Privacy Policy 

Last updated: 13 NOV 2025

By using the Site, you agree to the practices in this Privacy Policy.

1. Data Controller

The data controller responsible for your personal data is:

2. Personal Data We Collect

A. Data You Provide

We collect the following information when you make a purchase, create an account, or contact us:

• Name

• Email address

• Phone number

• Billing and shipping address

• Payment details (processed securely via our payment providers; we do not store full card numbers)

• Order details and communication history

B. Automatically Collected Data

When you browse the Site, we may collect:

• IP address

• Browser and device information

• Pages viewed and time spent

• Referring website

• Shopping cart activity

• Cookies (see Section 7)

C. Account Information

If you create an account, we store:

• Login email

• Order history

• Preferences and saved addresses

3. How We Use Your Data

We process your personal data for the following purposes:

• To process and deliver your orders

• To handle payments and refunds

• To provide customer support

• To send order confirmations, shipping updates, and notifications

• To manage your account (if applicable)

• To comply with Belgian and EU legal obligations (bookkeeping, VAT, anti-fraud)

• To improve our website and user experience

• To send marketing communications (only with your explicit consent)

4. Legal Basis for Processing (GDPR)

We process data based on the following legal grounds:

• Contractual necessity – to process your order

• Legal obligation – e.g., tax, accounting, fraud prevention

• Legitimate interest – website security, analytics, improving services

• Consent – newsletters, cookies, marketing

You may withdraw consent at any time.

5. How We Share Your Data

A. Service Providers

• Payment processors (e.g., Stripe, PayPal, Mollie)

• Shipping carriers

• IT and hosting providers

• Email and marketing platforms

• Accounting or ERP systems

These parties only receive the minimum data needed to perform their tasks.

B. Legal Requirements

We may disclose data if required by:

• Belgian law

• Court orders

• Fraud or security investigations

6. International Data Transfers

If data is transferred outside the EU, we ensure adequate safeguards, such as:

• EU Commission adequacy decisions

• Standard Contractual Clauses (SCCs)

7. Cookies & Tracking Technologies

Our Site uses cookies to:

• Enable shopping cart functionality

• Remember preferences

• Improve performance

• Provide analytics

• Support marketing and retargeting (only with consent)

You can manage cookie settings at any time via your browser or our cookie banner.

8. Data Security

We implement technical and organizational measures including:

• SSL encryption

• Secure payment gateways

• Access controls

• Regular updates and monitoring

However, no system is 100% secure.

9. Data Retention

We keep your data only as long as necessary:

• Order records: 7 years (required by Belgian tax law)

• Customer accounts: until you request deletion

• Marketing consent: until withdrawn

• Cookies: depending on type (see banner)

10. Your GDPR Rights

You have the right to:

• Access your personal data

• Correct inaccurate data

• Request deletion (“right to be forgotten”)

• Restrict processing

• Object to processing

• Withdraw consent

• Request data portability

• Lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données)

To exercise any rights, email us at info@elisha.be

11. Minors

12. Changes to This Policy

13. Contact Us

For any privacy-related questions, contact: