OH Concept Policy relating to our processing of personal data (LAST UPDATED: July 15, 2022 )

  1. Purpose of this policy
  • Information

This policy informs you of how OH Concept (in its capacity as "data controller") processes your personal data.

This information is provided to you in accordance with all applicable data protection and privacy laws and regulations (hereinafter referred to as "Data Protection Laws"), and, more particularly, pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (or “GDPR”).

This policy also aims to inform you of your rights regarding the processing of your personal data.

  • Informed consent

In some cases (specified below), the legal basis for our processing is your informed consent. In such cases, the other purpose of this policy is to provide you with the information necessary to obtain valid consent from you, in a transparent manner.

When our processing of personal data is based on your consent, you have the right to withdraw your consent at any time, without this withdrawal affecting the lawfulness of the processing carried out prior to this withdrawal. To withdraw your consent, you are invited to use the easy unsubscribe procedures provided to you by our communication tools or by sending us an email (at the address indicated below).

Where our processing of personal data is based on your consent, it is our duty to be able to demonstrate that you have consented to the processing of your personal data. To do this, we retain data relating to your consent for as long as we need to demonstrate our full compliance with Data Protection Laws.

If you are under 16, it is our duty to make reasonable efforts to verify, in such cases, that consent is given or authorized by the holder of parental authority, taking into account available technology. This explains why, if necessary, we may need to request more information about this holder of parental authority.

  1. Information about the controller

Identity of the controller :

OH Concept SRL, a company incorporated under Belgian law, whose registered office is located at Rue de l'industrie 20 at 1400 Nivelles (Belgium), registered with the Banque Carrefour des Entreprises under the company number 0675.819.091, and having the address of email contact@gabylou.eu, (hereinafter referred to as “OH Concept” or “we”).

  1. Information on the different processing of personal data

In this section 3, for each processing we carry out, we provide you with information on the following points:

  • The categories of data subjects (who is affected by the data processed);
  • The processing purposes for which the personal data is intended (why we process your data);
  • The legal bases for the processing (and where applicable, the legitimate interest pursued by us or by a third party);
  • The categories of personal data concerned (what types of data are processed);
  • The sources of your data;
  • Where applicable, the recipients , or categories of recipients of personal data (with whom we share the data);
  • Where applicable, the transfer of personal data to recipients in countries outside the EU or to international organizations and the guarantees allowing this transfer;
  • The retention period of the personal data , or if it is not possible to specify it, the criterion used to determine this period.

In order to be as transparent and clear as possible, this information is presented in the table below, and is provided by processing:

Management of the e-commerce platform

Categories of data subjects : any buyer who places an order via our E-commerce platform

Purpose : Online sales (customer profile, order interface, collection of data relating to customers and their orders, online payment)

Legal basis : execution of contractual or pre-contractual measures (GDPR, art. 6, §1 b)

Data categories : Classic identifiers (surname, first name, address, telephone); Electronic identifiers (IP address, email address, platform identifier); Administrative data; Customer code ; Language ; Currency ; Financial details (payment information); Content of communications; Commercial information

Sources : data subjects themselves, the manager (E-Commerce platform) and the online payment solution provider (payment status)

Recipients : Payment solution provider, Public administrations

Transfer outside the EU : /

Shelf life : 10 years from the end of the contractual relationship.

Management and security of this website

Categories of data subjects : any visitor to our site (including you, since you are viewing this policy on our website)

Purpose : to ensure the correct connection to the website, and to ensure the protection of the website and the systems used to put it online.

Legal basis : legitimate interest (GDPR, art. 6, §1 f): securing the website.

Data categories : electronic identifier (IP address) and connection data

Sources : internet connections

Recipients : /

Transfer outside the EU : /

Retention period : as long as necessary for the security of the site

 

Cookies

See the specific “cookies” policy

Website contact form

Categories of data subjects : any user of the contact form

Purpose : to allow the user to contact us easily (this form generates emails intended for our staff and which will be processed as part of our "public relations" processing - see below)

Legal basis : consent (GDPR, art. 6, §1 a)

Categories of data : data from the form classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), administrative data, content of communications.

Sources : people concerned themselves

Recipients : (see “public relations”)

Transfer outside the EU : (see "public relations")

Shelf life : (see “public relations”)

Customer management

Categories of data subjects : customers and linked or related persons (contact persons, representatives).

Purpose : contract negotiation, commercial information, follow-up and execution of orders, file management, invoicing, after-sales service, content of communications.

Legal basis : performance of contractual or pre-contractual measures (GDPR, art. 6, §1 b), performance of legal and regulatory obligations (GDPR, art. 6, §1 c).

Data categories : classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), administrative data, sector data, customer code, function, category / group to which they belong, language, currency, financial particulars , representative, content of communications, commercial information.

Sources : data subjects themselves, official and publicly accessible databases, public commercial databases.

Recipients : sales representatives, distributors and commercial intermediaries, administrations and public authorities, service providers and any subcontractors.

Transfer outside the EU : /

Shelf life : 10 years from the end of the contractual relationship.

Management of suppliers

Categories of data subjects : suppliers and linked or related persons (contact persons, representatives).

Purpose : supplier management: selection, contract negotiation, order tracking, file management, accounting and administration, quality control, communications content.

Legal basis : performance of contractual or pre-contractual measures (GDPR, art. 6, §1 b), performance of legal and regulatory obligations (GDPR, art. 6, §1 c).

Data categories : classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), administrative data, sector data, supplier code, function, category / group to which they belong, language, currency, financial particulars , representative, content of communications, commercial information.

Sources : data subjects themselves, official and publicly accessible databases, public commercial databases.

Recipients : public administrations and authorities, subcontractors

Transfer outside the EU : /

Shelf life : 10 years from the end of the contractual relationship.

Prospecting

Categories of data subjects : prospects and linked or related persons (contact persons, representatives).

Purpose : general prospecting, development of the company's activities and its customers.

Legal basis : legitimate interest (GDPR, art. 6, §1 f): prospecting of professional customers, development of economic activities.

Data categories : classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), sector data, function, category / group to which they belong, language, representative, content of communications, commercial information.

Sources : data subjects themselves, official and publicly accessible databases, public commercial databases.

Recipients : sales representatives, distributors and commercial intermediaries.

Transfer outside the EU : /

Shelf life : 3 years.

Public relations

Categories of data subjects : customers and prospects

Purpose : public relations and customer information (general information, complaints, after-sales service).

Legal basis : consent (GDPR, art. 6, §1 a), fulfillment of legal and regulatory obligations (GDPR, art. 6, §1 c)

Categories of data : classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), content of communications, commercial information.

Sources : persons concerned.

Recipients : /

Transfer outside the EU : /

Retention period : 5 years, and earlier if consent is withdrawn (for processing based on consent)

email marketing

Categories of data subjects : customers, prospects.

Purpose : marketing communication by e-mail.

Legal basis : consent (GDPR, art. 6, §1 a), legitimate interest (GDPR, art. 6, §1 f): “soft opt-in” allowing the sending of marketing information to existing customers

Categories of data : classic identifiers (surname, first name), electronic identifiers, contact data (email), content of communications.

Sources : persons concerned.

Recipients : subcontractors

Transfer outside the EU : /

Shelf life : until unsubscribed.

Event planning

Categories of persons concerned : persons invited (customers / prospects / partners / suppliers).

Purpose : promotional events.

Legal basis : legitimate interest (GDPR, art. 6, §1 f): prospecting of professional customers, development of economic activities

Categories of data : classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), presence.

Sources : persons concerned.

Recipients : suppliers and subcontractors

Transfer outside the EU : /

Shelf life : 1 year from the end of the event.

Recruitment (spontaneous applications & unsuccessful applications)

Categories of data subjects : job candidates.

Purpose : selection of candidates in the context of recruitment, carrying out assessments in order to select the most suitable candidates for the position to be filled.

Legal basis : execution of contractual or pre-contractual measures (GDPR, art. 6, §1 b), consent for the constitution of a recruitment reserve (GDPR, art. 6, §1 a)

Data categories : classic identifiers (surname, first name), electronic identifiers, contact data (address, telephone, email), education, professional data, references, CV data

Sources : people concerned themselves

Recipients : /

Transfer outside the EEA : /

Retention period : The data of unsuccessful candidates are erased 6 months after the end of the hiring procedure. If the candidate expresses his wish to have his data kept as part of a recruitment reserve, his data is kept until the withdrawal of his consent or at the latest 3 years after the end of the hiring procedure.

When the provision and processing of personal data is necessary to comply with laws or contractual obligations, your refusal to provide us with the data or your provision of false or incomplete data may lead to the refusal or termination of any commercial relationship with you or your business.

If we process personal data for purposes other than those set out in this article, we will provide you with information about this new purpose and any other relevant information before starting the new processing.

  1. Your rights as a data subject

Data Protection Laws grant you rights in certain cases and under certain conditions, including the rights to access, rectify, request erasure of your personal data, as well as the right to request restriction of processing. or to object to the processing. In certain cases and under certain conditions, you also have a right to the portability of your data.

Please contact us as set out in the "Who to contact about your personal data" section below to make any request to exercise your rights or if you have any questions or concerns about how we process your personal data. .

You can, in principle, exercise these rights free of charge. Please note, however, that the processing of external requests, which prove to be unfounded or excessive, may sometimes be subject to reasonable administrative costs.

Please note that certain personal data may be exempt from the rights of access, rectification, opposition, deletion, limitation or portability in accordance with the Laws on the protection of personal data or other legislation.

  1. Security

OH Concept will take the appropriate technical, physical, legal and organizational measures, which comply with the Laws on the protection of personal data.

Unfortunately, no data transmission over the Internet or any data storage system can be guaranteed to be 100% secure. If you have reason to believe that an interaction with us is no longer secure (for example if you believe that the security of any personal data you may have with us has been compromised), please notify us immediately. See the “Who to contact about your personal data” section below.

When OH Concept entrusts the processing of personal data to a service provider, the service provider will be selected with care and must use appropriate measures to protect the confidentiality and security of personal data.

  1. Complaints

If you are unhappy with our processing of your personal data and believe contacting us will not resolve the issue, Data Protection Laws give you the right to lodge a complaint with the relevant supervisory authority. (more information on its website):

In Belgium :

https://www.dataprotectionauthority.be/

Data Protection Authority
Rue de la Presse, 35
1000 Brussels (Belgium)
Such. : +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
Email: contact(at)apd-gba.be

Elsewhere in Europe:

A list of other European data protection authorities is available on the website of the European Data Protection Board:

https://edpb.europa.eu/about-edpb/board/members_en

  1. Who to contact about your personal data

If you have any questions about our use of your personal data, you can send us an email at the following address: contact@gabylou.eu or write to OH Concept at the address of its registered office mentioned in section 2. above.

  1. Changes to this Policy

We review this Policy regularly and reserve the right to make changes at any time to reflect changes in our business or new legal requirements.

To notify you of changes, we will post updates on our website.

In some cases (and if we have your address), we can also notify you by email.

Please check the "last updated" date at the top of this Privacy Policy to see when it was last revised.