Skip to content
Delivery in all Europe* | Express Shipping in 72h
Delivery in all Europe* | Express Shipping in 72h

Personal data charters

Data protection policy


The present Policy of Protection of personal data (the "Policy") aims at formalizing the commitment of the company PENNEL & FLIPO SA (the "Responsible") as regards the respect of the private life of the Users of the website (the "Site"). It also describes how the company PENNEL & FLIPO SA collects, uses and keeps the personal data (the "Data") collected.

Article 1 - Scope of application

The Policy and the General Conditions of Use of the Site form a contractual whole, as do, where applicable, the General Conditions of Sale.

In its capacity as data controller and in the context of the use of its services accessible on its website, Users' personal data are processed in accordance with Belgian law, and in particular with the Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data. The Responsible Entity is also subject to the General Data Protection Regulation 2016/679 of 27 April 2016 which entered into force on 25 May 2018 ("GDPR").

Article 2: The data controller and the data protection officer

The personal data collected on the Site are processed by :


102, Boulevard de l'Eurozone

7700 Mouscron


Email :

Represented by Emmanuel CAPRIGLIONE, Permanent Representative of the Managing Director Flex Composite Group S.A.

The company's Data Protection Officer is :

102, Boulevard de l'Eurozone

7700 Mouscron


Email :

Article 3: Definitions

Personal data means any information relating to an identified or identifiable natural person (Article 4 GDPR).

The Manager only collects personal data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed. Thus, the User will never be asked to provide personal data considered "sensitive", such as racial or ethnic origins, political, philosophical or religious opinions.

By browsing the Site, the User authorises the processing of his/her personal data in accordance with the Policy.

The controller is any legal or natural person who defines for what purpose and how personal data is used.

The processor is the natural or legal person (company or public body) who processes data on behalf of another body (the controller), in the context of a service or provision.

Article 4: Acceptance of the Policy

The User adheres to this Policy from the moment he/she connects for the first time to the Site and continues to use it, regardless of the mode of connection, the country from which he/she connects, and regardless of his/her nationality. This is the case until the last connection or the removal of any data concerning the user from the database created via the Site.

By using the Site, the user acknowledges that he/she has read the terms of the Policy and authorises the collection, use and processing of all personal data communicated, via this Site or any other medium, in accordance with the Policy.

If the user is a minor, he or she is invited to review this Policy with his or her parents or legal guardians, and to carefully read with them the online terms of use, which they formally approve on his or her behalf.

We cannot collect data from minors under 15 years of age without the authorisation of the holders of parental authority. Internet users under 15 years of age must indicate whether they are under 15 years of age. If this is the case, the e-mail address of the holder of parental authority must be communicated in order to obtain the latter's consent.

If the User does not agree with the terms of this Policy, we invite him/her to disconnect from our Site.

Article 5: Nature of the data collected

Depending on the nature and purpose of the interaction with the User, the Manager may collect the following data:

  • Identification, contact and content data: name, first name, e-mail address, postal address, telephone number can be requested on the collection forms if you wish, text, comments, images, photographs, videos, or any type of file whatever the content or form.
  • Browsing and device data: anonymised IP address, browser used, browsing time, operating system used, language and pages viewed, geolocation, operator, battery level, phone make and model;
  • Data concerning visits to the Site: traffic data and other data or communication resources that you use when accessing the Site.

It is the User's responsibility to ensure that the Data communicated to the Responsible Entity is complete and up to date.

In this context, the User undertakes to comply with the laws and regulations applicable and not to make any defamatory, insulting, privacy-invasive, or racially hateful comments, etc., which could be subject to criminal law. Such comments cannot be tolerated under any circumstances, and the person responsible may take legal action to defend his rights against you in the event of comments contrary to the provisions of these terms and conditions.

Article 6: Data collection

The collection takes place during :

  • The creation of the user account ;
  • Communication by the user through the forms on the site;
  • Subscription to a newsletter;
  • Communication with employees directly by phone, email or chat;
  • Taking an order on the dedicated forms;
  • Exchanges and publications on the forum;
  • The deposit of cookies (Stockist , Google Analytics and others).

We encourage users to review the Cookie Policy(ORCA Retail by Pennel & Flipo Cookie Policy), which is designed to help you better understand these technologies and how we use them on our Site.

Article 7: Purposes and legal basis

The processing carried out with the users' data is as follows:

  • Customer order management (customer account) ;
    • Legal basis: Contractual (GTC and GTC)
  • Follow-up of users and technical problems :
    • Legal basis: Contractual (GTC and GTC)
  • To enable navigation on the company's websites (cookies)
    • Legal basis: Consent
  • The sending of newsletters to which the user has formally subscribed;
    • Legal basis: Consent
  • Forum user account management ;
    • Legal basis: Consent
  • Respond to requests received via the contact form or by e-mail;
    • Legal basis: Consent

The User may withdraw his consent without this calling into question the validity of the processing already carried out.

The Manager also uses your data to optimise its activities, in particular to :

  • Measuring the site's audience and the rate of visits to the various pages;
    • Legal basis: legitimate interest of the company
  • Analyse user behaviour;
    • Legal basis: legitimate interest of the company
  • Managing the exercise of users' rights under the RGPD.
    • Legal basis: legitimate interest of the company

The data collected may not be used subsequently in a manner incompatible with these purposes. No personal data is collected without the knowledge and consent of the individual.

Article 8: Recipients

The Data are processed by authorised persons:

  • Webmaster
  • IT Service
  • Sales department
  • Warehouse: warehouse and order depot
  • Accounting
  • Marketing department

8.1 Transmission of data to processors

Within the framework of its services, the Responsible Entity may call upon subcontractors to whom it transmits the data collected for the performance of the tasks entrusted to them:

  • Technical subcontractors: hosting, processing, maintenance and analysis ;
  • Activity subcontractors: payment management and delivery management.

The latter are bound by contractual obligations to respect the confidentiality of the Data. We will only provide them with the information that is strictly necessary for the performance of their services.

8.2 Sharing with authorities

The data controller may be required to disclose personal data to administrative or judicial authorities where disclosure is necessary for the identification, arrest or prosecution of any individual who may be prejudicial to the rights of the data controller, of any other user or of third parties. Finally, the data controller may be legally obliged to disclose personal data and may not object in this case.

Article 9: Transfer of data outside the European Union

The data controller shall ensure that the company's service providers are established in Belgium or on the territory of the European Union, and are therefore subject to laws that provide a level of protection of personal data at least equal to that applicable in Belgium. If the company enters into agreements with service providers established in countries outside the European Union, the Controller will ensure that personal data is processed with a level of security at least equivalent to that required by Belgian law.

Article 10: Data retention period

The Responsible Entity only keeps data for the period necessary for the purposes set out in Article 7 of this Policy.

This retention period is not the same depending on the Data in question, the nature and purpose of the collection being likely to vary this period. Similarly, certain legal obligations impose a specific retention period.

When you contact the Manager by means of the contact form, e-mail, or any other means, your Data will be kept for three years from the last exchange with the Manager and then deleted

When you post content on the forum, it is retained and accessible to other users until you withdraw your consent.

Where you have agreed to receive the Newsletter, your Data will be retained until you unsubscribe.

When you report unlawful content to the Responsible Entity, the period of retention of the Data may vary depending on the infringement in question and the limitation period applicable to it.

Finally, the Data collected by means of cookies will be kept for up to 13 months.

Article 11: Data protection and security

The Data is stored on secure servers protected by firewalls and antivirus software.

We have implemented technical and organisational measures to ensure the security and confidentiality of your Data against accidental loss and against unauthorised access, use, modification and disclosure.

However, due to the inherent characteristics of the Internet, it is impossible to guarantee optimal security for the exchange of information on this network.

We strive to protect your Data, but we cannot guarantee the absolute security of the information transmitted to the Site. You agree that you transmit your Data at your own risk.

We cannot be held responsible for any breach of the privacy settings or security measures in place on our Site.

Article 12: The rights of data subjects

You can choose how to use the Data you provide to us:

  • The User of the site can browse the site without providing any Data

In this case, some features of the site will not be available, in particular the newsletter and the contact form.

  • The User may decide not to receive the Newsletter.

You can unsubscribe by using the link in each mail sent by the Newsletter.

  • The User may decide to close his customer account.

To proceed with the deletion of the account, the user must go to their profile and press "Delete my account".

In accordance with the provisions of the applicable regulations on the protection of personal data, in particular the European Data Protection Regulation 2016/679 (hereinafter the "RGPD") as well as the Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data, you have a right of access and a right of rectification on your Data.

You also have the right to define directives concerning the fate of your Data in the event of your death.

In addition, subject to the conditions laid down in the said regulations for the exercise of these rights, you are entitled to :

  • A right of rectification;
  • A right to the deletion of your Data;
  • A right to limit the processing of your Data;
  • a right to object to the processing of your Data
  • A right to portability of the Data you have provided;

With regard to data processing carried out on the basis of consent, the User may withdraw consent at any time. However, the processing carried out before the withdrawal of consent remains perfectly valid.

However, in order to exercise these rights, The Manager, as data controller, reserves the right to ask you to prove your identity.

If you have any questions about your data, you can contact the company at the following email address:

These rights can be exercised by handwritten letter accompanied by official identification documents (surname, first name, email) and must be addressed to the Data Protection Officer at the following address


102, Boulevard de l'Eurozone

7700 Mouscron, HAINAUT


In accordance with the GDPR, we have one month to respond to any request to exercise your rights. This period may be extended by two months due to the complexity of the request.

Finally, you have the right to lodge a complaint with the Data Protection Authority, including on its website

Article 13: External links

The Site may contain links to sites published by third parties, or partners, who may also collect, independently of us, personal data from users, according to their own Privacy Policy. This Policy does not cover the practices and customs of these sites and The Manager cannot be held responsible for this.

Similarly, the Policy does not cover data collected by third parties in the course of their own activities, which remain subject to their own personal data protection policies.

Article 14: Changes to the privacy policy

The Manager reserves the right to modify this Policy at any time. The User will be informed of any changes to this Policy via a message on the home page of the Site. It is therefore recommended to consult these pages regularly. Use of the Site after any changes means that the User accepts these changes.

If any provision of this Policy is found to be invalid or unlawful, it shall be deemed not to have been written but shall not invalidate the remaining provisions of this Policy.

Article 15: Jurisdiction and applicable law

This Privacy Policy is subject to Belgian law.

Any dispute, difference or claim, and in the event that an amicable agreement cannot be reached, is subject to the exclusive jurisdiction of the courts of the Hainaut Court of Appeal.

In the event of a violation of the legislation in force relating to the protection of personal data, the User has the right to appeal to the Data Protection Authority.

Join our newsletter

Receive all our updates and promotions.