Privacy Policy

Content

1. Who are we?
2. What data do we collect?
3. What do we use your data for?
4. Legal basis for processing
5. Sharing with third parties
6. Retention period
7. Cookies
8. Interactive map & OpenStreetMap
9. Your rights under the GDPR
10. Security
11. Changes to this policy
12. Contact details

1. Who are we?

Poste Passé is a sole proprietorship under Belgian law, specialising in the sale of vintage Belgian postcards via the webshop atwww.postepasse.be.

Data controller:

Diederik De Lange

9800 Deinze Belgium

Company number:1035.823.507

Email:info@postepasse.be

2. What data do we collect?

We only collect the personal data necessary for the operation of our webshop and the execution of your order:

• Identification data:first name, last name
• Contact data:email address, phone number (optional)
• Address data:delivery address and possibly billing address
• Order data:ordered items, order amounts, order history
• Payment data:payment method and transaction information (card numbers are never stored by us but are only processed by our payment provider)
• Technical data:IP address, browser type and session data via cookies

We do not collect special categories of personal data (such as data about health, ethnicity or political preference).

3. What do we use your data for?

Your personal data is used for the following purposes:

• Processing and sending your orders
• Creating and managing your customer account
• Issuing invoices and complying with accounting and tax obligations
• Communication about your order (confirmation, shipping status, customer service)
• Improving our webshop and personalising your shopping experience
• Sending our newsletter, only if you explicitly consent to this (opt-in)

4. Legal basis for processing

We process your personal data based on the following legal grounds from the General Data Protection Regulation (GDPR):

• Performance of a contract(art. 6.1.b GDPR): when you place an order, we need your data to process and deliver that order.
• Legal obligation(art. 6.1.c GDPR): we are required to keep certain data for accounting and tax purposes.
• Consent(art. 6.1.a GDPR): for sending commercial newsletters. You can withdraw your consent at any time.
• Legitimate interest(art. 6.1.f GDPR): for improving our website and preventing fraud.

5. Sharing with third parties

Poste Passé never sells, rents or distributes your personal data to third parties for commercial purposes. We only share your data with the following parties, as far as necessary for the service provision:

• Delivery service (bpost / Sendcloud):your name and delivery address are shared with our logistics partner to deliver your order and provide you with a tracking code.
• Payment provider:your payment details are processed by our payment provider. Poste Passé does not have access to your full card numbers.
• Hosting partner (Odoo S.A.):our webshop operates on the Odoo platform. Odoo acts as a processor of your data and operates in accordance with the GDPR. More information can be found in theOdoo privacy policy.

With each processor, we enter into a processing agreement in accordance with Article 28 of the GDPR.

6. Retention period

We do not retain your personal data longer than necessary for the purposes for which they were collected:

• Customer account data:as long as your account is active. You can request to have your account deleted at any time.
• Order and invoicing data:7 years after the financial year in which the transaction took place, in accordance with Belgian accounting legislation.
• Newsletter data:until you unsubscribe.

7. Cookies

Our webshop uses cookies to ensure the website functions properly and to improve your user experience.

• Necessary cookies:session cookies for the shopping basket, login status, and language preference. These are essential for the functioning of the webshop and do not require consent.
• Analytical cookies:if applicable, to gain anonymous insight into the use of the website (e.g. visitor numbers, popular pages). These are only placed with your consent.

You can manage or block the use of cookies through your browser settings. Disabling necessary cookies may affect the functioning of the webshop.

8. Interactive map & OpenStreetMap

Our webshop offers an interactive map where you can discover postcards based on their geographical origin. This map usesLeaflet.jsin combination with map tiles fromOpenStreetMap.

When loading the map, map tiles are retrieved from the OpenStreetMap servers. Your IP address may be passed to the OpenStreetMap Foundation (OSMF). Poste Passé has no control over this. For more information, we refer you to theprivacy policy of the OpenStreetMap Foundation.

The map functionality does not require location access from your device. The locations displayed are the historical origin locations of the postcards, not your personal location.

9. Your rights under the GDPR

Under the General Data Protection Regulation, you have the following rights:

• Right of access:you can request to know what data we hold about you.
• Right to rectification:you can request to correct inaccurate or incomplete data.
• Right to erasure:you can request to have your data deleted, unless we are legally obliged to keep it.
• Right to restriction of processing:you can request to restrict the processing of your data (temporarily).
• Right to data portability:you can request to receive your data in a structured, commonly used, and machine-readable format.
• Right to object:you can object to the processing of your data for direct marketing.
• Right to withdraw consent:if the processing is based on your consent, you can withdraw it at any time.

To exercise your rights, please contact us viainfo@postepasse.be. We will respond to your request within 30 days.

If you believe that your data is being processed unlawfully, you have the right to lodge a complaint with theData Protection Authority(DPA):

Data Protection Authority

Press Street 35, 1000 Brussels

Tel: +32 (0)2 274 48 00

www.gegevensbeschermingsautoriteit.be

E-mail:contact@apd-gba.be

10. Security

Poste Passé takes appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. The webshop uses SSL encryption (HTTPS) for a secure connection. Payments are processed through secure and certified payment providers.

Despite our efforts, no digital data transmission or storage method can be considered 100% secure. If you suspect that your data is no longer secure, please contact us immediately.

11. Changes to this policy

Poste Passé reserves the right to amend this privacy policy at any time, for example in response to changes in legislation or changes in our services. The most recent version is always available on this page. In the event of significant changes, we will inform you via email or through a notification on the website.

12. Contact details

For questions, comments or requests regarding this privacy policy or the processing of your personal data, you can contact us:

Poste Passé

Diederik De Lange

Email:info@postepasse.be

Website:www.postepasse.be