Updated on 25 May 2018
What is it all about?
The processing of your personal data by the companies Rossel & Cie S.A., Sud Presse S.A., Groupe VLAN S.A., their subsidiaries and sub-subsidiaries (hereinafter the “ROSSEL Group”, “we”, “us” or “our”) is governed by the General Data Protection Regulation (aka GDPR) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This regulation came into effect on 24 May 2016 and became applicable on 25 May 2018.
Since its inception, our media group has always managed the personal data of, initially, its readers, and subsequently also its Net surfers, in a reasonable manner, justified by journalistic, administrative and commercial purposes of its activities and for limited periods of time. Over time, our press group has put procedures in place to secure its databases and the personal data they contain.
Our goal is to build on this achievement so that you continue to trust us to manage your personal data respectfully, while leaving you in control.
What type of personal data are we talking about? About the data relating to you the ROSSEL Group collects and the manner in which we use these data. In that context, all the people working for the legal entities of the ROSSEL Group who collect personal data are called “data controllers”.
- If you have subscribed to one of our physical or digital publications, we collect: your surname, first names, subscriber number, postal address, IP address, email address, bank account;
- If you buy goods like a book, a bicycle, a TV, tickets for a show, a service as part of a package, for instance, we may collect other personal, financial or banking details if you pay by direct debit or credit card. In that case, your personal data are shared with the financial institution or credit card company concerned which, in turn, must also provide all the necessary guarantees in terms of the protection of your personal data;
- If you take part in a competition: aside from the personal data that allow us to identify participants and winners, you may be asked to agree that your personal data are used for other purposes, so that we, or the other competition organisers, can send you further information.
What personal data do we store and where do they come from?
- If you use a social media-related functionality on our website or applications and post comments on these social media, the social network in question will share your personal data with us;
- If we need to collect personal data about or in relation to children, we always need effective parental consent to validate them.
Why and how do we use your personal data?
We use your personal data for various purposes but always ask you for your consent first: whether you subscribe to a newsletter, sign up for a publication, purchase a physical or digital product, take part in a competition, attend a promotional event, share information, etc.. We also collect your personal data for marketing purposes and in any situation we are obliged to do so by law. In the context of a contract for instance, we may also include your personal or billing data, depending on the type of service you are looking for.
- To perform a contract we concluded with you, we use your personal data to process your order, obtain payment and provide you with customer support;
- To pursue our legitimate commercial interests, we will need your personal data:
- For market study and analysis purposes and to customise our products and services;
- For marketing activities;
- To prevent or detect fraud, crimes or offences or any illegitimate use of our networks, physical or digital services and to ensure the security of our activities and those of our Partners, Recipients or Subcontractors;
- To protect our intellectual property rights (brands, content, etc.) or those of our Partners, Recipients or Subcontractors;
- To create your profile (without necessarily using your personal data) to help us personalise the services we offer you.
Do we share your personal data? With whom and why?
Within the legal entities of the ROSSEL Group, we may indeed share your personal data with a partner in an event, competition, promotion or other activity, and with third parties associated with a sale or a service provided. Under the General Data Protection Regulation, we can only share your personal data if you have given your consent and on condition that each partner (hereinafter “Recipient” or “Subcontractor”) has concluded a contract with us and affords the same protection to personal data as we do.
The same applies to our partners, major players in the digital world (Google, Amazon, Facebook, Apple and Microsoft, more specifically), who provide Net surfers and companies alike with vital services (traffic analyses, advertising positioning, etc.). In principle, these operators are, like us, obliged to comply with the European General Data Protection Regulation and the Privacy Shield (EU-USA data protection shield). However, in a specific case where the power relations are particularly unbalanced, the ROSSEL Group undertakes to transfer data within Europe only and to, to the best of its ability, limit the transfer of personal data if it detects any flaws in the security measures these operators have put in place or if they use personal data for purposes other than those the ROSSEL Group received your consent for. Google, Amazon, Facebook, Apple and Microsoft are also qualified as “data controllers” and therefore fully assume their responsibilities and duties associated with the processing of personal data. The ROSSEL Group will assume its responsibilities, limited to the personal data it processes, and within the framework of protection it has developed.
Your consent and your rights
The protection we are obliged to afford to your personal data is based on the fact that you transmit them to us and consent to us using them.
We will for instance ask for your consent so that we can:
- contact you to offer you products or services, by email, via push or Web notifications, by text message or via the social media;
- offer you geolocation-based services so that we can send you push notifications in a well-defined context.
Various entities of the ROSSEL Group will ask you to complete a profile if you want to use a website or service. In that context, you are free to manage your personal data as you see fit. To provide you with a proper service however, some of these personal data are mandatory.
The General Data Protection Regulation has strengthened your rights in terms of managing your personal data and accords you a number of rights:
- the right to access your personal data, i.e. the right to obtain (i) confirmation that the data are used and (ii) communication of the data that are used and were/will be communicated to Recipients;
- the right to withdraw your consent to use your personal data, whether in part or in full;
- the right to have any personal data that are inaccurate or incomplete rectified or corrected;
- the right to have your personal data erased if they are no longer used, have been used illegitimately or if you have withdrawn your consent;
- the right to file a complaint with the Belgian Data Protection Authority https://www.dataprotectionauthority.be/;
- the right to data portability which entails the right to ask that your personal data are transmitted to you personally or to another data controller so that the latter can provide you with his services;
- The right to limit the use of your personal data.
To exercise any one of these rights, please fill out the GDPR Form Marketing and Business, making sure to enter all the relevant information that is necessary to exercise your various rights.
Furthermore, to cater for situations where your personal data were used in the editorial pages of our digital papers, i.e. “for journalistic purposes”, as defined under the GDPR, the Belgian media have drawn up a Charter on the course of action open to citizens named in an online publication, on the basis of which you are entitled to:
- have any inaccurate information corrected;
- have any judicial data updated;
- have the link to the web page (URL) deleted, otherwise known as dereferenced or de-indexed by the ROSSEL Group, if a search engine refuses to comply with your request.
To exercise any one of these rights, please fill out the GDPR Form Erasure of personal data used for journalistic purposes, making sure to enter all the relevant information that is necessary to exercise your various rights.
Even though we meticulously examine each request we receive, we must:
- be able to authenticate applicants exactly. Data controllers have put an authentication process in place to help them ascertain that the applicant is also the person who is the subject of the request. This requirement should not pose any problems given that you need an account to connect. However, in the event of doubt about an applicant’s identity, the data controller is obliged to ask for further details;
- be given enough time to respond. Your request will be processed without undue delay and at the latest within one month of receipt. For more complex requests, this period may be extended by two months;
- be permitted to refuse requests that are unfounded or excessive. Certain requests may incur a fee.
If the data controller refuses to comply with your request he will notify you accordingly and inform you that you are free to contact the Belgian Data Protection Authority.