We could summarise this privacy policy as follows:
- Oroxilia mainly processes your data for the preparation of quotations relating to our products and services, for the management of customer files, the management of supplier or prospect files, to carry out our commercial development (in particular through trade shows and commercial events), to confirm an order, an appointment or other transactions, for the recruitment of personnel, for the improvement of the performance of its services (audience of our website, satisfaction surveys, ….), for the storage of photographs of you, processed mainly in the context of our internal and external communications (e.g. in the case of testimonials published on our site) as well as the implementation of technical and organisational measures for the security of your data;
- Your personal data is normally held within the European Economic Area (EEA). Where we work with third parties outside the EEA, we have provided the necessary safeguards to ensure that your data is properly secured and that you can exercise your rights.
- Oroxilia complies with the General Data Protection Regulation (known as GDPR). The chapters below describe in detail why Oroxilia uses your data, for how long, to whom we transfer it and what security measures are in place.
If you have any questions about this policy, you can contact us by email.
1. The data controller
The person responsible for the processing of personal data is Oroxilia Sprl, whose registered office is located at Rue Jean Burgers 15, 7850 Enghien and which is registered with the Crossroads Bank for Enterprises under the number BE 0646.852.814.
—2. The Data Protection Officer (DPO)
Oroxilia has appointed a Data Protection Officer, who ensures compliance with the RGPD, provides advice and is the point of contact for the data protection authority. He can be contacted via mail for any questions regarding the processing of your personal data.
—3. Types of data processed
Within the framework of its website and its processing, Oroxilia collects, depending on the case, the following personal data (i.e., information concerning an identified or identifiable individual):
- Identification data, such as your name, first name, date of birth, place of birth, gender, age…
- Contact data (address, telephone, mobile phone, etc.)
- Personal characteristics
- Your professional activity
- Financial data
- Images (photos, videos)
- Data on complaints, questions, remarks
- Electronic identification data (IP addresses, cookies, etc.)
4. On what basis do we process your data?
Oroxilia collects and uses your data for :
- Specific, explicit, legitimate purposes and will not use the data for other purposes that are not compatible with the original purposes.
- The performance of a contract you have entered into with it, or for the performance of pre-contractual measures taken at your request.
- Compliance with a legal obligation imposed on it.
- For legitimate interests. In this case, we will verify that your interests, freedoms and fundamental rights do not prevail over the interests of Oroxilia.
Oroxilia may use your data where you have given your consent. Where we process your data on the basis of your consent, you have the right to withdraw that consent at any time.
—5. For what purpose
We process your data in accordance with the applicable legislation, in an appropriate manner and limited to what is necessary for the intended purpose.
The objectives are as follows:
5.1. Commercial management and management of existing customers
Development and maintenance of Oroxilia’s commercial relations with its clients and suppliers. Preparation of quotations. Prospecting for new clients.
Legal basis: execution of pre-contractual measures.
Data retention period: for the duration of the (pre)contractual relationship.
5.2. Security and IT management
Oroxilia processes data and must therefore ensure that it is properly secured. This includes, for example, monitoring information systems, creating communication traces, access logs, access management, backup management and archiving.
Legal basis :
- Oroxilia’s legal obligation to protect data and ensure adequate security of personal data.
- Oroxilia’s legitimate interests in protecting all data.
Duration of data retention :
- Communication and access traces are kept for 12 months.
- The backup data follows a 6-month rotation cycle.
- Logical access: until the end of the contractual relationship.
5.3. Financial and accounting management
Your data is used for invoicing of the services offered, accounting and financial management.
Legal basis for this processing: performance of a service contract.
Data retention period: between 7 and 10 years depending on our legal obligations.
5.4. Recruitment management
Oroxilia processes your application data in order to meet its recruitment needs.Legal basis for this processing: execution of pre-contractual measures. Data retention period: 2 years except in the event of litigation.
5.5. Litigation management
Oroxilia may in some cases have to deal with disputes.
Legal basis: Oroxilia’s legitimate interests in managing disputes.
Data retention period: for the duration of the dispute.
5.6. Statistics, analysis and satisfaction surveys
Oroxilia analyses its performance, finances and internal processes in order to increase the quality and efficiency of its services. Oroxilia also conducts customer satisfaction surveys.
The legal basis :
- For satisfaction surveys: consent
- For internal analysis, performance and statistics: legitimate interest
The data subject to these analyses shall be anonymised before analysis or, if anonymisation is not possible, the data shall be pseudonymised.
Duration of data retention :
- The data is kept for the duration of the analysis if it is no longer needed. Results are kept for 10 years
- Data from satisfaction surveys are kept for 3 years.
5.7. Management of information requests
Oroxilia handles your various requests for information concerning: prospects, collaborations with future partners, ….
Legal basis: (pre-)contractual performance.
Data retention period: Questions and answers are kept in our CRM system for 5 years for follow-up purposes.
5.8. Social media
Oroxilia uses social media (LinkedIn) to transmit information. The terms and conditions of the providers of these social networks apply. Oroxilia will not publish photos or videos of you on social networks if you have not given your consent. Social networks are also used by Oroxilia to contact you in the context of customer prospecting and recruitment campaigns.
Legal basis: consent for contact via social networks.
Duration of data retention: where applicable and as communicated to you with consent.
5.9. Use of cookies on our website
Oroxilia uses cookies. You can find more information in the cookie policy.
—6. Who will receive your data?
Depending on the processing, we may share your data with :
- The customer support team;
- The business team;
- The management of Oroxilia;
- External consultants working on behalf of Oroxilia ;
- IT systems and applications providers ;
- Web analysis tools, such as Google. You can find more information about this in our cookie policy.
With your consent, we share data with :
- Social media platforms,
- Third parties for whom you have given your explicit consent to share your personal data with them (e.g. newsletters, brochures, satisfaction surveys).
Sometimes we may need to pass on personal data about you. This is the case when a law, a regulation or a legal procedure (such as a court decision) obliges us to do so, for example:
- Law enforcement authorities where there is a finding or suspicion that an offence has been committed against you in accordance with, or as required by, the applicable law
- The courts and tribunals of the judicial order in the event of a dispute concerning you;
- Government entities authorized to access and/or obtain your personal data in accordance with applicable law;
- Our legal advisers and/or lawyers, for example in the context of corporate reorganisations and litigation. In the event of a corporate reorganisation (e.g. mergers or acquisitions) or financing, we may transfer some of your personal data (in a format that prevents such data from being linked to you) to a third party involved in the transaction (e.g. a buyer or investor) in accordance with applicable data protection law.
7. Transfers outside the European Economic Area
In general, we try as much as possible to store data within the European Economic Area (as is the case with our website), but some data may be transferred to servers located outside the European Economic Area on our behalf and at our direction. By providing your personal data to Oroxilia, including by using its website, you consent to the transfer of such data abroad. Where your data is transferred to a country outside the European Economic Area (“EEA”) and the level of data protection in that country is not considered adequate by the European Commission, we will provide the necessary safeguards to protect your data (we use the European Commission’s standard contractual clauses) with security measures to ensure that your data is adequately protected.
—8. Your rights
We undertake to reply within one month of receiving your request.
If you have a large or multiple application, this one month period can be extended by two more months. To exercise your rights, you must contact our service by e-mail.
8.1. Right to information
You have the right to receive clear, transparent and understandable information about how we use your personal data and how to exercise your rights. That is why we provide you with the most comprehensive information in this policy.
8.2. Right of access to your data
You have a right of access to the personal data we hold about you.
8.3. Right to rectify, limit and delete your data
You have the right to request the correction of your data if it is incorrect.
You have the right to request the restriction of the processing of your data. This means asking to stop processing your data, but not to delete it. In some cases, you have the right to request the deletion of your data, unless we are subject to legal obligations.
8.4. Right to portability of your data
You have the right to receive the personal data you have provided to Oroxilia (processed by automated means), in a readable format where it is based on consent.
8.5. Right to object to the use of your data for other purposes
You have the right to object at any time, on grounds relating to your particular situation, to the use of your data where we are using it for our legitimate interest. We will then stop processing your data, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or the data is necessary for the establishment, exercise or defence of legal claims.
8.6. Right to lodge a complaint with a supervisory authority
If you feel that the provisions of this policy are not being complied with or if you have any other reason to complain about issues relating to the protection of your personal data, you can contact the Data Protection Authority directly (contact@apd-gba.be – Rue de la Presse 35, 1000 Brussels).
—9. Securing your data
Your personal data are protected:
- Through organisational measures
- By logical access controls to our Information System
- With backup systems
- Thanks to the management and monitoring of computer traces
- Thanks to encryption mechanisms
- With certified data centres
- Through strict contractual clauses with our subcontractors
10. Modification of this declaration
This policy may be updated by Oroxilia to better inform you about the processing of your personal data.
You can always find the latest version on the Oroxilia website.
Effective date: 06 December 2022
Update date: 06 December 2022