HUITRIERE-EOLE DATA PROTECTION POLICY
Privacy is of paramount importance. This is why it is essential to comply meticulously with European (including the General Data Protection Regulation or "GDPR") and national legislation (the Act of 08 December 1992 on the protection of privacy with regard to the processing of personal data, but also the Act of 13 June 2005 on electronic communications) and to inform our customers as much as possible. HUITRIÈRE-EOLE undertakes to manage and use personal data in a secure and legal manner and as a conscientious manager, in order to process files under the best conditions.
The information below explains what data is collected, why it is collected, how long the process takes and to what extent the data subjects will be able to control it.
1 DEFINITION OF "DATA PROCESSING"
The GDPR defines "processing" and "personal data" as:
“Processing”: designates any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Personal data”: any information relating to an identified or identifiable natural person (hereinafter referred to as a 'data subject'); an 'identifiable natural person' is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or to one or more elements specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
As the law stipulates, we do not process sensitive data, i.e. data relating to racial or ethnic origin, political opinions, sexual orientation and health (see also point 3 below).
The data controller is HUITRIÈRE-EOLE Avenue Henry Dunant 33, 1140 Brussels.
2 SUBJECTS PROTECTED BY THIS CODE
This code of conduct applies to all customers and prospects, whether they are individuals or commercial entities. It also applies to all self-employed workers who work with HUITRIERE-EOLE.
This code of conduct also applies to visits to our premises, visits to our websites or the use of any of our mobile applications.
HUITRIÈRE-EOLE will respect its obligations and the rights of the data subjects whenever their data are processed.
3. PURPOSE OF DATA PROCESSING
HUITRIÈRE-EOLE processes personal data only if it is necessary for specific purposes. This concerns the financial and operational management of offers, orders as well as the execution of the latter, but also the communication of prices to members registered in the newsletter. More specifically, the use is authorised:
- In the context of the preparation or execution of a contract, such as in the case where it is necessary to know information from the customer allowing access to the website for the delivery of equipment, products and the arrival of personnel.
- To comply with the legal provisions (in the broad sense) to which we are subject;
- When HUITRIÈRE-EOLE has a legitimate interest, always in reasonable and proportional measures. An example of this is the case where HUITRIÈRE-EOLE must send the right recipient a newsletter with its prices, said recipient being registered for the newsletter through their own choice.
- When we have received permission to save and/or process the data.
To manage independent personnel involved in the execution of a contract.
4. DATA SECURITY
- HUITRIÈRE-EOLE trains its employees to ensure the proper use of confidential data.
- In the framework of sensitive private projects, an inspection is carried out concerning the security and protection of personal data.
- Specific persons are responsible for the information security policy and are part of the data protection service of HUITRIÈRE-EOLE
- HUITRIÈRE-EOLE uses specialised external resources to guarantee the security of the networks, infrastructures and information systems used. In addition, HUITRIÈRE-EOLE uses technical measures to protect the data in question, such as password protection, firewalls, antivirus, intrusion detection, anomaly detection and access control for our employees.
- In the event that a processor is required (e.g. self-employed persons or companies), the latter will conclude a data processing contract with the controller in which it is agreed that the former will act only on the instructions of the controller and will be bound by the same obligations as those to which the controller is bound. They will also have to sign a collaboration agreement in which they undertake not to disclose any information to which they have access.
- In the event of a breach of personal data which may create a high risk to the rights and freedoms of a natural person, the former will be communicated personally to the data subject, describing in clear and simple terms the nature of the breach of personal data and containing a contact point from which further information can be obtained as well as the likely consequences of the breach and the measures taken or proposed by the controller in this regard. (firstname.lastname@example.org)
In such cases, the controller shall notify the breach in question to the Data Protection Authority as soon as possible and, if possible, no later than 72 hours after becoming aware of it, unless the breach in question is not likely to create a risk to the rights and freedoms of the data subjects.
5. DATA PROTECTION IMPACT ASSESSMENT
A prior impact assessment relating to data protection (hereinafter referred to as DPIA, the usual English acronym for "Data Protection Impact Assessment") is carried out when a new processing of personal data is envisaged, taking into account its nature, scope, context and purposes, may create a high risk to the rights and freedoms of the natural persons concerned.
The use or implementation of new technologies can be an indicator of high risk.
This impact assessment shall contain at least:
- A systematic description of the processing operations envisaged and the purposes of the processing operation, including, where appropriate, the legitimate interest pursued by the controller;
- An assessment of the necessity and proportionality of the processing operations in the light of the purposes;
- An assessment of the risks to the rights and freedoms of the data subjects;
- The measures provided for to deal with the risks, including guarantees, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation, taking into account the rights and legitimate interests of the data subjects and other affected persons.
- This code of conduct is taken into account in the data protection impact assessment.
6. DATA PROTECTION OFFICER (DPO)
HUITRIÈRE-EOLE does not have as its main activity the processing of personal data of data subjects which, because of its nature, scope and/or purposes, requiring regular and systematic monitoring on a large scale. Therefore, a Data Protection Officer (hereinafter “DPO”) is not mandatory.
An internal personal data protection service will inform and advise employees about their obligations under the GDPR and other data protection provisions.
It will monitor compliance with data protection measures and will be the contact entity for supervisory authorities. (email@example.com)
7. COMMUNICATION OF DATA TO THIRD PARTIES
Personal data is not transferred to third parties.
For some aspects of our services, we only work with subcontractors who have signed a subcontracting contract concerning the GDPR, but not with third parties. For example, the departments which maintain or develop computer systems or our trustee.
It is possible that in the event of a dispute, lawyers and bailiffs may be called upon. If so, we ensure that they treat your data as we do, in a safe, respectful and responsible manner. In addition, the latter are subject to their respective codes of ethics.
- There is a legal obligation. The most common example is the seizure of certain documents by Federal Public Service Economy inspectors.
8. THE RIGHTS AND POSSIBILITIES FOR ACTION OF THE DATA SUBJECTS
Right of access (as well as the right to rectification and portability)
Data subjects have the right of access (free of charge) to data concerning them. They can ask:
- Whether or not we process personal data;
- For what purposes we process it;
- The categories of data we process;
- To which categories of recipients we communicate it;
- The origin of the processed data; and
- The logic underlying the automated processing of certain personal data.
The right of access may be exercised in writing to the controller. In order to exercise the right of access and to prevent any unauthorised or unlawful disclosure of personal information, proof of identity is required: a copy of the recto of the identity card of the applicant or data subject.
HUITRIÈRE-EOLE will respond to requests for access as soon as possible and at the latest within one month. This period starts from the receipt by the data controller of the written request and of all relevant and necessary elements
In addition, the controller will send a copy of the personal data processed to the data subject.
In addition, a complainant may contact the Data Protection Authority, in particular in the event that no reaction to the request is obtained, or if the request is refused, or if the response is not satisfactory.
Your right of rectification and deletion cannot be the subject of a decision based exclusively on automated processing
Data subjects have the right to have incomplete, erroneous, inadequate or outdated personal data deleted or modified. To do so, HUITRIÈRE-EOLE may be contacted via email: firstname.lastname@example.org
HUITRIÈRE-EOLE ensures that their data is adapted so that it remains up to date. Data subjects are therefore asked to report any changes, such as a change of address or a change of email address.
9. REGISTER OF PROCESSING ACTIVITIES
HUITRIÈRE-EOLE and its members keep a register of their processing activities. This register contains: the type of data processed, the purposes of the processing, the recipients of the data, where the data will be stored, how the data will be secured and the storage periods as well as the categories of persons concerned by the processing (employees, suppliers, customers, debtors, etc.)
10. TIME LIMITS FOR STORING PERSONAL DATA
Personal data is only retained for as long as necessary to achieve the purpose for which it was collected.
Since the limitation period under common law is 10 years (CC art. 2262bis) and a file can still be contested or our professional liability can still be challenged until the expiry of this period, a maximum retention period of 10 years will be observed after the performance of the contract.
However, taking into account the above paragraph, data subjects have the right to erase data if its storage is no longer necessary for the purposes for which it was collected, unlawfully processed or to comply with a legal obligation.
Archived data has limited access.
11. THE WEBSITE
Our website can be visited without having to share any personal data.
The purpose of the registration for our newsletter is described and does not include any sensitive data.
12. CONTACT WITH HUITRIÈRE-EOLE
Contact can be made in writing or electronically. The right of access to data of the data subjects as well as requests for rectification or deletion must be made in writing or electronically as mentioned above in point 8.
13. CONTROL AND CHANGES
HUITRIÈRE-EOLE may modify its code of conduct. Data subjects may request or consult the latest version on the HUITRIÈRE-EOLE website
In the event of a conflict, the latest code of conduct takes precedence over previous versions.