This Charter has been drawn up by Brasserie Surréaliste located at Place du Nouveau Marché aux Grains, 22-23
1000 Bruxelles, registered with the Crossroads Bank for Enterprises under number: 0675.400.706 (hereinafter referred to as “the data controller”).
The purpose of this Charter is to inform visitors to the website hosted at https://www.brasseriesurrealiste.com. (hereinafter referred to as the “website”) of the way in which data is collected and processed by the data controller.
This Charter is part of the controller’s desire to act in full transparency, in compliance with the law of 8 December 1992 on the protection of privacy with regard to the processing of personal data and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation”).
The data controller pays particular attention to the protection of the privacy of its users and therefore undertakes to take reasonable precautions to protect the personal data collected against loss, theft, disclosure or unauthorised use.
If the user wishes to react to any of the practices described below, he/she may contact the data controller at the postal address or the email address specified in the “contact details” section of this Charter.
By accessing and using the website, the user declares that he/she has read the information described below, accepts the present Charter and expressly consents to the data controller collecting and processing, in accordance with the methods and principles described in the present Charter, his/her personal data that he/she communicates through the website and/or on the occasion of the services offered on the website, for the purposes indicated below.
The user has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of the processing based on the consent previously given.
WHAT DATA DO WE COLLECT ?
By visiting and using the website, the user expressly consents to the data controller collecting and processing the following personal data according to the methods and principles described below
• his/her domain (automatically detected by the controller’s server), including the dynamic IP address ;
• his/her e-mail address if the user has previously revealed it, for example by sending messages or questions on the website, communicating with the data controller by e-mail, participating in discussion forums, accessing the restricted part of the website by means of identification, etc. ;
• all information concerning the pages that the user has consulted on the website;
• any information that the user has given voluntarily, for example in the context of information surveys and/or registrations on the website, or by accessing the restricted part of the website by means of identification (access to his/her personal account).
We also collect the following data :
Les données personnelles lors de la création du compte utilisateur
• Personal data when creating a user account
• Data when registering for the newsletter
It is possible that the data controller may also collect non-personal data. These data are qualified as non-personal data because they do not allow the direct or indirect identification of a particular person. It may therefore be used for any purpose, for example to improve the website, the products and services offered or the advertising of the controller.
In the event that non-personal data are combined with personal data in such a way that it is possible to identify the data subjects, such data will be treated as personal data until such time as it is impossible to link them to a specific person.
The controller collects personal data in the following ways:
External scripts are called up on the website for the proper functioning of the website :
SETTING UP IN CACHE
The system caches certain information (media, text, etc.) from the site in your browser for the proper functioning and speed of display of content.
PURPOSES OF THE PROCESSING
Personal data are collected and processed only for the purposes mentioned below :
to ensure the management and control of the execution of the services offered;
sending and follow-up of orders and invoices;
sending promotional information on the products and services of the controller;
sending, if necessary, free samples or offering services on preferential terms;
answering the user’s questions;
to carry out statistics;
to improve the quality of the website and of the products and/or services offered by the data controller;
to send information about new products and/or services of the controller;
for direct marketing purposes;
to enable better identification of the user’s interests.
The data controller may carry out processing operations that are not yet provided for in this Charter. In this case, the data controller will contact the user before re-using his/her personal data, in order to inform him/her of the changes and to give him/her the possibility, if necessary, to refuse this re-use.
>The controller shall only keep personal data for as long as is reasonably necessary for the purposes for which it is to be used and in accordance with legal and regulatory requirements.
A customer’s personal data is kept for a maximum of 3 years after the end of the contractual relationship between the customer and the controller.
Shorter retention periods apply to certain categories of data, such as traffic data, which is retained for only 12 months.
At the end of the retention period, the controller shall make every effort to ensure that the personal data has been made unavailable.
ACCESS TO DATA AND COPYING
By means of a written, dated and signed request sent to the data controller at the address referred to in the “contact data” section of this Charter, the user may, after having provided proof of his identity (requesting a copy of his identity card), obtain, free of charge, written communication or a copy of the personal data concerning him that have been collected.
The data controller may require payment of a reasonable fee based on administrative costs for any additional copies requested by the user.
Where the user makes such a request electronically, the information shall be provided in a commonly used electronic form, unless the user requests otherwise.
The user will be provided with a copy of his data within one month of receiving the request.
RIGHT OF RECTIFICATION
By means of a written, dated and signed request sent to the data controller at the address referred to in the “contact data” section of this Charter, the user may, after having proved his identity (by enclosing a copy of his identity card), obtain, free of charge, as soon as possible and at the latest within one month, the rectification of his personal data which are inaccurate, incomplete or irrelevant, as well as complete them if they prove to be incomplete.
RIGHT TO OBJECT TO THE PROCESSING
By means of a written, dated and signed request sent to the data controller at the address referred to in the “contact details” section of this Charter, the user may at any time, for reasons relating to his or her particular situation and after having provided proof of identity (by enclosing a copy of his or her identity card), object free of charge to the processing of his or her personal data, when :
the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller ;
the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail (in particular where the data subject is a child).
The data controller may refuse to implement the user’s right to object if it establishes compelling legitimate grounds for the processing which override the interests or rights and freedoms of the user, or for the establishment, exercise or defence of legal claims. In the event of a dispute, the user may lodge a complaint in accordance with the “Complaints” section of this Charter.
By means of a written, dated and signed request sent to the data controller at the address referred to in the “contact data” section of this Charter, the user may, at any time and after having provided proof of his identity (by enclosing a copy of his identity card), object, without justification and free of charge, to the processing of personal data concerning him when his data are collected for direct marketing purposes (including profiling).
Where personal data are processed for scientific or historical research or statistical purposes in accordance with the General Data Protection Regulation, the user has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out in the public interest.
The controller is obliged to respond to the user’s request as soon as possible and at the latest within one month and to give reasons for not responding to such a request.
RIGHT TO LIMIT THE PROCESSING
By means of a written, dated and signed request sent to the data controller at the address referred to in the “contact details” section of this Charter, the user may, after having provided proof of identity (by sending a copy of his/her identity card), obtain the limitation of the processing of his/her personal data in the cases listed below :
when the user contests the accuracy of a data and only for the time necessary for the controller to check it ;
when the processing is unlawful and the user prefers the limitation of processing to erasure ;
when, although no longer necessary for the purposes of the processing operation, the user needs it for the establishment, exercise or defence of legal claims ;
for the time necessary to examine the merits of a request for opposition made by the user, in other words for the time necessary for the controller to check the balance of interests between the legitimate interests of the controller and those of the user.
The controller will inform the user when the limitation of processing is lifted.
RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN)
By means of a written, dated and signed request sent to the data controller at the address referred to in the “contact data” section of this Charter, the user may, after having provided proof of his/her identity (enclosing a copy of his/her identity card), obtain the deletion of personal data concerning him/her, when one of the following reasons applies :
the data are no longer necessary for the purposes of the processing ;
the user has withdrawn his consent to the processing of his data and there is no other legal basis for the processing ;
the user objects to the processing and there are no compelling legitimate grounds for the processing and/or the user exercises his or her specific right to object in relation to direct marketing (including profiling) ;
the personal data have been processed unlawfully ;
the personal data must be erased in order to comply with a legal obligation (under Union or Member State law) to which the controller is subject ;
the personal data have been collected in the context of the provision of information society services to children.
However, data erasure is not applicable in the following 5 cases :
when the processing is necessary for the exercise of the right to freedom of expression and information ;
where processing is necessary for compliance with a legal obligation to process laid down by Union law or by the law of the Member State to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller ;
where the processing is necessary for reasons of public interest in the field of public health ;
where processing is necessary for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes and provided that the right to erasure is likely to render impossible or seriously compromise the achievement of the purposes of the processing in question ;
where the processing is necessary for the establishment, exercise or defence of legal claims.
The data controller is obliged to respond to the user’s request as soon as possible and at the latest within one month, and to give reasons for not responding to such a request.
The user also has the right, in the same way, to obtain, free of charge, the deletion or prohibition of use of any personal data concerning him/her which, taking into account the purpose of the processing, is incomplete or irrelevant, or the recording, communication or storage of which is prohibited or which has been stored for longer than is necessary and permitted.
RIGHT TO “DATA PORTABILITY”
By means of a written, dated and signed request sent to the data controller at the address referred to in the “contact data” section of this Charter and after having provided proof of identity (by attaching a legible copy of the identity card), the user may, at any time, request to receive, free of charge, his/her personal data in a structured, commonly used and machine-readable format, with a view, in particular, to transmitting them to another data controller, when :
the data processing is carried out by automated means; and
the processing is based on the user’s consent or on a contract concluded between the latter and the data controller.
Under the same conditions and in the same way, the user has the right to obtain from the data controller that personal data concerning him/her be transmitted directly to another data controller, insofar as this is technically possible.
The right to data portability does not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
RECIPIENTS OF DATA AND DISCLOSURE TO THIRD PARTIES
The recipients of the data collected and processed are, in addition to the data controller itself, its employees or other subcontractors, its carefully selected commercial partners, located in Belgium or in the European Union, who collaborate with the data controller in the context of the marketing of products or the provision of services.
In the event that the data is disclosed to third parties for direct marketing or canvassing purposes, the user will be informed in advance so that he/she can choose whether or not to accept this processing of his/her data by third parties.
By means of a written, dated and signed request sent to the data controller at the address referred to in the “contact data” section of this Charter, the user may, at any time and after having provided proof of his identity (by enclosing a copy of his identity card), object free of charge to the transmission of his data to third parties.
The data controller shall comply with the legal and regulatory provisions in force and shall ensure in all cases that its partners, employees, subcontractors or other third parties having access to this personal data comply with this Charter.
The data controller reserves the right to disclose the user’s personal data in the event that a law, legal proceedings or an order from a public authority makes such disclosure necessary.
No personal data is transferred outside the European Union.
USE AND MANAGEMENT OF “COOKIES”
This cookie management policy applies to the website. These are managed by the controller.
Most web browsers are configured to accept cookies automatically. If the user wishes to customise their management, they must modify the settings of their browser. Further information on this subject can be found in the “Cookie management” section of this provision.
By visiting and using the website, the user expressly agrees to the cookie management described below.
DEFINITION OF COOKIES
A “cookie” is a data or text file that a website’s server temporarily or permanently stores on the user’s equipment (computer hard disk, tablet, smartphone, or any other similar device) through the user’s browser. Cookies may also be installed by third parties with whom the controller collaborates.
Cookies store a certain amount of information, such as the language preferences of visitors or the contents of their shopping cart. Other cookies collect statistics about the users of a website or ensure that graphics appear correctly and that applications work well on the website. Still others allow the content and/or advertising on a website to be tailored to the user.
The website uses different types of cookies :
Essential or technical cookies: these are cookies that are essential for the operation of the website, allowing good communication and intended to facilitate navigation ;
Statistical or analytical cookies: these cookies make it possible to recognise and count the number of visitors and to see their browsing behaviour when they visit the website. This makes it possible to improve the user’s browsing experience and makes it easier for them to find what they are looking for ;
Functional cookies: these cookies enable specific features on the website to improve usability and user experience, including remembering the user’s preference choices (e.g. language) ;
Performance cookies : these cookies collect information about how visitors use the website. They allow us to evaluate and improve the content and performance of the website (e.g. by counting the number of visitors, identifying the most popular pages or clicks), and to better match commercial offers to the user’s personal preferences ;
Advertising or commercial cookies: these are files intended to collect data relating to the profile of visitors and likely to be installed or read by third parties with whom the data controller collaborates in order to measure the effectiveness of an advertisement or a web page and to better adapt it to the user’s interests ;
Tracking cookies : the website uses tracking cookies via Google Analytics, with the aim of helping the controller to measure the ways in which users interact with the content of the website, and which generates visit statistics in a strictly anonymous manner. These statistics make it possible to continually improve the website and to offer the user relevant content. The controller uses Google Analytics to gain insight into the traffic on the website, the origin of this traffic and the pages visited. This means that Google acts as a subcontractor. The information collected by Google Analytics is generated as anonymously as possible. For example, it is not possible to identify the persons who visit the website. For more information, the user is invited to consult the Google data protection policy, available at the following address : https://www.google.com/intl/fr/policies/privacy/
Use of sharing tools : Our website uses some social media tools in the form of sharing buttons that make it easy for visitors to share information with their friends on certain social networks. Therefore it is possible that, when visiting a page on which such a plug-in is included, you may be confronted with cookies from these websites. These sites are not managed by Brasserie Surréaliste. By using these links, you accept the privacy policies of these sites. These sites may also set a cookie if you are connected to their services. In this way, they may also collect data in order to show you advertisements on other sites that they consider relevant to your interests.
A beacon is an invisible image file that tracks the user’s browsing on one or more websites and applications. In addition, other commercial cookies may be set by advertisers when they serve their ads. Commercial cookies do not contain any personal data. The information collected through commercial cookies and beacons is used to measure the effectiveness of the advertising and to better personalise the advertising on the website and on other websites belonging to the advertising network or for which the controller provides advertising services. The retention period for cookies varies according to their type: essential cookies are generally kept until the browser is closed, while functional cookies remain valid for 1 year and performance cookies for 4 years.
The controller allows public search engines to visit the website via spiders with the sole purpose of making access and content of the website available via their search engines, without the controller granting the right to archive the website. The controller reserves the right to withdraw the authorisation as formulated in this article at any time.
In order to make offers that may be of interest to the user, the controller may enter into agreements with internet advertising agencies. They have received permission from the controller to place advertisements on the website. When the user visits the website, the advertising companies may also collect information.
Most browsers are set to automatically accept cookies, but all allow you to customise the settings to suit your preferences.
If the user does not want the website to place cookies on their computer/mobile device, they can easily manage or delete them by changing their browser settings. The user can also set his browser to notify him when he receives a cookie and thus decide whether or not to accept it. If the user wishes to block and/or manage certain cookies, they can do so by following the link for their browser: Internet Explorer http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies Chrome: https://support.google.com/accounts/answer/614167hlsen Firefox: https://support.mozilla.Org/en-U.S/kb/enable-and-disable-cookies-website-preferences Safari: http://support.apple.com/kb/PH5042
To stop being tracked by Google Analytics on any website, the user is invited to visit the following website: http://tools.google.com/dlpage/gaoptout
If the user deactivates certain cookies, it is possible that certain parts of the website may not be available and/or usable, or that they may only be partially available.
The controller shall implement appropriate technical and organisational measures to ensure a level of security of the processing and of the data collected that is appropriate to the risks presented by the processing and the nature of the data to be protected. It shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of users.
The controller always uses encryption technologies that are recognised as industry standards within the IT sector when transferring or receiving data on the website.
The data controller has put in place appropriate security measures to protect and prevent the loss, misuse or alteration of information received on the website.
COMMUNICATIONS BY POST, ELECTRONIC OR TELEPHONE
Communication by post.
If the user provides the controller with his/her postal address via the website, his/her data will be stored in the controller’s address file in order to respond to his/her request and to keep him/her informed of the products and services offered by the controller. Unless the user objects, the controller may also pass on the user’s data to third parties (such as groups of companies and business partners) for direct marketing purposes. If the user does not want his data to be used for direct marketing purposes, he can indicate this when registering on the website.
The user may at any time consult, correct or delete his/her data from the file of the data controller. To do so, he/she should contact the data controller at the address mentioned in the “contact data” section of this Charter, remembering to specify his/her exact name and address (spelled correctly). The data controller undertakes to delete his data from the list that he shares with other companies or organisations.
Communication by phone :
If the user provides the data controller with his/her telephone number via the website, he/she may receive a telephone call from :
the data controller in order to provide information about its products, services or upcoming events ;
groups of companies and business partners with which the controller has a contractual relationship.
If the user does not wish/no longer wishes to receive such telephone calls, he/she may contact the data controller at the address referred to in the “contact details” section of this Charter, remembering to state his/her exact name and address (spelt correctly). The data controller undertakes to delete his data from the list that he shares with other companies or organisations.
If the user provides the controller with his/her mobile phone number via the website, he/she will only receive messages (SMS/MMS) from the controller that are necessary to answer his/her questions or to inform him/her about his/her online orders.
Communication via e-mail. If the user communicates his e-mail address to the controller via the website, he may receive :
e-mails from the controller in order to communicate information about its products, services or upcoming events (for direct marketing purposes), provided that the user has expressly consented to this or is already a customer of the controller and has communicated his e-mail address to the controller ;
e-mails from groups of companies and companies/organisations to which the controller is contractually bound, for direct marketing purposes, provided that the user has given his explicit consent.
If the user does not wish/no longer wishes to receive such e-mails, he/she can contact the controller at the address referred to in the “contact details” section of this Charter, remembering to state his/her exact name and address (spelled correctly).
The data controller undertakes to remove its contact details from the list it shares with other companies or organisations.The Robinson list. If the user does not wish to receive mailings or telephone calls from any of the companies on the Robinson list, he/she may contact the Robinson service of the Belgian Direct Marketing Association :
Free telephone number: 0800-91 887 ;
By post: BDMV, Robinson List, Buro ” Design Center, Esplanade du Heysel B46, 1020 Brussels.
CLAIMS AND COMPLAINTS
The user may lodge a complaint with the Belgian Commission for the Protection of Privacy at the following address
Commission for the Protection of Privacy Rue de la Presse, 35 1000 Brussels Tel. +32 2 274 48 00 Fax +32 2 274 48 35 firstname.lastname@example.org
The user may also lodge a complaint with the court of first instance of his place of residence.
For more information on complaints and possible remedies, the user is invited to consult the following address of the Belgian Commission for the Protection of Privacy:
DATA PROTECTION OFFICER
The data protection officer of the controller is Brasserie Surréaliste. Its contact details are as follows Place du Nouveau Marché aux Grains, 22-23. 1000 Bruxelles
For any question and/or complaint, in particular concerning the clear and accessible nature of this Charter, the user may contact the data controller:
By email: hello@brasseriesurrealiste
By post: Place du Nouveau Marché aux Grains, 22-23 1000 Bruxelles
APPLICABLE LAW AND COMPETENT JURISDICTION
This Charter is governed by Belgian law.
Any dispute relating to the interpretation or execution of this Charter will be subject to Belgian law and will fall under the exclusive jurisdiction of the courts of the judicial district of Brussels.
The data controller reserves the right to modify the provisions of this Charter at any time. The modifications will be published with a warning as to their entry into force.
The present version of the Charter is dated 01/06/2023.