OH Concept Personal data processing policy (LAST UPDATED: July 15, 2022)

  1. Objective of this policy
  • Information

This policy informs you about how OH Concept (in its capacity as "data controller") processes your personal data.

This information is provided to you in accordance with all applicable data protection and privacy laws and regulations (hereinafter referred to as "Data Protection Laws"), and, in particular, pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (or "RGPD").

This policy also aims to inform you of your rights regarding the processing of your personal data.

  • Informed consent

In certain cases (specified below), the legal basis for our processing is your informed consent. In such cases, the other purpose of this policy is to provide you with the information necessary to obtain valid consent from you in a transparent manner.

Where our processing of personal data is based on your consent, you have the right to withdraw your consent at any time, without this affecting the lawfulness of the processing carried out prior to such withdrawal. To withdraw your consent, you are invited to use the easy unsubscribe procedures provided to you through our communications tools or by sending us an e-mail (to the address indicated below).

Where our processing of personal data is based on your consent, it is our duty to be able to demonstrate that you have consented to the processing of your personal data. To this end, we retain data relating to your consent for as long as we need to demonstrate our full compliance with Data Protection Laws.

If you are under 16, it is our duty to make reasonable efforts to verify, in such cases, that consent is given or authorized by the holder of parental authority, taking into account the technology available. This explains why, where appropriate, we may ask for further information from the holder of parental authority.

  1. Information on the data controller

Identity of the data controller:

OH Concept SRL, a company incorporated under Belgian law, whose registered office is located at Rue de l'industrie 20, 1400 Nivelles (Belgium), registered with the Banque Carrefour des Entreprises under company number 0675.819.091, and whose e-mail address is [email protected], (hereinafter referred to as "OH Concept" or "we").

  1. Information on personal data processing

In this section 3, for each processing operation we carry out, we provide you with information on the following points:

  • Categories of data subjects(who is concerned by the data processed) ;
  • The purposes of the processing for which the personal data is intended (why we process your data) ;
  • The legal basis for the processing (and, where applicable, the legitimate interest pursued by us or by a third party) ;
  • Categories of personal data concerned (what types of data are processed) ;
  • The sources of your data ;
  • If applicable, the recipients or categories of recipients of personal data (with whom we share the data);
  • Where applicable, the transfer of personal data to recipients in countries outside the EU or to international organizations, and the guarantees enabling this transfer;
  • How long personal data will be kept, or if this cannot be specified, the criteria used to determine this period.

In order to be as transparent and clear as possible, this information is presented in the table below, and is provided by treatment:

E-commerce platform management

Categories of persons concerned : any buyer who places an order via our e-commerce platform

Purpose: Online sales (customer profile, order interface, collection of customer and order data, online payment)

Legal basis: performance of contractual or pre-contractual measures (GDPR, art. 6, §1 b).

Data categories: Standard identifiers (surname, first name, address, telephone); Electronic identifiers (IP address, email address, platform identifier); Administrative data; Customer code; Language; Currency; Financial details (payment information); Communication content; Commercial information.

Sources : data subjects themselves, the person responsible (E-Commerce platform) and the online payment solution provider (payment status).

For: Payment solution providers, Public authorities

Transfer outside the EU : /.

Retention period: 10 years from the end of the contractual relationship.

Management and security of this website

Categories of persons concerned : any visitor to our site (including you, since you consult this policy on our website)

Purpose: to ensure proper connection to the website, and to protect the website and the systems used to put it online.

Legal basis: legitimate interest (GDPR, art. 6, §1 f): securing the website.

Data categories: electronic identifier (IP address) and connection data

Sources : Internet connections

Recipients: /

Transfer outside the EU : /.

Shelf life: as long as necessary for site security

 

Cookies

 See specific "cookies" policy

Website contact form

Data subject categories : all users of the contact form

Purpose: to enable the user to contact us easily (this form generates emails for our staff, which will be processed as part of our "public relations" processing - see below).

Legal basis: consent (GDPR, art. 6, §1 a)

Data categories: form data, classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), administrative data, communications content.

Sources: people concerned themselves

Recipients: (see "public relations")

Transfer outside the EU: (see "Public relations")

Shelf life: (see "public relations")

Customer management

Categories of persons concerned: customers and related persons (contact persons, representatives).

Purpose: contract negotiation, commercial information, order tracking and fulfillment, file management, billing, after-sales service, communications content.

Legal basis: performance of contractual or pre-contractual measures (GDPR, art. 6, §1 b), performance of legal and regulatory obligations (GDPR, art. 6, §1 c).

Data categories: classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), administrative data, sector data, customer code, function, category / group, language, currency, financial details, representative, communications content, commercial information.

Sources: data subjects themselves, official and publicly accessible databases, public commercial databases.

Addressees: sales representatives, distributors and commercial intermediaries, public administrations and authorities, service providers and any subcontractors.

Transfer outside the EU: /.

Retention period: 10 years from the end of the contractual relationship.

Supplier management

Categories of persons concerned: suppliers and related persons (contact persons, representatives).

Purpose: supplier management: selection, contract negotiation, order follow-up, file management, accounting and administration, quality control, communications content.

Legal basis: performance of contractual or pre-contractual measures (GDPR, art. 6, §1 b), performance of legal and regulatory obligations (GDPR, art. 6, §1 c).

Data categories: classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), administrative data, sector data, supplier code, function, category / membership group, language, currency, financial details, representative, communications content, commercial information.

Sources: data subjects themselves, official and publicly accessible databases, public commercial databases.

Recipients: public administrations and authorities, subcontractors

Transfer outside the EU: /.

Retention period: 10 years from the end of the contractual relationship.

Prospecting

Categories of persons concerned: prospects and related persons (contact persons, representatives).

Purpose: general prospecting, development of the company's activities and clientele.

Legal basis: legitimate interest (GDPR, art. 6, §1 f): business customer prospecting, business development.

Data categories: classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), sector data, function, category / group, language, representative, communication content, commercial information.

Sources: data subjects themselves, official and publicly accessible databases, public commercial databases.

Addressees: sales representatives, distributors and sales intermediaries.

Transfer outside the EU: /.

Shelf life: 3 years.

Public Relations

Categories of data subjects: customers and prospects

Purpose: public relations and customer information (general information, complaints, after-sales service).

Legal basis: consent (GDPR, art. 6, §1 a), fulfilment of legal and regulatory obligations (GDPR, art. 6, §1 c)

Data categories: standard identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), communications content, commercial information.

Sources: people concerned.

Recipients: /

Transfer outside the EU: /.

Retention period: 5 years, earlier if consent withdrawn (for consent-based processing)

Email marketing

Categories of people concerned: customers, prospects.

Purpose: marketing communication by e-mail.

Legal basis: consent (GDPR, art. 6, §1 a), legitimate interest (GDPR, art. 6, §1 f): "soft opt-in" enabling marketing information to be sent to existing customers.

Data categories: conventional identifiers (surname, first name), electronic identifiers, contact data (email), communications content.

Sources: people concerned.

Recipients: subcontractors

Transfer outside the EU: /.

Shelf life: until you unsubscribe.

Event organization

Categories of people concerned: invited guests (customers / prospects / partners / suppliers).

Purpose: promotional events.

Legal basis: legitimate interest (GDPR, art. 6, §1 f): business customer prospecting, development of economic activities.

Data categories: classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), presence.

Sources: people concerned.

Recipients: suppliers and subcontractors

Transfer outside the EU: /.

Shelf life: 1 year from the end of the event.

Recruitment (unsolicited & unsuccessful applications)

Target groups: job applicants.

Purpose: selection of candidates for recruitment purposes, carrying out assessments to select the most suitable candidates for the position in question.

Legal basis: performance of contractual or pre-contractual measures (GDPR, art. 6, §1 b), consent for the constitution of a recruitment reserve (GDPR, art. 6, §1 a)

Data categories: conventional identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), education, professional data, references, CV data

Sources: people concerned themselves

Recipients: /

Transfer outside the EEA: /.

Retention period: The data of unsuccessful candidates is deleted 6 months after the end of the recruitment procedure. If the candidate expresses his or her wish to have his or her data retained as part of a recruitment reserve, the data is retained until the candidate withdraws his or her consent, or at the latest 3 years after the end of the recruitment procedure.

 

Where the provision and processing of personal data is necessary to comply with laws or contractual obligations, your refusal to provide us with the data or your provision of false or incomplete data may result in the refusal or termination of any business relationship with you or your company.

If we process personal data for purposes other than those set out in this article, we will provide you with information about this new purpose and any other relevant information before we start the new processing.

  1. Your rights as a data subject

Data Protection Laws grant you rights in certain cases and under certain conditions, including the rights of access, rectification, to request erasure of your personal data, as well as the right to request limitation of processing or to object to processing. In certain cases and under certain conditions, you also have a right to the portability of your data.

Please contact us as specified in the "Who to contact about your personal data" section below to make any requests to exercise your rights or if you have any questions or concerns about how we process your personal data.

In principle, you can exercise these rights free of charge. Please note, however, that the processing of unfounded or excessive external requests may sometimes be subject to reasonable administrative charges.

Please note that certain personal data may be exempt from the rights of access, rectification, opposition, deletion, limitation or portability in accordance with Personal Data Protection Laws or other legislation.

  1. Security

OH Concept will take appropriate technical, physical, legal and organizational measures, which comply with the Laws on the protection of personal data.

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that any interaction with us is no longer secure (for example, if you believe that the security of any personal data you may have with us has been compromised), please notify us immediately. See "Who to contact about your personal data" below.

When OH Concept entrusts personal data processing to a service provider, the service provider will be selected with care and must use appropriate measures to protect the confidentiality and security of personal data.

  1. Claims

If you are not satisfied with our processing of your personal data and you believe that contacting us will not resolve the problem, the Data Protection Laws give you the right to lodge a complaint with the competent supervisory authority (more information on the latter's website) :

Belgium:

https://www.autoriteprotectiondonnees.be/

Data Protection Authority
Rue de la Presse, 35
1000 Brussels (Belgium)
Tel : +32 (0)2 274 48 00
Fax : +32 (0)2 274 48 35
Email : contact(at)apd-gba.be

Elsewhere in Europe :

A list of other European data protection authorities is available on the European Data Protection Board website:

https://edpb.europa.eu/about-edpb/board/members_en

  1. Who to contact about your personal data

If you have any questions about our use of your personal data you can send us an e-mail to the following address: [email protected] or write to OH Concept at the address of its registered office mentioned in section 2 above.

  1. Changes to this Policy

We regularly review this Policy and reserve the right to make changes at any time to reflect changes in our business or new legal requirements.

To keep you informed of any changes, we will post updates on our website.

In certain cases (and if we have your address), we can also inform you by email.

Please check the "last updated" date at the top of this Privacy Policy to see when it was last revised.