the data collected and the methods used (contact details, access rights, security measures, storage period,...).

Please note that this data may be sent to service providers outside European Economic Area countries that do not offer the same level of protection for personal data, provided that the service providers individually announce their compliance with the relevant protection requirements.

03.6.b. Delivery data

To ensure delivery, we will be required to submit data about you to a logistics provider. This includes your name and address, as well as an order ID and at least one rapid contact address (e-mail or text message address) in order to keep you up to date with the delivery operation status, notify you of any incidents and provide an after-sales service. This information is kept for the 365-day time limit to lodge complaints beyond the time required for these operations. The data will not be used for marketing purposes unless you have given your permission to this provider.

03.7. Data associated with the use of social networks

Your use of social networks is likely to result in data processing and interaction with us. Be sure to consult the "privacy policies" of these networks to learn all the details about the information that is collected and can be passed on. You should also use the online interfaces made available by these networks to adjust the settings for managing these uses and controlling ad delivery.

We cannot learn your identity from the data we receive from these social networks. They are used to improve our advertising and more generally our commercial relationship (for example by providing you with more customised information), based on the profile and areas of interest that you have disclosed to these networks and the interactive activities that you have carried out using them.

We cannot be held liable for the use that these social networks make of your data.

When you interact with the buttons of these social networks to be found on our site (ex: "I like") without first disconnecting from these networks, they are informed about, can record and process this interaction and are likely to produce a publication about your personal profile on these networks (depending on the settings you have made).

04.
What are you entitled to ask for?

You have the right at any time to:

  • Access a record we have of your personal data.
  • Ask for any incorrect or incomplete personal data we may have to be rectified.
  • Make any comments you may have about the fraud risk analysis process, and ask for this automated processing to undergo further human analysis.
  • Unsubscribe from the electronic newsletter (or change the settings for sending and managing its content)
  • Withdraw your previous permission to market the data or grant access to third parties.
  • Exercise the right to be forgotten. In this case, your personal data will be irrevocably deleted (except those necessary to comply with legal obligations such as tax requirements, but only for the time needed for this purpose). However, some data may be processed and stored in an anonymous form for statistical purposes (e.g. removal of the full address and appropriate retention of the postal code).
  • Exercise the right to portability. In this case, we will provide you with the data in a structured format, commonly used in the e-commerce sector and machine-readable, so that it can be reused by a service that is similar to ours.

You can exercise these rights at any time, free of charge, by contacting the publication officer. This request should be signed and include a photocopy of an identity document bearing your signature and the address to which the reply should be sent. This photocopy will be destroyed as soon as these 2 items have been checked.

We will acknowledge receipt within a maximum of 5 working days and will endeavour to take the necessary action within 30 calendar days. However, if we have any particular difficulty in meeting this deadline, we will notify you as soon as we have identified the problem.

05.
Electronic newsletters - customised recommendations and electronic alerts

Electronic newsletters are sent at a maximum rate of 5 per month. The material refers to the site's products and services (news, special offers,...), as well as, optionally, the products and services of business partners.

We may also send you e-mail alerts to let you know when something new is of interest to you or when an item is available.

You are subscribed to these newsletters and alerts if:

  • You are a subscriber to these newsletters and you voluntarily completed the form to subscribe to the newsletter and alerts,:
  • you have registered for a competition or game that we are organising and have clearly and explicitly agreed to subscribe to the newsletter as well
  • you have created a member account or are an estab-lished customer (unless you objected to this when you created your account). In this case, you are likely to receive information only about current events on our site, as well as offers relating to products identical or similar to those you have already ordered or viewed on our site.

We measure the opening rate for our e-mails and the interactions carried out (click on the hyperlinks) as part of a continuous process of improvement and in order to adapt these e-mails to your needs. Any time you receive an e-mail, you may opt out of receiving these e-mails by using the unsubscribe link provided for this purpose. You may also make this request at any time by contacting Lanaform

We would like to make it clear that we do not sell or rent the e-mail address provided to third parties for marketing or advertising purposes.

06.
List of the various cookies linked to our site

06.1. LANAFORM / Magento cookies

Cookie Description
form_key Stores a randomly generated key to avoid forged requests.
mage-cache-sessid Helps cache content in the browser for faster page loading.
mage-cache-storage Helps cache content in the browser for faster page loading.
mage-cache-storage-section-invalidation Helps cache content in the browser for faster page loading.
mage-translation-file-version Helps to translate content into other languages.
mage-translation-storage Helps to translate content into other languages.
PHPSESSID Stores your session ID on the server.
private_content_version Helps cache content in the browser for faster page loading.
section_data_ids Helps cache content in the browser for faster page loading.

06.2. Google cookies

Cookie Description
1P_JAR Collects usage statistics and tracks conversion rates.
PREF, NID, HSID, APISID, SID, SSID, SAPISID, GAPS Google uses these cookies to allow the computer to stay logged into a Google account for a subsequent visit.

06.3. Facebook cookies

Cookie Description
c_user Stores Facebook ID.
datr Stores the browser ID.
presence Stores the user's Facebook chat status.
fr Stores Facebook ID and browser ID but in an encrypted format.
wd Stores the browser window sizes.
act Stores the user's time stamp and action count.
sb, xs Stores information about Facebook's "like" and "share" buttons.

07.
Information about the cookie technical management options using your web browser

You may, however, technically block the placement of these cookies by changing the relevant settings in your web browser. They may be blocked automatically or selectively (in this case, your browser will notify you each time a cookie placement is attempted and you may decide to accept or block it. In the same way you can remove cookies previously placed, entirely or selectively.

This blocking / removal action will not affect your visits to the site, except in the case of functional cookies. In this case, we should emphasise, the use of the website may not always provide the best results, especially when it comes to shopping cart management.

The configuration interface is different for each web browser. See the module's help menu for more information.

Applying this setting on the most common web browsers:

Internet Explorer, Firefox, Chrome, Opera et Safari.

08.
Personal data security

We apply technical and organisational measures to protect your personal data, consistent with the risk and potential consequences, to ensure they are not disclosed, altered, lost or destroyed. Our forms for collecting personal data and banking data are thus made available on secure web pages (https:// format, secured using SSL - Secure Socket Layer technology). In the case of storage, we focus in particular on the confidentiality of your account access password. We nevertheless advise you to use a complex password specifically for our site, so that, in the event of a successful attempt by a malicious person to phish (impersonate our site, by e-mail, telephone or other means) or intercept data on the Internet, other services for which you have registered with this password cannot be accessed.

Pursuant to the regulatory provisions, we undertake to notify you by e-mail if, despite the measures taken, we have encountered an incident (loss, leakage of personal data) likely to constitute a high risk for you (e.g. identity theft).

09.
How long data are kept

The data are stored with the publisher, as well as with the website hosting service provider, and are kept for the time necessary to achieve the purposes referred to above.

In the case of data for marketing purposes, the data will be stored until you instruct us to stop such usage. The same will apply, on our own initiative, when a period of 2 full calendar years has elapsed since the last interaction with the user. Above and beyond this decision, with the exception of those that a legal obligation requires us to keep as is, personal data will be turned into data that no longer allows you to be identified, and kept for statistical purposes. They will not be used for direct marketing purposes.

10.
Changes – Intellectual rights

This policy may be changed at any time by the site publisher or the latter's authorised representative. Only the version in force when you visit the site will be applicable. The publisher naturally undertakes to keep all earlier versions of the general terms and conditions and to send them to any user who requests them.

As a reminder, this document is subject to intellectual property regulations. No part of this document may be reproduced, adapted or translated without the express and specific written consent of the publisher and the RETIS company.

11.
Complaints

Please let us know if you feel that your personal data has not been handled with the due care you expected. We will try to find a solution to meet your expectations as well as possible in the future. If we fail to find a solution that meets with your approval, or if you feel that Belgian regulations in this area have not been observed, you can lodge a complaint with the Data Protection Authority site. This action does not, however, prevent you from instituting legal proceedings at the same time through the courts in order to seek compensation for any loss you consider you have suffered.