We value your right to privacy and make every effort to protect your personal data in accordance with applicable data protection law, including the General Data Protection Regulation (EU) 2016/679 (“GDPR“) and the national implementing legislation.
1. Who we are?
Penny Black, a private limited liability company incorporated, organized and existing under the laws of Belgium, with registered seat at Van Diepenbeeckstraat 8, 2018 Antwerp, Belgium, registered with the Crossroads Bank for Enterprises (Kruispuntbank van Ondernemingen or KBO) under enterprise number 0765.809.258 (“Penny Black”). In the context of the provision of our services, we offer a software solution and associated services, for late stage customization of e-commerce parcels transforming the parcel into a marketing touchpoint (the “Services”).
In the course of our business activities, we collect, use, store, share or otherwise process personal data. Under applicable data protection law, we qualify as a “controller” with respect to these personal data.
2. From whom we collect personal data?
In the course of our business activities, we may collect personal data from customers, users of Penny Black, prospects, visitors to our website (www.pennyblack.io, the “Website”), persons who subscribe to our electronic mailings, persons who provide their business card or otherwise their contact details to us, and persons who contact us by e-mail or otherwise.
3. What personal data do we process?
By using our Website or our Services, Penny Black collects and processes your data. Some aspects of these data qualify as personal data. Penny Black collects personal data through the following channels:
- personal data that you enter yourself on the Website: for example, contact data when subscribing to our newsletter or other content;
- personal data entered by a customer of Penny Black;
- personal data collected by Penny Black when using the Website: for example, by using cookies.
- first and last name;
- contact information (e.g. address, e-mail address, company name and telephone number);
- technical data (e.g. as IP address);
- commercial data (e.g. billing details, address, account number);
- administrative data related to our Services.
Penny Black will store and process your personal data on its servers located within the European Economic Area.
4. For what purposes do we use your personal data and on what legal basis do we base this processing?
We may use the aforementioned personal data for the following purposes:
1) Providing our Services;
2) Improving the use and administration of the Website and Services;
3) To communicate with you about our Services and Penny Black;
4) For customer management, as well as invoicing and tracking;
5) To prepare offers for potential clients;
6) To establish or defend our rights, and pursue legal remedies or limit damages;
7) For marketing purposes
For your full information, please find below the legal grounds relevant to these processing operations:
- We base the processing of personal data for (1), (2), (3) and (4) on the necessity for the performance of a contract to which the data subject is party (Art. 6.1 b GDPR).
- The processing of personal data for (5) and (6) can be necessary to comply with legal obligations (art. 6.1 c GDPR) or still necessary for the protection of our legitimate interests (art. 6.1 f GDPR)
- We base the processing of personal data for electronic direct marketing purposes (sending our electronic newsletter) (7) on your opt-in consent. You always have the right to unsubscribe by clicking on the provided unsubscribe link at the bottom of each promotional e-mail (art. 6.1 a GDPR)
5. With whom we share your personal data?
We may transfer your personal data to the following parties:
- Third parties who provide services to us or who provide services in our name and on our behalf such as IT service providers, PR/marketing service providers who organize mailing campaigns for us, advisors, …
- Public authorities such as the police and the judiciary.
When transferring personal data to third parties, we always ensure that we take appropriate technical and organisational protection measures. Where necessary, we will, for example, conclude a transfer agreement or a processing agreement, which sets out restrictions on the use of your personal data and obligations in respect of the security of your personal data.
Your personal data will not be lent or sold to third parties for marketing purposes without your prior express consent.
To the extent that your data is transferred in the context of this article to countries outside the European Union that do not provide an adequate level of protection for your data, Penny Black will ensure that the companies to which your data is transferred do provide an adequate level of protection. More specifically, we have concluded Standard Contractual Clauses (SCC) with them. Penny Black always guarantees on a case-by-case basis that an adequate level of protection is in place for transfers to third countries. More information on these measures can be obtained by sending an e-mail to admin@https://https://https://pennyblack.io.
6. How long do we keep your personal data?
We do not keep your personal data longer than necessary for the purposes for which it is collected and processed (as described above).
- For the purposes of providing Services to our customers, we will retain it for as long as necessary to fulfil the purposes set out above, unless a longer retention period is (i) necessary to cover our liability or (ii) required or permitted by law.
- All personal data used for marketing purposes will be retained until such time as you inform us that you no longer wish to receive our mailings or it appears that your e-mail address is no longer in use.
More information on our retention measures can be obtained by sending an e-mail to email@example.com.
7. How do we protect your personal data?
We take appropriate technical and organisational measures to ensure a level of security appropriate to the specific risks we have identified.
We thus protect your personal data as best as we can against the destruction, loss, alteration or unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
More information on our security measures is available upon request.
8. What are your rights and how can you exercise them?
Within the limits defined in Articles 15-22 of the GDPR, you have the following legal rights with respect to your personal data:
- Right to access: you have the right to obtain confirmation from us as to whether or not we are processing your personal data, to access that personal data and how and why it is being processed, as well as to receive a copy of that data.
- Right to rectification: you have the right to obtain a rectification of your personal data or to ask us to complete your personal data if you notice that we are processing incorrect or incomplete data about you.
- Right to erasure (‘right to be forgotten’): You have the right to obtain the erasure of data in certain specific cases.
- Right to restriction: You have the right to have the processing of your personal data restricted in certain specific cases.
- Right to transferability: You have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable form, and to transfer that personal data (or have it transferred) to another controller.
- Right to object: You have the right to object to the processing of your personal data on the basis of our legitimate interest for reasons relating to your specific situation.
- Right to object to direct marketing: You also have the right to object to the processing of your personal data for direct marketing purposes. This right is absolute – we will therefore always comply with it.
You may exercise the above rights by sending an e-mail to firstname.lastname@example.org, or in case of the right to object to direct marketing also via the opt-out link included in our marketing e-mails.
The exercise of these rights is in principle free of charge. Only in the event of unreasonable or repeated requests may we charge a reasonable administrative fee.
We always try to answer your requests or questions as quickly as possible. It is possible that we will first ask you for proof of identity in order to verify your identity.
For further information and advice on the above rights, please visit the website of the Data Protection Authority: www.gegevensbeschermingsautoriteit.be.
In addition to the above rights, you also have the right at any time to lodge a complaint with the Data Protection Authority in connection with the processing of your personal data by us. You can contact the authority at email@example.com or by mail at the following address:
Last updated: 21 December 2021