–PRIVACY POLICY–

Object

This Policy is drawn up by Cinnamon Capital SPRL located at Avenue Montjoie 63, 1180 Brussels, under the registration number 0543.497.433 (hereinafter referred to as "the controller").

The purpose of this privacy policy (the Policy) is to inform visitors to the website hosted at the following address: www.siennafriends.com (hereinafter referred to as the "website") of the manner in which data is collected and processed by the controller.

This Policy is in line with the wish of the controller to act transparently, in compliance with its national provisions and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation" or "GDPR").

The controller pays particular attention to the protection of the privacy of its users and therefore undertakes to take reasonable precautions to protect the personal data collected against loss, theft, disclosure or unauthorized use.

"Personal data" means the personal data of the user of the website, so any information relating to an identified or identifiable user.

If the user wishes to react to one of the practices described below, he may contact the controller at the postal address or email address specified in the "contact details" section of this Policy.

Which data do we process?

The data controller collects and processes the following personal data according to the methods and principles described below:

The data you provide us

  • its e-mail address if the user has previously disclosed it, for example by sending messages or questions on the website, by communicating with the controller by e-mail, by participating in discussion forums, by accessing the restricted part of the website by identification, etc..;
  • all the information concerning the pages that the user has consulted on the website;
  • any information that the user has voluntarily given, for example in the context of information surveys and/or registrations on the website, or to the newsletter or by accessing the restricted part of the website through identification or when submiting an order through the website.

The data collected automatically

  • We may place cookies on your computer, tablet or smartphone. These cookies help us to remember your preferences when using our Website. For more information, we refer you to our cookies policy (see below). Some data may be collected without being stored by means of cookies. Including: its domain (automatically detected by the controller's server), the dynamic IP address, the web browser used, the date and time of access to the site, the operating system used, the keywords used to find the site.

The controller may also collect non-personal data. These data are called non-personal data because they do not directly or indirectly identify a particular person. They may then be used for any purpose whatsoever, for example to improve the website, the products and services offered or the data controller's advertising.

In the event that non-personal data are combined with personal data, so that identification of the data subjects is possible, such data will be treated as personal data until such time as it is made impossible to link them to a particular person.

Collecting methods

The controller shall collect personal data in the following manner:

  • When you subscribe to the newsletter
  • When you order a product online on the internet site
  • When you take part in an online contest
  • When you fill any other questionaries’ or survey
  • When you navigate on our website (which can use cookies)
  • When you contact us directly by the website, by email, mail or through other ways such as social networks
  • When you interact with us through social networks

Purposes of the processing

Personal data are collected and processed only for the purposes mentioned below:

  • ensuring the management and control of the execution of the proposed services ;
  • sending and follow-up of orders and invoices ;
  • sending promotional information on the products and services of the controller;
  • sending of promotional material;
  • answering the user's questions;
  • performing statistics;
  • improving the quality of the website and the products and/or services offered by the controller;
  • transmitting information on new products and/or services of the controller;
  • for actions of commercial prospection;
  • allowing a better identification of the user's interests.

The controller may be required to carry out processing operations not yet provided for in this Policy. In this case, the controller will contact the user before re-using his personal data, in order to inform him of the changes and give him the possibility, if necessary, to refuse such re-use.

Legitimate interest

Some data processing activities are based on the legitimate interest of the controller. The legitimate interest is proportionate with regard to the rights of the users. For further details regarding the purpose of the processing based on the legitimate interest of the controller, users can contact the controller directly (see contact details in this Policy).

Duration of the storage

In general, the controller shall store personal data only for the time reasonably necessary for the purposes pursued and in accordance with legal and regulatory requirements.

The personal data of a customer are kept for a maximum of 10 years after the end of the contractual relationship between the customer and the controller.

Shorter retention periods apply for certain categories of data, such as traffic data, which are kept for only 12 months.

At the end of the storage period, the controller shall make every effort to ensure that the personal data have indeed been made unavailable and inaccessible.

Exercise of rights

For all rights mentioned hereafter, the controller can check the user's identity before granting the right.

The request for additional information by the controller must be done within 1 month after the request made by the user.

Access to the data and copy

The user may obtain free of charge the written communication or a copy of the personal data concerning him that have been collected by the data controller.

The controller may charge a reasonable fee based on administrative costs for any additional copies requested by the user.

Where the user makes such a request electronically, the information shall be provided in a commonly used electronic form, unless the user requests otherwise.

The copy of his data will be communicated to the user at the latest within one month after receipt of the request, except in case of a contrary provision in the GDPR.

Right of rectification

The user may obtain free of charge, as soon as possible and at the latest within one month, the rectification of his personal data which are inaccurate, incomplete or irrelevant, as well as completing them if they prove to be incomplete.

Except in case of a contrary provision in the GDPR, this request will be handled within one month after the request was made.

Right to object to processing

The user may at any time, for reasons relating to his particular situation, object free of charge to the processing of his personal data, when:

  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail (in particular where the data subject is a child).

The controller may refuse to exercise the user's right of opposition where he establishes the existence of compelling and legitimate reasons justifying the processing, which take precedence over the interests or rights and freedoms of the user, or for the establishment, exercise or defense of a legal claim. In case of dispute, the user may lodge an appeal in accordance with the point "claims and complaints" of this Policy.

The user may, at any time, oppose, without justification and free of charge, the processing of personal data concerning him when his data are collected for purposes of commercial prospection (including profiling). Where personal data are processed for scientific or historical research purposes or for statistical purposes in accordance with the general data protection regulation, the user has the right to object, for reasons relating to his particular situation, to the processing of personal data concerning him, unless the processing is necessary for the performance of a task in the public interest.

The controller is obliged to reply to the user's request as soon as possible and at the latest within one month and to give reasons for his reply if he intends not to comply with such a request, except in case of a contrary provision in the GDPR.

Right of limitation of the processing

The user may obtain the limitation of the processing of his personal data in the cases listed hereunder:

  • when the user disputes the accuracy of a data and only the time that the controller can control it;
  • where the processing is unlawful and the user prefers the processing to be limited to deletion;
  • when, although no longer necessary for the pursuit of the purposes of the processing, the user needs it for the establishment, exercise or defence of his rights in court;
  • for the time necessary to examine the validity of an opposition request submitted by the user, in other words, for the controller to check the balance of interests between the legitimate interests of the controller and those of the user.

The controller will inform the user when the limitation of the processing is lifted.

Right to erasure (right to be forgotten)

The user may obtain the deletion of the personal data concerning him, where one of the following grounds applies:

  • the data are no longer necessary for the purposes of the processing operation;
  • the user has withdrawn his consent for his data to be processed and there is no other legal basis for the processing;
  • the user objects to the processing and there is no compelling legitimate reason for the processing and/or the user exercises his specific right of opposition in direct marketing (including profiling);
  • the personal data have been unlawfully processed;
  • personal data must be erased in order to comply with a legal obligation (under Union law or Member State law) to which the controller is subject ;
  • personal data have been collected in the context of the provision of information society services to children.

The deletion of data is however not applicable in the following 5 cases :

  • where processing is necessary for the exercise of the right to freedom of expression and information;
  • where processing is necessary for compliance with a legal obligation requiring processing under
  • Union law or under the law of the Member State to which the controller is subjected, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • where the processing is necessary for public health reasons;
  • where processing is necessary for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes and where the right to erasure is likely to render impossible or to seriously jeopardise the attainment of the purposes of the processing in question;
  • where processing is necessary for the establishment, exercise or defence of legal claims.

The controller is obliged to reply to the user's request as soon as possible and at the latest within one month and to give reasons for his reply if he intends not to comply with such a request, except in case of a contrary provision in the GDPR.

Right to “data portability”

The user may at any time request to receive his personal data free of charge in a structured, commonly used and machine-readable format, with a view in particular to transmitting them to another controller, when:

  • the data processing is carried out using automated processes; and where
  • the processing is based on the consent of the user or on a contract concluded between the user and the controller.

Under the same conditions and in the same manner, the user has the right to obtain from the controller that the personal data concerning him will be transmitted directly to another controller of the processing of personal data, insofar as this is technically possible.

The right to data portability shall not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Recipients of data and disclosure to third parties

The recipients of the data collected and processed are, in addition to the controller himself, his employees or other subcontractors, his carefully selected business partners, located in Belgium or in the European Union, and who collaborate with the controller in the context of the marketing of products or the provision of services.

In the event that the data are disclosed to third parties for commercial prospecting purposes, the user will be informed in advance so that he can choose whether or not to accept this data transfer to third parties.

Since the transfer is based on the consent of the user, he can retract his consent at any time with regard to this exact purpose.

The data controller respects the legal and regulatory provisions in force and will in all cases ensure that his partners, employees, subcontractors or other third parties having access to these personal data comply with this Policy.

The controller reserves the right to disclose the user's personal data in the event that a law, judicial procedure or an order from a public authority makes such disclosure necessary.

No personal data shall be transferred outside the European Union.

Security

The controller shall implement appropriate technical and organizational measures to guarantee a level of security of the processing and the data collected with regard to the risks presented by the processing and the nature of the data to be protected appropriate to the risk. It takes into account the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to users' rights and freedoms.

The controller has put in place appropriate security measures to protect and avoid the loss, misuse or alteration of information received on the website.

In case a breach of personal data occurs, the controller will undertake quick action to identify the cause and take appropriate measures to remedy the situation.

The controller informs the user of this breach when he is obliged to do so by law.

Claims and complaints

If the user has a complaint, it is adviseable to contact the controller directly.

The user can also lodge a complaint with his national control authority, whose details are listed on the official website of the European Commission:

http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

In addition, action can be undertaken before the competent national courts.

Contact details

For any question and/or complaint, in particular as to the clear and accessible nature of the present Policy, the user may contact the data controller:

By email: hello@siennafriends.com

By mail: Avenue Montjoie 63, 1180 Brussels

Applicable law and competent jurisdiction

This Policy shall be governed by the national law of the main place of establishment of the controller. Any dispute concerning the interpretation or execution of this Policy shall be submitted to the courts of that national law.

Miscellaneous provisions

The controller reserves the right to modify the provisions of this Policy at any time. Changes will be published with a warning as to their coming into force.

This version of the Policy dates from 02/04/2019.

Acceptance

Use of the Website constitutes agreement with all of the clauses of these Privacy Protection Rules, and with the collection of personal data by Cinnamon Capital in order to process said data in accordance with these Privacy Protection Rules.

-Cookies Policy-

Our use of cookies

Our Web site uses cookies and similar technologies to discern your preferences (or the preferences of other users) for using our website. This assists in offering you an improved experience when you visit our Website, and allows us to optimize the latter.

Cookies and similar technologies do not, however, allow us to systematically collect data that may identify you. They only help us to improve the operation of our website, to understand what your interests are, and to assess the relevance of the content of our website.

Due to recent changes in legislation, all websites operating in certain parts of the European Union must obtain your consent for the use or retention of cookies or other similar technologies on your computers or mobile devices. This cookie policy aims to give you the clearest and most complete information possible on the cookies that we use and their purposes. We also invite you to read our Privacy Policy (see herebelow) in order to take note of the rules pertaining to privacy that apply to our Website.

For more information on our cookies policy, do not hesitate to contact us at hello@siennafriends.com.

What is a cookie?

A “cookie” is a small file composed of letters and numerals stored in your browser or on the hard drive of your computer. This allows us to remember your preferences for using our website. Unless you have chosen not to accept cookies in your browser settings, our system will automatically place cookies on your system during your visit to our site.

Type of cookies

Cookies can be subdivided into categories according to their origin, their function and their life expectancy.

First-party cookies carry the name of the site domain that you have visited (e.g. cookies placed by www.siennafriends.com, if you use first-party cookies).

Third-party cookies carry the name of a domain other than the one that you have visited. If you visit a website and a third party places a cookie on your computer via that website, it is a third-party cookie (e.g. cookies placed by Google, Twitter and Facebook).

Functional cookies ensure the proper functioning of the website (e.g. login, traffic log or language preference cookies). Functional cookies are first-party cookies.

Non-functional cookies are stored on your system by the website for statistical, social, targeting or commercial purposes. Cookies stored for statistical purposes enable identification of the pages of the website that have been visited, or the location of the computer, etc. Cookies stored for social purposes enable users to share the content of the website visited on social networks. Targeting cookies enable the creation of user profiles incorporating browsing behaviour, which in turn enables advertising adapted to the user’s interests. Commercial cookies record the type and frequency of advertising shown to the user. Non-functional cookies may be first- or third-party cookies.

Permanent cookies: these remain present on your hard drive for a long period of time determined by the cookie, or until erased by you. They are activated every time you visit the website that placed them on your system (e.g. cookies placed by Twitter or Facebook). Permanent cookies are generally non-functional.

Session cookies: these enable simplification of the user’s operations and link them one to each other during a browsing session. A navigation session commences when the user opens the browser window and is terminated when the user closes this window. Session cookies are temporary. As soon as you close your browser, all session cookies are deleted. Session cookies are generally functional.

Your consent

By visiting our site, you agree to the use of cookies. Accepting certain cookies is essential for an optimal visit to our site. You can block cookies by activating the browser setting that allows cookie storage. However, if you use your browser settings to block these cookies, you will probably not be able to access (certain parts of) our Website. Read the Cookies Policy carefully for more information. If you wish to modify your permissions at any time, you must delete cookies using your browser settings. For more information on blocking or deleting cookies, visit our website at http://www.aboutcookies.org/Default.aspx?page=2.

Modify your browser settings

We would like to draw your attention to the fact that your browser settings allow you to modify your cookie acceptance settings. These settings can generally be accessed via your browser’s ‘Options’ or ‘Preferences’ menu. For a better understanding of these settings, we invite you to consult the following links or refer to your browser’s ‘Help’ tab:

More information about cookies

The website http://www.allaboutcookies.org/ provides more details on how cookies work. The Internet Advertising Bureau (IAB) representing digital marketers has published useful information and advice on behavioural advertising and privacy at http://www.youronlinechoices.eu/

Which cookies does Sienna & Friends use (Cinnamon Capital)?

NAMEDOMAINGOALTIME
FUNCTIONALwww.siennafriends.comlanguage & destination300 days
FUNCTIONALwww.siennafriends.comuser country / pays de utilisateur1 day
FUNCTIONALwww.siennafriends.comlogin & registration1 hour
NON-FUNCTIONALutmawww.siennafriends.comGoogle analytics suivi de cookies2 years
NON-FUNCTIONALutmbwww.siennafriends.comGoogle analytics suivi de cookies30 minutes
NON-FUNCTIONALutmcwww.siennafriends.comGoogle analytics suivi de cookiessession
NON-FUNCTIONALutmzwww.siennafriends.comGoogle analytics suivi de cookies6 months

*for cookies used by third parties (e.g. google analytics), we invite you to consult the statements that these parties have placed on their respective websites (see links above). warning: we cannot exert any influence on the content of these declarations, nor on the content of cookies from these third parties