1. Parties and object

BROS (hereinafter “BROS” or the “Controller“) Kapucinessenstraat 53, 2000 Antwerp

KBO/BTW: BE0775.695.637

E-mail: info@bros.be

BROS establishes this Privacy Policy. It aims to transparently inform Users about how personal data is collected and processed on the website found on our website: www.bros.be, (hereinafter the “Site”).

The term “User” refers to any user, whether a natural or legal person, who visits or interacts in any way with the Site.

BROS determines all technical, legal and organizational means and purposes for processing users’ personal data.

BROS undertakes to take all necessary measures to ensure that the processing of personal data takes place in accordance with the Act of July 30, 2018 on the protection of natural persons with regard to the processing of personal data (hereinafter the “Act”) and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter the “Regulation”).

BROS is free to choose a natural or legal person to process the Users’ personal data at its request and on its behalf (hereinafter the “Subcontractor“). In this case, BROS undertakes to select a Subcontractor that provides sufficient guarantees regarding the technical and organizational security measures for the processing of personal data, in accordance with the Law and the Regulation.

2. Processing of personal data

Users’ use of the Site may result in the disclosure of personal data. The processing of this data by BROS, in its capacity as Controller, or by service providers acting in the name and on behalf of BROS, is done in accordance with the Law and the Regulation.

Personal data is processed by BROS in the following manner:

the use of cookies

3. Purpose of processing personal data

In accordance with Article 13 of the Regulation, the purposes of the processing of

personal data communicated to the User. The objectives of BROS are as follows:

answering users’ questions, improving the quality of the website and products and/or services

4. Personal data that may be processed

The User agrees that, during the visit and use of the Site, BROS collects and processes the following personal data, in accordance with the terms and principles described in this Privacy Policy:

the e-mail address of the user if the user has previously entered it, the information related to the pages visited by the user on the website, any information voluntarily communicated by the user

5. Permission

By accessing and using the Site, the User declares that he/she gives his/her free, specific, informed and unambiguous consent to the processing of his/her personal data, having read through the contents of this Privacy Policy.

Consent is given by the positive action whereby the User checks the box for the privacy policy. This consent is an essential condition for performing certain actions on the Site or for enabling the User to enter into a contractual relationship with BROS. Any agreement that binds BROS and a User regarding the services and goods offered on the Site is subject to the User’s acceptance of the Privacy Policy.

The User agrees that, in accordance with the terms and principles set forth in this Privacy Policy, the Controller may process his/her personal data

collects and processes that he/she enters on the Site or through other services offered by BROS.

The User has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of the previous processing based on the prior consent.

6. Retention period of the Users’ personal data

In accordance with Article 13(2) of the Regulation and the Act, the Controller shall retain personal data only for as long as is reasonably necessary to achieve the purposes for which they are processed.

In any case, this duration is less than: 1 year

7. Data recipients and disclosure to third parties

Personal data may be transferred to employees, collaborators,

subcontractors or suppliers of BROS that provide appropriate data security guarantees and cooperate with BROS in marketing products or providing services. They act under the direct authority of BROS and are responsible for collecting, processing or outsourcing this data.

In all cases, the recipients of the data comply with the contents of this Privacy Policy. BROS ensures that they process this data only for its intended purposes and in a discreet and secure manner.

In the event that the data is shared with third parties for the purpose of direct marketing or prospecting, the User will be informed before giving his consent to the use of his personal data.

8. Rights of Users

The User may exercise his rights at any time by sending an e-mail to the following address: info@bros.be, or a letter by mail, together with a copy of his identity card, to the following address: Kapucinessenstraat 53, 2000 Antwerp

1. (a) Right of access

In accordance with Article 15 of the Regulation, BROS guarantees the User’s right to access their personal data. This includes the following personal data and information:

 the categories of personal data involved;

the recipients or categories of recipients to whom the personal data have been or will be disclosed, as well as recipients located in third countries or international organizations;

if possible, the proposed storage period for personal data or, if not possible, the criteria on the basis of which this period is determined;

the existence of automated decision-making, including profiling (as referred to in Article 22(1) and (4) of the Regulation) and relevant information on the underlying logic, as well as the significance and expected consequences of such processing for the data subject.

The Controller may require reasonable reimbursement of administrative costs for additional copies requested by the User.

If the User submits this request electronically (e.g. by e-mail), the data will be provided in electronic form and for general use, unless the User requests otherwise.

The copy of its records will be sent to the

User to be sent.

1. (b) Right to rectification

BROS guarantees to the User the right to rectification and deletion of personal data.

Pursuant to Article 16 of the Regulation, false, inaccurate or irrelevant

data can be corrected or deleted at any time. The User first makes the necessary changes himself from his user account. If these cannot be made independently, the User can submit a request to BROS.

In accordance with Article 19 of the Regulation, the Controller shall notify each recipient of personal data of any rectification, unless such notification proves impossible or involves disproportionate efforts. The Controller shall provide the data subject with information about these recipients, if he/she so requests.

1. (c) Right to exchange

In the cases mentioned in Article 17 of the Regulation, the User has the right to obtain the deletion of his personal data as soon as possible.

Where the Controller has disclosed the personal data and is required to erase them pursuant to the previous paragraph, the Controller shall take reasonable measures to notify recipients of such personal data that the data subject has requested the erasure of such personal data or a copy or reproduction thereof. It shall do so taking into account available technologies and implementation costs.

The two preceding paragraphs do not apply if processing is necessary for:

the exercise of the right to freedom of expression and information;

compliance with a legal obligation to process under Union law or the law of the Member State of the Controller;

a task of public interest or the exercise of public authority that is assigned to the

Controller is instructed;

the determination, exercise or defense of legal claims.

In accordance with Article 19 of the Regulation, the Controller shall notify each recipient of personal data of the deletion of personal data or the restriction of their processing, unless such notification proves impossible or involves a disproportionate effort. The Controller shall provide the data subject with information about these recipients if he/she so requests.

1. (d) Right to restrict processing

In the cases mentioned in Article 19 of the Regulation, the User has the right to a restriction of the processing of his personal data.

In accordance with Article 19 of the Regulation, the Controller shall notify each recipient of personal data of the restriction of the processing carried out, unless such notification proves impossible or involves a disproportionate effort. The Controller shall provide the data subject with information about these recipients if he/she so requests.

1. (e) Right to data portability.

In accordance with Article 20 of the Regulation, Users have the right to receive from BROS their personal data in a structured, commonly used and machine-readable format. In the cases provided for in the Regulation, Users have the right to transfer this data to another data controller without preventing BROS from doing so.

When the User exercises his right to data portability under the previous paragraph, he has the right to have personal data transferred directly from one controller to another, insofar as this is technically possible.

The exercise of the right to data portability does not affect the right to erasure.

This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

The right to data portability does not affect the rights and freedoms of third parties.

1. f) Right to object and automated individual decision-making

The User has the right at any time to oppose the processing of his/her personal data due to his/her specific situation, as well as the automation of data by BROS. In accordance with Article 21 of the Regulation, BROS will then no longer process personal data. This opposition will not be heard if there are legitimate and compelling reasons for the processing, which take precedence over the interests, rights and freedoms of the User, or for the establishment, exercise or defense of legal rights.

When processing personal data for prospecting purposes, the User has the right to oppose the processing of his/her personal data at any time. This also applies in the case of profiling, insofar as it relates to such prospecting.

Where the data subject objects to processing for prospecting purposes, the personal data shall no longer be processed for that purpose.

1. (g) Right of complaint

The User has the right to submit a complaint about the processing of its personal data by BROS to the Data Protection Authority, competent for the Belgian territory. More information can be found on the website: https://www.gegevensbeschermingsautoriteit.be/

Complaints can be filed at the following addresses: Data Protection Authority

Press Street 35, 1000 Brussels

Tel. + 32 2 274 48 00

Fax. + 32 2 274 48 35

E-mail: contact@apd-gba.be

The User may also file a complaint with the court of first instance of his place of residence.

9. Cookies

The Site uses cookies to distinguish the different Users of the Site. This makes it possible to provide Users with a better browsing experience, as well as to improve the Site and its content.

1. (a) General principles

A “Cookie” is a file that is temporarily or permanently placed on the User’s hard drive when they view the Site. This is done with a view to a subsequent visit to the Site. Thanks to cookies, the server recognizes the User’s computer.

Cookies may also be installed by third parties with whom BROS works. Some cookies used by BROS are necessary for proper functioning

of the Site, others are necessary to improve the User’s experience.

The User can modify or disable cookies by setting their browser.

By using the Website, the User expressly agrees to the management of cookies as described in this article.

1. (b) Types of cookies and purposes pursued.

Different types of cookies are used by BROS on the Site:

Technical cookies: they are necessary for the operation of the Site, enable the communication of the data entered and are intended to facilitate the User’s navigation;

Statistical and audience cookies: these cookies allow the recognition of the User and are used to count the number of Users of the Website over a certain period of time. Since they also indicate browsing behavior, they are an effective way to improve the User’s browsing experience by displaying proposals and offers that may be of interest to the User. They also make it BROS

possible to identify and correct bugs on the Website;

Functional cookies: these cookies facilitate the use of the Site by maintaining certain choices entered (for example, username or language);

Tracking cookies: BROS uses tracking cookies through Google Analytics to measure user interaction with Site content and produce anonymous statistics. These statistics allow BROS to improve the Site. Google supports the explanation of these cookies at the following address: http://www.google.nl/intl/en_uk/policies/privacy/

1. (c) Cookie retention period.

Cookies are stored for the time necessary to achieve the intended purpose. The cookies that may be stored on the User’s hard drive and the storage period of these cookies are as follows:

_ga: 2 years _gid: 24 hours _gat: 1 minute AMP_TOKEN: 30 seconds to 1 year _gac_<property- id>: 90 days

1. (d) Management of cookies.

If the User does not want the Website to place cookies on his hard drive, he can easily manage or delete them by adjusting his browser settings. Browser programming also allows the User to receive notification as soon as a Website uses cookies and thus decide whether to accept or reject them.

If the User disables certain cookies, he accepts that the Site may not function optimally. Some parts of the Site may not be usable or only partially usable.

If the User wishes to manage and/or delete certain cookies in this manner, they can do so through the following links:

Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies

Microsoft Edge: http://windows.microsoft.com/en-gb/windows-10/edge-privacy-faq

Chrome: https://support.google.com/accounts/answer/61416?hl=fr

Firefox: https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences

Safari: https://support.apple.com/kb/ph21411?locale=fr_CA

If the User refuses to allow the use of Google Analytics cookies, he or she is invited to configure his or her browser at the following website: http://tools.google.com/dlpage/gaoptout

10. Limitation of the Controller’s liability

The Site may contain links to other third-party sites not linked to BROS

. The content of these sites and compliance with the Act and Regulation are not the responsibility of BROS.

The holder of parental authority must give his or her express consent for the minor under 16 to disclose any personal information or data on the Site. BROS strongly encourages persons exercising parental authority over minors to promote responsible and safe use of the Internet. The Controller cannot be held liable for the collection and processing of personal information and data of minors under the age of 16 who have not effectively obtained the consent of their legal parents, nor for incorrect data – such as age – entered by minors. Under no circumstances will personal data be processed by the Controller if the User indicates that he/she is under 16 years of age.

BROS is not responsible for loss, damage or theft of personal data due to the presence of viruses or after computer attacks.

11. Safety and security

The Controller shall adopt organizational and technical measures to ensure an appropriate level of security for the processing and collection of data. These security measures depend on the implementation costs related to the nature, context and purposes of the processing of personal data.

The Controller uses standard encryption technologies within the IT industry when transmitting or collecting data on the Site.

12. Modification of Privacy Policy

BROS reserves the right to modify this Privacy Policy to comply with legal obligations. The User is therefore requested to regularly review the Privacy Policy to be informed of any changes and modifications. Such changes will be posted on the Site or sent by email to ensure objectionability.

13. Applicable law and competent court

This Privacy Policy is governed exclusively by Belgian law. Any dispute will be submitted to the courts of the judicial district of the registered office of BROS.

14. Contact

For any question or complaint regarding this privacy policy, the User may contact the Controller on our website: info@bros.be.