This Policy engages the Processing Manager to act responsibly and in compliance with national provisions and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “General Data Protection Regulation”). The Processing Manager pays particular attention to protecting the privacy of its users and, as a result, is committed to taking the reasonable precautions required to protect the Personal Data collected against loss, theft, disclosure or unauthorised use. “Personal Data” is defined as any Personal Data concerning the user, that is to say any information that allows them to be identified as an individual directly or indirectly. If the user wishes to respond to one of the practices described above, they may contact the Processing Manager at the postal address or at the email address set out in the “Contact Data” section of this Policy.
What data do we collect?
The Processing Manager collects and processes, according to the conditions and principles described below, the following Personal Data:
* Domain (automatically detected by the Processing Manager’s server), including the dynamic IP address; * Email address, if the user has provided it previously, for example by sending messages or questions on the Website, by communicating with the Processing Manager via email, by participating in discussion forums, by accessing the restricted part of the Website using a login, etc;
* Information concerning the pages that the user has consulted on the Website;
* Any information that the user has provided voluntarily such as in the context of information surveys and/or registrations on the Website or by accessing the restricted part of the Website using a login. It is possible that the Processing Manager may also collect non-Personal Data. This data is qualified as non-Personal Data because it does not allow a specific person to be identified directly or indirectly. It may then be used for any purposes whatsoever such as to improve the Website, the Processing Manager’s products and services offered or advertising. In the event that non-personal data is combined with Personal Data, such that an identification of the persons concerned would be possible, this data will be processed as Personal Data so that its connection with a specific person is made impossible.
The Processing Manager collects Personal Data as follows:
- Contact form;
- Registration form;
- Information collected through email or telephone exchanges.
Purposes of the Processing
Personal Data is collected and processed exclusively for the purposes mentioned below:
- Guaranteeing the management and control of the execution of the services proposed;
- Sending and tracking orders and billing;
- Sending promotional information concerning the Processing Manager’s products and services;
- Sending promotional material;
- Answering user questions;
- Providing statistics;
- Improving the quality of the Website and the products and/or services proposed by the Processing Manager;
- Sending information concerning the Processing Manager’s new products and/services;
- For market research;
- Allowing better identification of the user’s interests. The Processing Manager may be required to perform processing which is not yet including in this Policy. In this case, they will contact the user before reusing their Personal Data to make them aware of the changes and give them the possibility, where applicable, of refusing this reuse.
Some of the processing carried out by the Processing Manager is based on the legitimate legal interests of the latter. These legitimate interests are proportionate with respect of the user’s rights and freedoms. If the user requires details of the purposes founded on the legal basis of the legitimate interests, they are advised to contact the Processing Manager (see point concerning “Contact data”).
Generally speaking, the Processing Manager only retains Personal Data for the time reasonably necessary for the purposes set out and in accordance with legal and regulatory requirements.
A client’s Personal Data is held for a maximum of 10 years after the end of the contractual relationship linking this client to the Processing Manager.
Unless specified otherwise, at the end of the retention period, the Processing Manager shall make every effort to ensure that the Personal Data has been made unavailable and inaccessible.
Application of Rights
For all rights set out below, the Processing Manager reserves the right to verify the identity of the user for the application of the rights set out below.
This request for additional information will be processed within a month of the request being made by the user.
Access to Data and Copies
The user may obtain the written communication or a copy of the Personal Data that has been collected about them free of charge. The Processing Manager may request the payment of reasonable fees based on administrative costs for any additional copy requested by the user.
When the user submits this request electronically, the information is provided in a common electronic format provided that the user does not specifically request otherwise.
Unless specified otherwise by the General Data Protection Regulation, the copy of the data will be provided to the user within one month of receipt of the request.
Right of Rectification
The user may obtain, free of charge, as soon as possible and within a month at the latest, the rectification of their Personal Data which is inaccurate, incomplete or irrelevant as well as its completion if it is incomplete.
Unless specified otherwise by the General Data Protection Regulation, the request to exercise the right of rectification is processed in the month the latter is submitted.
Right to Oppose Processing
At any time, the user may, for reasons relating to their specific situation, oppose the processing of their Personal Data free of charge when: * The processing is necessary for the execution of a public interest mission or concerns the exercise of the public authority given to the Processing Manager; * The processing is necessary for the legitimate interests of the Processing Manager or a third party, unless the interests or fundamental rights and freedoms of the data subject concerning the protection of Personal Data prevail (specifically when the data subject is a minor). The Processing Manager may refuse to implement the user’s right of opposition when it establishes the existence of compelling and legitimate reasons justifying the processing that override the interests or rights and freedoms of the user or for the recognition, exercise or defence of a legal right. In the event of a dispute, the user may appeal as indicated in the “Appeals and Complaints” section in this Policy. The user may also, at any time, oppose, without justification and free of charge, the processing of Personal Data concerning them when their data is collected for the purposes of market research (including profiling).
When Personal Data is processed for scientific or historical research purposes or for statistical purposes in accordance with the General Data Protection Regulation, the user has the right to oppose, for reasons pertaining to their specific situation, the processing of their Personal Data, unless the processing is required for the execution of a public interest mission. Unless specified otherwise by the General Data Protection Regulation, the Processing Manager is required to respond to the user’s request as soon as possible, and within one month at the latest, and to justify their response when they intend to not process the request.
Right of Limitation of Processing
The user may request the limitation of the processing of their Personal Data in the cases listed below:
* When the user contests the accuracy of a piece of data and only for the time that the Processing Manager can control the latter;
* When the processing is illegal and the user prefers the limitation of processing to deletion;
* When, with the data no longer being required for processing purposes, the user needs said data for the recognition, exercise or defence of its legal rights;
* During the period necessary to examine the justified basis of an opposition request submitted by the user, in other words the time it takes for the Processing Manager to check the balance of interests between the legitimate interests of the Processing Manager and the user. The Processing Manager will inform the user when the limitation of processing is lifted.
Right of Deletion (right to be forgotten)
The user may obtain the deletion of their Personal Data when one of the following reasons applies: * The data is no longer required for the processing purposes;
* The user has withdrawn their consent for their data to be processed and there is no other legal basis for the processing;
* The user opposes the processing and there is no compelling legitimate reason for the processing and/or the user exercises their specific right of opposition in terms of direct marketing (including profiling);
* The Personal Data is the subject of illegal processing;
* The Personal Data must be deleted to respect a legal obligation (under EU law or that of a Member State) to which the Processing Manager is subject;
* The Personal Data has been collected in the context of the offer of information society services targeting minors.
However, the deletion of the data is not applicable in the following cases:
* When processing is required to exercise the right to freedom of expression and information;
* When processing is necessary to respect a legal obligation requiring processing set out by EU law or that of the Member State to which the Processing Manager is subject, or to execute a public interest mission or under the exercise of the public authority held by the Processing Manager;
* When processing is necessary for public interest reasons in the area of public health;
* When processing is required for archiving purposes in the public interest, for scientific or historic research purposes or for statistical purposes, provided that the right to deletion is likely to make the performance of the processing purposes in question impossible or seriously compromise the latter;
* When processing is required for the recognition, exercise or defence of legal rights.
Unless specified otherwise by the General Data Protection Regulation, the Processing Manager is required to respond to the user’s request as soon as possible, and within one month at the latest, and to justify their response when they intend to not process the request.
Right of "Data Portability"
The user may, at any time and free of charge, ask to receive their Personal Data in a structured, commonly used and machine-readable format with a view, notably to provide this data to another Processing Manager when: * The data processing is carried out using automated processes; and when
* The processing is based on the user’s consent and on a contract entered into between the latter and the Processing Manager.
Under the same terms and conditions, the user has the right to obtain from the Processing Manager their Personal Data sent directly to another Personal Data Processing Manager, provided that this is technically possible.
The right to data portability does not apply to processing that is necessary for the execution of a public interest mission or concerns the exercise of the public authority held by the Processing Manager.
Data Recipients and Disclosure to Third Parties
The recipients of the data collected and processed are, in addition to the Processing Manager themselves, their agents or other subcontractors, their carefully-selected commercial partners, located in Belgium or abroad, and who work with the Processing Manager to sell products or provide services. In the event that the data is disclosed to third parties for direct marketing or market research purposes, the user will be informed of this beforehand so that they may choose whether to agree to the transfer of their data to third parties. If this transfer is based on the user’s consent, the latter may withdraw their consent to this specific purpose at any time. The Processing Manager shall respect the legal and regulatory provisions in force and makes sure that, at all times, its partners, agents, subcontractors or other third parties with access to this Personal Data respect this Policy.
The Processing Manager shall disclose the user’s Personal Data in the event that a law, legal procedure or public authority order renders this disclosure necessary.
The Processing Manager shall implement the technical and organisational measures necessary to guarantee a level of security of the processing and the data collected with regard to the risks presented by the processing and the nature of the data to be protected adapted to the risk. The state of knowledge, implementation costs and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of users are considered. The Processing Manager always uses encryption technologies which are recognised as industrial standards within the IT sector when it transfers or receives data on the Website.
The Processing Manager has implemented appropriate security measures to protect and avoid the loss, improper use or alteration of the information received on the Website. In the event the Personal Data that the Processing Manager controls is compromised, they shall act quickly to identify the cause of this breach and take appropriate measures to remedy it. The Processing Manager shall inform the user of this incident if the law requires them to.
Appeals and Complaints
If the user wishes to take action regarding one of the practices described in this Policy, they are advised to contact the Processing Manager directly.
The user may also make a complaint to their national control authority the details of which can be found on the European Commission’s official Website at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. Additionally, the user may complain to the competent national courts.
For any questions and/or complaints concerning this Policy, the user may contact the Processing Manager:
By email: firstname.lastname@example.org.
By post: CERAN BELGIUM – Avenue des Petits Sapins 27 4900 Spa (Belgium).
The Processing Manager reserves the right to modify the provisions of this Policy at any time. Modifications will be published directly on the Processing Manager’s Website.
Applicable Law and Competent Jurisdiction
This Policy is governed by the national law of the location of the Processing Manager’s main establishment.
Any dispute concerning the interpretation or execution of this Policy will be subject to the courts of this national law. The present policy is drawn up in French under provisions of Belgian law, and the English version is an unofficial translation for information purposes only. The French text shall prevail in the event of any ambiguity or conflict between the two versions.
This version of the Policy is dated 16/12/2018.