This page has been updated on 28 April 2021.
Sunday group BV (hereinafter "Sunday", "we", "us") respects your privacy and strives to always treat your personal data with the necessary care and confidentiality. We hereby undertake to always comply with the General Data Protection Regulation ("GDPR") and other applicable regulations.
Sunday is a company incorporated under Belgian law. As a company we specialize in the offer and supply of qualitative and personalized merchandise, and the provision of related services such as consulting and product development. This Privacy Statement therefore applies to the personal data that we process from you in this regard as a data controller.
You will find all our relevant details below and can also contact us at any time using the contact details provided for further questions or comments regarding how we handle your personal data.
Processing of personal data (hereinafter "data") includes any processing of data that can identify you as a natural person. This can include, for example, your contact details or order history. You can read more about which data exactly this involves in this Privacy Statement. The term "processing" is very broad and covers, among other things, the collection, storage, use of your data, or the sharing thereof with third parties. Sunday processes your personal data only in the context of its commercial activities as an enterprise.
This Privacy Statement applies where Sunday is responsible for processing your data. This means that Sunday determines for what purposes (why) and by what means (how) your data is processed. However, when our customer decides on these factors, this Privacy Statement does not apply. At Sunday, in the course of our activities, we sometimes act as a data controller, and sometimes as a processor of our customer. Therefore, we briefly clarify below when, specifically, this Privacy Statement applies.
Sunday as a data controller: does apply With respect to the data of the persons listed below, Sunday acts as a data controller. This includes persons who belonged to these categories in the past (e.g. former customer), or persons who may belong to these categories in the future (e.g. potential customer).
Our customers, to whom we deliver our merchandise and provide our services; Our business partners, who assist us in operating our business; prospective employees, who submit an application to us; other persons who would contact us, e.g. after visiting our website www.teamsunday.com, as long as we do not act as a mere processor with respect to your data. If any of the persons referred to above is a legal entity, we still process data of our contacts at these entities and the GDPR continues to apply.
Sunday as processor: not applicable In specific circumstances, we act as our customer's processor. In fact, customers often engage us to produce merchandise and then deliver it directly to its employees, customers and business partners. In order to fulfill such orders, the customer will provide us with some data about you, such as your name, address details, and the correct size and any personalized features of the merchandise intended for you. In this case, we will process your data purely as a processor of our customer and in doing so we must at all times comply with our customer's instructions. After successful delivery of the order, we are contractually obligated to delete your data after a limited period of time. Since the customer bears ultimate responsibility for this processing, we refer you to our customer for any questions you may have in this regard regarding the way your data is processed. This situation will be relevant to you if you are an employee, customer or business partner of one of our customers and, on behalf of this customer, receive merchandise that has been produced by us.
Below we clarify what data we may process from you. Depending on the specific situation, your preferences and the way in which you contact us, we may not process all of the data below. For the sake of clarity, we will first explain below what data we generally process about all our contacts. Then we will explain which data we additionally process for specific categories of contacts, namely our customers and business partners and our candidate employees.
We only process your data for legitimate purposes that are part of our commercial activities as a company. The processing is always based on the legal grounds listed in the GDPR.
We do not pass on your data to third parties, unless this is strictly necessary in view of the above-mentioned purposes (e.g. in function of the production and delivery of ordered merchandise), or if we are legally obliged to do so.
Where necessary, we use external service providers, so-called "processors", to support our operational purposes such as managing our IT systems. These external service providers carry out certain data processing operations on our behalf where appropriate. We will only share your data with these external service providers to the extent necessary for the respective purpose. The data may not be used by them for other purposes. In addition, these service providers are contractually bound to guarantee the confidentiality of your data by means of a so-called "processor agreement" concluded with these parties.
We will not retain your data longer than necessary for the purpose for which the data was collected and is processed, as specified above.
With respect to our customers, this primarily concerns the offering and delivery of our merchandise and the provision of our related services (whether or not after delivery). With respect to our business partners, this concerns managing our cooperation.
In this regard, we will keep your data after your last order or after the termination of the cooperation for a reasonable period of time in order to safeguard our evidence in case of a dispute, or in response to potential defects related to the merchandise in light of our liability for defective delivery, non-delivery or late delivery.
For your data that may appear in our accounting records from you, as our customer or business partner, to a limited extent, they are kept for 7 years within the framework of our legal obligations in this regard.
With regard to the data we hold on you as a candidate employee, we undertake to delete your data within a reasonable period of time if it does not initially lead to a cooperation proposal. However, if in this case you give your specific consent for us to keep your data so that we can contact you again later, we will keep your data for a maximum of 2 years.
For the digital preservation of your data, we mainly rely on external specialized service providers who store it in the cloud. However, our websites are hosted in-house through our servers located in Belgium.
We outsource much of our processing in the context of our business as a company to third parties, as clarified under Title 5. Any external service providers act as data processors on our behalf, where appropriate.
We and our processors have taken the necessary physical and appropriate technical and organizational (precautionary) measures to secure your data against loss or any form of unlawful processing. We only grant access to the data to our own employees and third parties if they need access for legitimate, relevant business purposes.
Your data is hereby stored as much as possible within the European Economic Area. Our own servers and those of our cloud service providers are therefore located in Belgium. However, it is possible that your data may be processed outside the EEA in connection with the use of specific functions on our website. This will only be done to countries where the European Commission has confirmed that they guarantee an adequate level of protection for your data, or where other measures have been taken to ensure the lawful processing of your data in these third countries
We mainly obtain your data directly from you, as a result of the contact we have with each other with a view to the (possible) delivery of our merchandise or the provision of our services, or with a view to a (possible) cooperation. However, we cannot rule out obtaining certain of your data indirectly in specific circumstances, from public sources or from third parties.
When we obtain your data from public sources, this involves, for example, consulting the Crossroads Bank of Enterprises (CBE), in order to verify your order or proposal for cooperation on behalf of a company. It is also possible that we obtain your data through your company, if the company in which you work is our customer or business partner and we need your data in this context (e.g. for the purpose of discussing potential merchandise designs with you as marketing manager, or for the purpose of submitting the terms of our cooperation to you as legal manager, or for invoicing purposes if you take care of the accounting at the customer or business partner).
In addition, we may receive your data from our customers because they wish to deliver merchandise to you as their employee, customer or business partner. As explained above under Section 2, in this case we are merely acting as a processor of your data and you should contact our customer who commissioned the production of this merchandise and the delivery thereof to your address for further clarification. Should we nevertheless receive questions or requests from you in this regard, we will pass them on to the relevant customer.
For prospective employees, we may consult your profile on professional social media channels or receive your data from an interim or recruitment company when you apply to us in this way.
You have several rights concerning the data we process about you. If you wish to exercise any of the rights set out below, please contact us using the contact details provided in the first heading of this Privacy Statement.
You have the right to access your data and to obtain a copy thereof. This right also includes the possibility of requesting further information on the processing of your data, including on the categories of data processed about you and for what purposes.
You have the right to have your data amended if you believe we have incorrect data.
You have the right to request that we delete your data without unreasonable delay. However, we will not always be able to comply with such a request, including when we still need the data in function of a current contract, or when the retention of certain data for a certain period is required by law.
You have the right to restrict the processing of your data. In this way, the processing is temporarily stopped until, for example, there is certainty about its accuracy.
Where processing is based on your consent (see above under titles 5 and 6), you have the right to withdraw this consent at any time by contacting us. For marketing messages, you receive from us via email based on your consent, you can easily withdraw this consent by clicking 'Unsubscribe' at the bottom of each such message.
You have the right to object to the processing of your data based on our legitimate interests. This should be based on reasons specific to your situation. In this case, we must stop processing unless we provide compelling legitimate grounds to continue processing.
However, you can always object to the use of your data for direct marketing purposes, after which we are obliged to stop the processing for these purposes.
You have the right to obtain your data, which you have provided to us yourself, in electronic form. In this way, they can be easily transferred to another organization. You also have the right to request us to transfer your data directly to another organization, if this is technically possible.
If you should believe that we are improperly processing your data, you always have the right to lodge a complaint with your data protection supervisory authority. You can do this with the supervisory authority of the EEA member state where you usually reside, where you have your place of work or where the alleged infringement has taken place.
You can exercise the rights set forth in Section 10 simply by contacting us using the contact information set forth in the first heading of this Privacy Statement.
When you make a request to exercise your rights, if we have any doubts about your identity, we will ask you to verify it. In this case, we will request the transmission of documents that enable your identification beyond a reasonable doubt, such as a copy of the front of your identity card. We do this to prevent your data from falling into the wrong hands. It is sufficient for such a copy to show your name and date of birth clearly. You may then also delete the other data.
The exercise of your rights is in principle free of charge. However, where your request is manifestly unfounded or excessive, we may charge you a reasonable fee in light of the administrative costs incurred by us. In the same case, however, we may choose not to act on your request. You will be informed of the reasons if we do so.
In any event, we will always inform you of the action taken on your request at the latest within 1 month of receipt. In the case of complex or frequent requests, this period may be extended to 3 months. In the latter case, you will be informed of the extension of the response period.
We reserve the right to change this Privacy Statement. The most recent version is available on our website at all times. The date on which this Privacy Statement was last amended can be found at the top of this page. In the event of a substantial change in the Privacy Statement, we will inform the data subjects on whom this may have an impact, directly if possible.