Accueil/Privacy Policy
Legal · GDPR

Privacy Policy.

We handle your personal data with care and in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and the Belgian law of 30 July 2018.

Dernière mise à jour : 4 May 2026

1. Data Controller

The data controller for your personal data is :

  • Glis Group (SRL), operating under the brand « Yaslan »
  • Company number (CBE) : 1020.922.030
  • VAT number : BE1020922030
  • E-mail : contact@yaslan.be
  • GDPR contact : privacy@yaslan.be

2. Data We Collect

We collect only the data strictly necessary to provide our logistics services and manage our commercial relationship. Depending on the context :

2.1. Data provided by our clients (e-commerce brands)

  • Professional identification data : company name, company number, VAT, billing address, name and job title of the contact
  • Contact data : professional e-mail, phone number
  • Contractual and financial data : contracts, invoices, payment terms
  • Login data for our logistics dashboard

2.2. Data of parcel recipients (end customers of our clients)

  • Identity : surname, first name
  • Contact details : delivery address, e-mail, phone (when transmitted by the carrier)
  • Order data : reference, contents, weight, carrier, delivery status

For this data, Glis Group acts as a processor within the meaning of the GDPR : the data controller remains the e-commerce brand that mandates us.

2.3. Data collected via the website yaslan.be

  • Technical data : IP address, browser type, operating system, pages visited, visit duration
  • Form data : information voluntarily provided via contact or appointment-booking forms
  • Cookies (see our Cookie Policy)

3. Purposes and Legal Bases for Processing

Your data is processed for the following purposes :

  • Performance of a contract (Art. 6.1.b GDPR) : receipt, storage, preparation and dispatch of orders, returns management, invoicing, customer support
  • Legal obligation (Art. 6.1.c GDPR) : retention of invoices (7 years), VAT declarations, accounting and customs obligations
  • Legitimate interest (Art. 6.1.f GDPR) : improvement of our services, IT security, fraud prevention, B2B commercial prospecting
  • Consent (Art. 6.1.a GDPR) : non-essential cookies, newsletter, marketing communications

4. Recipients of Data

Your data is never sold. It may only be shared with the following categories of recipients, to the strictly necessary extent :

  • Carriers (bpost, DHL, GLS, UPS, DPD, FedEx, Colissimo, PostNL, etc.) — for parcel delivery
  • Integrated e-commerce platforms (Shopify, WooCommerce, Prestashop, Amazon, etc.) — only at the client's request
  • Technical processors : hosting provider, e-mail provider, accounting tool, payment platform
  • Public authorities : when legally required or by judicial order

All our processors are bound by a Data Processing Agreement (DPA) compliant with Article 28 GDPR.

5. Transfers Outside the European Union

We favour providers established in the European Union. Where a transfer outside the EU is necessary (e.g. an international express carrier), it is governed by the Standard Contractual Clauses adopted by the European Commission or by an adequacy decision.

6. Retention Periods

  • Contractual data and invoices : 7 years from the end of the contract (Belgian accounting obligation)
  • B2B prospecting data : 3 years from the last contact
  • Delivery data : 13 months from delivery (dispute and returns management)
  • Technical logs and cookies : 13 months maximum
  • CVs and unsolicited applications : 2 years, unless objected to

7. Your Rights

In accordance with Articles 15 to 22 of the GDPR, you have the following rights :

  • Right of access to your data
  • Right of rectification in case of inaccuracy
  • Right to erasure (« right to be forgotten »)
  • Right to restriction of processing
  • Right to data portability
  • Right to object, in particular to profiling and prospecting
  • Right to withdraw your consent at any time, without retroactive effect
  • Right to define instructions regarding the fate of your data after your death

To exercise these rights, write to us at privacy@yaslan.be enclosing proof of identity. We will respond within a maximum of one month.

8. Security

We implement appropriate technical and organisational measures to protect your data against loss, unauthorised access, alteration or disclosure : TLS encryption, access control, regular backups, staff awareness training, access logging.

In the event of a data breach likely to pose a risk to your rights and freedoms, we will notify the Data Protection Authority within 72 hours and inform you where applicable.

9. Complaints

If you believe your rights are not being respected, you may lodge a complaint with the Data Protection Authority :

10. Amendments

We may update this policy to reflect legal or operational developments. The date of the last update appears at the top of this page. For any substantial change, we will inform you by e-mail or via a banner on the site.