Privacy Policy

This Policy is established by Nomade, located at Rue Félix Delhaes 38, 4607 Dalhem, Belgium, registered under the number BE0719470477 (hereinafter referred to as "the Data Controller").

The purpose of this Policy is to inform visitors of the website hosted at the following address: https://shop.nomade-studio.be (hereinafter referred to as "the Website") about how their data is collected and processed by the Data Controller.

This Policy is aligned with the Data Controller's commitment to acting transparently and in accordance with national regulations, as well as the EU Regulation 2016/679 of the European Parliament and Council dated April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation").

The Data Controller places special emphasis on the protection of user privacy and is committed to taking reasonable precautions to safeguard personal data against loss, theft, disclosure, or unauthorized use.

Personal Data is defined as any information related to an identified or identifiable individual, meaning any information that can directly or indirectly identify a person.

If the user wishes to respond to any of the practices described below, they may contact the Data Controller at the postal address or email provided under the "Contact Information" section of this Policy.

The Data Controller collects and processes the following personal data, according to the methods and principles described below:

• The user's domain (automatically detected by the Data Controller's server), including their dynamic IP address;
• The user's email address if previously provided, such as when sending messages or inquiries on the Website, communicating with the Data Controller via email, participating in discussion forums, accessing restricted areas of the Website with login credentials, etc.;
• Information regarding the pages the user has visited on the Website;
• Any information voluntarily provided by the user, such as in surveys or registrations on the Website, or by accessing restricted sections of the Website after logging in.

It is possible that the Data Controller may also collect non-personal data. These data are classified as non-personal because they do not allow for the direct or indirect identification of a specific individual.

These non-personal data may therefore be used for various purposes, such as improving the website, products, services, or advertising of the Data Controller.

In the event that non-personal data is combined with personal data, making it possible to identify individuals, such data will be treated as personal data until the identification of the individual is no longer possible.

The Data Controller collects personal data in the following ways:

• Web forms

Personal data is collected and processed exclusively for the following purposes:

• To manage and monitor the execution of services offered;
• To send and follow up on orders and invoices;
• To send promotional information about the Data Controller's products and services;
• To send promotional materials;
• To respond to the user's inquiries;
• To conduct statistical analysis;
• To improve the quality of the website and products/services offered by the Data Controller;
• To communicate information about new products and/or services offered by the Data Controller;
• For commercial prospecting activities;
• To better identify the user's areas of interest.

The Data Controller may also carry out processing activities not currently covered by this Policy. In such cases, the Data Controller will contact the user before reusing their personal data to inform them of the changes and provide them with the opportunity, if applicable, to object to this reuse.

Some of the processing activities carried out by the Data Controller are based on the legal basis of their legitimate interests. These legitimate interests are proportionate to the respect of the user's rights and freedoms. If the user would like to be informed about the specific purposes based on the legal grounds of legitimate interests, they are encouraged to contact the Data Controller (see the "Contact Information" section).

In general, the Data Controller retains personal data only for as long as reasonably necessary for the purposes pursued and in accordance with legal and regulatory requirements.

Personal data of a customer is retained for a maximum of 10 years after the end of the contractual relationship between the customer and the Data Controller.

At the end of the retention period, the Data Controller takes all reasonable steps to ensure that personal data is made unavailable and inaccessible.

For all the rights listed below, the Data Controller reserves the right to verify the identity of the user in order to exercise these rights.

This request for additional information will be made within one month of the user's request.

The user may request a free written communication or a copy of the personal data collected about them.

The Data Controller may charge reasonable fees based on administrative costs for any additional copies requested by the user.

When the user makes this request electronically, the information will be provided in a commonly used electronic format unless the user requests otherwise.

Unless an exception is provided for in the General Data Protection Regulation (GDPR), the copy of the personal data will be communicated to the user no later than one month after receiving the request.

The user has the right to obtain, free of charge, as soon as possible and no later than one month, the rectification of any inaccurate, incomplete, or irrelevant personal data, as well as to complete the data if it is found to be incomplete.

Unless an exception is provided for in the GDPR, the request for rectification will be processed within one month of submission.

The user may, at any time and for reasons related to their particular situation, object free of charge to the processing of their personal data when:

• The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
• The processing is necessary for the purposes of legitimate interests pursued by the Data Controller or a third party, unless the interests or fundamental rights and freedoms of the data subject require the protection of personal data (particularly when the data subject is a child).

The Data Controller may refuse to implement the user’s right to object if it establishes the existence of compelling and legitimate grounds for the processing, which override the interests or rights and freedoms of the user, or for the establishment, exercise, or defense of legal claims. In the event of disagreement, the user may file an appeal in accordance with the "complaints and grievances" section of this Policy.

The user may also, at any time, object without justification and free of charge to the processing of personal data concerning them when the data is collected for direct marketing purposes (including profiling).

When personal data is processed for scientific or historical research or statistical purposes in accordance with the General Data Protection Regulation (GDPR), the user has the right to object, for reasons related to their particular situation, to the processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out in the public interest.

Unless an exception is provided for under the GDPR, the Data Controller is required to respond to the user’s request as soon as possible and no later than one month, providing a reasoned explanation if the request is not followed.

The user may obtain the restriction of processing of their personal data in the following cases:

• When the user contests the accuracy of data, for the time necessary for the Data Controller to verify its accuracy.
• When the processing is unlawful, and the user prefers the restriction of processing rather than deletion.
• When, although no longer necessary for the purposes of processing, the data is required by the user for the establishment, exercise, or defense of legal claims.
• For the period necessary to examine the justification of an objection raised by the user, in other words, for the time needed for the Data Controller to verify the balance of interests between the legitimate interests of the Data Controller and those of the user.

The Data Controller will inform the user when the restriction of processing is lifted.

The user may request the erasure of personal data concerning them when one of the following reasons applies:

• The data is no longer necessary for the purposes of processing.
• The user has withdrawn their consent for the processing of their data, and there is no other legal basis for the processing.
• The user objects to the processing, and there is no overriding legitimate ground for the processing and/or the user exercises their specific right to object to direct marketing (including profiling).
• The personal data has been processed unlawfully.
• The personal data must be erased to comply with a legal obligation (under Union or Member State law) to which the Data Controller is subject.
• The personal data was collected in the context of offering information society services directed at children.

However, the right to erasure does not apply in the following cases:

• When processing is necessary for exercising the right to freedom of expression and information.
• When processing is necessary for compliance with a legal obligation that requires processing under Union or Member State law to which the Data Controller is subject, or for performing a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
• When processing is necessary for reasons of public interest in the area of public health.
• When processing is necessary for archiving purposes in the public interest, for scientific or historical research, or for statistical purposes, provided that the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of the processing.

Unless an exception is provided for under the General Data Protection Regulation (GDPR), the Data Controller is required to respond to the user’s request as soon as possible and no later than one month, providing a reasoned explanation if they intend not to comply with such a request.

The user may, at any time, request to receive their personal data in a structured, commonly used, and machine-readable format, and may transfer it to another Data Controller, when:

• The processing is carried out by automated means; and
• The processing is based on the user's consent or a contract concluded between the user and the Data Controller.

Under the same conditions and in the same manner, the user has the right to request that the Data Controller transmit the personal data concerning them directly to another Data Controller, provided that it is technically feasible.

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.

The recipients of the collected and processed data, in addition to the Data Controller itself, include its employees or subcontractors, carefully selected business partners located within the European Union, who collaborate with the Data Controller in the marketing of products or the provision of services.

In the event that data is disclosed to third parties for direct marketing or commercial prospecting purposes, the user will be informed in advance, allowing them to choose whether to accept the transfer of their data to third parties.

As long as the transfer is based on the user's consent, they may withdraw that consent at any time for this specific purpose.

The Data Controller complies with the applicable legal and regulatory provisions and will ensure that its partners, employees, subcontractors, or other third parties with access to this personal data adhere to this Policy.

The Data Controller may disclose the user's personal data if required by law, judicial proceedings, or an order from a public authority.

No transfer of personal data outside the European Union is carried out by the Data Controller.

The Data Controller implements appropriate technical and organizational measures to ensure a level of security for the processing and the collected data, taking into account the risks associated with processing and the nature of the data being protected. The measures are appropriate to the risk level and consider the state of the knowledge, implementation costs, the nature, scope, context, and purposes of processing, as well as the risks to the rights and freedoms of users.

The Data Controller always uses encryption technologies that are recognized as industry standards within the IT sector when transferring or receiving data on the website.

The Data Controller has put in place appropriate security measures to protect and prevent the loss, misuse, or alteration of information received through the website.

In the event that personal data controlled by the Data Controller is compromised, it will act promptly to identify the cause of the breach and take appropriate remedial actions.

The Data Controller will inform the user of the incident if required by law.

If the user wishes to respond to any of the practices described in this Policy, they are advised to contact the Data Controller directly.

The user may also file a complaint with their national supervisory authority. Contact details can be found on the European Commission's official website: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Additionally, the user has the option to file a complaint before the competent national courts.

For any questions or complaints related to this Policy, the user can contact the Data Controller as follows:

By email: webshop@nomade-studio.be
By mail: Nomade, Chaussée du Comté de Dalhem 38, 4607 Bombaye, Belgium

The Data Controller reserves the right to modify the provisions of this Policy at any time. Any modifications will be published directly on the Data Controller's website.

This Policy is governed by the national law of the country where the Data Controller’s main establishment is located.

Any dispute related to the interpretation or enforcement of this Policy will be submitted to the courts of that national jurisdiction.