en
Cart
0
0.00 €

Privacy policy

This policy contains the name and contact details of the data controller who operates the restaurant. The names and contact details of the data controllers can be found in Appendix 3 of this notice. Responsible for data processing: Name 1000 Homes & More Management Srl 

• Registered office and postal address: De Merodelei 151, 2300 Turnhout (Belgium) 

• telephone number: +32 471 89 2991 

• E-mail address: info@ www.gastartsalon.com 

• web address: www.gastartsalon.com (hereinafter referred to as "the data controller") 

Source of personal data 

Personal data is provided directly by the data subject to the data controller, who informs the data subject of this when he or she first comes into contact with the data controller. 

Automated decision-making 

The data controller does not use automated decision-making. 

Compulsory provision of personal data, consequences of not providing personal data 

he provision of data is compulsory and, in the event of failure to do so, the data subject may not use the services of the data controller.

Personal data processed for registration purposes are accessible in the first instance by the data controller. In the event of proceedings before a court or other authority requiring the transmission of personal data to the competent body, the court or authority may also have access to the personal data. With regard to personal data processed for registration purposes, you may exercise your rights of withdrawal of consent, access, rectification, erasure, restriction of processing and data portability. The conditions for exercising these rights are set out in Chapter IV of this notice. 

I.2. Personal data processed for purchasing, ordering and event management purposes 

You have the option of using the services of the data controller both in the absence of registration and after registration, i.e. to purchase products from the data controller's offer. 

The data controller shall first have access to the personal data processed in connection with a purchase. If proceedings are brought before a court or other authority requiring the transfer of personal data to the court or authority, the court or authority may also have access to the personal data. 

You may exercise your rights of access, rectification, erasure, restriction of processing and data portability in respect of the personal data processed for the purposes of your purchase. The conditions for exercising these rights are set out in chapter IV of this notice. 

Personal data processed for the purpose of paying the price of the product ordered 

I.2.1. Paypal Payment for products ordered is made via PayPal, an electronic payment service . The following data is processed: 

In the case of the use of Barion, the main access to the personal data processed is provided by the data controller, Barion Payment Zrt. (registered office: H-1117, Budapest, Infopark sétány 1.; tax identification number: 25353192243,

I.3. Personal data processed for the purpose of providing information on purchases Communication between the data controller and you is essential to the operation of the restaurant. You can place your orders via the websites indicated above. You will receive confirmation of your purchase by e-mail or by the remaining part of the order form on paper. Your personal data will be processed as follows:

Personal data processed for the purpose of providing information on the use of the restaurant's website shall be accessible in the first instance by the data controller. If proceedings are brought before a court or other authority requiring the transmission of personal data to the court or authority, the court or authority may also have access to the personal data. You may exercise your rights of access, rectification, erasure, restriction of processing and portability in respect of personal data processed for the purpose of providing you with information about your purchase. The conditions for exercising these rights are set out in chapter IV of this notice. 

I.4. Handling complaints If you are not satisfied with the product you have ordered or if you have other complaints about our products, the data controller will give you the opportunity to lodge a complaint. In this case, your personal data will be processed as described below: 

The data controller shall have access in the first instance to the personal data processed in connection with the handling of complaints. If proceedings are brought before a court or other authority requiring the transfer of personal data to the competent body, the court or authority may also have access to the personal data. 

You have the right to access, rectify and restrict the processing of personal data processed in connection with the handling of complaints. The conditions for exercising these rights are set out in chapter IV of this notice. 

II.9. Personal data processed for complaints handling and contact purposes 

The protection of personal data and the right of data subjects to self-determination with regard to information are of the utmost importance to the data controller. The data controller has therefore endeavoured to ensure that personal data is only processed where necessary, taking into account the principle of data economy. This includes contacting the data controller, maintaining contact with the data controller and communicating with the data controller. Your personal data will therefore be processed as described below:

Personal data processed for the purpose of contacting you may be consulted in the first instance by the data controller. If proceedings are brought before a court or other authority requiring the transmission of personal data to the court or authority, the court or authority may also have access to the personal data. With regard to personal data processed for the purpose of contacting you, you may exercise your rights of withdrawal of consent, access, rectification, erasure, restriction of processing and data portability. The conditions for exercising these rights are set out in chapter IV of this notice. 

II.10. Information on cookies Information on the cookies used by 1000 Homes & More Management Srl and those used by third parties can be found in the pop-up window on the data controller's website.

II. DATA SECURITY 

The employees of the data controller and of any other data controller and processor have the right to access the data to the extent necessary for the performance of their duties. The data controller shall take all necessary security, technical and organisational measures to ensure the security of the data. 

II.1. Organisational measures 

The granting of access is based on the principle of "necessary and sufficient rights", i.e. each user may use the data controller's IT systems and services only to the extent necessary for the performance of his or her work, with the corresponding rights and for the necessary duration. Access rights to IT systems and services may only be granted to persons who are not restricted for security or other reasons (e.g. conflict of interest) and who have the necessary professional, commercial and information security skills to use them safely. The data controller undertakes, in a written declaration, to comply with strict confidentiality rules and to act in accordance with these confidentiality rules in the course of his or her work. Documents containing personal data must not be left on desks after work and must be locked by 7 employees to prevent unauthorised access (the "clean desk" policy). 

II.2. Technical measures 

The data controller protects the buildings it operates or uses, their premises and therefore the data handled, processed and stored there, by means of various security systems (e.g. alarms, cameras, grilles, fire protection systems, etc.). It also uses safes. The data controller stores the data on its own equipment, with the exception of data stored by its subcontractors. The IT tools storing the data are kept by the data controller in a separate, locked server room, protected by a multi-level access control system, with access control subject to authorisation. The data controller protects its internal network with several layers of firewalls. A hardware firewall (border protection device) is permanently installed at all access points to the public networks used. Data is stored redundantly, i.e. in several locations, by the data controller in order to protect it against destruction, loss, damage or unlawful destruction due to IT equipment failure. We protect our internal networks against external attacks using multiple layers of active and complex malware protection (e.g. virus protection). The necessary external access to the IT systems and databases operated by the data controller is provided by the data controller via an encrypted data connection (VPN). We make every effort to ensure that our IT tools and software are always in line with the technological solutions generally accepted on the market. We develop systems that use logging to control and monitor operations and detect incidents such as unauthorised access. The data controller's server is located on a dedicated server that is separate from the hosting provider and is protected and locked.

III. YOUR LEGISLATION 

It is important for the data controller that its processing complies with the requirements of fairness, lawfulness and transparency. To this end, you may request information on the accuracy and fairness of your personal data. 8 on the processing of your personal data, and can request the rectification or - except for compulsory processing - the erasure of your personal data, withdraw your consent, and exercise the right to data portability or opposition. In order to inform you of your rights and the conditions for exercising them, we provide you with the following information.

III.1. Withdrawal of consent 

In the case of data processing based on consent (registration, sending of newsletters and use of cookies, making contact), you have the right to withdraw your consent at any time without giving any reason. This withdrawal does not affect the lawfulness of the processing based on consent that took place prior to the withdrawal. However, the controller will no longer carry out operations using your personal data and will delete them. You may give your consent by contacting the data controller at one of the following addresses or by the following means: 

- Registration: if you are registered, click on the "Modify or delete personal data" button. 

- Sending the newsletter: by clicking on the "Unsubscribe from newsletter" link at the bottom of the newsletter or by sending a letter to the contact details of the data controller.

III.2. Accessible 

from You have the right to obtain access to your personal data processed by the data controller, by sending a request to one of the data controller's contact details. In this context, you will be informed of the following: 

- if your personal data is processed ; 

- the purposes of the processing ; 

- the categories of personal data concerned; 

- the recipients or categories of recipient to whom the personal data have been or will be disclosed; 

- how long the personal data will be stored; 

- your rights ; 

- your recourse ; 

- information on data sources. You may also ask the data controller to provide you with a copy of the personal data being processed. You can do this by submitting a request to one of the data controller's contact persons. In this case, the data controller will provide the personal data in a structured, commonly used and computer-readable format (Microsoft Excel) or in a printed paper version. The first request for a copy is free of charge on an annual basis.

III.3. Correction 

You have the right to request, on the basis of a request made via the data controller's contact details, the rectification of inaccurate personal data concerning you processed by the data controller and the completion of incomplete data. Where the data controller does not have the necessary information to correct or complete inaccurate data, it may request the submission of such additional data and verification of the accuracy of the data. As long as the 9 If the data cannot be clarified or completed in the absence of additional information, the controller shall restrict the processing of the personal data concerned and temporarily suspend the operations carried out in relation to them, with the exception of storage. You can also correct the personal data provided when registering on the controller's website and during the purchase process by using the "Modify profile" interface. You can confirm your changes by clicking on the "Save" button. 

III.4. Delete 

You have the right to request the erasure of your personal data processed by the controller, on the basis of a request submitted via the controller's contact details, if one of the following conditions applies: - we no longer need this data; - you have doubts about the lawfulness of the processing of your data. If, following your request, the data controller determines that there is an obligation to erase the personal data it is processing, it will cease processing the data and destroy the personal data previously processed. In addition, the obligation to erase personal data may also exist on the basis of the withdrawal of consent, the exercise of the right to object or legal obligations. Registered users of the data controller can also delete their profile by clicking on the "delete" button. The controller informs you that erasure cannot be initiated in connection with processing carried out by the controller in order to comply with a legal obligation to which the controller is subject. Consequently, the exercise of this right is excluded, for example with regard to data to be retained under the Accounting Act.

III.5. Restrictions on data processing 

You have the right to request, on the basis of a request made via the data controller's contact details, the restriction of the processing of your personal data processed by the data controller in the following cases: 

- you question the lawfulness of the controller's processing of your personal data and request that the data be restricted rather than deleted; 

- we no longer need the data, but you do need it to lodge, exercise or defend legal claims. The controller will automatically restrict the processing of personal data if you challenge the accuracy of the personal data. In this case, the restriction will apply for the period necessary to verify the accuracy of the personal data. During the restriction period, no processing operations may be carried out on the personal data, but only the storage of the data. Personal data may only be processed when processing is restricted in the following cases: 

- with your permission; 

- initiate, maintain or defend legal claims; 10 

- protect the rights of another natural or legal person; 

- an important public interest. 

The data controller will inform you in advance if the restriction is lifted.

III.6. Data portability 

You have the right to request, on the basis of a request made via the data controller's contact details, the provision of personal data relating to you processed by the data controller for further use as you have specified. You may also request the data controller to transfer your personal data to another data controller designated by you. This right is limited to the personal data you have provided and which is processed on the basis of consent or a contractual legal basis (registration, purchase, delivery, newsletter, etc.). It is not possible to transmit other data (e.g. statistics). You may do so by submitting a request to one of the contact details of the data controller. In this case, the data controller will provide the personal data in a structured, commonly used and computer-readable format (Microsoft Excel). The data controller informs you that exercising this right does not automatically result in the deletion of your personal data from the data controller's systems. Furthermore, you have the right to use the controller after the data has been transferred.

III.7. Protest 

You may object at any time to the processing of your personal data for the purpose of sending newsletters, on the basis of a request made via the contact details of the data controller. In this case, the data controller will no longer process the personal data for this purpose and will delete it. You also have the option of expressing your opposition by clicking on the "Unsubscribe from newsletter" link at the bottom of the newsletter. 

III.8. Our procedure for exercising your rights 

The data controller will inform you of the outcome of your request to exercise your rights without undue delay and within a maximum of one month from receipt of the request. If necessary, given the complexity of the request and the number of requests, this period may be extended by a further two months. The data controller will inform you of this extension, specifying the reasons for the delay, within one month of receipt of the request. If the controller does not act on your request, it will inform you without delay, and at the latest within one month of receipt of the request, of the reasons for inaction and of your right to lodge a complaint with a supervisory authority and to seek legal redress. The data controller will provide information about the action or inaction in the form specified by you. If you have submitted your request electronically, the information will be provided electronically unless you request otherwise. The data controller will provide the information and data requested free of charge. 11 The data controller shall inform each recipient to whom or with whom the personal data has been disclosed of any rectification, erasure or restriction of the processing carried out, unless this proves impossible or involves a disproportionate effort. At your request, the data controller will inform you of these recipients. In order to comply with the request, the data controller must ensure that the data subject intends to exercise his/her rights. This may also require, where appropriate, that you appear in person at the data controller's registered office for identification purposes. 

III.9. Exercising rights after the death of the person concerned 

Within five years of the death of the data subject, the rights of access, rectification, erasure, restriction of processing or objection may be exercised by the person authorised by the data subject by an administrative act or by a declaration in a public or private document with full evidential value made to the data controllers. In the absence of a declaration, the rights of rectification and opposition and, where the processing was unlawful during the lifetime of the data subject or the purpose of the processing ceased to exist after the death of the data subject, the rights of erasure and restriction of processing shall be exercised by the close relative of the data subject (spouse, closest relative, adopted child, stepchild or foster child, adoptive parent, step-parent or foster parent, brother or sister) who is the first to exercise this right; the next-of-kin, adopted child, stepchild, adoptive parent, stepchild, brother or sister) who is the first to exercise this right. The person asserting their rights must provide proof of the fact and date of death of the person concerned by means of a death certificate or court decision, as well as proof of their identity and, where applicable, their status as a close relative by means of a public document. The person exercising the rights is then subject to the rights and obligations established for them. The controller shall, on request, inform the data subject's relative of the measures taken pursuant to this point, unless the data subject has prohibited this in the administrative provision referred to in the first subparagraph, in a public document or in a private document with full evidential value.

IV. YOUR REMEDIES 

If the data controller processes your personal data in an inappropriate manner, contrary to the law, or if the data controller has not complied with your request to exercise your rights or has not respected them in an appropriate or adequate manner, you have several means of redress. 

IV.1.File a complaint with the data protection authority 

If you have a complaint against the data controller, you can lodge a complaint with the Data Protection Authority using one of the following contact details: 

- Address: 35 Rue de la Presse, 1000 Brussels, Belgium. 

 - contact by phone : +32 (0)2 274 48 00 

- E-mail: contact@apd-gba.be 

- Website: https://www.autoriteprotectiondonnees.be/citoyen 

IV.2.Judicial enforcement 

 You also have the right to take legal action against the controller's actions, in addition to administrative remedies. The rules of the GDPR and the Loi du 5 septembre 2018 relative à la protection des personnes physiques à l'égard des traitements de données à caractère personnel (in French) or Wet van 5 september 2018 betreffende de bescherming van natuurlijke personen met betrekking tot de verwerking van persoonsgegevens (in Dutch) apply to the legal action. Please consult a lawyer for advice on how to take legal action. 

Concepts relating to the processing of personal data 

- controller: the legal entity which determines the purposes and means of the processing of personal data; 

- Processing: any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 

- transfer: making data available to a specified third party ; 

- erasure: rendering data unrecognisable so that it can no longer be retrieved; 

- Marking of data: marking of data with an identification mark to distinguish them; 

- restriction of processing: marking of stored personal data with the aim of limiting their future processing; 

- Destruction of data: complete physical destruction of the medium containing the data; 

- processor: a legal entity which processes personal data on behalf of the controller; 

- recipient: the natural or legal person, public authority, department or any other body, whether a third party or not, to whom or with whom personal data is communicated; 

- data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data; 

- third party: a natural or legal person, a public authority, a department or any other body other than the data subject, the controller, the processor or persons who, under the direct authority of the controller or processor, are authorised to process personal data; - consent of the data subject: a voluntary, specific, informed and unequivocal expression of the data subject's wishes whereby he or she agrees to the processing of personal data concerning him or her by means of a declaration or an unequivocal act of affirmation; 

- IP address: in all networks where communication is carried out using the TCP/IP protocol, server machines have an IP address, i.e. an identification number that enables them to be identified on the network. It is a well-known fact that each computer connected to a network has an IP address by which it can be identified. 

- personal data: data that can be associated with the data subject, including name, identifying mark and one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, as well as the conclusions that can be drawn from the data concerning the data subject; 

- objection: a statement by the data subject objecting to the processing of his or her personal data and requesting that the processing be stopped or that the processed data be deleted.

DOWNLOAD Gast ...2 en.pdf