1 SCOPE
This privacy policy applies to the processing of your personal data by TL INTERNATIONAL BV, a private limited company incorporated under Belgian law, having its registered office at Kattendijkdok-Westkaai 12.001, 2000 Antwerp, Belgium, and registered with the Crossroads Bank for Enterprises under company number 0677.896.673, (hereinafter “we”, “us”), and your rights in relation to that processing.
2 WHY WE PROCESS YOUR DATA
We only process your personal data for limited purposes and always on the basis of a valid legal ground. We process your personal data for several closely related purposes, each grounded in one of the legal bases listed in Article 6 of the General Data Protection Regulation (“GDPR”).
2.1 ORDER HANDLING AN FULFILMENT
Your identification details, delivery address and payment information are necessary for verifying your identity, accepting your order, collecting payment, arranging shipment and managing any returns or refunds. This is strictly necessary for the performance of the contract you ask us to conclude with you.
2.2 SHOPPING-CART AND CHECKOUT REMINDERS
To reduce the number of abandoned purchases, we record the contents of an unfinished basket together with your e‑mail address (when you have entered it) and send you a limited series of reminders. We rely on our legitimate interest in running the webstore efficiently; every reminder contains a simple opt‑out link.
2.3 CUSTOMER SERVICE AND COMPLAINT HANDLING
We communicate directly with you when you contact us with questions, comments or complaints. To communicate with you, we process your identification details such as your name, contact details such as your email address, and any other information you provide to us. To handle your question, comment or complaint, we also process the content of your communication and its practical details. Depending on the type of request, we may share your request with others if necessary for handling it. The legal basis for this processing is our legitimate interest in responding to questions and comments and in handling complaints smoothly. To the extent that we use contextual information from your communications to train our staff internally to provide better customer service, we rely on our legitimate interest in improving our customer interactions.
2.4 ACCOUNT CREATION AND MANAGEMENT
If you decide to open a Boloria webstore account, we use the information you provide such as your name, e‑mail address, login credentials and saved preferences, to set up and maintain that account, help you track past purchases and speed up check‑out. This processing is likewise necessary to perform our contract with you.
2.5 NEWSLETTER AND DIRECT MARKETING
If you subscribe to our newsletter or otherwise give your consent, we may use your contact details to send you news, updates, promotional offers and personalised recommendations about Boloria. This processing is based on your consent, which you can withdraw at any time by unsubscribing or by objecting to marketing communications.
2.6 PRESS CONTACTS AND INQUIRIES
If you contact us by e-mail, we process the personal data you provide, such as your name, e-mail address, and the content of your message, in order to respond to your inquiry. This processing is based on our legitimate interest in communicating with press representatives and other stakeholders.
2.7 FRAUD PREVENTION
We may analyse transaction patterns, keep technical logs and share certain details with payment providers in order to detect fraud, secure our systems and comply with tax, accounting and consumer‑protection legislation. Depending on the context, the legal basis is either a statutory obligation or our legitimate interest in protecting our business and customers.
3 HOW DO WE OBTAIN YOUR PERSONAL DATA
We collect most of the personal data we use directly from you. You provide it, for example, when you place an order, create a Boloria webstore account, fill in a form, e‑mail or chat with our customer‑service team, or subscribe to our marketing messages. We also gather certain technical information automatically such as your IP address, browser type and browsing behaviour through cookies, pixels and comparable technologies whenever you visit the webstore. In addition, we occasionally receive limited data from third parties: a payment provider confirms that your transaction has been authorised, a delivery company updates us on the shipment status, or a friend supplies your name and address when purchasing a gift for you.
4 HOW LONG DO WE KEEP YOUR PERSONAL DATA
We retain your personal data for as long as necessary to achieve the purposes outlined above or as required by applicable regulations. When determining the appropriate retention period for your personal data, we consider various factors, such as the purposes for which we process the data and the categories of personal data.
The retention period may also vary depending on applicable legal and regulatory obligations, such as accounting requirements, which may require us to keep your data for a certain period.
When the processing of your personal data is based on your consent, we will no longer retain your personal data once you withdraw your consent, unless other grounds permit or require us to retain your data longer.
After the retention period expires, your personal data will be anonymized or deleted. However, this will not happen if there is an overriding interest for us or for someone else in continuing to retain your data, or when a legal obligation or a judicial or administrative order prevents us from de-identifying or deleting your personal data.
5 HOW WE SHARE YOUR PERSONAL DATA WITH OTHERS
We disclose your personal data only when it is necessary, lawful and subject to appropriate safeguards. Trusted service providers such as Shopify for store hosting, payment gateways like PayPal, Stripe or Bancontact, parcel carriers and specialist IT‑support vendors, process the information solely on our instructions and under written agreements. Professional advisers, including accountants, auditors and lawyers, may see limited data when they carry out their duties for us, and they too are bound by strict confidentiality rules. We also disclose data to public authorities or courts when the law obliges us to do so or when such disclosure is essential to protect our rights in legal proceedings.
Within the WEAREONE-group we share data with affiliated companies for internal administrative purposes, and if we engage in a merger, acquisition or other corporate transaction, relevant data may transfer to the new entity under the same privacy safeguards.
Whenever a recipient is located outside the European Economic Area in a country that the European Commission has not recognised as offering an adequate level of protection, we rely on the Commission’s Standard Contractual Clauses and, where necessary, additional technical and organisational measures to secure your information. You can obtain a copy of these safeguards by contacting us.
6 HOW WE PROTECT YOUR PERSONAL DATA
We apply recognised technical and organisational security measures, in particular role-based access controls, encryption of data in transit and at rest where appropriate, pseudonymisation, regular back-ups, staff confidentiality undertakings and systematic supplier due-diligence. These measures are designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
We use commercially reasonable efforts to make sure that your personal data is securely stored and protected against loss or unauthorized disclosure and use. However, you understand that security is an obligation of effort, not result, and that the outcome can never be guaranteed.
7 YOUR CHOICES AND RIGHTS
In accordance with the GDPR, you have several rights regarding the processing of your personal data. These rights apply to all individuals whose data is processed and can be exercised under the conditions and within the limits set by applicable laws.
You have the right to:
• Access your personal data and receive information about how it is processed.
• Request the correction of incorrect, incomplete, or outdated personal data.
• Request the deletion of your personal data, under certain conditions.
• Restrict the processing of your personal data in specific cases, such as when you contest its accuracy or object to its processing.
• Object to the processing of your personal data, if the processing is based on our legitimate interests and you believe your situation justifies it.
• You have the right to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another controller, where technically feasible. This applies where the processing is based on the performance of a contract and is carried out by automated means.
You can send your request to exercise the above rights by email to dpo@tomorrowland.com. In your request, clearly state which right you wish to exercise, and if required, provide the necessary explanation. We will acknowledge receipt of your request. If your request is valid, we will grant it. If we have any doubts about your identity, we may ask you for additional information to verify your identity.
If you are not satisfied with the way we process your personal data, we ask you to let us know about your concern by sending an email to dpo@tomorrowland.com. You have the right to lodge a complaint with a competent supervisory authority. In Belgium, this can be done via the complaint procedure on the website of the Data Protection Authority.
Last Updated: October 29 2025