last updated on 01/12/2019
In the context of our commercial activities and in particular the exploitation of this Website, we collect, hold, disclose and/or otherwise process personal data as “data controller” under the EU General Data Protection Regulation 2016/679 (“GDPR”) and its national supplementing legislation.
- Whose personal data do we collect and why?
In the context of our activities, we may process personal data of (representatives of) professional customers who buy our products or use our products, of our suppliers, of subcontractor personnel, and of persons who otherwise come into contact with us (e.g. because their name and contact details are provided to us as employee of one of our customers or suppliers).
We collect personal data for the purposes of customer and supplier management, invoicing and accounting, as well as for claims handling and dispute resolution purposes, based on our legitimate / commercial interests as a seller of products entering into contacts with purchasers.
- With whom do we share personal data?
- With our service providers (‘processors’):
In the context of our activities as described above, we may share your personal data with third parties, in particular with service providers (such as IT/cloud service providers or PR/marketing service providers or payment processors) that act as our ‘data processors’.
- Within our group of undertakings:
In the context of the purposes as mentioned above which are managed at group level, we may share your personal data with our affiliates, belonging to the same group of undertakings.
- Our external auditors, consultants and law firms
Further, we share your personal data with auditors, consultants law firms in case of (threatened) litigation or for the execution of their legal assignments.
- Government authorities
Finally, we may share your personal data with the government, police authorities or the judiciary in case we have a legal obligation to do so.
Note that we will always implement appropriate safeguards when transferring your personal data to third parties. If necessary, we will for example conclude a data transfer or a processing agreement specifying the limitations to the use of your personal data and obligations with respect to the security of your personal data.
- How long do we keep your personal data?
Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (as listed above). Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed in a file.
More specifically, the following retention guidelines are applied by us:
- personal data included in accounting, financial or other official documents will be retained for as long as such documents legally need to be kept, and
- personal data required for the execution and follow-up of a contractual relationship will be kept for the entire duration of that relationship and for 10 years following termination thereof.
Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods. More information on our retention periods is available upon simple request.
- How do we protect your personal data?
We implement the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the specific risks that we have identified. Further, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).
More information on our protection measures is available upon simple request.
- What are your rights and how can you exercise them?
You have (under certain legally specified conditions – see articles 15-22 GDPR) the right to:
- information about and access to your personal data;
- rectify your personal data;
- erasure of your personal data (‘right to be forgotten’);
- restriction of processing of your personal data;
- object to the processing of your personal data;
- receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organisation; and
- to lodge a complaint with the Belgian Data Protection Authority or with the local data protection authority in your country.
In all cases, you also have a right to ‘opt-out’ from receiving our electronic newsletter. An unsubscribe link will be included for this purpose.
To read more about these rights, and circumstances under which you can exercise them, go to www.dataprotectionauthority.be.
In principle you may exercise these rights free of charge. Only where requests are manifestly unfounded or excessive we may decide to charge a reasonable fee. We aim to respond as quickly as possible. We might request a proof of identity in advance in order to double-check your request.