Privacy Policy

Who are we?

We are BRIGHT&MORE, registered under the number 0764 495 107, RLE Leuven (hereafter, 'we' or 'us' or 'our').

You can contact us using the following contact details:

• Email: hello@brightandmore.com
• Phone number: +32 (0) 476 45 15 06
• Address: Vijverstraat 72, 3040 (SAR) Huldenberg (Belgium)

We process your personal data in strict accordance with the applicable legal provisions for the protection of personal data, including Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, the 'GDPR'), as well as the applicable national implementing legislation.

Definitions

For the purposes of this privacy policy, 'personal data' refers to all information concerning an identified or identifiable natural person ('the data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. In essence, it encompasses all information that can be used to identify a person. This includes, for example, your name, first name, date of birth, telephone number, and email address, as well as your IP address, order history, etc.

The term 'processing' is very broad and encompasses, among other things, the collection, recording, organization, storage, updating, modification, retrieval, consultation, use, dissemination, combination, archiving, and deletion of data.

Controller of Your Personal Data Processing ('Data Controller')

This privacy statement applies to the processing of personal data described herein, carried out by us as the controller of your personal data processing.

We are, as defined by the GDPR, the 'data controller' of your personal data. This signifies that we, possibly together with others, determine the purpose and means of processing your personal data.

Which personal data do we process, why, and based on which legal ground?

In the table below, you will find:

• Column 1: the categories of personal data we process (the 'Categories of Personal Data');
• Column 2: the reasons for this processing (the 'Purposes');
• Column 3: the legal basis for the processing activity (the 'Legal Ground'); and
• Column 4: the duration for which we process your personal data (the 'Retention Period').

Each processing activity of your personal data is carried out for one or more specific purposes. Additionally, there is always a demonstrable legal ground for each processing. The applicable legal ground, which you will find in the third column 'Legal Ground,' has the following meanings:

• Consent: you have given consent for the processing of personal data for one or more specific purposes;
• Legitimate Interest: the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data;
• Contract: the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract;
• Legal Obligation: the processing is necessary for compliance with a legal obligation to which we, as the data controller, are subject.

Processing during the use of our website

Minors

We do not intend to collect personal data from individuals under the age of 18. Visiting our website and using our products and services is reserved for individuals over the age of 18. Therefore, minors are not permitted to provide us with personal data or to submit a consent declaration.

Privacy Rights

To grant you enhanced control over the processing of your personal data, you are vested with several rights. These rights are, inter alia, enshrined in Articles 15-22 of the GDPR.

You are entitled to the following rights:

Exercising Your Rights

To exercise these rights, you can contact us using the contact details provided above.

To verify your identity, we request that you include a copy of the front side of your identity card. We ask that you make your national register number and the image on your identity card illegible. In any case, we will process your identity card details solely to verify your identity and will not store or record them in our systems.

You can exercise all these rights free of charge, unless your request is manifestly unfounded or excessive. In such cases, we reserve the right to charge you a reasonable fee or refuse to comply with your request.

Retention of Your Personal Data

We retain your personal data for as long as necessary to achieve the intended purpose. Please note that numerous (legal) retention periods may require that personal data be stored. Where no retention obligation exists, the data is routinely deleted once the purpose for which it was collected has been achieved.

Additionally, we may retain personal data if you have given us consent or if it is possible that we may need this data in the context of a legal claim. For this purpose, we retain certain personal data in accordance with the statutory limitation period, which can be up to thirty years; the usual limitation period for personal legal claims is ten years.

Security of Your Personal Data

The security of your personal data is important to us. We have implemented reasonable and appropriate technical and organizational security measures to protect your personal data as best as possible against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. We always store your personal data in a secure location so that third parties do not have access to your personal data.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us via the internet. Any transmission of personal data is at your own risk. However, when we transfer or receive your data on our website, we always use encryption technologies that are recognized as proven standards.

Complaints?

We do our utmost to protect your personal data. If you have a complaint about the way we process your personal data, you can report it to us using our contact details provided above, so that we can address it as quickly as possible.

You can also lodge a complaint with the supervisory authority for data protection. The authority overseeing our organization is the Data Protection Authority, with the following contact details:

Do you have any questions?

Should you have any inquiries, please feel free to contact us via telephone, email, or postal mail using the contact details provided above. We will be pleased to address your questions.