GDPR POLICY

Purpose

This Policy is established by Dream Family, located at Rue de L’hocaille, 5/112, B-1348 Louvain-la-Neuve, Belgium, registered under company number BE 0826 368 041 (hereinafter referred to as the “data controller”).

The purpose of this Policy is to inform visitors of the website www.carebybmc.com (hereinafter referred to as the “website”) about how data is collected and processed by the data controller.

This Policy reflects the data controller’s commitment to act transparently, in compliance with national legislation and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter the “General Data Protection Regulation” or “GDPR”).

The data controller places particular importance on protecting the privacy of its users and undertakes to take reasonable precautions to protect personal data against loss, theft, disclosure, or unauthorized use.

“Personal data” is defined as any information relating to an identified or identifiable natural person.

If a user wishes to respond to any of the practices described below, they may contact the data controller at the postal or email addresses provided in the “Contact Information” section of this Policy.

 

What data do we collect?

The data controller collects and processes the following personal data, according to the principles and procedures described below:

• The user’s domain (automatically detected by the server of the data controller), including dynamic IP address;

• The user’s email address if previously provided, for example when sending messages or inquiries via the website, communicating with the data controller by email, participating in discussion forums, or accessing restricted areas of the website through authentication;

• Information regarding the pages the user has visited on the website;

• Any information voluntarily provided by the user, such as through surveys and/or registration on the website, or when accessing restricted areas via authentication.

Additionally, the following data may be collected:

• Contact information (name, surname, address, date of birth, gender, and generally all data provided directly when creating an account or registering for a contest);

• Data related to your orders.

Non-personal data may also be collected. This data does not allow the direct or indirect identification of a person and may be used for purposes such as improving the website, products, services, or advertising.

If non-personal data is combined with personal data such that individuals could be identified, it will be treated as personal data until identification is no longer possible.

 

Methods of collection

Personal data is collected through:

• Proactive contact by the user, usually via telephone or email;

• During the user’s visit to our website;

• Newsletters;

• Social media platforms.

 

Purposes of processing

Personal data is collected and processed only for the following purposes:

• To manage and monitor the provision of services;

• To send and track orders and invoices;

• To send promotional information about the data controller’s products and services;

• To send promotional materials;

• To respond to user inquiries;

• To compile statistics;

• To improve the quality of the website and the products and/or services offered by the data controller;

• To provide information on new products and/or services;

• For marketing and commercial prospecting purposes;

• To better identify user interests.

The data controller may process personal data for purposes not yet specified in this Policy. In such cases, the user will be informed before reuse, allowing them to refuse such processing.

 

Legitimate interests

Some processing activities are based on the data controller’s legitimate interests. These interests are balanced against the rights and freedoms of the user. Users may contact the data controller for details of processing based on legitimate interests (see “Contact Information”).

 

Retention period

Generally, personal data is retained only as long as necessary for the purposes described and in compliance with legal requirements.

Client data is retained for a maximum of 10 years after the end of the contractual relationship.

After this period, the data controller ensures that personal data is rendered inaccessible and unavailable.

 

Exercise of rights

The data controller may verify the user’s identity when applying the rights listed below. Requests will be processed within one month from receipt.

Access to data and copies

Users may obtain free written communication or a copy of their personal data collected.

The data controller may charge reasonable administrative costs for additional copies.

Electronic requests will be fulfilled electronically unless otherwise requested.

Data will generally be provided within one month of the request, except as provided by GDPR.

Right to rectification

Users may request correction of inaccurate, incomplete, or irrelevant personal data free of charge, within one month.

Requests are processed promptly and, unless otherwise provided by GDPR, within one month.

Right to object to processing

Users may object at any time for reasons related to their particular situation, free of charge, to the processing of their personal data when:

• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority;

• Processing is necessary for the legitimate interests of the data controller or a third party, unless overridden by fundamental rights and freedoms (e.g., a child’s data).

The data controller may refuse to honor an objection if there are compelling legitimate grounds, or for the establishment, exercise, or defense of legal claims.

Users may also object at any time, without justification, to the processing of personal data for direct marketing (including profiling).

For scientific, historical, or statistical purposes, users may object to processing for reasons related to their specific situation, unless necessary for public interest tasks.

The data controller will respond within one month, providing justification if the request is denied.

Right to restriction of processing

Users may request restriction of processing in the following cases:

• When the accuracy of the data is contested;

• When processing is unlawful but erasure is not desired;

• When data is no longer needed but required for legal claims;

• During review of an objection request, pending balancing of interests.

The data controller will inform the user when the restriction is lifted.

Right to erasure (“right to be forgotten”)

Users may request erasure when:

• Data is no longer necessary for processing purposes;

• Consent is withdrawn and no other legal basis exists;

• Users object and no overriding legitimate grounds exist;

• Data has been unlawfully processed;

• Data must be erased to comply with legal obligations;

• Data relates to information society services offered to children.

Exceptions apply when processing is necessary for freedom of expression, legal obligations, public interest, research, statistical purposes, or legal claims.

The data controller will respond within one month, providing justification if the request is denied.

Right to data portability

Users may request their personal data in a structured, commonly used, and machine-readable format for transfer to another data controller if processing is automated and based on consent or contract.

Users may also request direct transmission to another controller if technically feasible.

This right does not apply to processing necessary for public interest tasks.

 

Data recipients and third-party disclosure

Recipients of personal data include the data controller, its staff, carefully selected partners within the EU, and subcontractors collaborating in the provision of services or marketing.

If data is disclosed for marketing purposes, users will be informed beforehand and may withdraw consent at any time.

The data controller ensures that all recipients respect this Policy.

Personal data may also be disclosed if required by law, court order, or public authority.

No transfer outside the EU is performed.

 

Security

The data controller implements appropriate technical and organizational measures to ensure security and protect data against risks.

Standard industry encryption is used for data transfers on the website.

Measures are in place to prevent loss, misuse, or alteration of information.

In case of a data breach, the controller will act quickly to identify causes and remediate, informing users if required by law.

 

Complaints

Users may contact the data controller directly regarding this Policy.

Users may also file a complaint with their national supervisory authority. Details are available at the European Commission: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Users may also seek recourse through competent national courts.

 

Contact Information

Email: contact@carebybmc.com

Postal address:

Dream Family

Rue de L’hocaille, 5/112

B-1348 Louvain-la-Neuve, Belgium

 

Modification

The data controller reserves the right to modify this Policy at any time. Changes will be published directly on the website.

 

Applicable law and jurisdiction

This Policy is governed by the national law of the data controller’s principal place of establishment.

Any dispute concerning the interpretation or execution of this Policy shall be subject to the jurisdiction of the courts governed by that law.

This version of the Policy is effective as of April 16, 2025.