Your Privacy & Aquascaper.be
We attach considerable value to trust. We describe below how we ensure the protection of your
This online shop runs on lightspeed Shop, which have been looking after your payment details and those of millions of other Belgians for decades. Hence they comply with:
• theEuropean General Data Protection Regulation
Their work processes are fully designed to meet the strict requirements of all these laws. And their data traffic is
robustly protected. In this way we are able to guarantee your privacy and that of your clients.
Basic principles of privacy
Complying with these laws simply means that we adhere to these basic principles:
•We tell you about your rights and only trade if you give us permission to process your data.
• We use your personal data exclusively for performing our work.
• We only collect the data that is necessary for our work.
• We ensure that your personal data is and stays correct.
• We do not keep your personal data longer than is strictly necessary.
• We protect your personal data against unauthorised access, loss or destruction.
• We can prove that we comply with these rules.
We handle your data as carefully and safely possible. If you want to check this, it is good to know that you – as the owner of your personal data – have various rights.
Right to information You have the right to be informed about our work processes in which your personal and payment data are circulated.
Contact: [email protected]
Right of access You have the right to see what personal data of yours we have. Would you like to exercise this right? No problem. We will first check your identity, after which we'll look up all your data. We will send you all of the data of yours that we have. And we will inform you about the details of our processing method, such as the purpose, the retention period, with whom the data is shared and how the data was obtained. We aim to disclose this within a month. Should more time be necessary, we will inform you of this.
Contact: [email protected]
Right to rectification, restriction and deletion
You have the right to rectify or supplement any personal data of yours that we have, or to delete part of your data, so that we proceed with limited data. You have a so-called 'right to be forgotten', which means that you can have all of the data of yours that we have deleted. The law also obliges us to keep certain data. Therefore we cannot delete this.
Contact: [email protected]
Right to data transfer
You have the right to digitally transfer personal data of yours that we have, to another organisation. Should you wish to do this, we will then provide you with your data in a structured and accessible file format. We can only do this with the personal data you have personally provided to us, or which you have given us express permission to process, or which we have obtained through the execution of our agreement. We aim to provide you with the file for data transfer within a month. Should more time be necessary, we will inform you of this.
Contact: [email protected]
Right to object
If you believe that we are wrongly processing your personal data, you are invited to let us know. If your objection is correct, we will stop processing your data. You can also submit an official complaint if you believe that we have handled your data without due care. If you notify us of this, we will review our processes critically and eliminate potential shortcomings. We aim to process your complaint within five working days. Should more time be necessary, we will inform you of this. If we cannot come to a joint resolution, you can submit a complaint to the Belgian Data Protection Authority.
Contact: [email protected]
Submit a complaint to the Belgian Data Protection Authority
How we handle your data
We employ all sorts of technical and organisational measures to protect your privacy to the greatest extent possible. We can show how seriously we take this with
certifications from national and international quality and safety standards. For example with the Payment Card Industry Data Security Standard (PCI DSS). Read how we protect your privacy in our work processes. Our supplier CCV monitors this.
Triple layer data protection by lightspeed
• The responsibility for the careful handling of data lies first and foremost with our colleagues who process personal data on a daily basis. They are immersed in data processing processes and see the content of applications. They also assess whether all the processes are working properly on a daily basis.
• The risk management department and the data protection officer provide support and advice on this. They draw up policy, carry out risk analyses and test whether the work processes indeed comply with the regulations.
Finally our independent internal audit department and the data protection officer check for the good cooperation between colleagues, and whether we fulfil our legal and business obligations.
Monitoring of work processes by lightspeed
Sometimes a new work process can cause risks to your personal data. Therefore we first test every new work process against a Data Protection Impact Assessment (DPIA). We also carry out a risk analysis and a technical control. This way we can be sure that the authorisation process, security and administration are done correctly.
Administration activities We keep accurate records for every activity that we perform in the data processing process, so that we can always find out what has happened with your personal data.
Purpose of data use We only use the personal data of employees for performing our duties as an employer. We only use the personal data of our clients for performing our services, for example, for the:
closing or amending of agreements,
• processing and analysing orders,
• resolving disputes and disputed orders,
• analysing data to improve the services we provide
• We do not keep your personal data longer than is strictly necessary for the the intended purpose and no longer than the legal period prescribed to us. We monitor this retention period by storing the period and personal data together.
CCV works with banks, credit card companies and other parties to combat fraud. It is therefore sometimes necessary to share data with them. This always takes place according the provisions of the law and only when our data processing officer has given his explicit authorisation.
Staying up-to-date with lightspeed. Lightspeed's employees are aware of the importance of privacy. They are trained in the protection of your privacy and the safeguarding of information. We make sure that this awareness and knowledge remain up-to-date. We do this with an e-learning programme among other things and through the regular sharing of information internally. Our data protection officer and the corporate information security officer keep an eye on this.
In the event of a data breach
However well we do our work, there is always the risk of a data breach. This can occur through an error on our part or completely outside our control. In any situation where personal data is lost or falls into the wrong hands, there is a data breach.
If we discover a data breach, immediate action is required. We first research what personal data is concerned. If the breach may influence your rights and freedoms, we shall report the breach to the Belgian Data Protection Authority within 72 hours. If the risk is high, we shall also inform you immediately. Additionally, we shall throughly research the breach. We shall find out exactly what happened, which data was exposed to danger, who could possibly be behind it and how we can prevent it in the future, so that we can tighten our security. Furthermore, we shall carefully record all our findings about the data breach, so that we can learn from it at a later date too.
Reporting a data breach
Do you suspect that a data breach has occurred? Then we would like to hear that directly, including the reasons or indications on which your suspicion is based.
Contact [email protected]
Our terms and definitions
All the information about a person, for example a name and email address. Data that says something about a person indirectly is also personal data. This might include an IP address, a card number or transaction data. In combination with other data, this can be traced back to a person.
General Data Protection Regulation (GDPR) European legislation on the careful processing and free movement of personal data. This law has been in force in all European Union countries since May 2016. Organisations were given until 25 May 2018 to ensure that their administrative and work processes complied with this law.
Belgian Data Protection Authority (AP)
The national privacy supervisor. If you think that Aquascaper.be has processed your
personal data wrongly or incorrectly and you cannot reach an agreement with us, you can call upon the Belgian Data Protection
Authority. Data Protection Impact Assessment (DPIA)
Sometimes a new process can entail risks to your personal data. Therefore we first test every new work process against a Data Protection Impact Assessment (DPIA). The General
Data Protection Regulation (GDPR) sets out the requirements that this test must meet
Data manager from lightspeed
A person or organisation which – individually or in collaboration with third parties – registers or manages personal data. The data manager is also responsible for the design and functioning of the data processing process. CCV is the data manager of our clients' personal data.
Data processor A person or organisation which processes personal data on behalf of the data manager. We are a data processor of payment data on behalf of a number of clients. A data processor and a data manager always close an agreement. This includes conditions for guaranteeing personal data protection.
A person who enters into a relationship with us. This can be a visitor to our website, a customer of our services or products, or a supplier or associate.
How we handle cookies
• To enable communication over a digital network.
• For research into the use of our website.
• For entering into or settling an agreement.
• For the provision of a service you have requested.
• To learn about your interests on the basis of your behaviour on our site.
• To enable third parties to discover your interests.
No cookie preference
You can decide for yourself whether/and which cookies to accept. This choice may well have consequences. If you refuse our
cookies, we cannot promise that our website will work optimally any longer.
• You can set which of our cookies you accept and which you do not. For example, that you are willing to cooperate with statistics, but not with personal information. Set your preferences directly:
• You can set your browser – Chrome, Safari, Internet Explorer – in such a way that you receive a warning when a website wants to place cookies. Or that your browser by definition declines all cookies, or only those from third parties. You can also delete cookies that have already been placed. Make sure that you change these settings on every device and browser that you use.
• You can prevent Google Analytics from tracking your behaviour on any site. Should you so wish, you can opt out of all Google cookies. Go to Google and opt out here.