GDPR policy statement

Brouwerij der Trappisten van Westmalle CVBA attaches great importance to the proper protection of the data it processes, in particular personal data. With this policy, Brouwerij der Trappisten van Westmalle CVBA aims to establish, at a strategic level, the manner in which it protects data, the responsibilities it assigns in this regard and the priorities Brouwerij der Trappisten van Westmalle CVBA has set concerning data protection.

In particular, Brouwerij der Trappisten van Westmalle CVBA wishes to protect the data of its customers, employees and any other personal data it receives from:

  • loss: data are no longer available;
  • leaks: data fall into the wrong hands;
  • errors: data are incorrect, e.g. outdated or incomplete;
  • inaccessible: data are not accessible at times when they are needed;
  • unjustified access: access by persons who are not authorised to do so;
  • inability to track who viewed, changed or deleted the data;
  • processing that is not in line with regulations, directives and standards.

In this policy, the management of Brouwerij der Trappisten van Westmalle CVBA calls on all parties involved in the electronic and paper processing of personal data to work together, based on a common vision and shared objective, to provide quality service and ensure that processing is carried out correctly.

This policy serves as the standard for the processing of the personal data of customers/suppliers/other stakeholders and employees of Brouwerij der Trappisten van Westmalle CVBA.

It is a guideline for all processing operations and provides a reference standard for audit and monitoring. Brouwerij der Trappisten van Westmalle CVBA offers every interested party, employee or external party concerned access to the data protection policy and the way in which Brouwerij der Trappisten van Westmalle CVBA handles sensitive personal data.

This policy is also intended for anyone who has a position within Brouwerij der Trappisten van Westmalle CVBA that involves the processing of personal data. The policy is used to develop procedures and guidelines for employees and external parties, such as ICT suppliers. The relevant components of this policy statement are incorporated into agreements with employees, customers and suppliers or other stakeholders.

Below we describe which personal data of our customers/suppliers or other stakeholders we process, on what basis we process them and why we process them. Finally, we provide information about the security measures we take to protect these personal data.

WHAT ARE PERSONAL DATA?

The General Data Protection Regulation provides a comprehensive definition of the concepts of personal data and the processing of personal data. The relevant definitions can be consulted in Article 4 of Regulation (EU) 2016/679.

The General Data Protection Regulation defines personal data as follows:

any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

When we refer to personal data in this document, reference is being made to this definition in the Regulation.

WHICH PERSONAL DATA?

Brouwerij der Trappisten van Westmalle CVBA collects and processes the personal data of customers, suppliers and other stakeholders. These include:

  • Name
  • Address
  • Landline and mobile numbers
  • Email address
  • Bank account number

WHAT ARE THE PURPOSE AND LEGAL BASIS FOR THE PROCESSING?

All the personal data Brouwerij der Trappisten van Westmalle CVBA has on its customers/suppliers/other stakeholders serve a purpose and have a legal basis.

For example, the purpose of collecting personal data from customers is to manage our customers and orders (including customer administration, tracking orders/deliveries, invoicing, etc.), with the legal basis being the execution of an agreement. The same applies to the personal data of suppliers and other parties.

Brouwerij der Trappisten van Westmalle CVBA does not gather data without a clear purpose. All the processing of personal data done at Brouwerij der Trappisten van Westmalle CVBA is based on a legitimate interest, a legal obligation or an agreement.

The personal data will only be processed in accordance with the purpose for which they were provided, and the processing will be limited to only those data that are necessary for these purposes. Moreover, these data will not be passed on to other parties unless this is necessary for the purposes for which they were provided.

DURATION OF THE PROCESSING

The personal data of customers/suppliers/other parties are stored and processed by Brouwerij der Trappisten van Westmalle CVBA for a period that is either legally mandated or necessary for the purposes at hand.

The personal data of customers/suppliers/other stakeholders of Brouwerij der Trappisten van Westmalle CVBA will be removed from our systems after a period of 10 years after the last order/contract.

The personal data of customers/suppliers/other stakeholders of Brouwerij der Trappisten van Westmalle CVBA are in any case retained in accordance with the specific legislation, as well as the limitation periods that oblige Brouwerij der Trappisten van Westmalle CVBA to retain the personal data longer.

RIGHTS AS CUSTOMERS/SUPPLIERS/OTHER STAKEHOLDERS OF BROUWERIJ DER TRAPPISTEN VAN WESTMALLE CVBA

  1. Right of access and inspection. Customers/suppliers/other parties have the right to obtain access to their personal data as well as to know the use that is made thereof.
  2. Right to correction, erasure and limitation. Customers/suppliers/other parties have the right at all times to request the Brewery to correct, supplement, erase or limit the use of their personal data.
  3. Right of objection. Customers/suppliers/other parties also have a right to object to the processing of their personal data for serious and legitimate reasons, while nevertheless taking into account previous comments regarding necessary and legal data.
  4. Right of data transfer. Customers/suppliers/other stakeholders have the right to obtain their personal data processed by the Brewery in a structured, commonly-used and machine-readable form and/or to transfer them to other controllers.
  5. Right of withdrawal of consent. To the extent that the processing is based on the prior consent of the customer/supplier/other stakeholder, the latter has the right to withdraw this consent.
  6. Automatic decisions and profiling. This right does not apply at Brouwerij der Trappisten van Westmalle CVBA. The processing of your personal data does not include profiling, and you will not be subjected to automated decisions by Brouwerij der Trappisten van Westmalle CVBA.
  7. Exercising your rights. You can exercise your rights by sending an email to info@trappistwestmalle.be, upon which your question will be looked into. The Brewery must communicate its position within a month following the submission of a written request.

WHO TO CONTACT IN CASE OF QUESTIONS OR COMPLAINTS

Brouwerij der Trappisten van Westmalle CVBA declares that, as the controller responsible for the processing of personal data, it complies with Belgian privacy legislation, as well as the provisions of the General Data Protection Regulation as of its entry into force.

If you have any questions or complaints, it is best in the first instance to contact the Brewery by sending an email to info@trappistwestmalle.be. If your complaint regarding the unlawful use of personal data is not handled correctly, you have the right to lodge a complaint with the Belgian Data Protection Authority (DPA). Further details can be found at https://www.dataprotectionauthority.be/submit-request-or-complaint.

This is without prejudice to present the case before a civil court. If you suffer damage as a result of the processing of your personal data, you can file a claim for compensation for damages.

TRANSFER TO THIRD PARTIES

Some the personal data processed by Brouwerij der Trappisten van Westmalle CVBA may be transferred to third parties if the purposes so require. Brouwerij der Trappisten van Westmalle CVBA concludes processing agreements with all these organisations mentioned above and makes every effort to ensure that they secure your personal data adequately.

Your personal data will not be sold, leased, distributed or made commercially available to third parties, except as described above or with your prior consent. Cross-border data transfer is prohibited at all times.

In rare cases, Brouwerij der Trappisten van Westmalle CVBA may have to disclose personal data as a result of a court order or to comply with other mandatory laws or regulations.

SECURITY AND CONFIDENTIALITY

Brouwerij der Trappisten van Westmalle CVBA has developed security measures that have been adapted at a technical and organisational level to prevent the destruction, loss, falsification, modification, unauthorised access or erroneous notification to third parties of personal data collected, as well as any other unauthorised processing of these data.

This is done, on the one hand, by means of technical measures such as virus scans, firewalls, passwords, data access measures, etc. On the other hand, it involves organisational measures such as limiting access to specific persons, an incident management procedure, policy and training structures, and confidentiality clauses.

site by Intracto