QMS_D_214_Website Privacy Notice Rev01
Welcome to www.aloxy.io. ThisPrivacy Notice explains what we do with your personal information when you arevisiting www.aloxy.io ("Website") or wish to make a purchaseon the Website. It describes how we collect, use and process your personalinformation, and how, in doing so, we comply with our legal obligations to you.Your privacy is important to us, and we are committed to protecting andsafeguarding your rights.
This Privacy Notice applies tothe personal information of our consumer customers. If you are not a consumer,please contact us and we will provide you with the applicable Privacy Noticefor your situation.
For the purpose of the applicabledata protection legislation, ALOXY NV, a limited company registered undercompany number 0684.650.150 with its registered office at Sint-Pietersvliet 7,2000 Antwerpen of which its VAT registration number is BE0684.650.150 ("we","our" or "us" or “Aloxy”) is the‘controller’ of your personal information. This means we decide why and howyour personal information is used and are responsible for protecting it. Pleaserefer to the end of this notice for our contact and company information.
We may amend this PrivacyNotice from time to time. Please visit this page regularly as we will post anychanges here. Where appropriate, we may also notify you of the changes byemail. Please see further the section Changes below.
If you are dissatisfied withany aspect of this Privacy Notice, you may have legal rights which we havedescribed below where relevant.
1. INFORMATION WE COLLECT ABOUT YOU
When you use the Website, wecollect and use information about you in the course of providing you with ourproducts and services and with customer support. We may collect some or all ofthe information listed below to help us with this:
- information that you submit online via the Website, including your name, contact details, etc..
- information that you submit via any contact forms on the Website and any correspondence we have with you over email or phone or via the Get in Touch on the Website;
- details of transactions you carry out or orders you place through the Website;
- extra information that you choose to tell us;
- details of any adverse reaction on incidents experienced whilst using our products that you disclose to us over email or by phone or using the webchat feature on the Website; and
- technical information about your visit, including details of your visits to the Website and your navigation around the Website, traffic data, communication data, information about the device you use to access the Website, your Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
Depending on the type ofpersonal information in question and the legal grounds (i.e. the ‘lawfulbases’) on which we may be processing your personal information, should youdecline to provide us with such data, we may not be able to fulfil ourcontractual requirements or, in extreme cases, may not be able to continue withour relationship with you.
For details of the lawfulbases that we rely on to be able to use and process your personal information,please see How we use your information.
2. HOWWE USE YOUR INFORMATION
2.1. Personal information
The purposes for which we useyour personal information and the lawful basis under data protection laws onwhich we rely to do this are explained below.
2.2. Where you have providedCONSENT
We will rely on your consent,in certain cases, to send you the following where we invite you to opt-in onthe Website for market research surveys purposes and related communications andto use your responses to those communications individually, or combined withresponses from other individuals, for insight purposes.
You may withdraw your consentat any time.
2.3. Where there is a LEGAL OBLIGATION
We will use your personalinformation to comply with our legal obligations, including where the lawrequires us:
- to respond or assist the public authorities or the police and other criminal investigation bodies;
- to identify you when you contact us;
- to verify the accuracy of data we hold about you; and
- to comply with a request from you in connection with the exercise of your rights.
2.4. Where it is in your VITALINTERESTS
We will use your personalinformation to notify you of any product safety or product recall issues.
2.5. Where there is a LEGITIMATEINTEREST
We may use and process yourpersonal information where it is necessary for us to pursue legitimateinterests (whether ours, in connection with our business, or that of athird party), except where such interests are overridden by your interests orfundamental rights and freedoms, e.g. in the following events:
Processingnecessary for provision of Website
· provision and design of theWebsite and to ensure that the Website’s content is presented as effectively aspossible for you;
· ensuringthe operation of the Website with strictly necessary cookies (please see our CookiePolicy).
Processingnecessary for us to support Website visitors and customers with their enquiries
- to respond to correspondence, you send to us and fulfil the requests you make to us relating to our products and services.
Processingnecessary for us to respond to changing market conditions and the needs of thevisitors of the Website
- to analyse, evaluate and improve our products and services so that your visit and use of the Website and social media pages are more useful and enjoyable (we will generally use data amalgamated from many people so that it does not identify you personally);
- to carry out (or instruct a third party to carry out on our behalf) market research and analysis so that we can better understand your needs as a customer but only where we do not rely on your consent (i.e. during any period which the Website does not present you with an opt-in option for this purpose).
Processingnecessary for us to operate the administrative and technical aspects of ourbusiness efficiently and effectively
- to notify you about changes to our services;
- to administer the Website and for internal operations, including troubleshooting, testing, statistical purposes;
- for the prevention of fraud and other criminal activities;
- to verify the accuracy of data that we hold about you and create a better understanding of you as an account holder or visitor;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- to inform you about administrative, legal and business matters;
- for the purposes of corporate restructure or reorganisation or sale of our business or assets;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;
- to inform you of updates to our terms and conditions and policies;
- for our internal purposes, such as quality control, Website performance, system administration and to evaluate use of the Website, so that we can provide you with enhanced services.
If you arein the EU, the following applies to you in addition to (and, in case of any inconsistencies, takes precedence over) the other provisions of this section:
- If processing of your personal data is based on your consent, the legal basis is Art. 6(1)(a) GDPR. You can withdraw your consent at any time (Art. 7(3) GPDR), effective for the future. This will not affect the legality of processing that took place before you withdrew your consent.
- If processing of your personal data is based on a contract between us and you, the legal basis is Art. 6(1)(b) GDPR.
- If processing of your personal data is based on legal obligations that we must fulfil, the legal basis is Art. 6(1)(c) GDPR.
- If processing of your personal data is based on our legitimate interests, the legal basis is Art. 6(1)(f) GDPR. If you are interested in detailed information on the balancing of your and our interests, please contact us as described in the section How to contact us. Insofar as the processing is based on our legitimate interests, you have the right to object to the processing (Art. 21 GDPR).
3. USEOF DEVICE AND SOFTWARE USAGE INFORMATION
We may monitor your use of theWebsite and record your IP address, operating system and browser type, browserversion, previously visited website (referrer URL), monitor resolution,operating system and, if applicable device information (e.g. device type) forsystem administration purposes.
We collect aggregatedstatistics data about visitors to the Website and sales and traffic patterns.This information does not identify users in any personal capacity, and we donot use this information to build profiles on individual users: it justcontains generalised information about the users of the Website.
A cookie (and othertechnologies like pixels and beacons) is a small data file that is placed onyour browser or the hardware of your computer or other device to allow awebsite to recognise you as a user when you return to the website.
We will transfer personal datato third parties only where necessary for the provision of our service orotherwise allowed by the law. Within the scope of the purposes stated here,personal data are transferred to service providers involved in the provision ofour services. In addition to their legal obligation to comply with all dataprotection regulations, these service providers are bound to additionalcontractual data protection requirements. This includes in particularcontractual obligations as a processor (in accordance with requirements of Art.28 GDPR). In particular, we may share your information with any of thefollowing groups:
- any of our liaised entities, where this is necessary/lawful, and in accordance with laws on data transfers;
- tax, audit, or other authorities, when we believe that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
- lawyers who provide us with legal and regulatory advice;
- external consultants who provide industry insights, market research and technical support;
- auditors and accountants who prepare and examine financial records, assess financial operations and assist in becoming more efficient;
- IT technical support functions, IT consultants and third-party analytics service providers who carry out testing, research and development work on our business technology systems;
- third party market research providers who provide industry insights and assists with product development;
- third parties for the purposes of credit card clearance, credit reference, order fulfilment, delivery, customer support services and storage services;
- third party outsourced IT providers where we have an appropriate data processing agreement (or similar protections) in place;
6. WHEREWE STORE YOUR INFORMATION
Your personal information maybe transferred outside of the European Economic Area (EEA) to the third partiesdescribed in Sharing your information with third parties.
We want to make sure that yourpersonal information is stored and transferred in a way which is secure. Wewill therefore only transfer data outside of the EEA where it is compliant withdata protection legislation and the means of transfer provides adequatesafeguards in relation to your data, for example:
- by way of an intra-group agreement between an Aloxy entities, incorporating the current standard contractual clauses adopted by the European Commission, the Belgian Data Protection Authority or other competent body for the transfer of personal information to jurisdictions without adequate data protection laws;
- by way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission, the Belgian Data Protection Authority or other competent body for the transfer of personal information to jurisdictions without adequate data protection laws;
- by transferring your data to a country where there has been a finding of adequacy by the European Commission, the Belgian Data Protection Authority or other competent body in respect of that country's levels of data protection via its legislation; or
- where you have consented to the transfer.
Where we transfer yourpersonal information outside the EEA and where the country or territory inquestion does not maintain adequate data protection standards, we will take allreasonable steps to ensure that your data is treated securely and in accordancewith this Privacy Notice. You can ask to see these by contacting us using thecontact details below.
7. HOWWE SAFEGUARD YOUR INFORMATION
We care about protecting yourinformation. That's why we put in place appropriate measures that are designedto prevent unauthorised access to, and misuse of, your personal information.
We are committed to taking allreasonable and appropriate steps to protect the personal information that wehold from misuse, loss, or unauthorised access. We do this by having in place arange of appropriate technical and organisational measures, includingencryption measures and disaster recovery plans.
If you suspect any misuse orloss of or unauthorised access to your personal information please let us knowimmediately by contacting our Data Protection Officer using the detailsprovided at the end of this notice.
Unfortunately, thetransmission of information via the internet is not completely secure. Althoughwe will apply our normal procedures and comply with legal obligations toprotect your information, we cannot guarantee the security of your informationtransmitted to the Website and any transmission is at your own risk.
The Website may from time totime contain links to and from other websites. If you follow a link to any ofthose websites, please note that those sites ought to have their own privacypolicies and that we do not accept any responsibility or liability for thosesites or for their privacy policies. Please check those privacy policies beforeyou submit your information to those websites.
8. HOWLONG WE KEEP YOUR INFORMATION
We will keep your informationrelating to orders you have placed with us as required by law or otherregulation (for example, because of a request by a tax authority or inconnection with any anticipated litigation).
If you have contacted us witha complaint or query: we will store yourpersonal information for as long as is reasonably required to resolve yourcomplaint or query.
The exceptions to the aboveare where:
- we have carefully considered whether we need to retain your personal information after the periods described above to potentially establish, bring or defend legal proceedings or to comply with a legal or regulatory requirement;
- we actually bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible;
- you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further Right to restrict processing below);
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Right to erasure below); or
- in limited cases, a court or regulator requires us to keep your personal information for a longer or shorter period.
When it is no longer necessaryto retain your data, we will delete the personal information that we hold aboutyou from our systems (either by erasing or anonymising that data). After thattime, we may retain aggregated data (from which you cannot be identified) andretain it for analytical and statistical purposes.
You have a number of rights inrelation to your information under data protection law. In relation to certainrights, we may ask you for information to confirm your identity and, whereapplicable, to help us to search for your personal information. Except in rarecases, we will respond to you within one month from either: (i) the date thatwe have confirmed your identity; or (ii) where we do not need to do thisbecause we already have this information, from the date we received yourrequest.
9.1. Right to object
This right enables you toobject to us processing your personal information where we do so for one of thefollowing reasons:
- where we rely on our legitimate interests to do process your information;
- to enable us to perform a task in the public interest or exercise official authority; or
- for scientific, historical, research, or statistical purposes.
Except for the purposes forwhich we are sure we can continue to process your personal information, we willtemporarily stop processing your personal information in line with yourobjection until we have investigated the matter. If we agree that yourobjection is justified in accordance with your rights under data protectionlaws, we will permanently stop using your personal information for thosepurposes. Otherwise we will provide you with our justification as to why weneed to continue using your personal information.
9.2. Right to withdraw consent
Where we have obtained yourconsent to process your personal information for certain activities, you maywithdraw this consent at any time and we will cease to use your personalinformation for that purpose unless we consider that there is an alternativelegal basis to justify our continued processing of your data for this purpose,in which case we will inform you of this condition. If you withdraw yourconsent, our use of your personal information before you withdraw is stilllawful.
9.3. Right of access (‘Data SubjectAccess Requests’)
You may ask us for a copy ofthe information we hold about you at any time, and request us to modify, updateor delete such information. If we provide you with access to the information,we hold about you, we will not charge you for this unless permitted by law. Ifyou request further copies of this information from us, we may charge you areasonable administrative cost. Where we are legally permitted to do so, we mayrefuse your request. If we refuse your request we will always tell you thereasons for doing so.
If you would like to requestaccess to your information, it would assist us with dealing with your requestif you could use the subject heading ‘Data Subject Access Request’, or quotethis over the phone, when contacting us. Please note that this is not mandatoryand we will still deal with any requests without this reference.
9.4. Right to erasure
You have the right to requestthat we erase your personal information in certain circumstances. Normally,this right exists where:
- the data is no longer necessary;
- you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
- the data has been processed unlawfully;
- it is necessary for the data to be erased in order for us to comply with our obligations under law; or
- you object to the processing of your data and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled torefuse to comply with your request for erasure in limited circumstances and wewill always tell you our reason for doing so.
When complying with a validrequest for the erasure of data we will take all reasonably practicable stepsto delete the relevant data.
9.5. Right to restrictprocessing
You have the right to requestthat we restrict our processing of your personal information in certaincircumstances, for example if you dispute the accuracy of the personalinformation that we hold about you, you object to our processing of yourpersonal information for our legitimate interests or you require us tokeep it in connection with legal proceedings. If we have shared your personalinformation with third parties, we will notify them about the restrictedprocessing unless this is impossible or involves disproportionate effort. Wewill, of course, notify you before lifting any restriction on processing yourpersonal information.
We may only process yourinformation whilst its processing is restricted if we have your consent or arelegally permitted to do so, for example for storage purposes, to protect therights of another individual or company or in connection with legalproceedings.
9.6. Right to rectification
You have the right to requestthat we rectify any inaccurate or incomplete personal information that we holdabout you. If we have shared this personal information with third parties, wewill notify them about the rectification unless this is impossible or involvesdisproportionate effort. You may also request details of the third parties towhom we have disclosed the inaccurate or incomplete personal information. Wherewe think that it is reasonable for us not to comply with your request, we willexplain our reasons for this decision.
You can access and updatecertain parts of your information by logging into your account on the Website.
9.7. Right of data portability
If you wish, you have theright to transfer your personal information between service providers where werely on your consent or the performance of your contract as the lawful basis touse that information. In effect, this means that you are able to transfer thedetails we hold on you to another third party. To allow you to do so, we willprovide you with your data in a commonly used machine-readable format so thatyou can transfer the data. Alternatively, we may directly transfer the data foryou if technically possible.
9.8. Rights relating to automateddecisions
In certain circumstances, youmay contest a decision made about you based purely on automated processing andwhere the processing is not required by law. You may also ask us to stop makingsuch decisions using automated processing alone.
9.9. Right to complain
You also have the right tocomplain to your local supervisory authority, in your case the Belgian DataProtection Authority. You can contact them in the following ways:
- Telephone: +32 (0)2 274 48 00 or +32 (0)2 274 48 35
- Website: https://www.dataprotectionauthority.be/citizen
- Email: firstname.lastname@example.org
- Address: Drukpersstraat (rue dela Presse) 35, 1000 Brussels
9.10. How to exercise your rights
If you would like to exerciseany of these rights, please contact us on the details provided under How tocontact us. Please note that we may keep a record of your communications to help usresolve any issues that you raise.
We may make changes to thisPrivacy Notice at any time by posting a copy of the modified notice on theWebsite or, where appropriate, by sending you an email with that notice. Any changes will take effect 7 days after the date of our email or the date onwhich we post the modified terms on the Website, whichever is theearlier.
If youhave any queries about this Privacy Notice, including your rights in relationto your personal information, please contact us by email at email@example.com,by phone: +31 6 54707720 or by post at: Sint-Pietersvliet7, 2000 Antwerpen (Belgium).
If youwish to contact us with any general queries or concerns, you can use our Get inTouch page or email us at firstname.lastname@example.org orwrite to us via post to the above address.
Whencontacting us by email or post, please use the subject heading ‘Data protectionquery’ so that we can direct your query to the appropriate department and dealwith it promptly.
QMS_D_214_Website PrivacyNotice Rev01