1. WHAT DO WE DO WITH YOUR PERSONAL DATA?
2.1 We use our best efforts to bring our data processing activities into compliance with applicable data protection legislation, including Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and the Belgian Data Protection Act of 8 December 1992, each as applicable, and as amended, restated or replaced from time to time (the “Applicable Data Protection Law”).
3. CATEGORIES OF PERSONAL DATA
3.1 We process the following categories of personal data:
- Your personal identification data (surname, first name, address, etc.), processed mainly for processing your orders and delivering our products to you, for customer relationship management, customer support, IT support and invoicing purposes;
- Your professional identification data (job title, company address, etc.), processed mainly for processing your orders and delivering our products to your company and for customer relationship management purposes;
- Your credit card number and other credit card details, processed mainly for allowing us to facilitate payments and for invoicing purposes;
- Your contact details (email address, phone number, etc.), processed for allowing us to contact you in relation to the provision of our products and services;
- Your electronic identification data (IP addresses, electronic identifiers, etc.), processed mainly for allowing us to gather statistics about the use of our website;
- Data related to your use of our website (the pages viewed, the links you clicked on, the time you stayed on a page, etc.), processed on an aggregated basis solely for the purpose of enhancing the user experience of our website.
3.2 In addition, we may use certain of your personal data above for debt recovery, business development, the activation, suspension and withdrawal of user accounts, customer satisfaction improvement, the detection and the prevention of fraud and information security breaches, the conduct of company reorganisations (e.g. mergers and acquisitions) and litigation management.
3.3 We use your email to contact you for direct marketing purposes.
4. LEGAL BASES FOR PROCESSING
4.1 The provision of your personal data may be necessary for:
- The performance of a contract to which you are a party (e.g. your purchase contract) or in order to take pre-contractual steps at your request (e.g. in the context of a request for information);
- Compliance with a legal obligation applicable to us (e.g.. with regard to invoicing, fraud detection, taxation, etc.);
- The legitimate interests pursued by us (or by a data recipient) provided that these interests prevail over your fundamental rights and freedoms (e.g. the detection and the prevention of fraud and information security breaches, the conduct of company reorganisations, etc.).
4.2 In some cases, we will ask for your free, prior and informed consent before processing some of your personal data (e.g. photographs portraying you for company communication purposes, your email address for direct marketing purposes if you are not yet a client with us, etc.).
4.3 We do not subject you to decisions based exclusively on automated processing that produce legal effects concerning you or similarly significantly affect you.
4.4 The provision of some of your personal data (e.g. your name, address, email address, etc.) is a condition to the conclusion of the purchase contract with us.
4.5 The possible consequences of not providing your personal data could include our inability to meet our obligations under the purchase contract (e.g. the delivery of our products to you) or a breach by us of one or more obligations under applicable laws (e.g. accounting or tax laws).
5. SOURCE OF THE DATA
5.1 We collect your personal data as follows:
- Directly from you through the online application process or through your interactions with our website; or
- From publicly accessible information (on the Internet).
6. RECIPIENTS OF YOUR PERSONAL DATA
6.1 We may disclose your personal data to the following recipients:
- The customer support team;
- The directors of the Company;
- Third party service providers related to the operation and maintenance of the information systems processing your personal data (these providers only have access to the personal data necessary to carry out their missions);
- Government entities authorised to access and/or obtain your personal data in accordance with applicable law;
- The courts and tribunals of the judicial order in the event of a dispute involving you;
- Law enforcement authorities in the event of a finding or a suspicion of the occurrence of an offenceinvolving you in accordance with or as required by applicable law.
6.2 In the event of company reorganisations (e.g. mergers or acquisitions), we may transfer your personal data to a third party involved in the transaction (for example, a buyer) in accordance with Applicable Data Protection Law.
7.1 We take appropriate measures to ensure that our third-party vendors process your personal data in accordance with Applicable Data Protection Law.
7.2 We also ensure that our processors undertake to, among other things, process your personal data only on our instructions, not hire subprocessors without our consent, take appropriate technical and organisational measures to ensure an adequate level of security of your personal data, ensure that persons authorised to access your personal data are subject to obligations of confidentiality, return and/or destroy your personal data at the end of their services, comply with audits and assist us in following up on your requests regarding the exercise of your data protection rights.
7.4 When you click on links on our website, they may direct you away from our website. We are not responsible for the privacy practices of other websites and invite you to read their privacy statements.
8. TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA
8.1 We transfer your personal data to countries located outside of the European Economic Area (“EEA”), such as the United States.
8.2 In case your personal data is transferred to countries located outside of the EEA, we will ensure that appropriate safeguards are taken, such as:
- The country to which the personal data are transferred has benefited from an adequacy decision by the European Commission under Article 45 of the GDPR; or
- Standard data protection contractual clauses as approved by the European Commission pursuant to Article 47 of the GDPR have been established; or
- In case of a transfer of personal data to the United States, the transfer complies with the conditions imposed by the EU-US Privacy Shield under Article 45 of the GDPR.
8.3 For further information about transfers of personal data outside of the EEA, please consult the following link: https://edps.europa.eu/data-protection/data-protection/reference-library/international-transfers_en.
9.1 We ensure that your personal data are kept for no longer than is necessary for the purposes for which they are processed.
9.2 We use the following criteria to determine the retention periods of personal data according to the context and purposes of each processing operation:
- The time elapsed since the end of your commercial relationship with us;
- The sensitivity of personal data;
- Security reasons (for example, the security of our information security systems);
- Any current or potential dispute or litigation involving you (for example, a litigation involving the sale of a product to you);
- Any legal or regulatory obligation to retain or delete personal data (for example, a retention obligation imposed by accounting or tax laws).
10. YOUR RIGHTS
10.1 Subject to Applicable Data Protection Law, you have the rights to access, rectify and erase your personal data, the rights to object to or limit the processing of your personal data and the right to data portability.
10.2 Please forward any request regarding your rights as data subject to our Privacy Coordinator by email at firstname.lastname@example.org. We will try to comply with your request as soon as reasonably practicable and always under the timeframes set forth by Applicable Data Protection Law. Please note that we may need to retain certain of your personal data for certain purposes as required or authorised by law.
11. RIGHT TO OBJECT TO MARKETING
11.1 We process your email address for direct marketing purposes.
11.2 You have the right to object at any time to the processing of your personal data for direct marketing purposes by unsubscribing from our mailing list or by sending an email to our Privacy Coordinator at email@example.com.
12.1 We implement adequate technical and organisational measures to ensure a level of security of your personal data that is appropriate to the risks.
12.2 We take appropriate measures to ensure that we report security incidents leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
13. QUESTIONS AND COMPLAINTS
13.1 If you have any questions or complaints about the way we process your personal data, please send them to our Privacy Coordinator by email at firstname.lastname@example.org or by post at 115, rue Berthelot, 1190 Forest, Belgium.
13.2 You have the right to lodge a complaint at the competent supervisory authority. The competent supervisory authority for Belgium can be contacted at:
Autorité de Protection des Données / Gegevensbeschermingsautoriteit
Rue de la Presse, 35, 1000 Bruxelles / Drukpersstraat 35, 1000 Brussel
+32 (0)2 274 48 00