Privacy Policy

Your privacy is a top priority for us. We are fully committed to protecting your personal data and processing it in strict accordance with all applicable laws in Belgium and across Europe, most notably the General Data Protection Regulation (GDPR).

To prevent any unauthorized or unlawful use of your personal data, we have implemented appropriate technical and organizational measures. These include robust systems and procedures to ensure that only authorized personnel, who are themselves bound by a strict duty of confidentiality, can access your information.

This Privacy Policy is designed to transparently explain how we process your personal data, the purposes for which we do so, and the rights you have in relation to your data. We recommend that you read this statement carefully.

Article 1: Who are We?

1.1 – Our Role as Data Controller

The entity responsible for processing the personal data collected through this website (referred to as the “Data Controller” under European law) is:

Company Name:          m’enfin SCS (trading as “Delicatus Boutique”)
Registered Address:     Rue du Moulin Maisin 2, 1370 Jodoigne, Belgium
Website:                       www.delicatus.be
VAT No.:                     BE0670.669.282

As the Data Controller, we are legally responsible for determining how and why your personal data is collected and used. We take this responsibility seriously and are dedicated to handling your personal data with the utmost care and security.

1.2 – Our Data Protection Commitments

Our processing of your personal data is guided by the core principles of the GDPR. This means we are committed to the following promises:

  • Transparency: We will always clearly state the purposes for which we process your personal data. You will find these purposes detailed throughout this Privacy Policy.
  • Data Minimization: We limit our collection of personal data to only what is strictly necessary to achieve those stated purposes.
  • Consent: In cases where your consent is the legal basis for processing, we will first ask for your explicit and informed permission before collecting your data.
  • Security: We implement and maintain appropriate technical and organizational security measures to protect your personal data. We also require these same high standards from any third-party partners (known as “data processors”) who may handle data on our behalf.
  • Your Rights: We respect and facilitate your right to access, rectify, delete, or exercise any of your other rights over your personal data.

Furthermore, should we ever intend to use your data for a new purpose not covered in this Privacy Policy, we will update this statement and inform you of the changes before any new processing begins, seeking your consent where required.

Article 2: How and Why We Use Your Personal Data

When you interact with our website, place an order, or communicate with us, we collect and use your personal data for specific, explicit, and legitimate purposes. We are committed to processing only the data that is necessary for these purposes and will only do so when we have a valid legal basis under the GDPR.

The purposes for which we process your data, and the legal grounds we rely on, are detailed below.

2.1 – To Fulfil Our Contract with You

The primary reason we process your data is to perform the agreement we have with you when you make a purchase or create an account.

What this includes: Managing your personal account, processing your orders from payment to shipment, handling deliveries, and managing any returns.

Data used: Name, contact details (email, address, phone number), order details, payment and billing information, and account credentials.

Legal Basis – Performance of a Contract: This processing is necessary to deliver the products and services you have requested.

2.2 – Based on Our Legitimate Interests

We sometimes process your data to pursue legitimate business interests in a way that you would reasonably expect and which does not materially impact your rights, freedom, or interests.

  • Loyalty program (Deli Beauties program): When you create an account, you are enrolled in our loyalty program. We process your data to manage your points balance and rewards. Our interest is to enhance your customer experience and foster loyalty. You can easily opt-out of this program at any time by contacting our Customer Service at hello@delicatus.be.
  • Improving our products and services: We analyze customer behaviour, conduct satisfaction surveys, and organize product tests to gather statistical data and improve our offerings. We also invite you to leave reviews on our products to help other customers and improve our quality. You can always choose to submit reviews anonymously.
  • Marketing to existing customers: After you purchase a product, we may contact you with information about similar products or offers. Our interest is to keep you informed about our product range. You can unsubscribe from these communications at any time using the “unsubscribe” link in every email.
  • Managing legal claims: We may process data if necessary to manage pre-litigation or litigation matters, in order to establish proof of a right or a contract.
  • Security and fraud prevention: We may use your data to combat fraud and abuse to protect our business and customers.
  • Business transfers: In the context of a merger or acquisition, we may need to process your data as part of the transaction.
  • Legal Basis: Legitimate Interest.

2.3 – Based on Your Explicit Consent

For certain activities, we will only process your personal data after receiving your specific, informed, and freely given consent.

What this includes: Sending you our newsletter, engaging in electronic commercial prospecting (marketing to new prospective customers), and delivering highly personalized advertising content.

Legal Basis: Consent. You have the right to withdraw your consent at any time. Every newsletter we send includes a direct link to unsubscribe, and you can manage your preferences by contacting us.

2.4 – To Comply with Our Legal Obligations

As a business, we are subject to legal requirements that necessitate the processing of your data.

What this includes: Managing payments and invoices, maintaining our company accounts, and complying with tax and other regulatory obligations.

Data used: Transactional data, billing information, and other financial records.

Legal Basis: Legal Obligation.

Article 3: Sharing Your Data with Trusted Third Parties

We want to be clear that we will never sell your personal data to other companies for marketing purposes. We only share your information with trusted partners in specific, necessary circumstances and always with the utmost regard for your privacy and security.

Your personal data may be shared with the following categories of third parties:

  1. Service Providers (Data Processors)

To run our business effectively, we rely on third-party companies that process data on our behalf and under our strict instructions. These “Data Processors” include partners who provide:

  • Website hosting and maintenance
  • Payment processing
  • Customer relationship management (CRM) and support tools
  • Online marketing and analytics services

We have entered into legally binding Data Processing Agreements (DPAs) with each of these service providers. These contracts obligate them to handle your data securely, use it only for the purposes we specify, and adhere to the same high standards of data protection that we uphold.

  1. Partners Essential for Your Order (Order Fulfilment)

To fulfil our contractual agreement with you, it is necessary to share certain information with partners who help us deliver your order. This includes:

  • Logistics and Delivery Companies: To get your products to you, we must provide our courier partners with your name, shipping address, and contact details.
  • Payment Gateways: To securely process your payment.

This sharing is strictly limited to the information required for the performance of the contract we have with you.

  1. Legal, Regulatory, and Security Disclosures

In certain situations, we may be legally required to disclose your personal data. This would only occur if we must:

  • Comply with a law, court order, or other legal process.
  • Cooperate with law enforcement, public authorities, or supervisory bodies to investigate suspected criminal offences or misuse.
  • Protect our legal rights, for example, in the event of a suspected violation of the rights of third parties.

International Data Transfers Outside the European Economic Area (EEA)

Our goal is to process your personal data within the EEA. However, some of our trusted third-party service providers may be based or have servers located outside of this area.

When this occurs, we take all necessary measures to ensure your data receives an equivalent level of protection as it would within Europe. We do this by implementing one of the following legal safeguards:

  • Ensuring the data is transferred to a country that has been deemed to provide an “adequate” level of protection by the European Commission.
  • Using Standard Contractual Clauses (SCCs) approved by the European Commission in our contracts with these third parties.
  • Implementing other appropriate safeguards as permitted by the GDPR, ensuring your data remains secure and your rights are protected.

Article 4: Our Use of Cookies and Similar Technologies

To provide you with a seamless and personalized online experience, our website uses cookies. A cookie is a small text file that is stored on your computer, tablet, or phone when you visit a website. When you first visit our website, we will display a banner that explains our use of cookies and asks for your consent for any that are not strictly necessary.

We group our cookies into the following categories:

  • Essential Cookies

These cookies are strictly necessary for the website to function correctly. They enable core functionalities such as navigating pages, adding items to your shopping cart, and processing payments. As they are essential for the operation of the site, they are always active and do not require your consent.

  • Analytical & Performance Cookies

With your permission, we use analytical cookies to understand how visitors interact with our website. These cookies collect aggregated and anonymous information that helps us measure traffic, identify popular products, and improve the overall user experience.

  • A key tool we use for this is Google Analytics.

To protect your privacy, we have configured it in a privacy-conscious manner. This includes signing a Data Processing Agreement with Google, enabling IP address anonymization, and ensuring that the data we collect is not shared with Google for its own purposes or for other Google services. This processing is based on our legitimate interest to improve our website, but we will still request your consent for the placement of these cookies via our cookie banner.

  • Marketing & Targeting Cookies

If you provide your consent, we and our trusted advertising partners, such as Google and Meta, may use targeting cookies. These cookies help us understand your interests based on your browsing activity and purchases. This allows us to show you advertisements on other websites and social media platforms that are more relevant to you, creating a personalized marketing experience.

  • You Are in Control of Your Preferences

You have full control over your data. You can change your mind and withdraw your consent for non-essential cookies at any time. This can be easily done by accessing our “Cookie Settings” link, typically located in the footer of our website. You can also manage or delete cookies through your web browser’s settings.

Article 5: How Long We Keep Your Data (Data Retention)

We are committed to the principle of storage limitation as required by the GDPR. We do not store your personal data for longer than is strictly necessary to fulfil the purposes for which it was collected. Once those purposes have been achieved, your data is securely deleted or fully anonymized, unless a legal obligation requires us to retain it for a longer period.

Our specific retention periods vary depending on the nature of the data and the purpose of processing:

  • For Our Customers: As a general rule, we keep personal data related to your customer account and purchase history in our active database for a period of three (3) years following your last purchase or interaction with us. This allows us to manage our customer relationship effectively.
    After this period, your data may be placed in an intermediate archive with restricted access for an additional period (e.g., up to seven (7) years) to meet the standard statute of limitations for contractual claims in Belgium, which is 10 (ten) years. This archived data is retained strictly as evidence in case of a legal claim or dispute.
  • For Prospective Customers: If you have interacted with us (for example, by creating an account or contacting customer service) but have not yet made a purchase, we will retain your information for three (3) years from our last contact with you, based on our legitimate interest to engage with potential customers.
  • For Newsletter Subscriptions: If you have subscribed to our newsletter, we will retain your email address for this purpose based on your consent. We will keep your data for this purpose until you choose to unsubscribe, at which point it will be promptly deleted from our mailing lists.
  • To Comply with Legal Obligations: We are subject to specific Belgian legal requirements that mandate longer retention periods. Specifically, under the Belgian Code of Economic Law, we are required to keep accounting documents, such as invoices and transaction records, for a period of seven (7) years starting from the 1st of January of the year following their creation.

At the end of the applicable retention period, your personal data will be securely and permanently erased or fully anonymized.

Article 6: Your Rights Regarding Your Personal Data

Under the General Data Protection Regulation (GDPR), you have specific rights concerning your personal data. We are committed to upholding these rights and have established a clear process for you to exercise them.

6.1 – How to Exercise Your Rights

If you have a question, concern, or wish to exercise any of your rights listed below, please contact us.
You are our main point of contact.

  • Company: Delicatus Boutique
  • Address: Rue du Moulin Maisin 2, 1370 Jodoigne, Belgium
  • Email: tech@delicatus.be

When you contact us, please clearly state which right you wish to exercise and how you would like to receive the information (e.g., by email, by post). To ensure we are assisting the correct person and protecting your data, we may need to request additional information to verify your identity.

We will respond to your request within one (1) month of its receipt. In exceptional cases, this period may be extended by two further months if the request is complex or if we have received a high number of requests. We will inform you of any such extension within the first month, together with the reasons for the delay.

6.2 – Your Specific Rights

You have the following rights regarding the personal data we hold about you:

  • The Right to Access: You have the right to request confirmation as to whether or not we are processing your personal data. If we are, you can request a copy of that data. We will provide this copy free of charge. Please note that this right is not absolute and may be limited to protect the rights and freedoms of others.
  • The Right to Rectification: If you believe your personal data is inaccurate or incomplete, you have the right to request its correction or completion.
  • The Right to Erasure (‘Right to be Forgotten’): You have the right to request the deletion of your personal data without undue delay. This applies in situations where, for example, the data is no longer necessary for the purposes for which it was collected, or you withdraw the consent on which the processing was based. However, we may be unable to fulfill this request if we have a legal obligation to retain certain data.
  • The Right to Restriction of Processing: You have the right to request that we temporarily “freeze” or restrict the processing of your data. This may apply, for instance, while we are verifying the accuracy of your data or if you need the data for the establishment, exercise, or defense of legal claims but you no longer want us to process it.
  • The Right to Object: You have the right to object, at any time, to the processing of your personal data that is based on our legitimate interests. We must then stop processing unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
  • The Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another controller without hindrance from us, where the processing is based on consent or a contract.
  • The Right to Withdraw Consent: Where the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

6.3 – Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data infringes on the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement.

For Belgium, the competent authority is the Data Protection Authority:

Data Protection Authority
Rue de la Presse 35, 1000 Brussels, Belgium
Website: https://www.dataprotectionauthority.be
Email: contact@apd-gba.be

Article 7: Data Security

We take the security of your personal data very seriously and implement appropriate technical and organizational measures to protect it.

7.1 – Website Security

Our website uses HTTPS protocol (SSL/TLS encryption) to ensure that any data you transmit to us is sent securely and protected from interception. We also keep our software and security systems up-to-date to protect our platform.

7.2 – Payment Security

We do not directly store your full payment card details on our servers. All payment transactions are processed through our secure payment partner, Mollie.

Mollie is a leading payment service provider that is certified as PCI DSS Level 1 compliant, which is the highest level of security standard in the payment card industry. When you make a payment, your data is protected in the following ways:

  • Encryption: All payment information transmitted between your browser and Mollie’s servers is secured using strong SSL/TLS encryption.
  • Tokenization: Mollie uses tokenization. This means that after your initial transaction, your sensitive card details are replaced with a unique, non-sensitive identifier (a “token”). This token is used for any future transactions, ensuring that your full card number is never stored on our systems, significantly reducing risk.

By using a certified partner like Mollie, we ensure that your payment data is handled with the utmost security and in full compliance with data protection regulations, including the GDPR. You can learn more about Mollie’s privacy practices by reviewing their own privacy policy.

Article 8: Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

We encourage you to review this policy periodically to stay informed about how we are protecting your data. The date of the last modification will always be indicated at the top or bottom of this page.

If we make material changes to this policy, especially regarding how we collect, use, or share your personal data, we will provide a clear and prominent notice to you before the changes take effect. This may be done by posting a notification on our website or, in some cases, by contacting you directly via email.