SF Company SRL Privacy Policy

Please read this Privacy Policy carefully. By using some of our services, contracting with us, and/or agreeing to our terms and conditions, you agree to be bound without reservation to this Privacy Policy. If you have any questions about this Policy, please contact us.

1: Objective

This document constitutes the Privacy Policy implemented by SF Company SRL in the course of its activities.

The protection of your privacy and your personal data is of paramount importance to SF Company SRL.

This Privacy Policy is written to ensure compliance with the European Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or GDPR).

This Privacy Policy aims to provide you with comprehensive information on the subject and explains how we collect, use and store your personal data.

2: What is the scope of this policy?

What does “processing your data” mean and who is responsible?

We collect and use only the personal data that is necessary for our activities and that enables us to offer you quality products and services.

SF Company SRL, whose registered office is at 175 rue Bara, 1170 Brussels, is responsible for processing the personal data that it is required to process.

The concept of “processing” is broad and covers, inter alia, the collection, recording, organisation, storage, updating, modification, request, consultation, use, dissemination or otherwise making available, reconciliation, combination, archiving, erasure or final disposal of such data

We are therefore your partner as well as the partner of the supervisory authorities (e.g. the “Data Protection Authority”) for any questions regarding the use of your data by our company.

For some services, we use specialised third parties who, in some cases, act as subcontractors. They must then follow our guidelines and respect our Privacy Policy. In other cases, these third parties are also jointly responsible for the processing and must in turn comply with their legal obligations in this respect.

We ensure that these subcontractors only receive the data strictly necessary to perform their part of the contract.

We may also act as a subcontractor for other entities related or not to SF Company SRL. In this case, it is these entities that are responsible for the processing of personal data. We then follow their instructions.

Through the services of SF Company SRL, in particular via its website (which may contain links to the websites of other parties), you may therefore also use the services of third parties (e.g. the chat, other websites (e.g., third-party websites, forums, Facebook, Twitter, Instagram, newsgroups and/or applications) are subject to their own privacy policies, which you should check carefully. SF Company SRL has no control over, and assumes no responsibility for, the information you place there and the manner in which the data is handled by these third parties.

3: What data is covered by our policy?

The data covered by this policy are the personal data of natural persons, i.e. data which directly or indirectly allow a person to be identified.

In the course of your relationship and interaction with SF Company SRL, we may collect various personal data, such as

  • Identification and contact data (e.g. your title, name, gender, address, date and place of birth, national register number, account number, telephone number, e-mail address, IP address, occupation);
  • Family situation (e.g. marital status, number of children) ;
  • Banking, financial and transactional data (e.g. bank details, account numbers, transfer data including communication, and generally all data recorded during your bank transfers);
  • Data relating to your behaviour and habits concerning the use of our channels (e.g. our connected refrigerators, our websites, our applications for tablets and smartphones) or your consumption (number of products ordered, order intervals, etc.);
  • Data relating to your preferences and interests, which you communicate to us directly or indirectly, for example via participation in our competitions or events, … ;
  • Data from your interactions on our dedicated pages on social networks.

We never process data relating to your racial or ethnic origin, political opinions, religion, philosophical beliefs or trade union membership, genetic data, sex life or sexual orientation unless we are required to do so by law or as a result of your performance of our products and services (e.g. you mention such information).

4: Guidelines for processing personal data

SF Company SRL will respect, among others, the following principles when processing personal data in the context of the management and execution of its commitments:

  • Lawful data processing: SF Company SRL processes personal data in a lawful manner in the course of its activities;
  • Identified purposes and purpose limitation: SF Company SRL collects and processes personal data for the lawful purposes identified below;
  • Minimisation of data processing: SF COMPANY SRL limits the processing of personal data to what is necessary for its activities;
  • Accuracy of personal data: SF COMPANY SRL takes all reasonable steps to ensure that personal data is accurate and is corrected and/or deleted without delay if it no longer appears accurate;
  • Limitation of processing and storage: SF COMPANY SRL will not process or store personal data for longer than is necessary for the performance of its activities;
  • Security measures: SF COMPANY SRL takes the necessary and appropriate technical and/or organisational measures for the security of personal data.

5: When is your personal data collected?

The data we use may be collected directly from you or obtained from the following sources for the purpose of verifying or enhancing our databases:

  • Publications/databases made available by the official authorities (e.g. the Moniteur Belge);
  • Nos entreprises clientes ou nos fournisseurs de services ;
  • Websites/social network pages containing information that you have made public (e.g. your website or social network);
  • Databases made public by third parties.

Some of your data may also be collected by SF COMPANY SRL:

  • When you become a customer or supplier ;
  • When you register to use our online services (each time you log in or use them);
  • When you fill in the forms and contracts we submit to you;
  • When you use our services and products after signing a contract;
  • When you subscribe to our newsletters, respond to our competitions, you register on our website;
  • When you contact us through the various channels available to you;
  • When your data is published or transmitted by authorised third parties or professional data providers;

6: On what basis and why do we use your personal data?

We process your personal data for various purposes. For each processing operation, only data relevant to the intended purpose are processed.

In general, we use your personal data:

  • In the context of the performance of a contract or the taking of pre-contractual measures;
  • In order to comply with the legal and regulatory requirements to which we are subject;
  • For reasons that fall within the company’s legitimate interest (see illustrations below). When we carry out such processing, we take care to balance this legitimate interest with your privacy;
  • When we have obtained your consent.

Personal data are processed by SF COMPANY SRL for purposes that include, but are not limited to

  • Provide you with information about our products and services;
  • Assist you and answer your questions;
  • To enable the proper execution of your purchases and orders;
  • To ensure the financial and accounting management of SF COMPANY SRL;;
  • Ensure good customer, material and supplier management;
  • To carry out market research and establish user profiles, to carry out information and/or promotional operations on the products and services we offer;
  • To work on improving existing (or developing) products and services through surveys of existing or potential customers, statistics, tests, feedback from you directly or by posting on our websites;
  • Responding to legal obligations, including responses to official requests from duly authorised public or judicial authorities;
  • Detect and prevent abuse and fraud: we process and manage contact and security data (card reader, password, …) in order to validate, track and ensure the security of transactions and communications via our remote channels;
  • Provide services and products through subcontractors;
  • Monitoring our activities (measuring sales, visits to our website, etc.);
  • To facilitate the navigation, user-friendliness and optimisation of the SF COMPANY SRL website, its functionality and the area reserved for user account holders;
  • Improve the quality of individual service to our customers;
  • To carry out prospecting relating to products and services of SF COMPANY SRL.

SF COMPANY SRL does not make automated decisions – whether based on profiling or not – that may have legal consequences for you or that significantly affect you, except :

  • if it is essential for the conclusion or execution of your purchases;
  • if permitted by law (e.g. for the detection of tax fraud);

or if we have obtained your express permission to do so.

In these situations, you will be informed in advance of the automated decision, of your right to demand human intervention and of how you can challenge the decision.

7: Who has access to your data and to whom is it transferred?

Only authorised users have access to your personal data for the above purposes. Authorised users are those persons who, within the scope of their function within SF COMPANY SRL, are authorised to process personal data on the basis of the directives of SF COMPANY SRL.

In order to fulfil the above purposes, SF COMPANY SRL may disclose your personal data to

  • Suppliers and deliverers or subcontractors of such suppliers or deliverers, so that they can serve you better;
  • Your employer or principal in whose premises our connected fridge is installed;
  • Banking institutions, insurers/funds;
  • IT companies or service providers for software programs and electronic data storage (servers, etc.);
  • Judicial, administrative or police authorities.

More generally, we do not sell any of your personal data to third parties.. We will only transfer them to third parties if :

  • This is necessary for the proper performance of the Services of SF COMPANY SRL. The said Data are then transmitted to third parties for the sole purpose of carrying out the mission delegated to them by SF COMPANY SRL.

We ensure that they handle your Data, as we do, in a safe, respectful and responsible manner and we provide adequate contractual safeguards for this.

  • There is a legal obligation, particularly with regard to the fight against money laundering.
  • There is a legitimate interest for SF COMPANY SRL or the third party concerned.

We will only pass on your personal data if your interests or fundamental rights and freedoms do not prevail and you will always be informed in a transparent manner (except in the case of legal exceptions). For example, your personal data may be passed on to partners, collection agencies and legal service providers, as well as to partners with whom we collaborate in the context of a specific action.

  • You give us your permission.

If SF COMPANY SRL provides personal data to third parties in other situations, this is always done by means of an explicit notification, giving an explanation about the third party, the purposes of the communication and the processing. If required by law, we ask for your explicit permission.

8: How long do we keep your data?

We retain your personal data for the longest period of time necessary to comply with applicable legal and regulatory requirements or for such other period of time as is necessary for operational purposes such as proper bookkeeping, effective customer relationship management and responding to legal or regulatory requests.

Customer data is stored for the life of the contractual relationship and for a period of up to ten years after the contractual relationship has ended.

Data on potential customers is thus kept for a maximum of three years, depending on the life cycle of the project for which it was collected and when the person has expressed an interest.

Some data is archived for longer periods in order to meet our legal obligations and for evidential purposes, in particular to safeguard your rights and the rights of our company. These archived data are only accessible for purposes of evidence in court, control by an authorised authority (e.g. by the tax authority), for reasons of document production before judicial, administrative or police authorities.

9: Security and privacy

SF COMPANY SRL undertakes to adopt the necessary and adequate technical, physical and organisational measures to protect personal data against unauthorised access, unlawful and unauthorised processing, accidental loss or damage, and unauthorised destruction, namely: password protection, hard disk encryption software, firewalls, anti-virus software, intrusion and anomaly detection and access controls for our employees. In the event of a data breach with adverse consequences for your personal data, SF COMPANY SRL shall take the necessary/appropriate measures to ascertain the extent and consequences of the breach, to put an end to it as soon as possible and, if necessary, to limit its impact on the persons concerned, as specified in point 12 below. You are personally notified as a customer in the circumstances prescribed by law.

Data management and storage software is continuously updated.

These measures shall be regularly evaluated and, if necessary, updated in order to ensure maximum protection of the personal data of the data subjects.

Your Personal Data is stored on computer servers located at our headquarters.

10: What are your rights and how can you exercise them?

10.1 : Rights of data subjects

In accordance with the applicable regulations, you have various rights:

  • The right to request access to personal data (A) ;
  • The right to rectification (A) ;
  • The right to erasure of data(A) ;
  • The right to object to processing (B) ;
  • The right to withdraw consent (B) ;
  • The right to request a restriction of processing (B) ;
  • The right to data portability (C).
  1. : Right of access, rectification and deletion

Any data subject has the right to make a request for access to his/her personal data. If a data subject exercises this right, SF COMPANY SRL is obliged to provide him or her with information about it, including

  • To give a description and a copy of the personal data;
  • To inform the data subject of the purposes for which SF COMPANY SRL processes the data.

If data are inaccurate or incomplete, the data subject may request that they be rectified.

In certain circumstances, the data subject may, in accordance with data protection regulations, request the erasure of personal data concerning him or her, inter alia :

  • if the personal data is no longer necessary for the purposes for which it was collected or processed;,
  • you have withdrawn your consent to the processing and there is no other legal basis for the processing on the part of SF COMPANY SRL;
  • you have validly exercised your right to object (below);
  • your personal data has been unlawfully processed;
  • your personal data must be deleted to comply with a legal obligation;
  • your personal data was collected while you were still a minor.

Please note that we may not always be able to delete all the personal data requested, for example if processing is necessary for the establishment, exercise or defence of legal claims or because we are legally obliged to do so. We will provide you with more information on this in our response to your request.

In order to keep your data up to date, we ask you to inform us of any changes (e.g. change of marital status, change of address).

  1. : Right to object to and limit the processing of your data and right to withdraw your consent

You have the right to object to certain processing of your personal data by us. In particular, you have the right to object, without justification, to the use of your data for prospecting purposes. You can also request that the processing of your data be restricted.

You can therefore determine the privacy settings of your personal data by contacting us or, if applicable, via your personal user account available on our site.

If you do not wish/no longer wish to receive any form of commercial communication, you have the right to object at any time, without any reason, in whole or in part, to the use of your personal data by SF COMPANY SRL for direct marketing purposes. To do so, please contact us:

  • Either at the bottom of the commercial notifications sent to you, by clicking on the “unsubscribe” link and/or by changing your “preferences“;
  • Or by email to customercare@smartfridge.be

However, this right can only be exercised under certain conditions:

  1. Your application must be dated and signed;
  2. For cases other than opposition for canvassing purposes, you must have serious and legitimate reasons relating to your particular situation to object to the processing taking place. In the event of a justified objection, the processing in question may no longer relate to these data.

However, you may not object to processing that is necessary for the execution of orders and purchases concluded with you or for the execution of pre-contractual measures taken at your request; nor may you object to compliance with any legal or regulatory provision to which we are subject.

If you have given your consent to the processing of your personal data, you have the right to withdraw that consent at any time.

  1. : The right to portability

Where necessary and to the extent applicable, the data subject may request to receive certain personal data that he or she has provided to SF COMPANY SRL in the course of the management and performance of its activities, and to transfer such data to another Controller, for example in order to be able to change the service provider more easily. Where technically possible, the data subject may request SF COMPANY SRL to transfer the data directly to another Controller.

This is therefore only possible for personal data that you yourself have provided to SF COMPANY SRL, on the basis of an authorisation or service entrusted to SF COMPANY SRL. In all other cases, therefore, you cannot benefit from this right (for example, where the processing of your data occurs on the basis of a legal obligation).

10.2 : Who should you contact?

  • How can I exercise my privacy rights?

You can send us an e-mail to customercare@smartfridge.be

In order to exercise your right of access and to avoid any unlawful publication of your personal data, we must verify your identity. If in doubt or unclear, we will first ask you for additional information (preferably a copy of the front of your identity card).

  • Are there any costs?

You may exercise your privacy rights free of charge, unless your request is manifestly unfounded or exaggerated, in particular because of its repetitive nature. In this case, we have the right and the choice – in accordance with privacy legislation – to (i) charge you a reasonable fee (taking into account the administrative costs of providing the requested information or communication and the costs of taking the requested action), or (ii) to refuse your request.

  • In what format will I receive a response?

If you submit your application electronically, the information is sent electronically if possible, unless your application states otherwise. In any case, we provide you with a concise, transparent, understandable and easily accessible answer.

  • When will I receive an answer?

We will respond to your request as soon as possible, and in any case within one month of receiving your request. Depending on the complexity and number of applications, this period may be extended by two months. If the deadline is extended, we will inform you within one month of receiving the request.

  • What can I do if SF COMPANY SRL does not respond to my request?

We will always inform you in our reply about the possibility of lodging a complaint with the supervisory authority and appealing to the judge.

11: Transfer of data outside the EEA.

In the case of international transfers from the EEA to a third country for which the European Commission has issued an adequacy decision recognising that country as having a level of protection of personal data equivalent to that provided by EEA law, your personal data will be transferred on that basis.

For transfers to countries outside the EEA for which the European Commission has not issued an adequacy decision, we rely either on an exemption applicable to the situation (e.g. in the case of international payments, the transfer is necessary for the performance of the contract) or on the fact that the recipient of the data has agreed to process the personal data in accordance with the “Standard Contractual Clauses” drawn up by the European Commission for Data Controllers or Processors.

To obtain a copy of these texts or to find out how to access them, you can send a written request in the manner indicated in Section 10.2.

More generally, to the extent that and if personal data is processed outside the European Union, we ensure by contractual or other measures that such data is afforded an appropriate level of protection there, comparable to the protection it would enjoy in the European Union in accordance with European regulations.

12: Violation of personal data

12.1: Reporting of personal data breaches

Authorised users must take care in the performance of their duties to avoid incidents (intentional or unintentional) that may infringe on the privacy of the persons concerned.

In the event of a personal data breach, appropriate measures are taken as quickly as possible to minimise the risk of damage to the data subjects as well as to SF COMPANY SRL (damage to reputation, sanctions imposed, …).

In any case, all authorized users, as well as all other persons who consult, use or manage information of SF COMPANY SRL must immediately report any security breaches and incidents related to the security of the information so that an analysis can immediately be made, the necessary measures taken and whether the breach should be reported to the Data Protection Authority and/or to the persons concerned..

When the notification is made by e-mail, it is important that it is sent to the address mentioned in section 10.2 and that it is expressly stated in the subject line of the e-mail that it is a message with a high degree of urgency about a possible breach related to personal data.

The information should contain a full and detailed description of the incident, including the identity of the person making the report (surname, first name, address, e-mail (if applicable) and telephone number), what type of incident it is, and how many people are involved.

12.2: Survey and risk analysis

In principle, within 24 hours after the incident or violation has been noticed by SF COMPANY SRL or reported by a subcontractor, authorized user, recipient, data subject or third party, an investigation will be initiated by SF COMPANY SRL.

The investigation will indicate the nature of the incident, the type of data involved and whether any personal data specifically are affected (and if so, who are the data subjects and how much personal data are affected). The investigation will determine whether or not there has been a breach of personal data.

In the case of a breach, a risk analysis will be carried out to find out what the (possible) consequences of the breach are, and in particular the (possible) impacts on the persons concerned.

SF COMPANY SRL will then decide, based on the nature of the breach, whether or not there is an obligation to make a notification to the Data Protection Authority and/or the data subject.

12.3 : Documentation des violations

All violations will be documented in a register. The log will detail the main cause of the incident and contributing factors, the chronology of events, response actions, recommendations and lessons learned to identify areas for improvement. Recommended changes to systems and procedures will be documented and implemented as soon as possible.

13: How can I find out about this policy and its changes?

In a world of constant technological change, we will regularly update the Privacy Policy.

We invite you to consult the latest version of this document on our website and we will inform you of any substantial changes through our website or through our usual communication channels.

14 : How to contact us?

If you have any questions about the use of your personal data under this policy, you can contact us by e-mail at customercare@smartfridge.be

15: Supervisory Authority

For complaints about the processing of your personal data, you can contact the Data Protection Authority, rue de la Presse 35, 1000 Brussels / +32 (0)2 274 48 00 / contact@apd-gba.be / www.autoriteprotectiondonnees.be

This Privacy Policy is applicable as of 1st January 2021.

SF Company SRL