Gimber’s committments as to privacy and data protection
At Gimber, we take the privacy and the protection of the personal data of its customers very seriously.
We are therefore committed to protecting your fundamental right to privacy and data protection. At Gimber, transparency is our priority. We aim to protect any personal data we hold and to manage your personal data in a responsible and transparent way.
Who controls the processing of your personal data?
Gimber SRL, a limited liability company incorporated under the laws of Belgium under number 0717.702.307, with registered offices in 1501 Halle (Belgium), Nachtegaalstraat 198 is responsible for the processing of your personal data. It acts as controller under the GDPR which means that Gimber determines the purposes (why?) and the means (how?) of the processing of your personal data.
Gimber may appoint processors who will be responsible for processing your personal data on our behalf. We commit to appoint and use only processors capable of guaranteeing a sufficient level of protection of your personal data.
What personal data do we collect?
The range of personal data that we collect depends on the purposes of our processing activities.
Generally speaking, we may collect the following categories of personal data:
- Personal contact data: such as name, (e-mail) address, phone number, date of birth, gender.;
- Account login details: such user ID, username, password, e-mail address ;
- Internet browsing data: such as IP address and other browsing data;
- Payment data: such as billing and shipping data, credit card or other financial data necessary to process payments;
We do not collect personal data concerning you indirectly, i.e. by other means than you directly.
For what purposes do we collect your personal data?
We collect and process your personal data for varying purposes. On a fundamental level we aim to provide you with the best online, purchase and customer services. In order to achieve our goal, we may collect and further process your personal data for the following purposes, in particular:
- to provide the best online and purchase experience;
- to provide high-quality customer services;
- to develop and improve our products and services;
- to communicate information to you and to manage your registration and/or subscription to our communication tools (newsletter, etc.);
- to provide personalised products and communications to our customers.
On what grounds do we process your personal data?
Generally speaking, we process your personal data because such processing is necessary for the performance of a contract between you and Gimber. This is notably the case when you place orders through our website or when you set up your online account. The data we may process on this occasion includes notably your contact, shipping and billing details that enable us to process your orders. We process your personal data on that ground to provide the best online, purchase and customer services possible.
Certain processing activities are necessary to pursue Gimber’s legitimate interests. These include but are not limited to the performance of market research, the further development of our products and services as well as the improvement of our services. We always make sure your interests and/or fundamental rights and freedoms are not overridden by Gimber’s legitimate interests.
On limited occasions, certain processing activities may be required by law. In this case, Gimber processes your personal data in order to comply with its legal obligations.
We may also rely on your consent to process your personal data for certain purposes. This is the case for direct marketing and targeted advertising purposes, for example, when cookies and other tracking technologies are placed on your devices (please see below for more information on cookies). Gimber endeavours to collect your consent when processing activities entails marketing or on occasions where we cannot rely on any other legal grounds provided by the GDPR.
Where processing activities are based on your consent, you are always entitled to withdraw such consent. Withdrawing your consent shall not affect the lawfulness processing activities which occurred before your withdrawal.
Who do we transfer your personal data to?
When we share your personal data, we make sure we only do so with organisations capable of guaranteeing an equivalent level of protection to the one we apply to our processing activities.
Your personal data will be shared with the following third parties for the purposes described hereafter:
There are different categories of cookies:
- Essential/functional cookies: which a website cannot run smoothly without;
- Preference cookies: which augment the browsing experience of users by gathering their browsing preferences (language, region, etc.);
- Analytics cookies: which are used to aggregate statistical data;
- Marketing cookies: which gather information and data with a view to creating advertising profiles and tracking users across the internet.
Our cookies are developed in a manner that they will only be placed on your terminal after a positive action from your side consenting on their placement, except as essential/functional cookies are concerned. This is because without these cookies, our website cannot run smoothly.
How long do we store your data?
When a minimal storage period is imposed by law, we have no other choice but to store your personal data for this period. Beyond that time and where the law does not set a minimal storage period, we endeavour not to store your personal data for a period longer than what is necessary for the purposes for which your personal data were initially processed.
In determining the storage period of your personal data we notably take into account both your and our interests on the understanding that your interests will always prevail over ours, the nature of the data concerned and the purposes of the processing. In any event, Gimber will always store your personal data only for the time reasonably necessary to enable the purposes for which they are processed to be fulfilled.
We may process and store your personal data for longer periods, in particular for statistical purposes. Where such processing activities occur, Gimber makes sure that appropriate organisational and technical measures are in place to safeguard your rights.
Automated decision-making and profiling
Gimber does not process your personal data using automated decision-making processing means, i.e. situations where decisions are taken automatically without human intervention, which produce legal effects concerning you or which significantly affect you.
If, for some reasons, we decide to make use of such methods, we endeavour to inform you of the implementation of such methods of processing. You will be able to object to the processing of your personal data via such means.
How do we protect your personal data?
Gimber understands that the security of your personal data is paramount. We make our best efforts to protect your personal data from misuse, interference, loss, unauthorised access, modification or disclosure. We have implemented various technical and organisational measures to best ensure the security and integrity of your personal data, such as [Please describe the security measures that you have in place, e.g.: access controls, firewalls, encryption, etc.]
What are your rights regarding Gimber’s processing activities of your data?
Where Gimber processes your personal data, you are entitled to exercise certain rights the GDPR empowers you with.
If you wish to exercise any of these rights, you are invited to send a motivated request to firstname.lastname@example.org. Gimber endeavours to react to a request to exercise any of the rights listed hereunder without undue delay and in any event within one month from receipt of said request.
Right of access
You have the right to obtain the confirmation from us that your personal data are being processed and to access those data together with basic information relating to the processing of this data, such as the purposes of the processing, the categories of data concerned, the recipients or categories of recipient to whom the data have been or will be disclosed, the envisaged retention period of the data, the right to lodge a complaint with the competent supervisory authority, etc.
Right to rectification
You have the right to request from us the correction and rectification of any inaccurate personal data.
Right to erasure
Where applicable, you have the right to request the erasure of your personal data, when:
- Your personal data is no longer necessary in relation to the purposes for which we collected it for;
- You withdraw the consent that you had previously granted us to process your personal data provided we cannot rely on another legal ground for processing your personal;
- You object to Gimber’s processing of your personal data for direct marketing purposes;
- You object to
- The personal data are not being processed lawfully; or
- Your personal data needs to be deleted to comply with the law.
Right to restriction
Where applicable, you also have the right to restrict Gimber’s processing of your personal data, when:
- You do not believe the personal data we have about you is accurate;
- Your personal data is not being processed lawfully and instead of deleting this data, you would rather restrict our processing of this data instead;
- We no longer need your personal data for the purposes we processed it initially but your require the data in order to establish, exercise or defend legal claims;
- You have objected to the processing of your personal data and are awaiting verification on whether your interests related to that objection outweigh our legitimate grounds for processing your data.
Right to data portability
Your personal data is portable. You can request to receive from us your personal data in a structured, commonly used and machine-readable format so you can transmit it to another controller. You can only exercise this right where the processing:
- is based on your consent;
- is necessary for the performance of a contract;
- is carried ouf by automated means.
Right to object
Where applicable, you may be entitled to object to the processing of your personal data at any time.
The right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint directly with the supervisory authority if you doubt that Gimber processes your personal data in accordance with the GDPR.
The Belgian Data Protection Authority (Autorité de Protection des Données or Gegevensbeschermingsautoriteit) is the competent supervisory authority to monitor Gimber’s data processing activities. It can be contacted via e-mail: email@example.com.
Would you like to contact us?
If you have any queries and comments regarding Gimber’s privacy and data protection policies, please send an e-mail to firstname.lastname@example.org.