Privacy Statement
Version 1.0 - Date: September 15th 2022
1. Who?
2. What does 'processing personal data' mean?
3. To whom and when does this privacy notice apply?
4. What data do we process?
5. For what purposes and on what legal grounds do we process your data?
6. With whom do we share your data?
7. How long do we keep your data?
8. Where do we store your data and how is it protected?
9. From whom do we receive your data?
10. What are your rights?
11. How can you exercise your rights?
12. Changes
1. Who?
Synalco (hereinafter "Giftlock", "we", "us") respects your privacy and aims to treat your personal data with due care and confidentiality at all times. In doing so, we undertake to comply at all times with the General Data Protection Regulation ("GDPR") and other applicable regulations.
You will find all our relevant details below and can also contact us at any time via the contact details provided for any further questions or comments relating to how we handle your personal data.
Name: Synalco
Address: Westhille 15 - 8210 Zedelgem - Belgium
Company number: BE 0786.526.082
E-mail: hello@giftlock.be
2. What does 'processing personal data' mean?
Processing personal data (hereinafter "data") includes any processing of data that can identify you as a natural person. It may, for example, include your contact details or order history. Exactly what data is involved is further explained in this Privacy Statement. The term "processing" is very broad and covers, among other things, the collection, storage, use of your data, or sharing it with third parties. Giftlock only processes your personal data in the context of its commercial activities as a company. Specifically for the processing of data through the use of cookies, please refer to our Cookie Statement, which forms an integral part of this Privacy Statement.
3. To whom and when does this Privacy Statement apply?
This Privacy Statement applies in cases where Giftlock is responsible for processing your data. This means that Giftlock determines for what purposes (why) and by what means (how) your data is processed. Specifically, we act as a data controller in relation to the persons listed below. This also includes persons who belonged to these categories in the past (e.g. former customer), or persons who may belong to these categories in the future (e.g. potential customer). our customers, who place an order via our webshop; our business partners, who help us in operating our business and/or who promote our webshop in the context of a commercial cooperation; other persons who would contact us, e.g. as a result of a visit to our website Where any of the above-mentioned persons is a legal entity, we still process data of our contacts at these entities and the AVG will continue to apply.
4. What data do we process?
Below we clarify which data we may process from you. Depending on the specific situation, your preferences and the way you contact us, we do not process all the data below. For the sake of clarity, we first indicate below which data we may generally process from all our contacts. Then we will clarify which data we may additionally process for specific categories of contacts, i.e. our customers and business partners.
4.1 General From all our contacts we may process the following data:
(Types of data - Examples (non-exhaustive))
Electronic identification and usage data: IP address, browser type, location data, by which route you arrive at our website, the type of device you use to visit our website, the web pages visited, the way you navigate on the web pages visited. This data is processed mainly through the use of cookies.
Identification data: a copy of your identity card (only to verify your identity if you wish to exercise any of your rights as a data subject under the AVG).
Contact data and history: name, first name, address, e-mail address, telephone number, communications sent and received (e.g. e-mail messages, messages sent via the contact form on our website, letters, etc.).
4.2 Customers and business partners
From our customers and business partners we may additionally process the following data:
(Type of data - Examples (non-exhaustive))
Login data: User name, password.
Agreements and payment and billing data: payment card data, bank account number, invoices, offers, orders, concluded agreements, insurance and delivery modalities.
Aftersales, feedback & testimonials: order or transaction history, data related to our support or after-sales services. For publication on our website, if you consent: your reviews and experiences related to products delivered.
5. For what purposes and on what legal grounds do we process your data?
5.1 Grounds for processing
We only process your data for purposes that are part of our commercial activities as a company. Processing is always based on the legal grounds listed in the AVG.
For the sake of clarity, we first summarize below the purposes and legal grounds of the general processing processes within our company. We then list the processing operations relevant to specific categories of contacts, more specifically our customers and business partners.
A. General
The processing processes below are potentially relevant to all our contacts.
(Legal Basis - Processing Purpose)
Legitimate interest: answering your query when you contact us, should this not (no longer) be framed in an existing, former or potentially future relationship with you as our customer or business partner.
Consent if you use the contact form on our website: answering your question when you contact us, should this not (no longer) be part of an existing, former or potential future relationship with you as our customer or business partner.
Consent: to promote Giftlock's business by using your contact details to send newsletters or other marketing material to you, if you expressly consent to this (via the registration form on our website), or if it is possible on the basis of our legitimate interests (existing customers). You have the right to withdraw your consent at any time by using the unsubscribe link at the bottom of each such message you receive from us. You also have a right to object to such processing, following which we must stop such processing.
Consent if you use the contact form on our website: to promote Giftlock's activities, by using your contact details to send newsletters or other marketing material to you, if you expressly consent to this (via the registration form on our website), or if it is possible on the basis of our legitimate interests (existing customers). You have the right to withdraw your consent at any time by using the unsubscribe link at the bottom of each such message you receive from us. You also have a right to object to such processing, following which we must stop such processing.
Legitimate interest: the provision of a technically sound website through the use of strictly necessary cookies so that we can provide you with a safe and well-functioning website.
Consent: the use of analytical cookies on our website to understand how you use our website, with a view to detecting navigation problems, among other things, and making the website more user-friendly and attractive. Consent: using marketing cookies on our website for the purpose of displaying advertisements, implementing features on our website provided by social media, and measuring how often these advertisements and features are displayed and used, respectively.
Legal obligation: fulfilling our legal obligations as a company, such as in the areas of data protection and tax/accounting.
Legal obligation: ensuring the possibility of exercising or defending Giftlock's interests in court, and actually proceeding to do so.
B. Customers and business partners
From our customers and business partners, we additionally process data for the purposes listed below:
(Legal basis - Processing purpose)
Necessity for the conclusion or performance of a contract: negotiating, entering into, performing or terminating the contract, managing the customer and supplier relationship, invoicing and payment of amounts due, providing access to the user portal on our website.
Legitimate interest: improving our products and services based on your feedback on them as our current or former customer or business partner.
Consent to the publication of your testimonial on our website or our social media profiles: the improvement of our products and services based on your feedback on them as our current or former customer or business partner.
6. With whom do we share your data?
We do not disclose your data to third parties, except when strictly necessary for the purposes mentioned above, or if we are required to do so by law.
Where necessary, we use external service providers, so-called "processors", to support our operational purposes such as the management of our IT systems. Where appropriate, these external service providers carry out certain data processing operations on our behalf. We will only share your data with these external service providers to the extent necessary for the relevant purpose. The data may not be used by them for other purposes. Moreover, these service providers are contractually bound to ensure the confidentiality of your data by means of a so-called "processing agreement" concluded with these parties.
Specifically, where relevant in your situation, we share your data with the following third parties for the following purposes, with these third parties acting as processors on our behalf in certain cases:
(Legal basis - Potential category of recipients of your data)
Necessity for the formation or performance of a contract: potential category of recipients of your data Legal basis Postal companies, transport and delivery companies as regards your contact details for the purpose of sending orders.
Necessity for the conclusion or execution of a contract: payment service providers for the data relevant for processing your payments to us or vice versa, with a view to efficient management of payment administration within our company.
Necessity for the conclusion or performance of a contract: processors who assist us in the operation of our business, such as:
- in the IT field: for the purpose of efficient digital data management within our company, including the digital storage of your data, the sending out to customers of transactional e-mails such as the scheduling of meetings and the execution of orders, and the invoicing of delivered orders; the management of our calendar, and the hosting and management of our website and mailboxes.
- Other processors in the context of order delivery.
Legal obligation if the transfer is in the context of a legal obligation or government order: government bodies, judicial authorities and practitioners of regulated professions such as accountants and lawyers, for the purpose of complying with our legal obligations as a company, and defending our interests in the context of any legal dispute.
Justified interest for other transfers: public bodies, judicial authorities and practitioners of regulated professions such as accountants and lawyers, with a view to complying with our legal obligations as a company, and defending our interests in the context of any legal dispute.
7. How long do we keep your data?
We do not retain your data for longer than necessary for the purpose for which the data was collected and is processed, as specified above.
With regard to our customers, this primarily concerns the offering and delivery of placed orders. With regard to our business partners, this relates to managing our cooperation.
In this regard, we will retain your data after your last order or after the termination of the cooperation for a reasonable period of time to safeguard our evidence in case of a dispute, or in response to potential defects in connection with an order in light of our liability for defective delivery, non-delivery or late delivery.
Your data that may appear from you, as our customer or business partner, to a limited extent in our records will be kept for 7 years as part of our legal obligations in this regard.
8. Where do we store your data and how is it protected?
For the digital storage of your data, we mainly use external specialized service providers who store it in the cloud. However, our websites are hosted in-house via our servers located in Belgium.
We outsource part of our processing operations as part of our business as a company to third parties. Any third-party service providers act as data processors on our behalf where appropriate.
We and our processors have taken the necessary physical and appropriate technical and organizational (precautionary) measures with a view to securing your data against loss or any form of unlawful processing. We only grant access to the data to our own employees and third parties if they need access for legitimate, relevant business purposes.
In doing so, your data is kept as far as possible within the European Economic Area. Our own servers and those of our cloud service providers are therefore located in Belgium. However, your data may be processed outside the EEA in connection with the use of specific functions on our website. This will only be done to countries that the European Commission has confirmed as ensuring an adequate level of protection for your data, or where other measures have been taken to ensure the lawful processing of your data in these third countries.
9. From whom do we receive your data?
We obtain your data mainly directly from you, as a result of the contact we have with each other with a view to the (possible) supply of our products or services, or with a view to a (possible) cooperation. However, we cannot rule out obtaining some of your data indirectly in specific circumstances, from public sources or from third parties.
When we obtain your data from public sources, this involves, for example, consulting the Crossroads Bank for Enterprises (CBE), in order to verify your order or proposal for cooperation on behalf of a company. It is also possible that we obtain your data through your company, if the company in which you work is our customer or business partner and we need your data in this context.
10. What are your rights?
You have various rights in relation to the data we process about you. If you wish to exercise any of the rights set out below, please contact us using the contact details included in the first title of this Privacy Notice.
Right of access and copy
You have the right to access your data and obtain a copy thereof. This right also includes the possibility of requesting further information on the processing of your data, including on the categories of data processed about you and for what purposes.
Right of adaptation or rectification
You have the right to have your data amended if you believe that we have incorrect data.
Right of data erasure (right to oblivion)
You have the right to request that we delete your data without unreasonable delay. However, we will not always be able to comply with such a request, including when we still need the data in function of an ongoing contract, or when keeping certain of your data for a specific period of time is required by law.
Right to restriction of processing
You have the right to restrict the processing of your data. In this way, processing is temporarily stopped until, for example, there is certainty about its accuracy.
Right to withdraw your consent
If the processing is based on your consent, you have the right to withdraw this consent at any time by contacting us.
Right to object
You have the right to object to the processing of your data based on our legitimate interests. This should be based on reasons specific to your situation. In this case, we should stop processing unless we provide compelling legitimate grounds to continue processing.
However, you can always object to the use of your data for direct marketing purposes, after which we are obliged to stop processing for these purposes.
Right to portability
You have the right to obtain in electronic form your data that you yourself have provided to us with your consent or for the performance of a contract. That way, they can be easily transferred to another organization. You also have the right to request us to transfer your data directly to another organization, if this is technically possible.
Right to complain to your supervisory authority
Should you consider that we process your data in an incorrect manner, you always have the right to lodge a complaint with your data protection supervisory authority. You can do so with the supervisory authority of the EEA member state where you normally reside, have your place of work or where the alleged breach has occurred. As we conduct our business from Belgium and have no branches in other EU Member States, please refer below to the contact details of the Belgian Data Protection Authority.
Belgian Data Protection Authority (GBA)
Press Street 35
1000 Brussels
+32 (0)2 274 48 00
contact@apd-gba.be
Website GBA - filing a complaint
For further information and the contact details of the supervisory authority of each EEA Member State, please refer to this website page of the European Data Protection Board with all relevant contact details. In addition, you can always turn to the competent civil court, to file a claim for damages.
11. How can you exercise your rights?
You can simply exercise the rights listed above by contacting us using the contact details included in the first title of this Privacy Notice.
When you make a request to exercise your rights, if we have doubts about your identity, we will ask to verify it. In this case, we will request that you produce documents that allow your identification beyond reasonable doubt, such as a copy of the front of your identity card. We do this to prevent your data from falling into the wrong hands. It is sufficient that on such copy your name and date of birth are clearly legible. You may then delete the other data.
In principle, exercising your rights is free of charge. However, if your request is manifestly unfounded or excessive, we may
- charge you a reasonable fee to compensate for the administrative costs incurred by us, or;
- not comply with your request. You will be informed of the reasons where applicable. In any event, we will always inform you of the action taken on your request within one month of receiving it. In the case of complex or multiple requests, this period may be extended to three months. In the latter case, you will be informed of the extension of the response period.
12. Changes
The Controller reserves the right to modify this privacy statement at any time by notifying users on this page. We encourage you to check this page frequently for any changes. The date of the last modification is indicated at the bottom of the page.
If a data subject objects to any change in the policy, the user should not continue to use this website and/or stop cooperating with us. He may request the Controller to delete the personal data. Unless otherwise indicated, the currently valid privacy policy applies to all personal data stored by the Controller about data subjects.
Cookie Statement
Version 1.0 - September 15th 2022
1. General
2. What are cookies?
3. Which cookies require my consent, and how can I give it?
4. Which cookies do we use?
5. How do I manage my cookie preferences?
6. Changes
7. What if I still have questions?
1. General
Synalco (hereinafter "Giftlock", "we", "us") uses cookies and similar technologies on its website. With this Cookie Statement, we want to inform you as a visitor about how we use cookies on our website. This Cookie Statement applies to Giftlock's website with web address www.Giftlock.com and its sub-domains.
In addition to this Cookie Statement, Giftlock also makes available a Privacy Statement, of which this Cookie Statement forms an integral part and which you can access here. In this Privacy Statement, we clarify (1) what personal data we may collect through the use of cookies, (2) the legal grounds used for the use of cookies, and (3) the general purposes of our use of cookies. For the aforementioned information, and other information about the processing of your personal data in general and your rights in relation thereto, please refer to this Privacy Statement.
2. What are cookies?
Cookies are small information files that are stored by the internet browser on your computer or mobile device when you visit a website or when you use a (mobile) application. They act as a kind of memory aid for a website. Thanks to cookies, our website can easily track specific information about our visitors and their browsing behavior. The term 'cookies' also includes technologies similar to cookies, such as pixels, plug-ins and certain scripts, as these can also collect data from you.
Cookies can be set either by ourselves ("first-party cookies") or by third parties ("third-party cookies"). Third-party cookies ensure that certain data resulting from your visit to or use of our website are transmitted to the third-party cookie issuer.
Cookies are sometimes placed temporarily ("session cookies", which are deleted when you close the browser) and sometimes permanently ("persistent" cookies, which remain until they expire or until you delete them).
3. Which cookies require my consent, and how can I give it?
The use of strictly necessary cookies does not depend on your consent as a visitor and is necessary for the proper functioning of our website, or where relevant, to provide you with services that you have expressly requested. Therefore, you cannot refuse these cookies.
Before we place any other cookies on your device, we ask for your prior consent via our cookie banner. By clicking on the ''Accept all cookies'' button in the cookie banner, you accept the use of all non-essential cookies. However, you can always indicate your specific preferences by clicking on "Adjust preferences" in the cookie banner. This will open the cookie preferences menu, in which you can enable the optional cookies we are allowed to place on your device as you wish. You can always withdraw your consent, in full or in part, for the use of these additional cookies. How you can do this specifically is explained in section 5.
4. Which cookies do we use?
We use the following types of cookies: strictly necessary cookies, analytical cookies and marketing cookies.
We provide a general description of these types of cookies below.
For each type of cookie, we also provide below a list of the specific cookies activated on our website that fall under this category, together with their specific purposes and technical characteristics.
4.1. Strictly necessary cookies Strictly necessary cookies include technically essential cookies on the one hand and functional cookies on the other. Technically essential cookies are necessary for purely technical reasons to enable communication between your device and our website. Functional cookies, in turn, ensure that the basic functionalities of our website work properly. These cookies are only set after you, the visitor, have taken a certain action on our website (e.g. clicking the accept button on the cookie banner). You cannot refuse the use of technically essential and functional cookies because they are necessary for the security and proper functioning of the basic functionalities of our website. Regardless, these cookies are only stored on your device to perform the functions mentioned above, so the impact on your privacy is minor.
4.2 Analytical cookies Analytical cookies enable us to learn more about how you, as a visitor, interact with and respond to our website content. This enables us to make our website even more attractive. The information in question is used to create and analyze overall statistics on the use of our website.
4.3. Marketing cookies By marketing cookies we mean advertising, tracking and social media cookies. This category of cookies mainly concerns cookies for the purpose of displaying advertisements, implementing functions on our website provided by social media, and measuring how often these advertisements and functions are displayed and used, respectively. This category includes, for example, cookies that enable you to see advertisements from us on social networks that you use after visiting our website.
5. How do I manage my cookie preferences?
5.1. Via the website You can change your cookie preferences at any time by clicking on the 'Manage cookie policy consent' button (bottom right). In addition, the cookie banner will reappear annually to renew your consent, or confirm the absence of it.
5.2. Via your browser You can always adjust your cookie preferences via your browser. This way, you can indicate whether certain cookies may be placed and you can set the browser to display a message when a cookie is placed. In addition, you can also delete cookies manually via the option that allows you to delete your browsing history. More information on this can be found on the pages below, depending on which browser you use: Chrome Firefox Internet Explorer Safari (Mac) or Safari (iOS). Deleting or disabling cookies may result in certain applications of our website and additional services not functioning optimally.
6. Changes
We reserve the right to unilaterally amend our Cookie Statement at any time. Any amended version is published online and can be found on our website. From its publication, the amended Cookie Statement is immediately applicable. If we have hereby implemented new cookies on our website, we will ask for your consent again if required. The date on which our Cookie Statement was last amended can be found at the top of this page.
7. What if I still have questions?
If you still have questions about our Cookie Statement, you can always contact us using the contact details below:
Synalco
Westhille 15
8210 Zedelgem
Belgium
E-mail: hello@giftlock.be
For general information about your rights and the possibility of filing a complaint with your data protection supervisory authority or bringing an action before the competent court, please refer to our Privacy Statement.