BONDIS is a distributor of industrial maintenance products, including lubricants.
Our business requires us to process personal data.
We declare that our activities are in accordance with the applicable privacy legislation, which is primarily governed by the General Data Protection Regulation (AVG or its English abbreviation GDPR).
For this reason, we want to inform you as much as possible, respect and give you control over what happens to your personal data.
Below you will find information on what data we collect about you, why we do so, how long we keep it, what your privacy rights are and how you can exercise them.
WHO WE ARE
- We are BONDIS bv, a private company incorporated under Belgian law, with registered offices in 2630 AARTSELAAR, Cleydaellaan 16/1 and registered with the KBO under number 0415.509.297, (hereinafter "BONDIS" and "we or us").
- We are the data controller for the data processed via our website and webshop and social media.
WHAT IS PROCESSING OF PERSONAL DATA?
- By 'processing of personal data' we mean any processing of data that can identify you as a natural person. The term 'processing' is broad and covers, among other things, the collection, recording, organisation, storage, updating, modification, retrieval, consultation, use, dissemination or making available in any way, alignment, combination, archiving, erasure or eventual destruction of such data.
What Personal Data are collected and processed?
- We store and process the personal data provided to us only to the extent necessary for the direct initiation and processing of business transactions within our company.
The personal data you share with us
- We process the personal data that you give us yourself. This may be by telephone (e.g. when you call us), in writing (e.g. when you send us a letter or e-mail, or contact us via the Website), electronically (e.g. when you read out your e-ID via a signature application) or verbally (e.g. during a meeting). When placing an order through the webshop or creating an account, you must provide data, including your name, your e-mail address and/or mobile number, your payment and billing information, and, if applicable, a password. We may carry out automated data processing.
The personal data we collect
- In order to conduct our business, we need to carry out searches in various databases that are either publicly accessible (e.g. Belgian Official Gazette, KBO), with restricted access, private databases (e.g. Graydon or other company databases) or data that can be found freely on the Internet (e.g. websites). In addition, we may also collect data through your visit to our Website or your use of our (online) services.
The personal data we obtain from third parties
- In addition, we may obtain data from third parties in order to carry out certain tasks. We also obtain data through intermediaries (e.g. employment agencies).
Categories of personal data
- We distinguish different types of personal data, which can be combined with each other:
- Identification and contact data: these are the data that allow us to identify and contact you as a customer, employee, self-employed service provider, etc. (for example, your name, place and date of birth, nationality, residence status, marital status and other data stated on identification documents, your address, e-mail address and telephone number);
- Billing information: this is information that allows us to charge our services correctly, such as billing address, company number, whether or not you are liable for VAT;
- Preferences and interests: these are data relating to your activities or your situation that will allow us to send you newsletters that may be of interest to you and your activities;
what do we process your personal data for?
When you contact us or we contact you
- If you contact us, for example to arrange an appointment, or wish to receive our newsletters or follow us on social media, we will need your identity and contact details. All information we receive about you will only be used to provide you with the requested information, in the manner you prefer. If you are an active service provider or supplier of goods (e.g. sales services) who we may wish to engage, we will also record your identity and contact details.
Within the framework of our enterprise
- In the preparation, execution and termination of our contracts, we need to have the data of our customers and other third parties involved in the contract. We must be able to identify these persons and process the data that may be necessary or useful for the negotiation, conclusion and execution of the contract.
We also use your data for administration (including invoicing).
We may also process your evaluation data in order to improve and optimise our offerings and services in the future.
We may use your information to offer you (in writing, by telephone or electronically) newsletters or new products or services which we think may be of interest to you, as well as to send you greeting cards or invite you to events.
In addition, the following purposes of data processing, for example, are pursued to protect our legitimate interests:
- Direct marketing to strengthen already existing customer relationships or to build up new customer relationships or to approach interested parties;
- Processing and transfer of data as part of the implementation and security of the Website and software systems.
If you work for us as a trainee, employee or independent service provider
- If you work for our company, we need to process a lot of personal data from you as part of this relationship, such as your identity and contact details, details mentioned on your CV, family composition, your invoicing to our company, the services you record, data to determine your commission, hours worked, leave and holidays, etc., in order to ensure that the cooperation runs smoothly.
On what basis do we process your personal data?
- We process personal data for various purposes, each time only the data that is necessary to fulfil the intended purpose.
- Thus, we use personal data when this is necessary:
- in order to be able to offer our range and services to the full;
- to comply with the legal and regulatory provisions to which we are subject; and/or
- for the protection of our legitimate interests, in which case we will always try to strike a balance between that interest and respecting your privacy.
- Personal data is processed on the basis of the following bases:
- Where you have given your consent, on the basis of your consent, where you have the right to withdraw such consent at any time (see below);
- On the basis of the agreement concluded with us;
- Our legitimate interests and/or those of other involved parties, to which you have the right to object (see below). Examples of such legitimate interests include protection of ourselves and third parties (e.g. against fraudulent acts), compliance with the law, court or administrative order, our right to conduct business, our right to assert claims (e.g. in case of breach of contract) and to defend ourselves.
- We do not sell or pass on personal data to third parties except in the following cases:
- If this is necessary for the performance of our activities - To enable the operation of our business (e.g. technical partners for the development, maintenance and security of the Website, commercial partners for marketing, financial partners for payments and accounting processing etc.) To the extent necessary for the performance of their duties, they have access to your data. We conclude processing agreements with these partners whereby we are designated as the party responsible for processing. This processing agreement will include provisions to protect your personal data;
- If there is a legal obligation. For example, in the case of a tax audit;
- If there is a legitimate interest for our company or a concerned third party. We will only transfer your personal data if your interest or your fundamental rights and freedoms do not prevail, and you will always be informed of this transparently (except in the case of legal exceptions). For example, your personal data may be passed on to third parties (such as lawyers) whom we call on for legal recovery (or other (extra) legal proceedings).
- If you give us permission to do so; If we should transfer personal data to third parties in other situations, this is done with an explicit notification, which explains the third party, the purposes of the transfer and processing. Where required by law, we will obtain your explicit consent.
- To the extent that personal data is processed outside the European Union, we ensure, through contractual or other measures, that such data enjoys an adequate level of protection there, comparable to that which it would enjoy in the European Union, in accordance with European regulations.
how long do we keep your data?
- We must not retain personal data longer than is necessary to fulfil the purpose for which it was collected.
- We apply the following retention periods for your data:
Data of customers and their employees
Data of employees and trainees
10 years, statutory period for keeping personnel and wages records
Maximum 2 years after last contact
Data from prospects
Maximum 5 years
Maximum 5 years after last contact
- After the expiry of the retention period, we will proceed to delete your personal data unless and to the extent that we need your personal data to:
- To fulfil contractual obligations, or to enforce our rights under contracts concluded with you, for a period of time corresponding to the statute of limitations for these obligations or rights;
- To fulfil our legal obligations, such as mandatory record keeping, identification of customers for anti-money laundering purposes where applicable, for the duration required by law;
- To be able to pursue our claims and or defence in the context of disputes, for the duration of those disputes, including the investigation phase;
- Cooperate in an ongoing criminal investigation, for the duration of this investigation;
- To comply with a court or administrative order for the duration applicable.
- The deletion of personal data means that they are erased or permanently anonymised.
how do we store and secure your data?
- The data in our database is stored on secure and locked (back-up) servers, both internal and external.
- Our employees are trained to handle confidential data correctly. They are bound by an internal privacy regulation that sets out how they should deal with personal data. The way in which we collect and process personal data is recorded in a data processing register.
- Our infrastructure and information systems are equipped with the appropriate technical measures to protect your personal data from unauthorised access, unauthorised use and loss or theft, such as: password protection, hard disk encryption software, firewalls, antivirus, intrusion and anomaly detection and access controls for our employees. Our hardware and software are constantly kept up-to-date. For this, we rely on specialised third parties.
- In the event of an unexpected data leak that adversely affects your personal data, you will be notified personally in the circumstances provided for by law.
- We recommend that you also take the necessary security measures to protect your personal data, such as securing your mailbox, firewalls on your devices, password management, etc.
- Although we make every effort to regularly screen our systems for security risks, we cannot guarantee the security of your data.
What rights do you have?
- You have the right to find out from us at any time whether or not we are processing your personal data and, if we are processing it, to see that data and receive further information about it:
- the processing purposes;
- the categories of personal data concerned;
- the recipients or categories of recipients (in particular, recipients in third countries);
- if possible, the retention period or, if that is not possible, the criteria for determining that period;
- The existence of your privacy rights;
- the right to lodge a complaint with the supervisory authority;
- the information we have about the source of the data if we obtain personal data from a third party; and
- The existence of automated decision-making.
- You also have the right to obtain an extract of the processed data, in a comprehensible form. We may charge a reasonable fee to cover our administrative costs for each additional extract requested.
- You have the right to have incomplete, incorrect, inappropriate or outdated personal data corrected without delay. You are also obliged to do so under the terms of membership.
- You have the right to have your personal data deleted in the following cases, without unreasonable delay:
- Your personal data is no longer needed for the purposes for which it was collected or otherwise processed by us;
- You withdraw your previous consent to the processing and there is no other legal ground on which we can rely for the (further) processing;
- You object to the processing of your personal data and there are no more weighty, legitimate grounds for the (further) processing;
- Your personal data are processed unlawfully;
- Your personal data must be deleted in order to comply with a legal obligation;
Please note, however, that we cannot always delete all the personal data requested, for example when their retention and processing is necessary.
- You have the right to obtain the restriction of the processing of your personal data if one of the following applies:
- You dispute the accuracy of that personal data: its use is restricted for a period that allows us to verify the accuracy of the data;
- the processing of your personal data is unlawful: instead of deleting your data, you request that its use be restricted;
- we no longer need your data for the original processing purposes, but we need it for the establishment, exercise or substantiation of legal claims: instead of deleting your data, its use is restricted for the establishment, exercise or substantiation of legal claims;
- as long as no decision has been taken on the exercise of your right to object to the processing, you request that the use of your personal data be restricted;
- You have the right to request your personal data and have them transferred. This is only possible for the personal data that you have provided to us yourself, based on consent or following an agreement. In all other cases, you cannot benefit from this right (e.g. when the processing of your data is based on a legal obligation). You can request us to return the personal data concerned in a structured, common and machine-readable form.
- You have the right to object to the processing of your personal data on the basis of your particular situation if the processing is in our legitimate interest or in the public interest. We will cease processing your personal data, unless we can demonstrate compelling and legitimate grounds for processing which override your interests or if the processing of the personal data is related to the establishment, exercise or substantiation of a legal claim (for example, the submission of a claim to a court).
- Do you not wish to receive any form of commercial communication (such as newsletters, invitations to events)? You always have the right, without having to give a reason, to oppose the use of your personal data for these purposes. Please contact us or use the unsubscribe button in our invitations or (electronic) newsletters.
HOW CAN YOU EXERCISE YOUR RIGHTS?
- In order to exercise your right of access, and to prevent any unauthorised disclosure of personal data, we need to verify your identity. In case of doubt or uncertainty, we will first ask you for additional information (preferably a copy of the front of your identity card).
- You may exercise your privacy rights free of charge, unless your request is manifestly unfounded or excessive, in particular due to its repetitive nature. In such a case, we have the right and the choice - in accordance with the privacy legislation - to (i) charge you a reasonable fee (taking into account the administrative costs of providing the requested information or communication and the costs involved in taking the requested measures), or (ii) refuse to comply with your request.
- We shall respond to your request as soon as possible, and in any event within one month of receipt. Depending on the complexity of the requests and the number of requests, this period may be extended by a further two months if necessary. If the deadline is extended, we will notify you within one month after receipt of the request.
- If we have lawfully transmitted your data to a third party (other than a processor or sub-processor), we shall not be liable for unlawful processing or use by that third party. We are also not liable if third parties process or use your data unlawfully and we have taken appropriate technical and organisational measures to prevent such unlawful processing or use.
Get in touch with us
Responsable: Mr Tom Haverhals
TEL: +32 (0)3 234 29 18
- For complaints relating to the processing of your personal data, please contact the Data Protection Authority, rue du Mail 35, 1000 Brussels / +32 (0)2 274 48 00 / firstname.lastname@example.org / www.gegevensbeschermingsautoriteit.be. Please consult us first.