Welcome to SARAHPACINI.COM, a website managed and owned by Cavasi SRL, with offices at Rue Dieudonné Lefevre no 2, 1020 Brussels and enterprise number 0460.294.395 (referred to below as ‘Cavasi SRL’, ‘we’, or ‘us’).
It is also subject to change, for example because of regulatory amendments. You can always find the most recent version on our website.
1. Scope of application
The SARAHPACINI.COM website may contain links to third-party websites, plug-ins, and applications. If you click these links or enable these connections, third parties may collect or share information about you. We have no control over these third-party websites and are not responsible for their privacy statements. When you leave our website, we thus recommend that you read the privacy statement of each website you visit.
2. Which data do we process?
Personal data, or personal information, means any information about a person that makes it possible to determine their identity. If data cannot be used to determine a person’s identity, those are anonymous data not personal data. When anonymous data are combined with personal data, such as in a personal file, all the data are considered personal data. If we remove all personal data from a personal file, the remaining data are no longer personal data, but simply anonymous data again. We call this process anonymization.
As for your personal data, we process different types of personal data that we can classify into these categories:
- Identity data include your form of address, first name, surname or similar identifiers, gender, and date of birth.
- Contact details include your address, billing address, delivery address, telephone numbers, email addresses, profile details in social networks, and similar contact details.
- Financial data include your bank account and credit card details.
- Transaction details include data on payments and refunds made.
- Technical data include your IP address (internet protocol), browser type and version, time-zone setting and location, types and versions of browser plug-ins, operating system and platform, and other technology on the devices you use to access our website.
- Usage data include information about how you use our website, products, and services.
- Marketing and communications data include your preferences for receiving marketing materials from us and third parties and your communication preferences.
- Besides all the above information, profile details include your username and password, any purchases or orders you have made with their status and details, and your notifications, reviews, and survey responses, interests and preferences, and any photos or other visual material.
- Work related data include employment, resume, CV and other job related information that you submit to us or provide us access to in connection with other platforms (LinkedIn, Indeed).
You decide which data to transfer to us, but certain data are necessary to purchase products or services from us or for us to be able to deliver them to you. If you do not provide certain data to us, we might be unable to deliver certain products or services or do so completely, or be unable to fulfil all or part of our agreement(s). We will inform you about this at that time.
3. How do we obtain your data?
We use various methods to collect data from and about you, including:
- Direct interaction: You can provide your data to us through our website SARAHPACINI.COM or by contacting us by post, telephone, email, or other means. This includes personal data that you provide when you:
- create an account on our website
- request and pay for our products or services
- subscribe to our services or publications
- request us to send marketing material
- participate in a contest, promotion, or survey
- give us feedback.
- Third parties or publicly available sources: We may receive personal data about you from third parties in the following situations:
- Technical data of these parties:
- analysis service providers: Google Analytics, based outside the EU;
- advertising networks: Google Adwords and Criteo, based inside and outside the EU;
- search information providers:
- contact details, transaction data, and financial data of providers of technical services and payment and delivery services, such as PayPal, based inside and outside the EU.
4. For which purposes do we process your data?
Regardless of the purpose, we process your data only in accordance with the legal grounds permitted under the European General Data Protection Regulation 2016/679 of 27 April 2016 (better known as the GDPR).
We process your data based on:
- your consent to do so
- the need for processing to supply the products, services, etc. that you purchase from us
- the need for processing to comply with a legal obligation
- the need for processing for our legitimate interests or those of a third party, unless your interests override these interests.
In general, we do not rely on your consent as a legal ground for processing your personal data, except for sending you direct marketing messages by email or SMS to the extent required by law.
For which purposes do we process your data? To this end, we have drawn up a clear table specifying the specific purposes, which data are processed for this purpose, and on which legal ground (marketing is dealt with separately):
Although the table above shows that we do profiling to make suggestions and recommendations about products and services that are relevant and interesting to you, we do not attach any conclusions to this concerning your person.
We also process your data for marketing purposes. Here we distinguish between marketing that we perform ourselves and marketing that our partners perform.
By analysing your profile data, we form a picture of what we think are your interests and preferences, and on that basis highlight products and services relevant to you through marketing messages. Such marketing messages are also generated after you request information from us, register for a promotion, or enter a competition.
If we share your data with third parties for marketing purposes, this will always be after you have given your express consent.
You can change your marketing preferences at any time by logging in to the website and ticking or unticking the relevant checkboxes, clicking on the unsubscribe link in a marketing message sent to you, or by contacting us.
5. To whom, if anyone, do we disclose your data?
We can or may have to share your personal data with third parties, such as:
- companies affiliated with Cavasi SRL
- subcontractors needed to execute orders for products and services you purchase from us, such as transport and logistics companies, website and tool developers
- professional advisers, including legal consultants, lawyers, and so on
- government agencies
To the extent necessary, we may transfer your personal data to another country, even outside the European Union. We obviously respect the rules in this regard and adopt the appropriate precautionary measures as laid down in the GDPR.
For transfers outside the European Union, we first ensure that the country concerned has an adequate level of protection. This European Commission issues a list of these countries, which includes the United States, but only for companies certified under the EU-US Privacy Shield.
If the country concerned does not enjoy an adequate level of protection, we will use an agreement approved by the European Commission with that country’s service provider that protects personal data in the same way as within the European Union.
6. How long do we retain your data?
We retain your personal data for as long as needed to achieve the purposes for their processing.
We may also be required by law to retain your personal data for some time: for fraud prevention, anti-money laundering detection, and so on.
In determining the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, as well as the potential risk of damage due to unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, whether we can achieve these purposes by other means, and the applicable legal requirements.
Under certain circumstances, we may anonymize your personal data (so they can no longer be linked to you) for research or statistical purposes. In that case, we may use this information unlimitedly without further notice.
7. How do we secure your data?
We do our utmost to guarantee the security, confidentiality, and integrity of your personal data as well as possible. For example, we adopt appropriate technical and organizational security measures to prevent the destruction, loss, or alteration of, and unauthorized disclosure or access to, your personal data, whether accidental or unlawful. In addition, we restrict access to your personal data to those employees, consultants, subcontractors, and other third parties necessary for us to fulfil our contractual obligations to you and/or our legal obligations. They work on our instructions and are also subject to a duty of confidentiality.
We also undertake to regularly test, monitor, evaluate, and, if necessary, update the effectiveness of our technical and organizational measures to ensure our processing security is continuously improved.
Lastly, when you place an order or access your account data, we use Secure Socket Layer (SSL) encryption that encrypts your information before it is sent to us.
8. What are your legal rights?
Right of access: You have the right to access all personal data that we process about you, and all related information: purposes, recipients, retention period, and so on. To this end, we provide you with a copy.
Right to rectification: You have the right to have incorrect personal data rectified or to supplement incomplete personal data.
Right to erasure: (‘right to be forgotten’): In specific situations, you have the right to demand that your personal data be erased, for example if your personal data is no longer necessary for the purposes for which we processed them. If we believe that your request for erasure of your data does not meet the legal criteria for exercising this right, we will inform you of this at the time of your request.
Right to restriction of processing: You have the right to require us to suspend the processing of your personal data (without erasure of the data) in these cases only: (a) if you want us to verify the accuracy of your data until the date of our response; (b) if our processing is unlawful but you do not want us to erase your data; (c) if you would like us to keep your data, even though we no longer need them, because you need them to establish, exercise, or defend legal claims, or (d) if you have objected to the processing of your data for the period necessary for us to verify that our legitimate grounds do not override yours. If the restriction of processing is lifted, we will inform you in advance through the same means of communication by which you exercised your right.
Right to object/oppose: You have the right, for reasons relating to your particular situation, to object to the processing of your personal data for which we rely on our or a third party’s legitimate interest as a legal ground. We will discontinue processing, unless we are able to rely on compelling legitimate grounds that override or relate to establishing, exercising, or defending legal claims.
If we process your data for direct marketing purposes, you have the right to oppose this at any time.
Right to data portability: In certain situations, you have the right to receive your personal data in a structured, commonly used, and machine-readable form in order to transmit those data to another controller. If you wish, we will transmit your data directly to the relevant controller.
Right to withdraw your consent: You have the right to withdraw your consent at any time when we rely on that consent to process your personal data. However, this does not affect the lawfulness of the processing performed before you withdrew your consent. After withdrawal, we may no longer be able to comply with your requests for products or services. If that is the case, we will inform you at the time of withdrawal.
9. How to contact us
We will try to respond to your requests within one month of receiving them. If the complexity or number of requests does not allow us to reply within one month, the deadline for replying can be extended by another two months. We will inform you of such an extension.
If we do not comply with your request, we will inform you of this within one month of receiving it. However, you retain the right to lodge a complaint with the competent data protection authority or to bring a court action.
We will comply with your requests free of charge, unless a request is manifestly unfounded or excessive, for which administrative costs may then be charged.
We may need to request more specific information to trace and verify your identity, as we want to avoid providing personal data to unauthorized persons.
You can also reach us by post at Cavasi SRL, Rue Dieudonné Lefevre no 2, 1020 Brussels.