;

Privacy Statement

Updated December 27, 2022

1. Parties and Object
JSP GROUP INTL BV (hereinafter "Corally.com" or the "Controller").
Geelseweg 80, 2250 OLEN, Belgium
KBO/BTW: BE0432051757
E-Mail: DPO@jsp-group.be
Telephone: +3214259280

Corally.com establishes this Privacy Policy, which aims to transparently inform Users about the website hosted at the following address: www.corally.com, (hereinafter the "Site"), and about the manner in which personal data are collected and processed by Corally.com.
The term "User" refers to any user, whether natural or legal, who visits the Site or communicates with the Site in any way.

In its capacity as data controller, Corally.com determines all the technical, legal and organisational means and purposes for processing the Users' personal data. Corally.com undertakes to take all necessary measures to ensure that the processing of personal data is carried out in accordance with the Law of July 30, 2018 on the protection of natural persons with regard to the processing of personal data (hereinafter the "Law") and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (i.e., the General Data Protection Regulation (GDG) or "GDPR"; hereinafter the "Regulation").

Corally.com is free to choose a natural or legal person to process the users' personal data at its request and on its behalf (hereinafter the "Processor" or "Subcontractor"). Where appropriate, Corally.com undertakes to select a Processor that provides sufficient guarantees regarding the technical and organizational measures for processing personal data, in accordance with the Law and the Regulation.

2. Processing of personal data.
The use of the Site by Users may lead to the collection of personal data. The processing of this data by Corally.com, in its capacity as Processing Responsible Party or by service providers acting in the name and on behalf of Corally.com, occurs in accordance with the Law and the Regulation.
Personal data is processed by Corally.com, in accordance with the purposes listed below, through the following methods:

• Newsletter subscription form
• Registration as a customer

3. Purpose of processing personal data
In accordance with Article 13 of the Regulation, the purposes of processing personal data are communicated to the User. Those purposes are the following:

• Emailing as necessary to carry out our services     
• Place orders and checkout directly     
• To send our newsletter when you have subscribed to it     
• To send information in response to the contact form     
• Analyze your behavior on the website in order to improve our website and tailor it to your preferences     
• Proposals to upgrade purchased products

4. Personal data that may be processed
The User agrees that, during the visit and use of the Site, Corally.com collects and processes the following personal data:

• Name     
• Address data     
• Email     
• Telephone     
• Payment data     
• Other personal data you actively provide when contacting us     
• Location data     
• Data about your activities on our website     
• IP address     
• Internet browser and device type

Corally.com collects and processes this personal data in accordance with the conditions and principles described in this Privacy Policy.

5. Consent
By accessing and using the Site, the User declares that he/she has read and given his/her free, specific, informed and unambiguous consent to the processing of his/her personal data. This agreement relates to the contents of this Privacy Policy.

Consent is given by the positive and active act by which the User has checked the box for the Privacy Policy in 'hypertext link'. This consent is an essential condition for performing certain actions on the Site or for enabling the User to enter into a contractual relationship with Corally.com. Any agreement binding Corally.com and a User regarding the services and goods offered on the Site is subject to the User's acceptance of the Privacy Policy.

The User agrees that the Controller, in accordance with the terms and principles contained in this Privacy Policy, collects and processes his/her personal data that he/she provides on the Site or in connection with the services offered by Corally.com, for the purposes stated above.

The User has the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on the prior consent.

6. Retention period of the Users' personal data
In accordance with Article 13, paragraph 2 of the Regulation, the Controller shall retain the personal data only for as long as is reasonably necessary to achieve the purposes for which they are processed.
This duration is in all cases no longer than strictly necessary to achieve the purposes for which your data are collected.

7. Recipients of data and disclosure to third parties
Personal data can be transmitted to employees, employees, subcontractors, processors or suppliers of Corally.com insofar as adequate guarantees are provided for data security and insofar as they cooperate with Corally.com for marketing the products or providing services. They act under the direct authority of Corally.com, and in particular are responsible for collecting, processing or outsourcing this data.

In all cases, the recipients of the data and those to whom the data is provided comply with the contents of this Privacy Policy. Corally.com ensures that they process this data only for the intended purposes and in a discreet and secure manner.

In the event that the data would be provided to third parties for purposes of direct marketing or prospecting, the User will be informed in advance so that he or she can give prior and express consent to this use of personal data.

8. Data Protection Officer (DPO).
The following person is appointed as "Data Protection Officer" or "Data Protection Officer" (hereinafter "DPO"): Stefan Engelen.
The DPO's role is to ensure the correct implementation of and compliance with national and supranational provisions on the collection and processing of personal data.
You can contact the DPO as follows:

• Email: DPO@jsp-group.be
• Phone: +32 14 25 92 80

9. Rights of Users.
The User may exercise his/her rights at any time by sending a message by email to the following address: DPO@jsp-group.be, or a letter by post accompanied by a copy of his or her identity card to the following address: Geelseweg 80, 2250 OLEN, Belgium.

9.1. Right of Access.
In accordance with Article 15 of the Regulation, Corally.com guarantees the User's right to access his or her personal data. The User has the right to access these personal data and the following information:
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the personal data have been or will be provided;
• in case the recipients are located in third countries or international organizations, the appropriate or suitable safeguards;
• if possible, the proposed storage period for personal data or, if this is not possible, the criteria by which this period is determined;
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation and, at least in such cases, relevant information on the underlying logic, as well as the significance and expected consequences of such processing for the data subject.

The Controller may claim a reasonable fee based on the administrative costs for additional copies requested by the User.
If the User makes this request electronically (e.g., via email address), the data will be provided in electronic form and for general use, unless the User requests otherwise. The copy of the data will be communicated to the User at the latest within one month of receiving the request.

9.2. Right of rectification
Corally.com guarantees the right to rectification and deletion of personal data to the User.

In accordance with Article 16 of the Regulation, incorrect, inaccurate or irrelevant data may be corrected or deleted at any time. The User first makes the necessary changes himself from his user account, unless they cannot be made independently, in which case the request can be directed to Corally.com.

In accordance with Article 19 of the Regulation, the controller shall notify any recipient to whom the personal data have been provided of any rectification of the personal data, unless such rectification proves impossible or requires disproportionate efforts. The controller shall provide the data subject with information about these recipients if requested by the data subject.

9.3. Right to erasure
The User has the right, in the cases mentioned in Article 17 of the Regulation, to obtain the erasure of his personal data as soon as possible.

Where the Controller has disclosed the personal data and is obliged to erase them pursuant to the previous paragraph, the Controller, taking into account available technologies and implementation costs, shall take reasonable measures, including technical measures, to inform other controllers processing such personal data that the Data Subject has requested by such controllers to erase the connection with such personal data or a copy or reproduction thereof.

The two preceding paragraphs shall not apply to the extent that such processing is necessary:
• the exercise of the right to freedom of expression and information;
• to comply with a legal obligation to process under Union law or the law of the Member State to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
• the establishment, exercise or defense of legal claims.

In accordance with Article 19 of the Regulation, the controller shall notify any recipient to whom the personal data have been disclosed of any erasure of personal data or any restriction of their processing, unless such disclosure proves impossible or involves a disproportionate effort. The controller shall provide the data subject with information about these recipients if the data subject so requests.

9.4. Right to restrict processing
The User has the right to limit the processing of his personal data in the cases specified in Article 18 of the Regulation.

In accordance with Article 19 of the Regulation, the controller shall notify any recipient to whom the personal data have been disclosed of any restriction on the processing carried out, unless such disclosure proves impossible or involves a disproportionate effort. The controller shall provide the data subject with information about these recipients if requested by the data subject.

9.5. Right to data portability
In accordance with Article 20 of the Regulation, Users have the right to receive from Corally.com their personal data in a structured, commonly used and machine-readable format. Users have the right to transfer this data to another data controller without preventing Corally.com from doing so, in the cases provided for in the Regulation.

When the User exercises his right to data portability under the previous paragraph, he has the right to have personal data transferred directly from one processing controller to another, insofar as this is technically possible.

The exercise of the right to data portability does not affect the right to erasure. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right to data portability does not affect the rights and freedoms of third parties.

9.6. Right to object and automated individual decision-making
The User has the right to object at any time to the processing of his/her personal data due to his/her specific situation, including the automation of data by Corally.com. In accordance with Article 21 of the Regulation, Corally.com will no longer process personal data unless there are legitimate and compelling reasons for the processing that override the interests and rights and freedoms of the User, or for the establishment, exercise or defense of legal rights.

When processing personal data for prospecting purposes, the User has the right to object at any time to the processing of personal data concerning him/her for such prospecting purposes, including profiling insofar as it relates to such prospecting.

If the Data Subject objects to the processing for prospecting purposes, the personal data shall no longer be processed for that purpose.

9.7. Right to complain
The User has the right to file a complaint regarding the processing of his personal data by Corally.com, to the Data Protection Authority competent for the Belgian territory. More information can be found on the website: https://www.gegevensbeschermingsautoriteit.be/.

Complaints can be filed at the following addresses:
Data Protection Authority     
Rue du Printing Press 35, 1000 Brussels     
Tel. + 32 2 274 48 00
Fax. + 32 2 274 48 35     
E-mail: contact@apd-gba.be

The User may also file an action for cessation with the president of the court of first instance of his place of residence.

10. Cookies
The Site uses cookies to distinguish Users of the Site. This makes it possible to provide Users with a better browsing experience and an improvement of the Site and its content. The purposes and methods of cookies are included in this article.

10.1. General Principles
A "Cookie" is a file placed temporarily or permanently on the User's device when viewing the Site with a view to a subsequent connection. Thanks to Cookies, the server recognizes the User's device.
Cookies may also be installed by third parties with whom Corally.com collaborates.
Some of the cookies used by Corally.com are necessary for the proper functioning of the Site, others are necessary to improve the User's experience.
The User can modify or disable cookies. By using the Site, the User expressly consents to the management of cookies as described in this article.

10.2. Types of cookies and purposes pursued.
Different types of cookies are used by Corally.com on the Site:

• Technical cookies: these are necessary for the operation of the Site, enable the communication of the data entered and are intended to facilitate the User's navigation;
• Analytical and audience cookies: these cookies allow the recognition of the User and are used to count the number of Users of the Site over a certain period of time. Since they also indicate browsing behavior, they are an effective way to improve the User's browsing experience by displaying proposals and offers that may be of interest to the User. They also allow Corally.com to identify and correct any bugs on the Site;
• Functional cookies: these cookies facilitate the use of the Site by maintaining certain choices entered (for example, username or language);
• Tracking cookies: Corally.com uses tracking cookies through Google Analytics to measure users' interaction with the Site content and produce anonymous statistics. These statistics allow Corally.com to improve the Site. Google supports the explanation of these cookies at the following address: http://www.google.nl/intl/en_uk/policies/privacy/.

10.3. Cookie retention period.
Cookies are stored for the time necessary to achieve the intended purpose. The cookies that may be stored on the User's hard drive and the storage period are as follows:

Google Analytics     Analytical     

_ga 2 years 
_ga_YR8TLNXTBG 2 years 
_gat_gtag_UA_50167580_1 End of session
_gid 23 hours      
_ga_WXTQX3N765 2 years

10.4. Management of cookies.
If the User does not want the Website to place cookies on his hard drive, he can easily manage or delete them by adjusting his browser settings. Browser programming also allows the User to receive a notification as soon as a Website uses cookies and thus decide whether to accept or reject them.
If the User disables certain cookies, he accepts that the Site may not function optimally. Some parts of the Site may not be usable or partially usable.
If the User wishes to manage and/or delete certain cookies in this manner, he/she may do so through the following link(s):

For Users with a browser:
• Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
• Microsoft Edge: http://windows.microsoft.com/en-gb/windows-10/edge-privacy-faq
• Chrome: https://support.google.com/accounts/answer/61416?hl=fr
• Firefox: https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences
• Safari: https://support.apple.com/kb/ph21411?locale=fr_CA

If the User refuses to allow the use of Google Analytics cookies, he or she is invited to configure his or her browser to do so at the following website: http://tools.google.com/dlpage/gaoptout.

11. Limitation of Liability of the Controller.
The website may contain links to other third-party websites that are not linked to Corally.com. The content of these sites and compliance with the Regulation and the Law are not the responsibility of Corally.com.

The holder of parental authority must give his or her express consent to the minor under 16 years of age to disclose personal information or data through the Site. Corally.com strongly encourages persons exercising parental authority over minors to promote responsible and safe use of the Internet. The Controller cannot be held liable for the collection and processing of personal information and data of minors under 16 years of age whose consent is not effectively covered by that of their legal parents, nor for inaccurate data - especially regarding age - entered by minors. In no case will personal data be processed by the Controller if the user indicates that he/she is under 16 years of age.

Corally.com is not responsible for loss, damage or theft of personal data, in particular due to the presence of viruses or following computer attacks.

12. Safety and Security.
The Controller shall implement technical and organizational measures to ensure an appropriate level of security for the processing and collection of data. These security measures depend on the implementation costs related to the nature, context and purposes of the processing of personal data.
The Controller uses standard encryption technologies within the IT sector when transferring or collecting data on the Site.

13. Modification of the Privacy Policy.
Corally.com reserves the right to modify this Privacy Policy in order to comply with legal obligations in this regard. The User is therefore requested to regularly consult the Privacy Policy in order to be informed of any changes and modifications. Such changes will be posted on the Site or sent by email to ensure objectionability.

14. Governing Law and Jurisdiction.
This Privacy Policy is governed exclusively by Belgian law. Any dispute shall be submitted to the courts of the judicial district of the registered office of Corally.com.

15. Contact
For any question or complaint regarding this Privacy Policy, the User can contact the Processing Manager at the following address: DPO@jsp-group.be.