PRIVACY NOTICE – PERSONAL DATA
This privacy notice sets out the policy of Oleon NV with respect to personal data on the website www.oleon.com. This Notice applies to all the information that you provide, or that we collect while you browse our website, in accordance with all applicable regulations in France relating to personal data such as those under French Law no. 78-17 of January 6, 1978 on information technology, data files and civil liberties, referred to as the "Information technology and civil liberties" law and Regulation (EU) 2016/679 of 25 May 2018 on data protection referred to as the "GDPR".
The purpose of this privacy notice is to inform persons accessing the services offered on our Website (hereinafter referred to as the "Users") about how we collect, utilize and share their personal data.
Any amendment to or update of this privacy notice will be brought to your attention. Your active consent to this new privacy notice will be required to continue using the services offered by the Company.
1. Who is responsible for your personal data?
The data controller, who collects and manages your data, is the company Oleon NV, with a share capital of €101.496.180,76 registered with the Crossroads Bank of Enterprises under no. 0406.414.162, and legal entity register at Ghent, division Ghent, with registered seat at Assenedestraat 2, 9040 Ertvelde (Belgium). Oleon’s CEO is Moussa Naciri.
2. What personal data is collected?
You are reminded that personal data is any information relating to a directly or indirectly identified or identifiable natural person.
When browsing the Website and using the different services offered by the Company, you are consenting to our collection of the following categories of data:
(Hereinafter referred to as "Personal data").
You agree to provide personally identifiable information that is up-to-date and valid, with respect to the information required on the Website, and warrant that you will not provide any false or inaccurate information.
3. How and why is your Personal data collected?
3.1. Methods of Personal data collection
You are consenting to the Company's collection of your Personal data when you complete the following documents:
3.2. Legal basis for collecting and processing the data
Your Personal data is collected on the basis of the following legal grounds:
4. For what purposes is your Personal data collected?
4.1. General considerations
Mandatory Personal data is data that is strictly required for processing purposes or for your requests. Failing communication of said data, the User is informed that he will not be able to access certain services offered by the Company. You are informed about the mandatory nature of the information required when it is collected.
Optional Personal data collected by the Company is intended to get to know you better and enhance your browsing experience on the Website.
4.2. List of purposes
Your Personal data is collected and processed in order to fulfill the following purposes:
The Users are informed that, subject to their prior specific and positive consent, it will be possible for the Personal data transmitted to be transferred to our business partners from the AVRIL Group, so that they can inform the Users about their offers and services.
5. Who has access to your Personal data?
5.1. The Company's personnel
Your Personal data is intended for use by persons within the Company who are duly authorised to process them, particularly, and depending on the type of processing and the type of data, the persons in charge of the sales, customer service, marketing, administrative, logistic and information technology departments.
5.2. The Company's subcontractors
Within the framework of conducting its activities and the provision of its services, the Company makes use of subcontractors. They:
In cases where the Company uses subcontractors based in countries offering levels of protection that are not equivalent to those in the European Union, the Company undertakes to ensure that the transfer is secured by the Privacy Shield established between the European Union and the United States or by the signing of standard contractual clauses established by the European Commission or by the implementation of binding corporate rules ("BCR").
6. How long is your Personal data stored?
The Company keeps your Personal data for the time that is strictly necessary to accomplish the purposes for which it was collected and processed, such as managing the commercial relationship or payment.
Beyond this period, your Personal data may also be archived to provide regulated, limited and justified access for the time required (i) to fulfill the Company's legal and regulatory obligations, and/or (ii) to assert its rights through the courts, and before it is permanently deleted.
7. How does the Company maintain the security and confidentiality of your Personal data?
The Company undertakes to process your Personal data in a manner that is:
The Company is implementing and updating relevant technical and organisational measures to maintain the security and confidentiality of your Personal data by preventing it from being garbled, damaged or disseminated to unauthorised third parties.
8. What are your rights concerning your Personal data?
You may, by simple written request, access your Personal data, ask that it be modified or rectified, or require that it no longer appear in the Company's database.
Under the right of access, you are authorised, pursuant to Article 15 of the GDPR, to contact the Company so that (i) your Personal data is communicated to you in an accessible form, (ii) you obtain confirmation on whether your Personal data is or is no longer being processed, (iii) the purposes of the processing, personal data categories processed and the recipients of your Personal data are communicated to you and (iv) you obtain information on how long your Personal data is stored or the criteria used to determine this duration.
Pursuant to Article 16 of the GDPR, the right of rectification confers on you the right to require that the Company rectify, complete or update your Personal data when it is inaccurate, incomplete, equivocal or expired.
Under the conditions provided for in Article 17 of the GDPR, you have a right to the erasure of your Personal data, which enables you to request that the Company erase your Personal data without undue delay, particularly when it is no longer required for the purposes for which it was collected.
In addition, you have a right to restriction of processing of your Personal data in the cases identified in Article 18 of the GDPR. You may therefore request that your Personal data be stored solely for the purposes of:
Under the circumstances provided for in Article 20 of the GDPR, you have a right to the portability of your Personal data, allowing you to retrieve Personal data you provided from the Company, in a structured, commonly used, machine-readable format, for the purposes of transmitting it to another data controller.
In accordance with Article 21 of the GDPR, you have the right to object, at any time, to the processing of your Personal data for the purposes of business development.
To exercise your aforementioned right of access, rectification, erasure, restriction, portability and objection, you may simply send your request by email to the following address: email@example.com
The Company will provide the person who exercises one of these rights with information on the measures taken, without undue delay and, in any event, within one (1) month from the receipt of the request. This period may be extended by two (2) months, considering the complexity and number of the requests.
If the Company does not intend to fulfill the request, it will inform the person, without undue delay, and at the latest within one (1) month from the receipt of the person's request for the reasons for its refusal and the possibility of filing a complaint with the supervisory authority and lodging an appeal.
Exercising these rights is free of charge. However, in cases of manifestly unfounded or excessive requests, the Company reserves the right to (i) require the payment of expenses including administrative costs, or (ii) refuse to fulfill these requests.
9. What recourse do you have if your Personal data is misused?
In the case of a misuse of your Personal data protection rights likely to pose a risk to your rights and liberties, the Company will report this violation to the CNIL (the French Data Protection Authority) in an expeditious manner, and, if possible 72 hours at the latest after being notified. The Company will also inform the User, without undue delay, in accordance with the provisions set forth in Article 34 of the GDPR.
Without prejudice to any other administrative or legal remedy, the User who considers that the processing of his Personal data constitutes a violation of applicable legal provisions may lodge a complaint with the competent supervisory authority such as the French Data Protection Authority (CNIL).
10. To whom do you address your questions?
For any questions concerning the processing of their personal data and the exercise of their rights, the Users may contact our dedicated service at the following address: firstname.lastname@example.org