PRIVACY POLICY
Version 1.0
Date: 23 February 2022
- Identity of the controller
This privacy policy applies to all personal data processed by OCTOREEF BV, with registered office at Antoon Catriestraat 1B,
9031 Drongen, with company number BTW BE0701.718.190, who is the data controller of this website.
The controller will do its utmost to respect your privacy rights. In doing so, the controller complies with the General Data Protection Regulation (hereinafter “GDPR”) and/or any future or additional privacy legislation applicable.
- What does ‘processing personal data’ mean?
Processing of personal data (hereinafter “data”) includes any processing of data that identifies you as a natural person. This may include, for example, your contact details or order history. The term ‘processing’ is very broad and covers, among other things, the collection, storage, use of your data, or sharing them with third parties.
- What data do we process?
Below, we clarify which data of yours we may process. Depending on the actual situation, your preferences and the way in which you contact us, we may not process all of the following data.
General
We may process the following data of all our contacts:
- Electronic identification and usage data;
- Identification data;
- Contact details;
Website visitors and persons who contact us, including via the website
We may process the following additional data from website visitors:
- IP address
- Reporting
Customers
From our customers in the context of our commercial activities, we may additionally process the following data:
- Order and payment details
- Pre-contractual data
- Aftersales data
- Feedback and testimonials
Suppliers – service providers
From our suppliers and service providers we may additionally process the following data:
- Contractual data
- Payment and billing data
Prospective employees
We may also process the following data from candidate employees. Of course, this will largely depend on what data you yourself wish to provide us with in connection with your application.
- Personal details;
- Work-related data;
- Personality data;
- Photos
For what purposes and on what legal grounds do we process your data?
- Processing purposes:
Personal data is processed exclusively within the framework of the company and in particular for the following purposes:
- Within the framework of our main activities
- Participating in trade fairs
- Meeting administrative and tax obligations
- Communication with customers and prospects
- Recruitment procedure of employees
- Processing grounds:
We may process your personal data for the following purposes: - Legal obligation:
- To comply with the obligations imposed on the Controller under statutory and administrative requirements;
- To meet tax and accounting obligations.
This list is not exhaustive and is subject to change.
- Necessary for the performance of its contract:
Pre-contractual phase: - Contacting, scheduling, responding to an order, negotiating;
- Providing and/or requesting information as part of the conclusion of a contract;
- Drafting of agreements;
Contractual phase:
- Customer management
- Supplier management
- Execution of the contractual order
Legitimate interest:
- Sending newsletters to customers of the company.
- Improving the quality of our services, training employees and evaluating and maintaining data and statistics relating to the activities of the Controller, in the broadest sense.
- Preserving and using evidence in the context of liability, litigation or disputes and with a view to archiving the company’s activities.
- Ensuring security, both online on this website and in our premises.
- Permission:
- Sending a newsletter to non-customers of the company.
- Posting photos containing personal data on the company’s website and social media channels.
- Data of applicants after the recruitment procedure will be kept only with their consent.
- With whom do we share your data?
We do not pass on your data to third parties, unless this is strictly necessary in view of the above-mentioned purposes (e.g. in function of the delivery of our products), or if we are legally obliged to do so.
Where necessary, we use external service providers, so-called “processors”, to support our operational purposes, such as managing our websites and IT systems. These external service providers carry out certain data processing operations on our behalf as necessary. We will only share your data with these external service providers to the extent necessary for the respective purpose. The data may not be used by them for other purposes. In addition, these service providers are contractually bound to guarantee the confidentiality of your data by means of a so-called “processor’s agreement” concluded with these parties.
Specifically, this means that we share your data, where relevant in your situation, with the following third parties for the following purposes, whereby these third parties in certain cases act as processors on our behalf:
- How long do we keep your data?
Personal data will be processed by the Controller for a period necessary to achieve the purposes of the processing. Afterwards, your data will be deleted or anonymised.
- Where do we keep your data and how is it protected?
The Controller shall provide appropriate technical and organisational security measures in order to prevent, within the scope of its activities, the destruction, loss, falsification, alteration, unauthorised access or accidental disclosure to third parties of personal data collected, as well as any other unauthorised processing of such data.
The Controller will ensure that the processors it engages also take appropriate security measures to minimise the risk of incidents.
If, when using specific services or software tools, your data is processed outside the EEA, this will only be done in/to countries that the European Commission has confirmed as ensuring an adequate level of protection for your data, or measures will be taken to ensure the lawful processing of your data in these third countries.
- What are your rights?
You have several rights concerning the data we process about you. If you wish to invoke one of the rights listed below, please contact our GDPR responsible party using the contact details listed under the first heading of this Privacy Statement.
Right of inspection and copying
You have the right to access your data and to obtain a copy thereof. This right also covers the possibility of requesting further information on the processing of your data, including the categories of data processed and the purposes for which they are processed.
Right of adaptation or rectification
You have the right to have your data corrected if you believe that we have incorrect data.
Right to data erasure (right to be forgotten)
You have the right to request that we delete your data without unreasonable delay. However, we may not always be able to comply with such a request, for example, if we still need the data in connection with a current contract, or if the retention of certain of your data for a certain period is required by law.
Right to restriction of processing
You have the right to restrict the processing of your data. This means that processing will be temporarily halted until, for example, there is certainty about its accuracy.
Right to withdraw your consent
If the processing is based on your consent (see above under titles 5 and 6), you have the right to withdraw this consent at any time by contacting us. For marketing messages that you receive from us via e-mail based on your consent, you can easily withdraw this consent by clicking on the unsubscribe link at the bottom of such message.
Right to object
You have the right to object to the processing of your data based on legitimate interest. This must be done on the basis of reasons specific to your situation. You may also object to the use of your data for direct marketing purposes. Marketing messages by e-mail will always include an opt-out.
Right of transferability
You have the right to obtain your data, which you have provided to us with your consent or in execution of a contract, in electronic form. In this way, they can easily be transferred to another organisation. You also have the right to request us to transfer your data directly to another organisation, if this is technically possible.
Right to complain to your supervisory authority
If you believe that we have processed your data incorrectly, you have the right to complain at any time to your data protection supervisory authority.
Belgian Data Protection Authority (GBA)
Drukpersstraat 35
1000 Brussels
contact@apd-gba.be
- How can you exercise your rights?
You may exercise your rights by contacting us, either by e-mail to toshoni.vancraen@calidos.be or by post to Augustijnenstraat 66, 2800 Mechelen, enclosing a copy of the front of your identity card or any other document that identifies you. The copy will only be used to identify you in accordance with the GDPR.
- Amendments
We reserve the right to amend this Privacy Statement. The most recent version is always available on our websites. The date when this Privacy Statement was last amended can be found at the top. In case of a substantial change in the Privacy Statement, we will inform the persons concerned directly, if possible.