- on how Promeco collects, processes and uses your personal data, both generally and when you are visiting this website or when you are shopping on this website.
- on your rights relating to this processing;
- on how you can contact us.
- The processing of your personal is taking place in accordance with the General Data Protection Regulation ("GDPR”) and any additional privacy and data protection legislation.
- Data controller
Your data are processed by Promeco NV and/or one of its related businesses, with registered offices in Belgium, 8510 Bellegem, Doornikserijksweg 12, registered in the Crossroads Bank of Enterprises under number BE0454.546.354.
The data controller is the person who determines the purpose and the means (the “what”, the “how” and the “why”) of the processing of the personal data.
In case you have additional questions and/or if you need more information, you can always contact Promeco NV by regular mail (at the address referred to above), by telephone on +32 56 41 67 77 and by e-mail at firstname.lastname@example.org
Within the organisation, your data will only be accessible to the responsible employees who necessarily need to have access to these data in order to be able to properly carry out their tasks.
- What are personal data?
We ask you to share certain personal data in order to be able to supply the products and services you request from us. This will for example be the case when you are shopping, when you contact our customer service, when you wish to receive messages, when you create an account, when you participate in our events or contests or when you make use of our websites/web shops.
The General Data Protection Regulation defines personal data as follows: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- What personal data can we process?
Promeco ensures that your personal data are processed in an adequate, relevant way and are limited to what is necessary in accordance with the law. Personal data generally collected by Promeco are:
- Identification data: these are personal data that are personally related to you, such as your first name, surname, sex, nationality, language, job title, company name, enterprise number, sector, login, password, access rights and log files in connection with online services, …
- Contact data: work address, home address, telephone number, cell phone number, fax number, e-mail address, Skype name, LinkedIn, Facebook, etc., …
- Invoicing data: bank account number, banking data, payment terms, …
- Data that are shared when applying for a job: academic records, professional experience, membership to/participation in (sports) clubs, professional ability, …
We do not collect and process any special categories of personal data unless we have your explicit consent or unless required by law.
- For what purposes do we process your personal data?
Promeco collects and processes personal data only for specified, explicit and legitimate purposes and shall not further process the personal data in a manner that is incompatible with those purposes. For a more detailed description of the processing of personal data while visiting our websites, reference is made to point 7.
We process the personal data referred to above for the following purposes:
- An accurate and high-quality service provision and/or the optimization or the execution of contracts: we need your personal data to enable us to accurately execute the contract that you concluded with us. By concluding a contract with us, you will need to provide us with the necessary personal data so we can process the order that is included in the contract.
This primarily relates to sending of information on:
- the communication on current orders
- quality monitoring in terms of the processed orders
- invoicing and payments
- logistic service provision
- information about our services
For instance, when you make a purchase through our webshop or through our administration, or if you participate in an event or a promotion, we will process the contact data you provided to communicate with you about the purchase, the event or the promotion. When you contact our client service, we will process your data, such as delivery or payment details, or the purchased product, in order to help you solve a problem or an issue.
- Prospect, new customers / contacts: by presenting your business card or any other means of identification. We assume that, by presenting this personal data, you also expressly authorize us to add you to our database.
In addition, we also record to our database any of your personal data that are publicly available. We assume that we can also store such personal data given the fact that you made them publicly available.
- Suppliers: the personal data needed for the execution of the contract are collected. This primarily relates to contact details, needed to facilitate communications.
- Marketing purposes, such as direct marketing: when you give your explicit consent in the way indicated, we will send you marketing messages and news about our products, services, events and other promotions by Promeco. Once you have given us your consent, you will be able to unsubscribe at any moment in order to withdraw your consent relating to these marketing message.
If you are an existing Sanodegusto customer (for instance, when you have placed an order with us), and to the extent permitted by applicable law, we can use your contact details to send you marketing messages about similar products and services (unless you unsubscribed for this). In other cases, we will ask for your consent for the sending of marketing messages. We can use the personal data you share with use, as well as the data of other Sanodegusto products or services – such as your use of the Sanodegusto website, your visits to or purchases in the webshop, your participation to Sanodegusto events and contests – to send you personalized messages about our products and services which may be relevant for you.
If Promeco uses your personal data for the purpose of direct marketing, you always have the right to oppose this by means of a simple request (possibility to 'unsubscribe').
- To operate, improve and maintain our business, products and services: we use the personal data you share with us to operate our business. For example, when you make a purchase, we use that information for accounting, audits and other internal functions. We may use personal data about how you use our products and services to enhance your user experience and to help us diagnose technical and service problems and administer our site.
- For applications: to assess whether or not you are eligible for a vacant post.
- For other purposes: we may also use your personal data in other ways and will provide specific notice at the time of collection and obtain your consent where necessary.
For each purpose, the legal basis for processing can be one of the following:
- your free consent for the processing
- the preparation or execution of a contract
- the compliance with legal or ethical obligations
- the prevailing legitimate interest.
- Processing personal data during your use of our website(s)
Your visit to our website and your use of our online services will be tracked. The IP address currently used by your device (e.g. your computer or mobile phone), the date and time, the browser type and operating system of your device and the pages visited are stored. These data are collected for the purpose of data protection and to optimize and improve our online services. This processing is legally based on Art. 6, paragraph 1, 1, f) of the GDPR. It is in our interest to protect our website and improve our services. Any other processing of your data, except for statistical purposes in anonymous form, will only take place in the context of this data protection statement. Aside from that, personal data will only be stored if you provide it on your own initiative, e.g. as part of your registration, a survey, an online application or for the execution of a contract. We have taken appropriate technical precautions to ensure that your data is encrypted during login for registration or other services, i.e. protected against unauthorized access. The following provides more information, especially on the technologies we use.
a) Registration for our newsletter
If you wish, you can subscribe to the newsletter on our website by completing the registration form provided for this purpose or the related data form in which you can check the application. If you complete the registration form and submit your personal data to us or have accepted our newsletter when you have registered as a customer, you will receive an e-mail from us at the e-mail address you gave us. You can complete the registration by simply clicking the button “finish registration” (=complete registration) (the link may have a different name, but it will have the same meaning). The personal data collected via the registration form will only be processed to send newsletters to your e-mail address and only if provided you have consented to the processing of these data. This processing is legally based on Art. 6, paragraph 1, 1, a) of the GDPR. Your personal data will only be kept until you unsubscribe from the newsletter, by clicking the "unsubscribe" link at the bottom of every newsletter that you receive from us. If you unsubscribe, your personal data will be immediately deleted. Please note that you will no longer receive newsletters from us after your personal data has been deleted.
b) Contact form
You can use the contact form on our website (https://www.sanodegusto.com/pages/contact) to contact us for an application. The personal data you entered in the contact form will only be processed to answer your request and only if provided you have consented to the processing of these data. This processing is legally based on Art. 6, paragraph 1, 1, f) of the GDPR.
c) Online shop
You can use our online shop(s) and place an order by clicking on the link (https://www.sanodegusto.com). All personal data that you have provided in our online store will only be used to establish a contract with you and to honour this contract. This processing is legally based on Art. 6, paragraph 1, 1, b) of the GDPR. The communication of your personal data is necessary in order to establish a contract and to honour this contract. We will not be able to process your order if we cannot dispose of your personal data and we will hence not be able to conclude a contract. Your personal data will only be retained until the contract expires with you, unless we are legally obliged to submit your personal data to the public authorities, such as the tax authorities. Retaining and transferring your personal data to the authorities in order to comply with a legal obligation, is legally based on Art. 6, paragraph 1, 1, c) of the GDPR. When you enter into a contract with us, your address data will be transferred to our logistic service providers for the purpose of delivering the items you have ordered, for our account. This processing is necessary in order to honour the contract with you and it is based, from the legal point of view, on Art. 6, paragraph 1, 1, b) of the GDPR. Your personal data will only be stored at our logistics service providers until the items ordered by you have been delivered to you, unless our logistic service providers are legally obliged to keep your personal data longer, e.g. for the purpose of submitting it to the public authorities, such as the tax authorities. When you establish a contract with us and choose to pay by credit card, the data on your card will be transferred by us to the payment service providers that make use of the service of a credit card company that issued your credit card, in order to process your payment. This processing is necessary in order to honour the contract with you and from the legal point of view, it is based on Art. 6, paragraph 1, 1, b) of the GDPR. Your personal data will only be stored by your credit card company until your payment has been processed, unless your credit card company is legally obliged to continue storing your data, e.g. for the purpose of submitting them to the public authorities, such as tax authorities. This processing is necessary in order to honour the contract with you and from the legal point of view, it is based on Art. 6, paragraph 1, 1, b) of the GDPR. Your personal data will only be stored by your bank until your payment has been processed, except in cases where your bank is legally obliged to keep your data for longer, e.g. for the purpose of submitting it to the public authorities, like the tax authorities or the security authorities for the detection of fraud.
d) Customer account registration
If you wish, you can create a customer account on our website by following the link. A customer account is not required to use our online store, but if you create a customer account, you will no longer need to send your personal data each time you use our online store.
When filling out the registration form and you share your personal data with us, you can choose a login name and a password. All you need to do to complete the registration of your account, is simply clicking the “confirm account” link. By means of you login and password, you can log in to your account and use it. The personal data you entered on the registration form will only be processed for the purpose of creating and keeping your customer account active only if you have agreed to the processing of the data. You are free to choose whether you wish to provide your personal data. You are not obliged to provide us with your personal data, and this communication is not necessary either to fulfil a statutory or contractual requirement or a necessary requirement to enter into a contract. If you do not provide us with your personal data, this will not be of any consequence to you, except that you will not be able to create a customer account for you. Your personal data will only be stored until you deactivate your account.
e) Cookies and Tracking
We distinguish between necessary cookies and promotional cookies. Necessary cookies are required for proper operation of our website. Rejecting these cookies will change your user experience while browsing our website and certain services on our website will therefore not be usable.
Promotional cookies are used for web analysis. By accepting our “cookie-banner”, you consent to the processing of data through these cookies. The processing is legally based on Art. 6 paragraph 1, 1, a) of the GDPR. The following cookies are used by Promeco:
- Google Analytics
- Adobe Analytics
To allow us to analyse and regularly improve the use of our website, our website also uses the Adobe Analytics web analytics service. The statistics this yields allow us to improve our website and make it more interesting for you as a user. In case the personal data are exceptionally transferred to the US, Adobe is bound by the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework/). The legal basis for the use of Adobe Analytics is Art. 6, paragraph 1, a) and f) of the GDPR.
The analysis involves storing cookies on your device. The information collected in this way is stored on servers, including in the US. We would like to point out that if you prevent the storage of cookies, you may not be able to use this website in its entirety. You can adjust your browser settings to prevent the storage of cookies. You can also prevent Adobe Analytics from recording your data on this website by clicking: Disable Adobe Analytics. This will place an opt-out cookie that prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this online offer. How to prevent the recording of your data on other websites is explained on the respective sites and at https://www.adobe.com/nl/privacy/opt-out.html.
- Google Adwords
As an AdWords customer, we also use Google Conversion Tracking. Google Adwords is used in order to show our offer in the publicity space on Google. Google Adwords sets a cookie on your computer ("conversion cookie") if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of us and the cookie has not expired, we and Google may recognize that someone clicked on the ad and was redirected to our site. Each AdWords customer receives a different cookie. Hence, cookies can be tracked through the websites of AdWords customer. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords customer who have opted for conversion tracking. AdWords customer will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page.
However, they do not receive information that personally identifies users. If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie - for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "googleadservices.com" (attention: this name can be modified).
Information on the third party provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, VS. For more detailed information on data protection by Google, please refer to http://www.google.com/intl/nl/policies/privacy and to https://services.google.com/sitestats/nl.html. Alternatively, you can visit the website at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
- Facebook Custom Audiences, Facebook Website Custom Audiences and Facebook Conversion Tracking
Facebook Custom Audiences
Our website also uses the ‘Custom Audiences’ remarketing function of Facebook, Inc. (“Facebook”). This allows users of the website to see interest-based ads (“Facebook Ads”) when visiting the social network Facebook or other websites that also use the process. Our intention here is to show you ads that are of interest to you.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the extent and further processing of the data collected by Facebook through the use of this tool and therefore inform you according to what we know: by integrating Facebook Custom Audiences, Facebook receives the information that you have retrieved the corresponding part of our website, or that you have clicked on one of our ads. If you are registered with a Facebook service, Facebook can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook will obtain and store your IP address and other identifying information.
Facebook Website Custom Audiences
Facebook Conversion Tracking
We also use the Facebook pixel on our internet presentation to measure the reach of ads. This allows us to track users’ actions after they have seen or clicked on a Facebook Ad. The Facebook pixel records and reports to Facebook information about the user’s browser session, a hashed version of the Facebook ID, and the URL being viewed. The way it works is comparable to Facebook Website Custom Audiences via the Facebook pixel, which is already described above. Using the hashed Facebook ID, we can measure the reach and effectiveness of an ad to find out whether you are actually interested in our advertising. This enables us to measure the effectiveness of Facebook Ads for statistical and market research purposes. For us, the data used is not personally identifiable.
You can prevent Facebook from recording your data on this website by clicking here: Disable Facebook Custom Audiences, Facebook Website Custom Audiences and Facebook Conversion Tracking. This will place an opt-out cookie that prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this online offer. How to prevent the recording of your data on other websites is explained on the respective sites, and if you are a user who has logged in to Facebook, here: https://www.nl-nl.facebook.com/settings/?tab=ads#_.
The legal bases for the processing of data when using the functions specified above is Art. 6, paragraph 1, a) and f) of the GDPR.
- LinkedIn Conversion Tracking and retargeting
LinkedIn Conversion Tracking
Our website also uses the “LinkedIn Website-Retargeting” feature. After visiting our website, this feature makes it possible to show you our ads when you continue to use the internet. Our intention here is to show you ads that are of interest to you. This is done by means of a cookie stored in your browser (see above), which is used to record and evaluate your usage behaviour. No personal information is transmitted to us about individual website visitors, and we can only specifically deploy ads to website custom audiences if the custom audience has reached a critical size. This makes it impossible for us to determine the individual identities of visitors.
You can disable this tracking in various ways. You can adjust your browser settings to prevent the storage of cookies, although this may result in a restriction of the functionality of our online offer for you. You can also prevent LinkedIn from recording your data on this website by clicking here: LinkedIn conversion tracking and website retargeting. This will place an opt-out cookie that prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this website. In addition, the ‘YourAdChoices’ link (http://optout.aboutads.info/?c=2#!/) will enable you to disable the ads shown to you by providers who are part of the ‘YourAdChoices’ campaign or e.g. part of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/); please note that this setting will be erased if you erase your cookies.
The legal bases for the processing is Art. 6, paragraph 1, a) and f) of the GDPR.
- Twitter Ads Conversion Tracking
You can disable this tracking in various ways. You can adjust your browser settings to prevent the storage of cookies, although this may result in a restriction of the functionality of our website for you. You also can prevent Twitter from recording your data on this website by clicking here: Disable Twitter Ads Conversion Tracking. This will place an opt-out cookie that prevents recording when you visit our website in future. Please note that if you delete all cookies on your device, this opt-out cookie will also be deleted; in this case, if you still wish to object then you must place the cookie again. The opt-out cookie is set per top-level domain, per browser and per device and only prevents the recording of data for this website. In addition, the ‘YourAdChoices’ link (http://optout.aboutads.info/?c=2#!/) will enable you to disable the ads shown to you by providers who are part of the ‘YourAdChoices’ campaign or e.g. part of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/); please note that this setting will be erased if you erase your cookies.
The legal bases for the processing is Art. 6, paragraph 1, a) and f) of the GDPR.
- Retention period
Your personal data are retained as long as necessary to realize the purposes described under point 6. In any case, your personal data are retained in accordance with the legal mandatory time limits and any periods of limitation in force. E.g. this is 7 years for invoices. After expiry of the retention period, we are committed to securely erase, destroy or anonymize personal data that is no longer required in relation to the purpose for which they were collected. However, we can preserve the information relating to your question concerning your personal data, hence enabling us to show that we did reply to your question.
- Who receives my personal data?
- Within Promeco: only employees within our organization, who need your personal data to perform their assigned functions, will be able to access these data in accordance with the purposes referred to under point 6.
- Third party service providers who process your personal data on behalf of Promeco, for example, for processing credit cards and payments, shipments and deliveries, the hosting, administration and management of our data, the circulation of emails, the promotion of our brands products as well as the administration of certain services and features. Whenever we use the services of a third-party service provider, we draw up contracts with them, which stipulate that they must take appropriate technical and organizational measures to safeguard your personal data.
- Any other third party, which was expressly approved by you.
- We may also transfer your personal data in case of the sale or the transfer of the whole of part of our enterprise or its assets (such as in case of restructuring, division, dissolution or liquidation). In that case we will make all necessary efforts to keep you up-to-date and to make sure that the receiver uses the personal data, which you gave us, in a way which s in harmony with the present privacy police. In case of such a transfer, you should contact the receiver for any questions you may have relating to the processing of your personal data.
In principle, Promeco will not transfer your personal data to entities located outside the European Economic Area (EEA). If your personal data are transferred to a country located outside the European Economic Area (EEA) and if the level of data protection in such country is not considered equivalent to the level of data protection within the EEA, we take appropriate measures to make sure that your personal data are protected (generally in the form of the standard contractual clauses of the Europe Commission). In that way, we ensure that your personal data, which are transferred to third parties outside the EEA, are processed with equal care as is the case in Belgium.
- Protection of your personal data
We have developed technically and organizationally appropriate security measures in order to avoid the destruction, loss, forgery, modification, forbidden access and mistaken communication to third parties as well as every other unauthorized processing of the collected personal data.
- The servers are equipped with a firewall
- The websites are configured with a SSL certificate and all http traffic is redirected to https.
- Encryption of e-mails and passwords
- Encryption of all personal data
- Access protection
- Secured back-ups and secured could environment
- Managing the internal access privileges: only certain persons will have access to certain data
- Our quality service will manage any incidents
- A Policy for our own employees
- An adequate training for our own employees
- The use of confidentiality clauses
Promeco shall in no way be liable for any direct or indirect damage that results from a wrong or illegal handling of the personal data by a third party. Promeco made sure that, when working with third parties, these third parties shall be bound by the same rules.
You will comply with the security measures at all time. This implies that you are the sole responsible person for the use of the website from your computer, IP-address and of your identification data, as well as the confidentiality of these data.
- Your rights
These rights are the following:
- Right to access (Art. 15 of the GDPR): you have the right, at all times, to be informed on which of your data we possess, to access these data and to assess whether or not we process these data and to determine to what purpose we process these data.
- Right to adjustment or rectification of inaccurate data (Art. 16 of the GDPR): you have the right to have inaccurate, erroneous, inappropriate or outdated data corrected or to complete any incomplete data. In order to keep your data up-to-date, we ask you to please inform us of any modification to these data (e.g. in case of relocation or when you e-mail address has changed, …)
- Right to erasure of personal data (Art. 17 of the GDPR): the right to ask that personal data be erased and, in case the personal data have been made publicly available, that the other data controller be informed of this request (right to erasure of personal data, Art. 17 of the GDPR). However, this right is not an absolute right and you should keep in mind that this right might be restricted by other legislation. For instance, you will not be entitled to request the erasure of personal data on which a retention period has been applied and when this retention period has not been reached yet. The right to erasure of your personal data will be possible in the following cases:
- your personal data is no longer necessary for the purposes for which it has been processed;
- your personal data are being processed based on your consent and you want to withdraw your consent, provided that we have no other legal ground for the processing of your personal data;
- you object to the processing of your personal data and there are no overriding legitimate grounds for the processing;
- your personal data were processed in an unlawful manner;
- your personal data must be deleted in order to comply with a legal obligation of the Union Law or the Belgian law;
- Right to restriction of processing (Art. 18 of the GDPR): you have the right to obtain the restriction of the processing of your personal data, i.e. to discontinue the processing of your personal data, without having them erased from our databases. This right can only be exercised in the cases provided by law, for instance during a period in which we verify the correctness of the disputed personal data, or pending a decision with respect to your request.
- Right to object (Art. 21 of the GDPR): you also have the right to object to the processing of your personal data or for serious and legitimate reasons. In addition, you have the right at any time to object to the processing of your personal data for purposes of direct marketing, without having to justify your request.
- Right to data portability (Art. 20 of the GDPR): you have the right to receive your personal data that are processed by us, in a structured, commonly used and machine readable format and/or to transmit your personal data to other controllers.
- Right to withdraw consent (Art. 7 of the GDPR): Insofar as the processing is based on your prior consent, you have the right at any time to withdraw your previously given consent, e.g. in case of direct marketing.
- Right to lodge a complaint (Art. 77 of the GDPR): when you suspect that Promeco carelessly deals with your personal data and does not comply with the rights referred to above, you can lodge a complaint with the competent supervisory authority, in particular in the European Union state where you live or work, or where the infringement occurred. The Belgian supervisory authority is the Commission for the Protection of Privacy, at the following address: Drukpersstraat 35, 1000 Brussels, telephone: +32 (0)2 274 48 00, e-mail: email@example.com, website: www.privacycomission.be. This does not affect the possibility to initiate proceedings before a civil court. In case of damages as a result of the processing of your personal data, you can bring out a claim for compensation.
We ask people under the age of 16 not to communicate personal data to Promeco unless consent has been obtained from parent(s) or guardian(s). If we discover that we have collected personal information from a person under the age of 16, we will delete this information as soon as possible.
- Applicable law and competent jurisdiction
In case you have questions or want to submit complaints or requests or wish to exercise the rights referred to under point 12, you can at any time contact us by sending an e-mail to firstname.lastname@example.org. Other contact details may be found under point 3. The Data controller. We look forward to helping you.