Brouwerij der Trappisten van Westmalle BV attaches great importance to the proper protection of the data it processes, in particular personal data. With this policy, Brouwerij der Trappisten van Westmalle BV aims to establish, at a strategic level, the manner in which it protects data, the responsibilities it assigns in this regard and the priorities Brouwerij der Trappisten van Westmalle BV has set concerning data protection.
In particular, Brouwerij der Trappisten van Westmalle BV wishes to protect the data of its customers, employees and any other personal data it receives from:
In this policy, the management of Brouwerij der Trappisten van Westmalle BV calls on all parties involved in the electronic and paper processing of personal data to work together, based on a common vision and shared objective, to provide quality service and ensure that processing is carried out correctly.
This policy serves as the standard for the processing of the personal data of customers/ suppliers/ other stakeholders and employees of Brouwerij der Trappisten van Westmalle BV.
It is a guideline for all processing operations and provides a reference standard for audit and monitoring. Brouwerij der Trappisten van Westmalle BV offers every interested party, employee or external party concerned access to the data protection policy and the way in which Brouwerij der Trappisten van Westmalle BV handles sensitive personal data.
This policy is also intended for anyone who has a position within Brouwerij der Trappisten van Westmalle BV that involves the processing of personal data. The policy is used to develop procedures and guidelines for employees and external parties, such as ICT suppliers. The relevant components of this policy statement are incorporated into agreements with employees, customers and suppliers or other stakeholders.
Below we describe which personal data of our customers/suppliers or other stakeholders we process, on what basis we process them and why we process them. Finally, we provide information about the security measures we take to protect these personal data.
The General Data Protection Regulation provides a comprehensive definition of the concepts of personal data and the processing of personal data. The relevant definitions can be consulted in Article 4 of Regulation (EU) 2016/679.
The General Data Protection Regulation defines personal data as follows:
any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
When we refer to personal data in this document, reference is being made to this definition in the Regulation.
Brouwerij der Trappisten van Westmalle BV collects and processes the personal data of customers, suppliers and other stakeholders. These include:
All the personal data Brouwerij der Trappisten van Westmalle BV has on its customers/suppliers/other stakeholders serve a purpose and have a legal basis.
For example, the purpose of collecting personal data from customers is to manage our customers and orders (including customer administration, tracking orders/deliveries, invoicing, etc.), with the legal basis being the execution of an agreement. The same applies to the personal data of suppliers and other parties.
Brouwerij der Trappisten van Westmalle BV does not gather data without a clear purpose. All the processing of personal data done at Brouwerij der Trappisten van Westmalle BV is based on a legitimate interest, a legal obligation or an agreement.
The personal data will only be processed in accordance with the purpose for which they were provided, and the processing will be limited to only those data that are necessary for these purposes. Moreover, these data will not be passed on to other parties unless this is necessary for the purposes for which they were provided.
The personal data of customers/suppliers/other parties are stored and processed by Brouwerij der Trappisten van Westmalle BV for a period that is either legally mandated or necessary for the purposes at hand.
The personal data of customers/suppliers/other stakeholders of Brouwerij der Trappisten van Westmalle BV will be removed from our systems after a period of 10 years after the last order/contract.
The personal data of customers/suppliers/other stakeholders of Brouwerij der Trappisten van Westmalle BV are in any case retained in accordance with the specific legislation, as well as the limitation periods that oblige Brouwerij der Trappisten van Westmalle BV to retain the personal data longer.
Brouwerij der Trappisten van Westmalle BV declares that, as the controller responsible for the processing of personal data, it complies with Belgian privacy legislation, as well as the provisions of the General Data Protection Regulation as of its entry into force.
If you have any questions or complaints, it is best in the first instance to contact the Brewery by sending an email to firstname.lastname@example.org. If your complaint regarding the unlawful use of personal data is not handled correctly, you have the right to lodge a complaint with the Belgian Data Protection Authority (DPA). Further details can be found at https://www.dataprotectionauthority.be/citizen/form-complaint.
This is without prejudice to present the case before a civil court. If you suffer damage as a result of the processing of your personal data, you can file a claim for compensation for damages.
Some the personal data processed by Brouwerij der Trappisten van Westmalle BV may be transferred to third parties if the purposes so require. Brouwerij der Trappisten van Westmalle BV concludes processing agreements with all these organisations mentioned above and makes every effort to ensure that they secure your personal data adequately.
Your personal data will not be sold, leased, distributed or made commercially available to third parties, except as described above or with your prior consent. Cross-border data transfer is prohibited at all times.
In rare cases, Brouwerij der Trappisten van Westmalle BV may have to disclose personal data as a result of a court order or to comply with other mandatory laws or regulations.
Brouwerij der Trappisten van Westmalle BV has developed security measures that have been adapted at a technical and organisational level to prevent the destruction, loss, falsification, modification, unauthorised access or erroneous notification to third parties of personal data collected, as well as any other unauthorised processing of these data.
This is done, on the one hand, by means of technical measures such as virus scans, firewalls, passwords, data access measures, etc. On the other hand, it involves organisational measures such as limiting access to specific persons, an incident management procedure, policy and training structures, and confidentiality clauses.