Privacy Policy

The controller is Sisibo, a Belgian SRL with registered office at [adresse du siège social à compléter], registered with the BCE under number 0713.935.737.

Contact for any question regarding your data: contact@vigilento.com.

We collect and process the following categories of data:

Identification data: name, first name, email address, postal address, phone number.

Order data: purchase history, products viewed, cart, amounts, delivery method, international shipping address when the order is dispatched from abroad (dropshipping).

Payment data: we do not store any banking data. Payments are processed by Stripe Payments Europe, Ltd., PCI-DSS Level 1 certified. Only anonymized tokens (Stripe Customer ID, Payment Intent ID) are kept.

Technical data: IP address, browser type and version, operating system, pages viewed, date and time of visit, traffic source.

Account data: login credentials (email, hashed password), language preferences.

Customer account management: performance of the contract (art. 6-1-b GDPR).

Order processing, shipping and tracking (including transmission of delivery data to dropshipping suppliers): performance of the contract (art. 6-1-b GDPR).

Invoicing and accounting obligations: legal obligation (art. 6-1-c GDPR) - 7-year retention (Art. III.82 Belgian Code of Economic Law).

Customer support and claims handling: legitimate interest (art. 6-1-f GDPR).

Newsletters and commercial offers: consent (art. 6-1-a GDPR). You can unsubscribe at any time via the link in each email.

Fraud prevention: legitimate interest (art. 6-1-f GDPR).

Site improvement and analytics: consent for non-essential cookies.

Your data is only accessible to authorized personnel of Sisibo and to processors strictly necessary to provide our services:

Hosting: Vercel Inc. (440 N Barranca Ave #4133, Covina, CA 91723, USA).

Database and authentication: Supabase Inc. (970 Toa Payoh North #07-04, Singapore 318992).

Payment: Stripe Payments Europe, Ltd. (The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland).

Dropshipping suppliers: when a product is shipped directly by a supplier partner, we transmit only the information strictly necessary for shipping (name, delivery address, phone number, order contents). Some of these suppliers may be located outside the European Union; transfers are governed by appropriate safeguards (see next section).

Carriers: delivery providers appointed to ship your orders (name provided in the tracking email).

We never sell, rent, or share your data with third parties for commercial purposes.

Due to our dropshipping model, some of our processors (hosting, shipping suppliers) are located outside the European Union, notably in the United States and Asia.

These transfers are governed by the European Commission Standard Contractual Clauses (Decision 2021/914/EU) or, where applicable, by an adequacy decision.

You can obtain a copy of these guarantees by writing to contact@vigilento.com.

Account data: for the lifetime of the account, then 3 years after last activity.

Order and invoicing data: 7 years after the order (Belgian accounting obligation, Art. III.82 CDE).

Marketing data: 3 years after the last contact.

Cookies: maximum 13 months after placement.

Technical logs: 1 year.

Under Articles 15 to 22 of the GDPR, you have the following rights over your personal data:

Right of access: obtain confirmation that data concerning you is being processed and receive a copy.

Right to rectification: have inaccurate or incomplete data corrected.

Right to erasure ("right to be forgotten"): request deletion of your data in the cases provided by law.

Right to restriction: have the processing of your data suspended.

Right to portability: receive your data in a structured format and transmit it to another controller.

Right to object: object at any time to the processing of your data for marketing purposes.

Right to withdraw consent: at any time, without affecting the lawfulness of previous processing.

To exercise your rights, contact us at contact@vigilento.com. We will respond within a maximum of one month.

If you believe that your rights are not being respected after contacting us, you may file a complaint with the Belgian Data Protection Authority (APD / GBA):

Data Protection Authority, Rue de la Presse 35, 1000 Brussels, Belgium.

Phone: +32 (0)2 274 48 00 - Website: www.dataprotectionauthority.be.

If you reside in another EU Member State, you may also contact the supervisory authority of your country of residence.

Sisibo implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk: HTTPS encryption, password hashing, access control, log monitoring, regular backups.

This policy may be updated at any time. The last update date is shown at the top of the document.

Last updated: 15 April 2026.