PRIVACY POLICY – GDPR

Oh… Really? by Sandra Lacroix is committed to protecting and processing your personal data in strict compliance with the applicable legislation, including the General Data Protection Regulation (hereinafter “GDPR”), with full transparency, whether you are a client or a mere visitor of the Site.

1 – DATA CONTROLLER

The processing of data is under the responsibility of Oh… Really? by Sandra Lacroix (represented by Sandra Lacroix [hereinafter “We”], operating through the activity cooperative SmartBe – Productions associées ASBL, rue Coenraets 72, 1060 Brussels – EU VAT No. BE 0896 755 397 – Website: www.smartbe.be).

For any questions regarding the use of your data, you may contact us by e-mail at hello@ohreallystuff.com.

2 – DATA COLLECTED

We only collect the data necessary for the proper functioning of our online store.

Data you provide to us for the supply of products:

-Account identification data: surname, first name, e-mail address. Your password is unknown to us and remains your sole responsibility to keep confidential.

-Order data: shipping and billing postal addresses, phone number, payment data (via secure providers).

The mandatory or optional nature of the data (e.g., for the execution of your orders or for the opening and management of your potential account) is indicated at the time of collection with an asterisk. Please note that we will not be able to process your orders if you do not complete the mandatory fields.

Data collected automatically when you access our Site using cookies, log files, web beacons, tags, pixels, etc.:

-Connection and browsing data: selected language, time zone, contact identifiers, TCP/IP address, browser type and version, referring domain and pages visited, search terms, and the way you interact with the Site.

-Newsletter subscription: e-mail address.

A cookie is a small text file stored on your device when you visit our Site. We use different types of cookies, including functional, performance, advertising, or social media cookies. For more information, please refer to our Cookie Policy (see Section 7 below).

3 – PURPOSES OF PROCESSING AND LEGAL BASES

Your data is used:

-to provide the ordered products, within the framework of the performance of the contract or for pre-contractual measures (creation and management of the account, processing and delivery of ordered products, commercial and accounting management of orders, handling of complaints and unpaid invoices, customer service management, etc.);

-for reasons of our legitimate interest: to improve the quality and relevance of the products we offer, to enhance our communication with you, and to analyze data (including website traffic statistics, monitoring of opening rates, click rates, and bounce rates at an individual level, statistics carried out on previously anonymized data).

In this context, we will ensure that a balance is maintained between our legitimate interest and the protection of your privacy.

The collection of data takes place:

-with your consent: for sending our newsletters or information about our products, and for cookies that are not strictly technical or functional, it being understood that you have the right to withdraw your consent at any time (see Section 7 below);

-in order to comply with legal and regulatory obligations to which we are subject, notably in the fields of labor law, accounting and tax obligations, as well as personal data protection.

4 – DATA SHARING

Oh… Really? by Sandra Lacroix undertakes not to sell, rent, or transfer your data to third parties. For the provision of our products, we may need to share your data with subcontractors or partners.

To ensure the proper functioning of our Site and to execute your orders, we rely on specialized partners acting as subcontractors, such as parcel delivery companies. They are contractually bound to us and are therefore required to follow our instructions, respect the confidentiality of the data received, and may not under any circumstances use such data for purposes other than performing services on our behalf.

With your consent or where a legitimate interest justifies it, Sandra Lacroix may or must transfer certain data to business partners (such as website hosting providers), who act as “data controllers” with respect to the processing of your data.

Please note that these partners have GDPR policies that may differ from ours. For more information about these processing activities, we invite you to consult their GDPR policies.

We use OVHcloud and WordPress to host our Site. For more information on how they process your personal information, please visit:

-https://www.ovhcloud.com/en/personal-data-protection/

-https://en.wordpress.org/about/privacy/

We also share your data to provide you with targeted advertising or marketing communications that we believe may be of interest to you, notably through the following tools:

-Google Analytics: helps us understand how visitors use the Site. For more information on how Google processes your personal information, please visit https://www.google.com/intl/en/policies/privacy/. You may also disable Google Analytics here: https://tools.google.com/dlpage/gaoptout.

-Advertising partners: we share with them information about your use of the Site, your purchases, and your interactions with our advertisements displayed on other websites, directly or through cookies or similar technologies. For more information on targeted advertising, please consult the educational page of the Network Advertising Initiative (“NAI”): https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

To block advertising cookies, you may also use the Digital Advertising Alliance opt-out portal: https://optout.aboutads.info/.

5 – DATA RETENTION

Your personal data is kept for as long as necessary for the purposes for which it was collected (for cookies, see the specific retention periods mentioned in our Cookie Policy – Section 7 below). Where your data is used to provide our products, it is retained until the expiry of the statutory limitation period or any other retention period imposed by law.

-Order-related data: retained for 10 years (legal obligation)

-Customer account data: retained as long as the account is active.

-Newsletter: until unsubscription.

6 – YOUR RIGHTS

You have a right of access, a right to rectification, a right to erasure, and a right to data portability. Under certain conditions, you also have the right to object to their processing or to obtain restriction of processing. These rights are free of charge and may be exercised at any time.

-Right of access: you have the right to access the data concerning you and to receive a copy.

-Right to rectification: you have the right to correct inaccurate or outdated data. We take all reasonable steps to ensure that the data we hold is up to date and to delete data that proves inaccurate or no longer necessary for processing. If you have an account, you can directly rectify or update the data therein.

-Right to erasure (“right to be forgotten”): in certain circumstances (e.g., where the processed data is no longer necessary for the purpose of processing), you have the right to request its deletion.

-Right to restriction of processing: you may request restriction of processing of your data, in which case your data will no longer be processed (but will be retained).

-Right to data portability: you have the right to obtain that the data you have provided to us be transmitted to you in a structured, commonly used, and machine-readable format.

-Right to object: where the processing of your data is based on the legitimate interest of Sandra Lacroix, you have the right to object at any time for reasons related to your particular situation. In such case, Sandra Lacroix may oppose you with compelling legitimate grounds justifying the continuation of the processing. Note that you have the right to object, at any time and free of charge, to the processing of your data for prospecting purposes (direct marketing) without any exception. This also includes the right to object to profiling insofar as it is related to such prospecting. In the context of direct marketing, this means that you may unsubscribe from newsletters and other commercial communications at any time by contacting us at hello@ohreallystuff.com or by clicking the unsubscribe link included at the bottom of each e-mail.

-Withdrawal of consent: where the processing by Sandra Lacroix is based on your consent, you may withdraw it at any time. Such withdrawal shall not affect the lawfulness of the processing carried out before the withdrawal.

-Right to object to processing based solely on automated decision-making (including profiling), where such decision-making has legal effects or significantly affects you.

We do not make fully automated decisions having legal or significant effects on you.

Our subcontractor OVH uses limited automated decision-making to prevent fraud, which has no legal or significant effect on you.

The services including elements of automated decision-making are:

-a temporary blacklist of IP addresses associated with repeated failed transactions (lasting for a few hours);

-a temporary blacklist of credit cards associated with blacklisted IP addresses (lasting for a few days).

To exercise your rights, simply send an e-mail to hello@ohreallystuff.com. Any request relating to your rights must include your full contact details (surname, first name, e-mail address, full postal address) and be accompanied by a copy of your identity card (front and back), in order to prevent abuse and ensure the security of your data.

7 – COOKIE POLICY

Cookies are small text files stored on your device when you visit our Site, which is hosted by OVH and WordPress.

We use different types of cookies, including functional, performance, advertising, or social media cookies. Cookies enhance your browsing experience by enabling the Site to remember your actions and preferences (such as login and language choice). This means you do not need to re-enter this information each time you return to the Site or navigate from one page to another. Cookies also provide information about how you use the Site, for example, whether it is your first visit or if you are a frequent visitor.

You are not obliged to accept (all) our cookies. However, if you do not accept or delete our cookies, you may not be able to fully enjoy certain functionalities of our Site or have the best user experience.

We use different types of cookies:

-Strictly necessary cookies: these cookies are essential for the operation of the Site and allow you to browse and use its functionalities. They are mandatory.

-Functional cookies: these cookies enhance and personalize your navigation on the Site and remember your choices (such as your username, language, or region). They provide you with an enhanced and more personalized experience.

-Analytical / performance cookies: these cookies collect information about your use of our Site, such as the pages/features you visit most frequently, and allow us to improve its operation. All collected information is aggregated. If you do not accept these cookies, we will not be informed of your visit to our Site.

-Advertising / marketing cookies: these cookies may be placed on our Site by our advertising partners. They may be used by these companies to build a profile of your interests and show you relevant ads on other websites. Third-party tracking pixels (e.g., Google Analytics) are also present on our Site as part of our various advertising campaigns. They are used to allow more in-depth analysis of advertising campaign performance.

-Social media cookies: these are third-party cookies (e.g., Facebook or Instagram) enabling your interaction with these social networks.

The length of time a cookie remains on your computer or mobile device varies depending on whether it is a persistent or a session cookie. Session cookies last until you stop browsing, and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and expire between 30 minutes and two years from the date they are downloaded to your device.

There are several ways to disable, configure, and manage cookies via your Internet browser settings (Chrome, Safari, Edge, etc.).

More information about cookies is available at:

https://allaboutcookies.org

http://www.youronlinechoices.eu

8 – DATA SECURITY

To best protect your personal data, Oh… Really? by Sandra Lacroix has implemented appropriate technical and organizational security measures to prevent the destruction, loss, misuse, alteration, modification, unauthorized access, or disclosure of this information. We use industry-standard SSL encryption to protect data transmissions and also safeguard your personal data against unauthorized access through access control procedures, firewalled networks, and physical security measures.

It is also important that you cooperate with these security measures, notably by preventing unauthorized access to your username and password.

If you believe there has been a breach of data protection legislation, you may file a complaint with the Belgian Data Protection Authority:
Autorité de Protection des Données, Rue de la Presse 35 B, 1000 Brussels, Tel: +32 2 274 48 00, E-mail: contact@apd-gba.be.

9 – TRANSFER TO THIRD COUNTRIES

Your personal data will only be transferred or disclosed to processors or controllers outside the European Economic Area to the extent legally permitted.

Where applicable, appropriate measures will be taken to ensure that your personal data is significantly protected and that such disclosures or transfers are lawful and legitimate. If disclosure or transfer occurs to a country not recognized by the European Commission as providing an adequate level of protection, such disclosure or transfer will be subject to the conclusion of standard contractual clauses as established by the European Commission or to the adoption of binding corporate rules.

10 – PROTECTION OF MINORS

You must be over eighteen (18) years of age to place an order on our Site.

If you become aware that a minor under your responsibility has provided us with personal information without your consent, please notify us at hello@ohreallystuff.com. We do not knowingly collect personal information about minors. If we learn that a minor has provided us with personal information, we will take the necessary steps to delete such information and close the minor’s account within a reasonable timeframe.

11 – UPDATES TO GDPR POLICY

This GDPR Policy may be subject to amendments. We therefore invite you to consult the latest version online.

Last updated: 11 September 2025.