RGPD

PRIVACY POLICY –

Object

This Policy is established by Novy Services located at Passage Saint-paul 16, 7700 Mouscron, registered under number 0757.914.052 (hereinafter referred to as “the data controller”). the data controller “).

The purpose of this Policy is to inform visitors to the website hosted at the following address: www.novyservices.be (hereinafter referred to as the ” website “) of the manner in which data is collected and processed by the data controller.

This Policy is part of the data controller’s desire to act transparently, in compliance with its national provisions and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation”).

The data controller pays particular attention to protecting the privacy of its users and therefore undertakes to take the reasonable precautions required to protect the personal data collected against loss, theft, disclosure or unauthorized use.

Visit “personal data are defined as all personal data that concern the user, i.e. any information that enables l’identify you directly or indirectly as a natural person.

If the user wishes to react to any of the practices described below, he/she may contact the data controller at the postal address or email address specified in the “contact details” section of this Policy.

What data do we collect?

The data controller collects and processes the following personal data in accordance with the procedures and principles described below:

  • its domain (automatically detected by the controller’s server), including the dynamic IP address ;

  • his/her e-mail address if the user has previously disclosed it, for example by sending messages or questions to the website, by communicating with the data controller by e-mail, by participating in discussion forums, by accessing the restricted part of the website by means of identification, etc. ;

  • all the information concerning the pages that the user has consulted on the website;

  • any information that the user has given voluntarily, for example as part of information surveys and/or website registrations, or by accessing the restricted part of the website by means of identification.

The data controller may also collect non-personal data. This data is considered non-personal because it does not directly or indirectly identify a specific individual. It may therefore be used for any purpose whatsoever, for example to improve the website, the products and services offered or the advertising of the data controller.

In the event that non-personal data is combined with personal data in such a way that it is possible to identify the persons concerned, such data will be treated as personal data until such time as it is impossible to associate it with a specific person.

Collection methods

The data controller collects personal data as follows:

  • Via web form available when creating a customer account

  • Via web form available on the contact page

  • Via form when purchasing a product or service

  • Via certain cookies

Purposes of processing

Personal data is collected and processed solely for the purposes mentioned below:

  • manage and control the execution of the services offered;

  • dispatch and follow-up of orders and invoices ;

  • sending promotional information on the products and services of the controller ;

  • promotional material ;

  • answer user questions ;

  • statistics ;

  • to improve the quality of the website and the products and/or services offered by the data controller;

  • send information about new products and/or services of the controller;

  • for commercial prospecting;

  • enable better identification of the user’s centers of interest.

The data controller may carry out processing operations that are not yet covered by this Policy. In this case, it will contact the user before re-using his or her personal data, to inform him or her of the changes and give him or her the opportunity, where appropriate, to refuse such re-use.

Legitimate interests

Some of the processing operations carried out by the data controller sare based on the legal grounds of legitimate interests of the controller. These legitimate interests are proportionate to respect for the user’s rights and freedoms. If the user wishes to be informed of the details of the purposes founded on the legal basis of legitimate interests We recommend that you contact the data controller (see “Contact details”).

Shelf life

As a general rule, the data controller keeps personal data only for as long as is reasonably necessary for the purposes for which it is to be used and in accordance with legal and regulatory requirements.

personal data are kept in the data register in the accounts and are deleted once the company has ceased trading, or after a maximum of 5 years if the company is still in business.

Once the retention period has elapsed, the data controller makes every effort to ensure that the personal data has been made unavailable and inaccessible.

Enforcement of rights

For all the rights listed below, the data controller reserves the right to to verify the identity of the user for the application of the rights listed below.

This request for additional information must be made within one month of the user’s request.

Data access and copying

The user may obtain, free of charge, written communication or a copy of the personal data concerning him/her that has been collected.

The data controller may charge a reasonable fee based on administrative costs for any additional copies requested by the user.

When the user submits this request electronically, the information is provided in a commonly used electronic form, unless the user requests otherwise.

Unless otherwise stipulated by the General Data Protection Regulation, the user will be sent a copy of his or her data no later than one month after receipt of the request.

Right of rectification

The user may obtain, free of charge, as soon as possible and at the latest within one month, the rectification of any personal data that may be inaccurate, incomplete or irrelevant, as well as complete such data if it proves to be incomplete.

Unless otherwise stipulated by the General Data Protection Regulation, a request for rectification will be processed within one month of its submission.

Right to object to processing

The user may at any time, for reasons relating to his particular situation, object free of charge to the processing of his personal data, when:

  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail (in particular where the data subject is a child).

The data controller may refuse to implement the user’s right to object where it establishes the existence of compelling and legitimate reasons justifying the processing, which override the interests or rights and freedoms of the user, or for the establishment, exercise or defense of a legal claim. In the event of a dispute, the user may lodge a complaint in accordance with the “Complaints” section of this Policy.

The user may also, at any time, object, without justification and free of charge, to the processing of personal data concerning him/her when his/her data is collected for commercial prospecting purposes (including profiling).

Where personal data is processed for scientific or historical research or statistical purposes in accordance with the General Data Protection Regulation, the user has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task in the public interest.

Barring exceptions provided for in the General Data Protection Regulation, the data controller is required to respond to the user’s request as soon as possible and within one month at the latest, and to give reasons for its response when it intends not to comply with such a request.

Right to restrict processing

The user may obtain a restriction on the processing of his/her personal data in the cases listed below:

  • when the user contests the accuracy of a piece of data, and only for as long as it takes the data controller to check it;

  • when the processing is unlawful and the user prefers limitation of processing to erasure;

  • when, although no longer necessary for the purposes of the processing, the user requires it for the establishment, exercise or defense of his legal rights;

  • for the time required to examine the validity of a request for opposition made by the user, in other words for the time required for the controller to check the balance of interests between the legitimate interests of the controller and those of the user.

The data controller will inform the user when the processing restriction is lifted.

Right to erasure (right to be forgotten)

The user may obtain the deletion of personal data concerning him, when one of the following reasons applies:

  • the data are no longer necessary for the purposes of the processing ;

  • the user has withdrawn his consent to the processing of his data and there is no other legal basis for the processing;

  • the user objects to the processing and there is no compelling legitimate reason for the processing and/or the user exercises his/her specific right to object in relation to direct marketing (including profiling);

  • personal data has been processed unlawfully ;

  • personal data must be erased to comply with a legal obligation (under Union or Member State law) to which the data controller is subject;

  • personal data have been collected in the context of offering information society services to children.

However, data deletion does not apply in the following cases:

  • when processing is necessary for the exercise of the right to freedom of expression and information;

  • where processing is necessary to comply with a legal obligation to process that is laid down by Union law or by the law of the Member State to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

  • when processing is necessary for reasons of public interest in the field of public health;

  • where processing is necessary for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes, and insofar as the right to erasure is likely to render impossible or seriously compromise the achievement of the purposes of the processing in question;

  • when processing is necessary for the establishment, exercise or defense of legal claims.

Barring exceptions provided for in the General Data Protection Regulation, the data controller is required to respond to the user’s request as soon as possible and within one month at the latest, and to give reasons for its response when it intends not to comply with such a request.

Right to data portability

The user may, at any time, request to receive, free of charge, his/her personal data in a structured, commonly used and machine-readable format, in particular with a view to transmitting it to another data controller, when :

  • the data processing is carried out using automated processes; and when

  • processing is based on the user’s consent or on a contract between the user and the data controller.

Under the same conditions and according to the same procedures, the user has the right to obtain from the data controller that personal data concerning him be transmitted directly to another data controller, insofar as this is technically possible.

The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Data recipients and disclosure to third parties

The recipients of the data collected and processed are, in addition to the data controller itself, its employees or other subcontractors, its carefully selected business partners located in the European Union who collaborate with the data controller in the marketing of products or the provision of services.

In the event that data is disclosed to third parties for the purposes of direct marketing or commercial prospecting, the user will be informed in advance so that he/she can choose to accept the transfer of his/her data to third parties.

As long as this transfer is based on the user’s consent, he or she may withdraw consent at any time for this specific purpose.

The data controller complies with the legal and regulatory provisions in force and will ensure in all cases that its partners, employees, subcontractors or other third parties with access to personal data comply with this Policy.

The data controller discloses the user’s personal data in the event that a law, legal proceedings or an order from a public authority makes such disclosure necessary.

The data controller does not transfer any personal data outside the European Union.

Security

The data controller implements the appropriate technical and organizational measures to guarantee a level of security for the processing and data collected that is appropriate to the risks presented by the processing and the nature of the data to be protected. He takes into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks to users’ rights and freedoms.

The data controller always uses encryption technologies that are recognized as industry standards within the IT sector when transferring or receiving data on the website.

The data controller has implemented appropriate security measures to protect and prevent the loss, misuse or alteration of information received via the website.

In the event that the personal data controlled by the data controller should be compromisedhe will act swiftly to identify the cause of the breach and take appropriate remedial action.

The data controller informs the user of this incident if the lawy to do so.

Claims and complaints

If the user wishes to react to any of the practices described in this Policy, it is advisable to contact the data controller directly.

Users may also lodge a complaint with their national supervisory authority, whose contact details can be found on the European Commission’s official website: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

In addition, the user has the right to lodge a complaint with the competent national courts.

Contact data

For any questions and/or complaints relating to this Policy, the user may contact the data controller by e-mail at the following address: info@novyservices.be

Modification

The data controller reserves the right to modify the provisions of this Policy at any time. Modifications will be published directly on the website of the data controller.

Applicable law and jurisdiction

This Policy is governed by the national law of the data controller’s principal place of business.

Any dispute relating to the interpretation or execution of this Policy shall be subject to the jurisdiction of this national law.

The current version of the Policy is dated 03/03/2025.