Privacy Policy
1. Who are we?
- Name: SALON MAISON L SRL (“ we ”, “ us/our ”)
- Headquarters: avenue Brugmann 152 – 1190 Brussels
- Company number: BE 0767.780.041
- Website: lamaisonl.com (the “ Website ”)
- Contact details of our Data Protection Officer (contact person for any questions relating to data protection): Gaël HERVÉ gael@lamaisonl.com
2. Who are the people concerned?
- 1. We process personal data relating to:
- to representatives of our clients;
- to our customers;
- to representatives of our suppliers;
- to candidates for work with us;
- to visitors to our Website and our workplaces; And
- to other data subjects (the “ data subjects ”, “ you ”, “ your(s) ”).
- 2. This privacy policy (the “ Policy ”) applies to any processing of your personal data that we carry out.
3. What is our commitment to data protection?
We undertake to use our best efforts to ensure that our personal data processing activities comply with applicable data protection legislation, including Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “ GDPR ”) and the Law of July 30, 2018 relating for the protection of individuals with regard to the processing of personal data, as amended, supplemented or replaced from time to time (the “ Applicable Data Protection Legislation ”).
4. For what purposes do we process your personal data?
- 1. If you are one of our customers, we process:
- your personal identification data, your professional identification data and your contact data for the activation, management and maintenance of our commercial relationship with our customers;
- your personal identification data and your professional identification data to allow us to organize billing for our customers;
- where applicable, your bank details to verify payment of invoices related to our service;
- where applicable, your personal identification data, your professional identification data and your contact data for sending communications for marketing purposes.
- 2. If you are a representative of one of our suppliers, we process your personal identification data, your professional identification data and your contact data for the management of our commercial relationship with our suppliers.
- 3. If you are a candidate for work with us, we process your personal identification data, your professional identification data, your contact data, data relating to your professional life (skills, qualifications, experience, etc.). ) and the personal data contained in your curriculum vitae to assess your profile in relation to our recruitment needs.
- 4. If you visit our Website, we may process electronic identification data about you in aggregate to measure frequency on our Website, improve the browsing experience and for fraud detection and prevention and computer security breaches
- 5. If our workplaces are equipped with surveillance cameras, we are able to request access to images concerning you, only when this access is necessary for the pursuit of our legitimate interest in detecting offenses or incivility and to the extent permitted by applicable law.
- 6. We may also process some of your personal data for the following purposes:
- carry out restructuring operations of our activities;
- carry out internal and external audits;
- manage disputes with data subjects and when processing is necessary for the establishment, exercise or defense of legal claims.
- 7. We do not subject data subjects to decisions based exclusively on automated processing which produce legal effects concerning them or affect them in a similarly significant manner.
5. In what capacity do we process your personal data?
- 1. We process your personal data as data controller. In this context, we determine the purposes and means of processing your personal data.
6. On what basis do we process your personal data?
- 1. The provision of your personal data may be necessary:
- the execution of a contract to which the data subject is a party or the execution of pre-contractual measures taken at your request (for example, in the event of a request for work with us);
- compliance with an applicable legal obligation applicable to us (for example, accounting, taxation, etc.);
- in pursuit of our legitimate interests (or those of a data recipient) provided that these interests override your fundamental rights and freedoms.
- 2. We ask for your prior, free and informed consent before processing some of your personal data (for example, each time the processing of your data involves a transfer of your image rights).
- 3. The provision of certain of your personal data (for example, your personally identifiable information, etc.) conditions our ability to provide our service or carry out our activities to you.
- 4. Possible consequences of not providing your personal data could include our inability to provide you with our service or carry out our business or our breach of one or more of our obligations under applicable laws (e.g. example, accounting and tax legislation).
7. Where do your personal data come from?
The personal data we process comes from the following sources:
- directly from you, for example during the first contact we make with you;
- from publicly available information (on the Internet), for example when we check the profiles of candidates for employment with us.
8. Who has access to your personal data?
- 1. The following recipients may receive or have access to some of your personal data (only if this is necessary for the exercise of their mission):
- members of our staff responsible for commercial and administrative monitoring have access to personal identification data, professional identification data and contact data of our customers and our customers’ representatives;
- members of our team responsible for monitoring our suppliers have access to personal identification data, professional identification data and contact data of our suppliers’ representatives;
- our legal advisors and lawyers have access to certain personal data of the persons concerned in the context of restructuring operations of our activities or litigation.
- 2. We entrust the processing of some of your personal data to subcontractors only to the extent necessary to carry out their tasks and in accordance with our written instructions and the Applicable Data Protection Legislation.
- 3. In the case of a restructuring transaction (e.g. a financing transaction), we may transmit certain personal data concerning a limited number of data subjects to a third party involved in the transaction (e.g. , a bank) in accordance with Applicable Data Protection Legislation.
9. How do we manage our subcontractors?
- 1. We take appropriate measures to ensure that our subcontractors process your personal data in accordance with the Applicable Data Protection Legislation.
- 2. We ensure, among other things, that our subcontractors undertake to process personal data only on our instructions, not to engage another subcontractor without our prior authorization, and to take technical and organizational measures adequate to ensure the security of personal data, to ensure that persons authorized to access personal data are subject to adequate confidentiality obligations, to return and/or destroy the personal data they process the end of their services, to comply with audits and to provide us with assistance in following up on requests from data subjects to exercise their rights in relation to their personal data.
10. Where do we process your personal data?
- 1. Certain recipients of personal data may be organizations headquartered in a country outside the European Economic Area (“ EEA ”) or may process certain personal data from a country located outside the European Economic Area (“EEA”). outside the EEA;
- 2. In the event that your personal data is transferred to countries outside the EEA, we will ensure that we take the following safeguards:
- the country to which the personal data is transferred has benefited from an adequacy decision by the European Commission under Article 45 of the GDPR and the transfer falls within the scope of that decision ‘adequacy ;
- we have concluded a contract with the recipient of the personal data containing the standard contractual clauses for the protection of personal data adopted by the European Commission pursuant to Article 47 of the GDPR; Or
- in the event of a transfer to the United States, the recipient of the personal data benefits from certification in relation to the EU-US Privacy Shield program established under Article 45 of the GDPR and the transfer falls within the scope of application of the EU-US Privacy Shield program.
11. What retention periods apply?
- 1. We ensure that your personal data are only kept for a period not exceeding that necessary for the purposes for which they are processed.
- 2. We keep invoices and other accounting documents (which may include some of your personal data) for a period of seven (7) years following the date of their issue in accordance with accounting law. These accounting documents may, where applicable, contain certain personal identification data, certain professional identification data and certain contact data.
- 3. We also use the following criteria to determine the retention period of personal data depending on the context and purposes of each processing operation:
- the date of our last contact;
- security reasons (for example, the security of our information systems);
- any ongoing or potential dispute or dispute with any data subject;
- any legal obligation to retain or erase personal data (for example, a retention obligation imposed by an accounting or tax law).
12. What are your rights?
- 1. Subject to Applicable Data Protection Legislation, you have a right to information, a right of access to, rectification of and erasure of your personal data, the right to object to or restrict the processing of your personal data, a right to portability of personal data and the right to withdraw your consent.
- 2. Below you will find a table describing each of your rights in more detail:
- 2. This privacy policy (the “ Policy ”) applies to any processing of your personal data that we carry out.
4. For what purposes do we process your personal data?
- 1. If you are one of our customers, we process:
- your personal identification data, your professional identification data and your contact data for the activation, management and maintenance of our commercial relationship with our customers;
- your personal identification data and your professional identification data to allow us to organize billing for our customers;
- where applicable, your bank details to verify payment of invoices related to our service;
- where applicable, your personal identification data, your professional identification data and your contact data for sending communications for marketing purposes.
- 2. If you are a representative of one of our suppliers, we process your personal identification data, your professional identification data and your contact data for the management of our commercial relationship with our suppliers.
- 3. If you are a candidate for work with us, we process your personal identification data, your professional identification data, your contact data, data relating to your professional life (skills, qualifications, experience, etc.). ) and the personal data contained in your curriculum vitae to assess your profile in relation to our recruitment needs.
- 4. If you visit our Website, we may process electronic identification data about you in aggregate to measure frequency on our Website, improve the browsing experience and for fraud detection and prevention and computer security breaches
- 5. If our workplaces are equipped with surveillance cameras, we are able to request access to images concerning you, only when this access is necessary for the pursuit of our legitimate interest in detecting offenses or incivility and to the extent permitted by applicable law.
- 6. We may also process some of your personal data for the following purposes:
- carry out restructuring operations of our activities;
- carry out internal and external audits;
- manage disputes with data subjects and when processing is necessary for the establishment, exercise or defense of legal claims.
- 7. We do not subject data subjects to decisions based exclusively on automated processing which produce legal effects concerning them or affect them in a similarly significant manner.
5. In what capacity do we process your personal data?
- 1. We process your personal data as data controller. In this context, we determine the purposes and means of processing your personal data.
6. On what basis do we process your personal data?
- 1. The provision of your personal data may be necessary:
- the execution of a contract to which the data subject is a party or the execution of pre-contractual measures taken at your request (for example, in the event of a request for work with us);
- compliance with an applicable legal obligation applicable to us (for example, accounting, taxation, etc.);
- in pursuit of our legitimate interests (or those of a data recipient) provided that these interests override your fundamental rights and freedoms.
- 2. We ask for your prior, free and informed consent before processing some of your personal data (for example, each time the processing of your data involves a transfer of your image rights).
- 3. The provision of certain of your personal data (for example, your personally identifiable information, etc.) conditions our ability to provide our service or carry out our activities to you.
- 4. Possible consequences of not providing your personal data could include our inability to provide you with our service or carry out our business or our breach of one or more of our obligations under applicable laws (e.g. example, accounting and tax legislation).
7. Where do your personal data come from?
The personal data we process comes from the following sources:
- directly from you, for example during the first contact we make with you;
- from publicly available information (on the Internet), for example when we check the profiles of candidates for employment with us.
8. Who has access to your personal data?
- 1. The following recipients may receive or have access to some of your personal data (only if this is necessary for the exercise of their mission):
- members of our staff responsible for commercial and administrative monitoring have access to personal identification data, professional identification data and contact data of our customers and our customers’ representatives;
- members of our team responsible for monitoring our suppliers have access to personal identification data, professional identification data and contact data of our suppliers’ representatives;
- our legal advisors and lawyers have access to certain personal data of the persons concerned in the context of restructuring operations of our activities or litigation.
- 2. We entrust the processing of some of your personal data to subcontractors only to the extent necessary to carry out their tasks and in accordance with our written instructions and the Applicable Data Protection Legislation.
- 3. In the case of a restructuring transaction (e.g. a financing transaction), we may transmit certain personal data concerning a limited number of data subjects to a third party involved in the transaction (e.g. , a bank) in accordance with Applicable Data Protection Legislation.
9. How do we manage our subcontractors?
- 1. We take appropriate measures to ensure that our subcontractors process your personal data in accordance with the Applicable Data Protection Legislation.
- 2. We ensure, among other things, that our subcontractors undertake to process personal data only on our instructions, not to engage another subcontractor without our prior authorization, and to take technical and organizational measures adequate to ensure the security of personal data, to ensure that persons authorized to access personal data are subject to adequate confidentiality obligations, to return and/or destroy the personal data they process the end of their services, to comply with audits and to provide us with assistance in following up on requests from data subjects to exercise their rights in relation to their personal data.
10. Where do we process your personal data?
- 1. Certain recipients of personal data may be organizations headquartered in a country outside the European Economic Area (“ EEA ”) or may process certain personal data from a country located outside the European Economic Area (“EEA”). outside the EEA;
- 2. In the event that your personal data is transferred to countries outside the EEA, we will ensure that we take the following safeguards:
- the country to which the personal data is transferred has benefited from an adequacy decision by the European Commission under Article 45 of the GDPR and the transfer falls within the scope of that decision ‘adequacy ;
- we have concluded a contract with the recipient of the personal data containing the standard contractual clauses for the protection of personal data adopted by the European Commission pursuant to Article 47 of the GDPR; Or
- in the event of a transfer to the United States, the recipient of the personal data benefits from certification in relation to the EU-US Privacy Shield program established under Article 45 of the GDPR and the transfer falls within the scope of application of the EU-US Privacy Shield program.
11. What retention periods apply?
- 1. We ensure that your personal data are only kept for a period not exceeding that necessary for the purposes for which they are processed.
- 2. We keep invoices and other accounting documents (which may include some of your personal data) for a period of seven (7) years following the date of their issue in accordance with accounting law. These accounting documents may, where applicable, contain certain personal identification data, certain professional identification data and certain contact data.
- 3. We also use the following criteria to determine the retention period of personal data depending on the context and purposes of each processing operation:
- the date of our last contact;
- security reasons (for example, the security of our information systems);
- any ongoing or potential dispute or dispute with any data subject;
- any legal obligation to retain or erase personal data (for example, a retention obligation imposed by an accounting or tax law).
12. What are your rights?
- 1. Subject to Applicable Data Protection Legislation, you have a right to information, a right of access to, rectification of and erasure of your personal data, the right to object to or restrict the processing of your personal data, a right to portability of personal data and the right to withdraw your consent.
- 2. Below you will find a table describing each of your rights in more detail:
- 2. If you are a representative of one of our suppliers, we process your personal identification data, your professional identification data and your contact data for the management of our commercial relationship with our suppliers.
- 3. If you are a candidate for work with us, we process your personal identification data, your professional identification data, your contact data, data relating to your professional life (skills, qualifications, experience, etc.). ) and the personal data contained in your curriculum vitae to assess your profile in relation to our recruitment needs.
- 4. If you visit our Website, we may process electronic identification data about you in aggregate to measure frequency on our Website, improve the browsing experience and for fraud detection and prevention and computer security breaches
- 5. If our workplaces are equipped with surveillance cameras, we are able to request access to images concerning you, only when this access is necessary for the pursuit of our legitimate interest in detecting offenses or incivility and to the extent permitted by applicable law.
- 6. We may also process some of your personal data for the following purposes:
- 7. We do not subject data subjects to decisions based exclusively on automated processing which produce legal effects concerning them or affect them in a similarly significant manner.
- 1. We process your personal data as data controller. In this context, we determine the purposes and means of processing your personal data.
6. On what basis do we process your personal data?
- 1. The provision of your personal data may be necessary:
- the execution of a contract to which the data subject is a party or the execution of pre-contractual measures taken at your request (for example, in the event of a request for work with us);
- compliance with an applicable legal obligation applicable to us (for example, accounting, taxation, etc.);
- in pursuit of our legitimate interests (or those of a data recipient) provided that these interests override your fundamental rights and freedoms.
- 2. We ask for your prior, free and informed consent before processing some of your personal data (for example, each time the processing of your data involves a transfer of your image rights).
- 3. The provision of certain of your personal data (for example, your personally identifiable information, etc.) conditions our ability to provide our service or carry out our activities to you.
- 4. Possible consequences of not providing your personal data could include our inability to provide you with our service or carry out our business or our breach of one or more of our obligations under applicable laws (e.g. example, accounting and tax legislation).
7. Where do your personal data come from?
The personal data we process comes from the following sources:
- directly from you, for example during the first contact we make with you;
- from publicly available information (on the Internet), for example when we check the profiles of candidates for employment with us.
8. Who has access to your personal data?
- 1. The following recipients may receive or have access to some of your personal data (only if this is necessary for the exercise of their mission):
- members of our staff responsible for commercial and administrative monitoring have access to personal identification data, professional identification data and contact data of our customers and our customers’ representatives;
- members of our team responsible for monitoring our suppliers have access to personal identification data, professional identification data and contact data of our suppliers’ representatives;
- our legal advisors and lawyers have access to certain personal data of the persons concerned in the context of restructuring operations of our activities or litigation.
- 2. We entrust the processing of some of your personal data to subcontractors only to the extent necessary to carry out their tasks and in accordance with our written instructions and the Applicable Data Protection Legislation.
- 3. In the case of a restructuring transaction (e.g. a financing transaction), we may transmit certain personal data concerning a limited number of data subjects to a third party involved in the transaction (e.g. , a bank) in accordance with Applicable Data Protection Legislation.
9. How do we manage our subcontractors?
- 1. We take appropriate measures to ensure that our subcontractors process your personal data in accordance with the Applicable Data Protection Legislation.
- 2. We ensure, among other things, that our subcontractors undertake to process personal data only on our instructions, not to engage another subcontractor without our prior authorization, and to take technical and organizational measures adequate to ensure the security of personal data, to ensure that persons authorized to access personal data are subject to adequate confidentiality obligations, to return and/or destroy the personal data they process the end of their services, to comply with audits and to provide us with assistance in following up on requests from data subjects to exercise their rights in relation to their personal data.
10. Where do we process your personal data?
- 1. Certain recipients of personal data may be organizations headquartered in a country outside the European Economic Area (“ EEA ”) or may process certain personal data from a country located outside the European Economic Area (“EEA”). outside the EEA;
- 2. In the event that your personal data is transferred to countries outside the EEA, we will ensure that we take the following safeguards:
- the country to which the personal data is transferred has benefited from an adequacy decision by the European Commission under Article 45 of the GDPR and the transfer falls within the scope of that decision ‘adequacy ;
- we have concluded a contract with the recipient of the personal data containing the standard contractual clauses for the protection of personal data adopted by the European Commission pursuant to Article 47 of the GDPR; Or
- in the event of a transfer to the United States, the recipient of the personal data benefits from certification in relation to the EU-US Privacy Shield program established under Article 45 of the GDPR and the transfer falls within the scope of application of the EU-US Privacy Shield program.
11. What retention periods apply?
- 1. We ensure that your personal data are only kept for a period not exceeding that necessary for the purposes for which they are processed.
- 2. We keep invoices and other accounting documents (which may include some of your personal data) for a period of seven (7) years following the date of their issue in accordance with accounting law. These accounting documents may, where applicable, contain certain personal identification data, certain professional identification data and certain contact data.
- 3. We also use the following criteria to determine the retention period of personal data depending on the context and purposes of each processing operation:
- the date of our last contact;
- security reasons (for example, the security of our information systems);
- any ongoing or potential dispute or dispute with any data subject;
- any legal obligation to retain or erase personal data (for example, a retention obligation imposed by an accounting or tax law).
12. What are your rights?
- 1. Subject to Applicable Data Protection Legislation, you have a right to information, a right of access to, rectification of and erasure of your personal data, the right to object to or restrict the processing of your personal data, a right to portability of personal data and the right to withdraw your consent.
- 2. Below you will find a table describing each of your rights in more detail:
- 2. We ask for your prior, free and informed consent before processing some of your personal data (for example, each time the processing of your data involves a transfer of your image rights).
- 3. The provision of certain of your personal data (for example, your personally identifiable information, etc.) conditions our ability to provide our service or carry out our activities to you.
- 4. Possible consequences of not providing your personal data could include our inability to provide you with our service or carry out our business or our breach of one or more of our obligations under applicable laws (e.g. example, accounting and tax legislation).
- directly from you, for example during the first contact we make with you;
- from publicly available information (on the Internet), for example when we check the profiles of candidates for employment with us.
8. Who has access to your personal data?
- 1. The following recipients may receive or have access to some of your personal data (only if this is necessary for the exercise of their mission):
- members of our staff responsible for commercial and administrative monitoring have access to personal identification data, professional identification data and contact data of our customers and our customers’ representatives;
- members of our team responsible for monitoring our suppliers have access to personal identification data, professional identification data and contact data of our suppliers’ representatives;
- our legal advisors and lawyers have access to certain personal data of the persons concerned in the context of restructuring operations of our activities or litigation.
- 2. We entrust the processing of some of your personal data to subcontractors only to the extent necessary to carry out their tasks and in accordance with our written instructions and the Applicable Data Protection Legislation.
- 3. In the case of a restructuring transaction (e.g. a financing transaction), we may transmit certain personal data concerning a limited number of data subjects to a third party involved in the transaction (e.g. , a bank) in accordance with Applicable Data Protection Legislation.
9. How do we manage our subcontractors?
- 1. We take appropriate measures to ensure that our subcontractors process your personal data in accordance with the Applicable Data Protection Legislation.
- 2. We ensure, among other things, that our subcontractors undertake to process personal data only on our instructions, not to engage another subcontractor without our prior authorization, and to take technical and organizational measures adequate to ensure the security of personal data, to ensure that persons authorized to access personal data are subject to adequate confidentiality obligations, to return and/or destroy the personal data they process the end of their services, to comply with audits and to provide us with assistance in following up on requests from data subjects to exercise their rights in relation to their personal data.
10. Where do we process your personal data?
- 1. Certain recipients of personal data may be organizations headquartered in a country outside the European Economic Area (“ EEA ”) or may process certain personal data from a country located outside the European Economic Area (“EEA”). outside the EEA;
- 2. In the event that your personal data is transferred to countries outside the EEA, we will ensure that we take the following safeguards:
- the country to which the personal data is transferred has benefited from an adequacy decision by the European Commission under Article 45 of the GDPR and the transfer falls within the scope of that decision ‘adequacy ;
- we have concluded a contract with the recipient of the personal data containing the standard contractual clauses for the protection of personal data adopted by the European Commission pursuant to Article 47 of the GDPR; Or
- in the event of a transfer to the United States, the recipient of the personal data benefits from certification in relation to the EU-US Privacy Shield program established under Article 45 of the GDPR and the transfer falls within the scope of application of the EU-US Privacy Shield program.
11. What retention periods apply?
- 1. We ensure that your personal data are only kept for a period not exceeding that necessary for the purposes for which they are processed.
- 2. We keep invoices and other accounting documents (which may include some of your personal data) for a period of seven (7) years following the date of their issue in accordance with accounting law. These accounting documents may, where applicable, contain certain personal identification data, certain professional identification data and certain contact data.
- 3. We also use the following criteria to determine the retention period of personal data depending on the context and purposes of each processing operation:
- the date of our last contact;
- security reasons (for example, the security of our information systems);
- any ongoing or potential dispute or dispute with any data subject;
- any legal obligation to retain or erase personal data (for example, a retention obligation imposed by an accounting or tax law).
12. What are your rights?
- 1. Subject to Applicable Data Protection Legislation, you have a right to information, a right of access to, rectification of and erasure of your personal data, the right to object to or restrict the processing of your personal data, a right to portability of personal data and the right to withdraw your consent.
- 2. Below you will find a table describing each of your rights in more detail:
- 2. We entrust the processing of some of your personal data to subcontractors only to the extent necessary to carry out their tasks and in accordance with our written instructions and the Applicable Data Protection Legislation.
- 3. In the case of a restructuring transaction (e.g. a financing transaction), we may transmit certain personal data concerning a limited number of data subjects to a third party involved in the transaction (e.g. , a bank) in accordance with Applicable Data Protection Legislation.
- 1. We take appropriate measures to ensure that our subcontractors process your personal data in accordance with the Applicable Data Protection Legislation.
- 2. We ensure, among other things, that our subcontractors undertake to process personal data only on our instructions, not to engage another subcontractor without our prior authorization, and to take technical and organizational measures adequate to ensure the security of personal data, to ensure that persons authorized to access personal data are subject to adequate confidentiality obligations, to return and/or destroy the personal data they process the end of their services, to comply with audits and to provide us with assistance in following up on requests from data subjects to exercise their rights in relation to their personal data.
10. Where do we process your personal data?
- 1. Certain recipients of personal data may be organizations headquartered in a country outside the European Economic Area (“ EEA ”) or may process certain personal data from a country located outside the European Economic Area (“EEA”). outside the EEA;
- 2. In the event that your personal data is transferred to countries outside the EEA, we will ensure that we take the following safeguards:
- the country to which the personal data is transferred has benefited from an adequacy decision by the European Commission under Article 45 of the GDPR and the transfer falls within the scope of that decision ‘adequacy ;
- we have concluded a contract with the recipient of the personal data containing the standard contractual clauses for the protection of personal data adopted by the European Commission pursuant to Article 47 of the GDPR; Or
- in the event of a transfer to the United States, the recipient of the personal data benefits from certification in relation to the EU-US Privacy Shield program established under Article 45 of the GDPR and the transfer falls within the scope of application of the EU-US Privacy Shield program.
11. What retention periods apply?
- 1. We ensure that your personal data are only kept for a period not exceeding that necessary for the purposes for which they are processed.
- 2. We keep invoices and other accounting documents (which may include some of your personal data) for a period of seven (7) years following the date of their issue in accordance with accounting law. These accounting documents may, where applicable, contain certain personal identification data, certain professional identification data and certain contact data.
- 3. We also use the following criteria to determine the retention period of personal data depending on the context and purposes of each processing operation:
- the date of our last contact;
- security reasons (for example, the security of our information systems);
- any ongoing or potential dispute or dispute with any data subject;
- any legal obligation to retain or erase personal data (for example, a retention obligation imposed by an accounting or tax law).
12. What are your rights?
- 1. Subject to Applicable Data Protection Legislation, you have a right to information, a right of access to, rectification of and erasure of your personal data, the right to object to or restrict the processing of your personal data, a right to portability of personal data and the right to withdraw your consent.
- 2. Below you will find a table describing each of your rights in more detail:
- 1. We ensure that your personal data are only kept for a period not exceeding that necessary for the purposes for which they are processed.
- 2. We keep invoices and other accounting documents (which may include some of your personal data) for a period of seven (7) years following the date of their issue in accordance with accounting law. These accounting documents may, where applicable, contain certain personal identification data, certain professional identification data and certain contact data.
- 3. We also use the following criteria to determine the retention period of personal data depending on the context and purposes of each processing operation:
- the date of our last contact;
- security reasons (for example, the security of our information systems);
- any ongoing or potential dispute or dispute with any data subject;
- any legal obligation to retain or erase personal data (for example, a retention obligation imposed by an accounting or tax law).
12. What are your rights?
- 1. Subject to Applicable Data Protection Legislation, you have a right to information, a right of access to, rectification of and erasure of your personal data, the right to object to or restrict the processing of your personal data, a right to portability of personal data and the right to withdraw your consent.
- 2. Below you will find a table describing each of your rights in more detail:
| Right | Description |
| The right to information | You have the right to obtain clear, transparent and understandable information on how we process your personal data and on the exercise of your rights. This information is contained in the Policy. If they are not sufficiently clear, we invite you to contact us (via our contact details given in the Policy). |
| The right of access | You have the right to obtain confirmation that personal data concerning you are or are not being processed and, where they are, access to said personal data. You have the right to obtain a copy of your personal data, unless exercising this right would adversely affect the rights and freedoms of others. |
| The right of rectification | You have the right to obtain the rectification of personal data concerning you if they prove to be inaccurate. You also have the right to have your personal data completed if it turns out to be incomplete. |
| The right to erasure (the “right to be forgotten”) | You have the right to obtain the erasure of your personal data. However, the right to erasure (or the “right to be forgotten”) is not absolute and is subject to specific conditions. We may retain certain of your personal data to the extent authorized by applicable law, and in particular when their processing remains necessary for compliance with a legal obligation to which we are subject or for the establishment, exercise or the defense of a right in court. |
| Right to object to processing | You have the right to object to certain types of processing (where the processing is based on our legitimate interests and, taking into account your particular situation, your interests or fundamental rights and freedoms override). |
| Right to object to processing for prospecting purposes | You have the right to object at any time to the processing of your personal data when we process this data for prospecting purposes. |
| The right to restriction of processing | You have the right to obtain restriction of processing in certain circumstances (for example where we no longer need your personal data but they are still necessary for the establishment, exercise or defense of a legal claim). right to justice). |
| The right to portability of personal data | You have the right, in certain circumstances, to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller. |
| The right to withdraw your consent | If you have given us consent to process your personal data, you have the right to withdraw it at any time. |
- 3. Please direct any request relating to your rights in relation to your personal data that we process in our capacity as data controller to our Data Protection Officer for any questions relating to data protection using his contact details in politics. We undertake to respond to your request as soon as materially possible and always within the deadlines provided for by the Applicable Data Protection Legislation. Please note that we may retain your personal data for certain purposes where required or permitted by law. Finally, please note that we may, in the event of doubt as to your identity, ask you for proof of identity in order to prevent any unauthorized access to your personal data.
13. What level of security do we provide?
- 1. We take appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with the processing of your personal data.
- 2. We follow industry best practices to ensure that personal data is not accidentally or unlawfully destroyed, lost, altered, unauthorizedly disclosed or accessed in an unauthorized manner.
14. Do you have any questions or complaints?
- 1. If you have any questions or complaints about the way in which we process your personal data, please address them in advance to our Data Protection Officer using their contact details in the Policy.
- 2. You have the right to lodge a complaint with the competent supervisory authority. The competent authority for Belgium is: Data Protection Authority, rue de la presse 35, 1000 Brussels, +32 (0)2 274 48 00, contact@apd-gba.be .
15. Anything else?
- 1. We reserve the right to update the Policy from time to time. We will inform you of any changes we may make to the Policy.
- 2. In the event of a conflict or inconsistency between a provision of the Policy and a provision of another policy or document relating to the processing of personal data, the provision of the Policy will prevail.
- 1. If you have any questions or complaints about the way in which we process your personal data, please address them in advance to our Data Protection Officer using their contact details in the Policy.
- 2. You have the right to lodge a complaint with the competent supervisory authority. The competent authority for Belgium is: Data Protection Authority, rue de la presse 35, 1000 Brussels, +32 (0)2 274 48 00, contact@apd-gba.be .
