Privacy policy

Version: 4 June 2025

Thank you for visiting our website!

The protection of your privacy and personal data is of utmost importance to us. We aim to protect your privacy and aim to ensure that you can safely entrust us with your personal data. As such, we undertake to handle your personal data securely and discreetly. Furthermore, we take appropriate security measures to avoid loss, alteration, access by unauthorised persons and/or any other unlawful processing of your personal data.

This privacy policy covers the processing of personal data by us via our website www.berghoffhome.com.

We aim to be transparent regarding how we process your personal data and what we do with your personal data. We provide you with more detail on those processes in this privacy policy.

Who are we?

BergHOFF Worldwide NV, a limited company incorporated and existing under the laws of Belgium, with registered office at Boterbosstraat 6 (box 1), 3550 Heusden-Zolder, Belgium, and registered with the CBE (Crossroads Bank of Enterprises) under number BE0453.048.495 (hereinafter: “BergHOFF”, "we" or "us")

You can contact us via the following contact details:

E-mail: customer@berghoffhome.com 

We aim to process your personal data in accordance with the applicable legal provisions regarding privacy and the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the "GDPR") and the applicable national implementing legislation.Some definitions

As far as this privacy policy is concerned, the term "personal data" refers to: all information about an identified or identifiable natural person (the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular through an identifier, such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. In other words, all the information which can be used to identify a person. These elements include, for instance, your surname, first name, date of birth, telephone number and email address, as well as your IP address.

The term "processing" is very broad and covers, among other things, collecting, recording, organising, storing, updating, modifying, retrieving, consulting, using, disseminating, combining, archiving and deleting data.

Entity responsible for the processing of your personal data (the "data controller").

BergHOFF is responsible for the processing of your personal data.

We are what the GDPR refers to as the “data controller” of your personal data. In concrete terms, this means that BergHOFF, possibly together with other entities, determines the purpose and means for the processing of your personal data.

What categories of personal data do we process, why, on what legal basis and for how long?

In the table below you can read:

• Column 1: what categories of personal data we process (the “Categories of personal data”);
• Column 2: why we process your personal data (the “Purposes”);
• Column 3: on what legal grounds the processing is based (the “Legal basis”); and
• Column 4: for how long we process your personal data (the “Retention period”).

All processing activities involving your personal data takes place for one or more specific purposes.

In addition, we only process your personal data when we can rely on a valid legal basis. The applicable legal basis, which you can find in the column ‘Legal basis’, means the following:

• 'Consent': you have given consent for the processing of personal data for one or more specific purposes;
• ‘Agreement’: the processing is necessary for the performance of a contract to which you are a party, or to take steps at your request for the conclusion of a contract;
• 'Legitimate interest': the processing is necessary to protect our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data
• ‘Legal obligation’: the processing of your personal data is necessary to comply with a legal obligation to which we, as the data controller, are subject.

Categories of personal data	Purposes	Legal basis	Retention period
Device information	To allow you to access our website	Consent	Until the end of your visit to our website
Personal identification information, contact information, contents of your message, attached files (optional)	To answer your question, message or complaint via the contact form on the website	Consent	For the duration of the processing of your question or message
Contact information, choice of language	To allow you to subscribe to our newsletter	Consent	3 years after you have given your consent
Personal identification information contact information, company details in case you are representing a company, choice of language, bank account details, user name and password	To allow you to create a customer account via our website	Agreement	For the entire duration of the customer relationship with you
Personal identification information, contact information, contents of your report, special categories of personal data (if those would revealed in your report)	To facilitate the possibility to report on matters which may relate to violations of legal obligations or our own rules and regulations in the context of the Belgian whistleblowing regulations	Legal obligation (Act of 28 November 2022 on the protection of reporters of breaches of Union or national law established within a legal entity in the private sector) Article 9, 2. (g) GDPR (Union and Member State law obligation (whistleblowing legislation))	As long as necessary to give appropriate follow-up to your report
Personal identification information, contact information, company details in case you are representing a company, information regarding your relationship with us, the contents of your request and related information, ID card details and signature	To manage your request to exercise your rights	Legitimate interest (to facilitate the exercise of your rights)	10 years for request (in the event of a judicial procedure: until termination of judicial procedure)
Personal identification information, contact information, any other information relating to you that may be necessary to defend and protect our rights	To defend and protect our rights	Legitimate interest (legal defence)	Applicable statute of limitations (see “Retention of your personal data”)

 

Minors

We do not intend to collect any personal data from persons younger than 16 years old. These minors are not allowed to provide us with any personal data or a statement of consent without permission from the person who has parental authority.

Cookies

We also use cookies, primarily to permanently optimise our website for its users. For more specific information about the cookies we use, you can consult our cookie policy via https://www.berghoffhome.com/policies/cookie-policy.

Your privacy rights

To give you more control over the processing of your personal data, you have various rights at your disposal. These rights are laid down in the GDPR.

You have the following rights:

• The right to access the personal data we process about you (article 15 GDPR):

You have the right to be informed by us at any time whether or not we are processing your personal data. If we are processing them, you have the right to access these personal data and to receive additional information about:

1. the purposes of the processing;
2. the categories of personal data concerned;
3. the recipients or categories of recipients (in particular, recipients in third countries);
4. the retention period or, if that is not possible, the criteria for determining that period;
5. the existence of your privacy rights;
6. the right to lodge a complaint with the supervisory authority;
7. the source of the personal data if we obtain personal data from a third party;
8. whether we are using automated decision-making in respect of you.

If we cannot give you access to your personal data (e.g. due to legal obligations), we shall inform you as to why this is not possible.

You can also obtain a free copy, in an understandable format, of the processed personal data in an understandable format. Please note that we may charge a reasonable fee to cover our administrative costs for any additional copy you may request.

• The right to request us to delete your personal data ('right to be forgotten') (article 17 GDPR):

In certain cases, you can request that we delete your personal data. Please also note that your right to be forgotten is not absolute. We are entitled to continue to store your personal data if this is necessary for, among other things, the execution of the agreement, compliance with a legal obligation, or the establishment, execution or substantiation of a legal claim. We shall inform you of this in more detail in our response to your request.

• The right to rectification (article 16 GDPR):

If your personal data is incorrect, out of date or incomplete, you can ask us to correct these inaccuracies or incomplete information.

• The right to data portability (article 20 GDPR):

Subject to certain conditions, you also have the right to have the personal data that you have provided to us for the performance of the agreement or for which you have given your consent, transferred by us to another controller. Insofar as technically possible, we shall provide your personal data directly to the new controller.

• The right to restriction of processing (article 18 GDPR):

If any of the following elements apply, you may request us to restrict the processing of your personal data:

1. you dispute the accuracy of those personal data (in this case, its use shall be limited for a period that allows us to verify the accuracy of the personal data);
2. the processing of your personal data is unlawful;
3. we no longer need your personal data for the its purposes, but you need them in establishing, exercising or substantiating a legal claim;
4. as long as no decision has been taken on exercising your right to object to the processing, you may request that the use of your personal data be restricted.

• The right to object (article 21 GDPR):

You can object to the processing of your personal data on the basis of your particular situation, if we process your personal data on the basis of legitimate interests or on the basis of a task of general interest. In this event, we shall cease the processing of your personal data, unless we can demonstrate compelling and legitimate grounds for processing which outweigh your own, or if the processing of the personal data is related to establishing, exercising or substantiating a legal claim.

• The right not to be subject to automated decision-making (article 22 GDPR):

You have the right not to be subject to a decision made exclusively on the basis of automated data processing that significantly affects you or has legal consequences and that is made without substantial human involvement.

You cannot exercise this right in following three situations:

1. when automated decision-making is legally permitted (e.g. to prevent tax fraud);
2. when automated decision-making is based on your explicit consent; or
3. when automated decision-making is necessary for entering into, or performance of a contract (please note: we always endeavour to use less privacy-intrusive methods for entering into or performing the contract).

• The right to withdraw your consent (article 7 GDPR):

If your personal data are processed on the basis of your consent, you may withdraw this consent at any time upon simple request.

• The right to lodge a complaint with the supervisory authority (article 77, 1. GDPR)

You can file a complaint with the data protection supervisory authority. A list of the supervisory authorities within the European Union can be accessed via the following hyperlink: https://www.edpb.europa.eu/about-edpb/about-edpb/members_nl.

In Belgium, the competent supervisory authority is the Data Protection Authority, with the following contact details:

Website

https://www.dataprotectionauthority.be

Contact details

Data Protection Authority
Drukpersstraat 35, 1000 Brussels, Belgium

 +32 (0)2 274 48 00

 +32 (0)2 274 48 35

 contact@apd-gba.be

Exercising your rights

To exercise these rights, you can contact us by using the contact details set out in Section – ‘Who are we?’.

In order to verify your identity when you wish to exercise these rights, we may ask you to send us a copy of the front side of your identity card. The national security number and the image on your electronic identity card shall not be retained by us. We strongly advise you to “blackline” the national security number and the image before transmitting a copy of your electronic identity card to us.

You can exercise the abovementioned rights free of charge, unless your request is manifestly unfounded or excessive (for instance due to its repetitive nature). In such cases, we shall be entitled to charge you a reasonable fee or to refuse to respond to your request.

Retention of your personal data

We shall only retain your personal data for as long as necessary to achieve the intended purpose. You should take into account that numerous (legal) retention periods result in the fact that personal data (must) remain stored. Where there is no obligation to retain the data, it shall be routinely deleted once the purpose for which it was collected has been fulfilled.

In addition, we may store your personal data if you have given us your consent to do so or if we may require this data in the context of a legal claim. In the latter case, we need to use certain personal data as evidence. To this end, we store certain personal data, in accordance with the applicable statute of limitations, which may be up to thirty years; however, the usual statute of limitations in relation to personal claims is ten years.

Sources of your personal data

We process personal data that you spontaneously provide to us. If additional personal data are required, we will inform you whether or not you are obliged to communicate them and what the consequences are if you do not communicate them. Failure to communicate personal data may result in our inability to provide our services to you.

In particular, we identify the following categories of sources:

1. Website & storefront interactions
   e.g., account creation, orders, wish lists, product reviews
   → name, email, address, order history, preferences
2. Forms & customer service
   e.g., contact forms, newsletter sign-up, support requests
   → contact details, inquiry content, marketing consent
3. Cookies & web analytics
   e.g., tracking tools like google analytics, meta pixel
   → ip address, device info, browsing behaviour
4. Social media & marketing campaigns
   e.g., lead ads, giveaways, social login
   → profile data, form submissions, public interactions
5. Third-party services & integrations
   e.g., payment gateways, shipping providers, CRM tools
   → transaction data, delivery info, behavioural tags

Categories of recipients

Within our organisation, we ensure that your personal data is only accessible to those who need it to fulfil contractual and legal obligations.

We will only disclose your personal data to third parties in accordance with statutory provisions or if you have given your consent. In certain cases, our employees are supported by external service providers in performing their tasks.

Furthermore, we do not transfer personal data to third parties unless we are obliged to do so on the basis of legal provisions (e.g. transfer to government bodies such as supervisory or law enforcement authorities).

In particular, we identify the following categories of recipients:

1. Governmental or regulatory authorities when requested in the context of complying with a judgment or decree, legislation, regulation, standard or legal process;
2. External service providers that enable us to provide the website functionalities to you;
3. External (legal and financial) advisors and consultants.

Transfer to third countries outside of the European Economic Area (“EEA”)

We shall only transfer your personal data to processors or controllers in third countries to the extent we are legally entitled to do so.

Insofar as such transfers are necessary, we take the necessary measures to ensure that your personal data are highly protected and that all transfers of personal data outside the EEA take place lawfully.

Security of your personal data

The security of your personal data is an important concern for us. We take reasonable and adequate technical and organisational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us via the internet. Any transmission of personal data is at your own risk.

Questions or complaints?

We aim to securely protect your privacy and personal data. If you have any questions or complaints about the way in which we process your personal data, you can notify us thereof via our contact details as mentioned above in the section ‘Who are we?’.

Amendments

In response to feedback, or to reflect changes in our processing activities, we may amend this privacy policy from time to time. We therefore invite you to always consult the latest version of this privacy policy on our website.