IL GRANITO BV, a company incorporated under Belgian law, with its registered office at Toekomstlaan 2, 3600 Genk, and enterprise number 0465.837.253 (‘Il Granito’), attaches great value and importance to your privacy and the secure processing of your personal data when using the website (www.ilgranito.be). We want to protect the data of our customers and visitors to our website (‘Customers/Visitors’)in the best possible way against loss, breaches, errors, unauthorised access and any other unlawful processing. 

We therefore will process your personal data only in accordance with Regulation (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (‘GDPR’) and the Belgian Act of 30 July 2018 on the protection of individuals with regard to the processing of personal data. 

With this Privacy Statement, Il Granito wishes to inform you as a data subject, within the meaning of the GDPR, about the processing operations and provide you with adequate information, including about your rights as a data subject.  

Il Granito wishes to point out that providing certain mandatory personal data is a prerequisite for performing our services. In the absence of these personal data, we cannot offer our services or can only do so inadequately. 

Where necessary, we will ask you as a data subject for your informed, free, unambiguous and specific consent to perform certain processing operations. 

Our privacy policy may be subject to adjustments and amendments in future. These will be made clear in this Privacy Statement. It is therefore your responsibility to consult this document regularly. Any substantial change will always be clearly communicated and must be the subject of new consent, if required.

2.1. Controller(s):
Under this Privacy Statement, which deals with the use of the Il Granito website (www.ilgranito.be). Il Granito must be regarded as the controller. After all, Il Granito, either acting alone or in cooperation with others, determines the purpose and means of processing your personal data.

2.2. Controller(s):
Il Granito acts as the processor of personal data for the purpose of its services. You can always reach us using these contact details:

• Il Granito BV

• Toekomstlaan 2, 3600 Genk (BE)

• Enterprise number: 0465.837.253

• Email: info@ilgranito.be

• Website: www.ilgranito.be

We may need to provide personal data to third parties for the purpose of our services to you. 

To allow you to make optimal use of the website’s functionalities, your personal data may be supplied to the providers of these functionalities. Providing personal data is strictly limited to what is necessary to offer these functionalities.
‍
Other processors can always be communicated to you on request.

When we process personal data, the general legal principles governing the processing of personal data will always be observed.  

In particular, in applying the principle of minimum data processing, Il Granito will process only those data that are strictly necessary for the purposes as set out in this Privacy Statement. A list of categories of personal data that could be processed through your use can be found here:

• Personal identification data

• Electronic identification data

• Financial identification data

The Visitor often provides us with their own personal data and can thus exercise certain control over their accuracy and minimisation. If certain data are incorrect or incomplete, we may decide to suspend certain functionalities pending their correction or completion.

Your personal data is stored exclusively within the European Economic Area.

6.1. Ensuring compliance with the principles inherent to processing personal data
We process your personal data only:

• In accordance with the purposes as determined here or in a manner compatible with this original purpose;

• In a proper, lawful and transparent manner, with the processing based on these grounds, depending on the case: consent, legitimate interest, performing an agreement or a legal obligation;

• In a manner proportionate to the intended purpose;

• In a proper manner;

• In principle, for a period of five (5) years after the last activity on the website or mobile application or for five (5) years after performing the agreement;

• In the cases provided for by law, for a period equal to the statutory retention period;

• In a manner providing sufficient safeguards against unauthorised access, unlawful processing and/or accidental loss or damage.

6.2. Right of access
Any Visitor who provides sufficient proof of their identity has a right to obtain confirmation about whether their personal data are being processed and, if so, to obtain access to the personal data.  

You also have the right to be informed about the processing purposes, the categories of personal data being processed, the recipients of the personal data, the period during which your personal data will be stored and the criteria for determining that period, and the rights you can exercise under the GDPR.  

If you wish to exercise your right of access, rectification or erasure, you will need to submit a request to the controller. The controller has one (1) month to respond to your request.Incomplete or inaccurate personal data can be rectified or erased at any time. You can exercise your right to rectification by submitting an additional statement to the controller. The controller will give effect to this additional statement within one (1) month of receiving it.  

You also have the right to have your personal data erased without unreasonable delay. You may invoke this right only in these cases, which will be assessed by the controller:

• If your personal data are no longer needed for the purposes for which they were collected or processed;

• If you withdraw your consent and no other legal basis for the processing exists;

• If you object to the processing and there are no overriding mandatory legitimate grounds for the processing;

• If the personal data have been processed unlawfully;

• If your data must be erased in accordance with a legal obligation.

6.3. Right to restriction of processing / Right to object
You have the right to obtain restriction of processing if one of these elements applies:

• You dispute the accuracy of the personal data;

• The processing appears to be unlawful, and you oppose erasing the personal data;

• The controller no longer needs your personal data for the purposes of the processing, but still needs them to establish, exercise, or defend legal claims;

• The controller must assess the existence of the grounds for erasing the personal data during this period.

You also have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. The controller will then cease processing your personal data, unless it can demonstrate compelling legitimate grounds for processing your personal data that override your right to object.  

You also have the right not to be subject to individualised and fully automated decision-making if it produces legal effects or if such decision could significantly affect you. However, you may always intervene in such decision-making yourself or request human intervention. 

Lastly, you always have the right to object to the processing of personal data for direct marketing purposes. 

If you wish to exercise your right to object or to restrict processing, you will need to submit a request to the controller. The controller has one (1) month to respond to your request.

6.4. Right to data portability
You have the right to obtain the personal data you have provided in a structured, commonly used and machine-readable format. You also have the right to transmit these personal data to another controller if processing your personal data is based solely on your consent. 

If you wish to exercise your right to data portability, you will need to submit a request to the controller. The controller has one (1) month to respond to your request.

6.5. Right to be forgotten
Whenever you have justifiably requested the rectification, erasure or restricted processing of data, the controller will notify each recipient of these personal data, unless this proves impossible or would involve a disproportionate effort. You can also always receive information on these recipients.

6.6. Right to withdraw your consent / Right to lodge a complaint
You always have the right to withdraw your consent. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. You also have the right to complain about processing of your personal data to the competent supervisory authorities. If you wish to withdraw your consent or exercise your right to complain, you will need to submit a request to the controller. The controller has one (1) month to respond to your request.

6.7. Right to information and transparency
When you exercise your rights, the controller must always act in accordance with the GDPR and thus provide all information required by the GDPR in a concise, transparent, understandable and easily accessible format, which you will receive in plain language. The periods for responding to your requests may be extended in exceptional circumstances, including because of the complexity and number of your requests. The controller must notify you of this extension and the reasons for it within one (1) month of receiving your request.

We recognise that personal data security is an essential part of data protection. We therefore implement appropriate technical and organisational measures to protect your personal data against unauthorised processing or unauthorised access to prevent abuse.

When you use the website, ‘cookies’ may be placed on your storage device to remember certain choices of the returning Visitor or to offer you certain functionalities.  For more information, please refer to our statement on cookies, available on the website.