Privacy Statement

Version 1.0

Date: 17 February 2022

1.     Identity of the person responsible for the processing of personal data (= the Controller)

This Privacy Statement is applicable to all personal data processed by Gediflora BV, whose registered office is at Schierveldestraat 14, 8840 Staden (Belgium), and whose VAT number is BE0429.207.083.

The Controller is committed to protecting the privacy of its users to the fullest extent possible. In this respect, the Controller complies with European Regulation 2016/679 of 27 April 2016 on the protection of personal data (hereinafter referred to as “GDPR”) and/or any future or additional legislation that is applicable.

2.     What does ‘processing of personal data’ mean ?

The processing of personal data (hereinafter referred to as “data”) includes any processing of data that could identify you as a natural person. This may include, but is not limited to, your contact details or order history. The term ‘processing’ is very broad and covers, among other things, the collection, storage, and use of your data, or the sharing thereof with third parties.

3.     What data do we process ?

Listed below are the data that we may process relating to you. However, depending on your individual situation, your preferences and the way in which you contact us, we do not process all of the data stated below.

General

The following data may be processed by us in respect of all our contacts:

  • Electronic identification and usage data;
  • Identification data;
  • Contact details;
  • Security camera images

Clients and participants in competitions or events

We may also process the data listed below about our customers and participants in competitions or events related to our commercial activities:

  • Order and payment details
  • After-sales details
  • Feedback, testimonials and promotional content such as photographs and videos
  • Competition and event related data

 

Suppliers – Service providers

We may also process the data listed below about our suppliers and service providers:

  • Contractual details
  • Payment and invoice details

Prospective employees

We may also process the following data listed below about prospective employees. This will obviously depend to a large extent on what data you wish to provide us with in connection with your application.

  • Personal details;
  • Work related information;
  • Personality details;
  • Photographs

4.     For what purposes and on what legal grounds do we process your data ?

  • Processing purposes :

Personal data is processed exclusively within a business context and in particular for the following purposes:

  • Within the framework of our main activities;
  • Organising events, competitions and meetings;
  • Participating in trade fairs;
  • Fulfilling administrative and tax obligations;
  • Communicating with customers and prospective customers;
  • Recruitment of employees
  • Principles of processing :

We may process your data for the following purposes :

4.1 Legal obligation :

  • To comply with the obligations imposed on the Controller under statutory and administrative requirements;
  • To comply with tax and accountancy obligations.

This list is not exhaustive and is subject to change.

4.2 Data necessary for the completion of a contract :

Pre-contractual phase :

  • Contacting, scheduling, replying to an order, negotiating;
  • Providing and/or requesting information in the context of concluding a contract;
  • Drawing up contracts;

Contractual phase :

  • Customer administration
  • Supplier administration
  • Execution of the contractual order

4.3 Legitimate interest :

  • Sending newsletters to the customers of the company.
  • Improving the quality of our services, training employees and evaluating and maintaining data and statistics relevant to the activities of the Controller, in the broadest sense.
  • Retention and use of evidence for the purposes of liability, litigation or disputes and in order to keep records of the company’s activities.
  • Ensuring security, both online on this website and within our business premises.

4.4 Consent :

  • Sending newsletters to people who are not clients of the company.
  • Posting photographs containing personal data on the company’s website and social media channels.
  • Data of applicants following the recruitment procedure will only be retained with prior consent.

5.     With whom do we share your data ?

We do not disclose your data to third parties, unless this is strictly necessary for the above-mentioned purposes, or unless we are legally obliged to do so.

We use external service providers, so-called “processors”, where necessary to support our operational purposes such as the management of our websites and IT systems. These external service providers carry out specific data processing operations on our behalf if necessary. We will only share your data with these external service providers up to the extent necessary for executing the respective purpose. The data may not be used by such processors for other purposes. Furthermore, these service providers are contractually bound to guarantee the confidentiality of your data by virtue of a so-called “processing agreement” concluded with the said parties.

This means that we share your data, as far as is relevant to your situation, with the following third parties for the following purposes, whereby these third parties in certain instances act as processors on our behalf :

  • Postal companies, transport and delivery companies if we have to send you something by post;
  • Payment service providers if we receive payments from you, or vice versa;
  • External representatives and consultants or any other parties who are involved in our main or secondary activities;
  • The processors who assist us in the IT field in order to ensure safe and efficient digital data management within our organisation;
  • Government bodies, judicial authorities and practitioners of registered professions such as accountants and lawyers, in order to fulfil our legal obligations and safeguard our interests, insofar as is necessary.

6.     How long do we retain your data ?

Personal data will be retained by the Controller for a period necessary to fulfill the purposes of processing. Thereafter, your data will be deleted or rendered anonymous.

7.     Where do we store your data and how are they protected ?

The Controller implements appropriate technical and organisational security measures to prevent, within the scope of its activities, the deletion, loss, falsification, alteration, unauthorised access or accidental disclosure to third parties of collected personal data, as well as any other unauthorised processing of such data.

The Controller shall ensure, to the greatest possible extent, that the processors, used by the the company, also take appropriate security measures to reduce the risk of incidents.

The Controller can under no circumstances be held liable for any damage, direct or indirect, arising from a wrongful or unlawful use of your personal data by any third party.

European Economic Area

Should your data, when accessing specific services or software tools, be processed outside the EEA (European Economic Area), such processing will only occur in/to countries that have been certified by the European Commission as being able to ensure an adequate level of protection for your data, or that measures will be taken to ensure the legitimate processing of your data in any such third country.

8.     What are your rights ?

You have certain rights relating to the personal data we use. Should you wish to invoke any of the rights set out below, please contact our GDPR responsible person by using the contact details listed under the first article of this Privacy Statement.

Right to inspect and copy

You have the legal right to access your personal data and to request a copy thereof. This provision also includes the right of requesting further information concerning the processing of your personal data, including the categories of data that are processed and the purposes for which they are processed.

Right of modification or rectification

You have the legal right to obtain without undue delay the rectification of inaccurate personal data, should you consider that we hold inaccurate data.

Right of data erasure (right to be forgotten)

You have the legal right to request that your personal data be deleted without undue delay. We may however not always be in a position to comply with such a request, e.g. if the data is still needed in order to fulfil a current contract, or if the retention of some of your personal data is required by law for a fixed period of time.

Right to restriction of data processing

You have the legal right to restrict the processing of your personal data.  Processing is thus temporarily halted until, e.g., there is absolute certainty about the accuracy of the data.

Right of withdrawal of consent

Whenever the processing is based on your consent (see above under Articles 5 and 6), you have the legal right to withdraw this consent at any time simply by contacting us. For any marketing messages that you receive from us via e-mail based on your consent, you can easily withdraw such consent by clicking on the ‘unsubscribe’ link at the bottom of any such message.

Right to object

You have the legal right to object to the processing of your personal data on the basis of legitimate interest. This should be based on reasons specific to your situation. You may also object to the use of your personal data for direct marketing purposes. Marketing messages sent by e-mail will always include an option to ‘opt out’.

Right of transferability

You have the legal right to obtain your data, which you have provided to us either with your consent or in execution of a contract, delivered in electronic form. In this way, the data can easily be transferred to another organisation. You also have the legal right to request us to transfer your data directly to another organisation, provided this proves technically possible.

Right to lodge a complaint with a supervisory authority

Should you have reason to believe that that your data has been subject to improper use, you have the legal right to lodge a complaint with your data protection supervisory authority at any time.

Belgische Gegevensbeschermingsautoriteit (GBA)

Drukpersstraat 35

1000 Brussel

Belgium

contact@apd-gba.be

9.     How can you invoke your rights ?

You may invoke your rights by contacting us, either by sending an e-mail to celine@gediflora.be or by post to Schierveldestraat 14, 8840 Staden (Belgium), enclosing a copy of the front of your identity card or any other document that can be used to identify you. The copy will only be used to identify you  in compliance with the GDPR.

10. Amendments

We reserve the right to amend this Privacy Statement. The most recent version is always available and can be consulted on our websites at any time. At the top of this document you will find the date when this Privacy Statement was last amended. Should there be any substantial amendments to the Privacy Statement, we will, wherever possible, inform the parties concerned about such amendments immediately.