Privacy - Quimesis
privacy
Home / privacy

– PRIVACY POLICY –

 

Purpose

 

This Policy is established by Quimesis S.R.L located at Avenue Léonard de Vinci 18 in 1300 Wavre, registered under number: BE0536.858.376 (hereinafter referred to as « the data controller »).

 

The purpose of this Policy is to inform visitors to the website hosted at the following address: www.quimesis.be (hereinafter referred to as the « website ») about how data is collected and processed by the data controller.

 

This Policy reflects the data controller's desire to act with complete transparency, in compliance with its national provisions and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the « General Data Protection Regulation »).

 

The data controller pays particular attention to protecting the privacy of its users and therefore undertakes to take reasonable precautions to protect the personal data collected against loss, theft, disclosure or unauthorized use.

 

"Personal data" is defined as any personal data relating to the user, i.e. any information that makes it possible to directly or indirectly identify them as a natural person.

 

If the user wishes to react to any of the practices described below, they can contact the data controller at the postal or email address specified in the « contact details » section of this Policy. 

 

What data do we collect?

 

The data controller collects and processes the following personal data, in accordance with the methods and principles described below:

  • their domain (automatically detected by the data controller's server), including the dynamic IP address;
  • their email address if the user has previously revealed it, for example by sending messages or questions on the website, by communicating with the data controller by email, by participating in discussion forums, by accessing the restricted area of the website by means of identification, etc.;
  • all information regarding the pages that the user has consulted on the website;
  • any information that the user has provided voluntarily, for example in the context of information surveys and/or registrations on the website, or by accessing the restricted area of the website by means of identification.

 

The data controller may also collect non-personal data. This data is qualified as non-personal data because it does not directly or indirectly identify a particular person. It may therefore be used for any purpose whatsoever, for example to improve the website, the products and services offered or the data controller's advertising.

 

In the event that non-personal data is combined with personal data, so that identification of the persons concerned is possible, this data will be treated as personal data until it is impossible to link it to a particular person.

 

Collection methods

 

The data controller collects personal data in the following ways:

  • contact form
  • cookies

 

Purposes of processing

 

Personal data is only collected and processed for the purposes mentioned below:

 

  • to ensure the management and control of the execution of the services offered;
  • sending and tracking orders and invoices;
  • sending promotional information about the products and services of the data controller;
  • sending promotional material;
  • answering user questions;
  • compiling statistics;
  • improving the quality of the website and the products and/or services offered by the data controller;
  • transmitting information on new products and/or services from the data controller;
  • for the purpose of commercial prospecting actions;
  • allowing better identification of the user's areas of interest.

 

The data controller may need to carry out processing operations that are not yet provided for in this Policy. In this case, they will contact the user before reusing their personal data, in order to inform them of the changes and give them the opportunity, if necessary, to refuse this reuse.

 

Legitimate interests

 

Some of the processing operations carried out by the data controller are based on their legitimate interests. These legitimate interests are proportionate to the respect for the user's rights and freedoms. If the user wishes to be informed of the details of the purposes based on the legal basis of legitimate interests, it is recommended that they contact the data controller (see section on "contact details").

 

Retention period

 

In general, the data controller only keeps personal data for the time reasonably necessary for the purposes pursued and in accordance with legal and regulatory requirements.

 

A customer's personal data is kept for a maximum of 10 years after the end of the contractual relationship between that customer and the data controller.

 

At the end of the retention period, the data controller makes every effort to ensure that the personal data has been made unavailable and inaccessible.

 

Application of rights

 

For all the rights listed below, the data controller reserves the right to verify the user's identity for the application of the rights listed below. 

 

This request for additional information will be made within one month of the user submitting the request.

 

Access to data and copy

 

The user can obtain, free of charge, written communication or a copy of their personal data that has been collected.

 

The data controller may require payment of reasonable fees based on administrative costs for any additional copies requested by the user.

When the user submits this request electronically, the information is provided in a commonly used electronic form, unless the user requests otherwise.

 

Unless otherwise provided by the General Data Protection Regulation, a copy of their data will be communicated to the user no later than one month after receipt of the request.

 

Right of rectification

 

You can get your personal data corrected for free as soon as possible, but no later than one month. This applies if the data is inaccurate, incomplete, or irrelevant. You can also complete your data if it turns out to be incomplete.

 

Unless there's an exception in the general data protection regulation, your request to correct data will be handled within one month of when you send it.

 

Right to object to processing

 

You can object to your personal data being processed at any time, for reasons related to your specific situation, when:

 

  • processing is necessary to carry out a task in the public interest or related to the exercise of official authority by the data controller;
  • processing is necessary for the legitimate interests of the data controller or a third party, unless your interests, fundamental rights, and freedoms override those interests and require personal data protection (especially when you're a child).

 

The data controller can refuse your request to object if they can prove there are compelling, legitimate reasons for processing your data that outweigh your interests, rights, and freedoms. This also applies to establishing, exercising, or defending a legal claim. If you disagree, you can file a complaint as described in the 'Claim and Complaint' section of this Policy.

 

You can also object, at any time, without justification and free of charge, to the processing of your personal data when your data is collected for marketing purposes (including profiling).

 

When personal data is processed for scientific or historical research or for statistical purposes in accordance with the general data protection regulation, you have the right to object to the processing of your personal data for reasons related to your particular situation, unless the processing is necessary for the performance of a task carried out in the public interest.

 

Unless there's an exception in the general data protection regulation, the data controller must respond to your request as soon as possible, but no later than one month. They also need to explain their reason if they don't plan to act on your request.

 

Right to restriction of processing

 

You can restrict the processing of your personal data in the following cases:

 

  • when you dispute the accuracy of data, but only while the data controller verifies it;
  • when the processing is illegal, and you prefer to restrict the processing instead of erasing it;
  • when the data is no longer needed for the purposes of processing, but you need it to establish, exercise, or defend your legal rights;
  • during the time needed to examine the validity of an objection you've made. In other words, while the data controller is checking the balance of interests between their legitimate interests and yours.

The data controller will let you know when the restriction on processing is lifted.

 

Right to erasure ('right to be forgotten')

 

You can have your personal data erased when one of the following applies:

 

  • the data is no longer necessary for the purposes of processing;
  • you've withdrawn your consent for your data to be processed, and there's no other legal basis for processing it;
  • you object to the processing, and there are no overriding legitimate grounds for the processing, and/or you exercise your specific right to object to direct marketing (including profiling);
  • the personal data has been unlawfully processed;
  • the personal data must be erased to comply with a legal obligation (under Union or Member State law) to which the data controller is subject;
  • the personal data was collected in connection with the offer of information society services aimed at children.

However, data deletion isn't applicable in the following situations:

 

  • When processing is necessary to exercise the right to freedom of expression and information.
  • When processing is necessary to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • When processing is necessary for reasons of public interest in the field of public health.
  • When processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes, and where the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing.
  • When processing is necessary for the establishment, exercise, or defense of legal claims.

 

Unless there's an exception in the general data protection regulation, the data controller must respond to your request as soon as possible, but no later than one month. They also need to explain their reason if they don't plan to act on your request.

 

Right to 'data portability'

 

You can ask to receive your personal data for free at any time. It will be in a structured, commonly used, and machine-readable format. This makes it easy to pass your data to another data controller, especially when:

 

  • The data processing is done using automated methods; and when
  • The processing is based on your consent or a contract between you and the data controller.

 

Under the same conditions and in the same way, you have the right to have your personal data transmitted directly from one data controller to another, as long as it's technically possible.

 

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

Data recipients and disclosure to third parties

 

The recipients of the data collected and processed are, in addition to the data controller themselves, their employees or other subcontractors, carefully selected business partners located in the European Union who collaborate with the controller in the marketing of products or the provision of services.

 

If the data is disclosed to third parties for direct marketing or commercial prospecting purposes, you'll be informed beforehand so you can choose whether to allow the transfer of your data to these third parties.

 

Since this transfer is based on your consent, you can withdraw your consent for this specific purpose at any time.

 

The data controller complies with all applicable laws and regulations. They'll also make sure that their partners, employees, subcontractors, or other third parties who have access to your personal data respect this Policy.

 

The data controller will disclose your personal data if required by law, a legal procedure, or an order from a public authority.

 

The data controller will not transfer any personal data outside the European Union.

 

Security

 

The data controller uses appropriate technical and organizational measures to ensure a level of security for the processing and collected data that is appropriate to the risks presented by the processing and the nature of the data to be protected, adapted to the risk. It takes into account the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of users.

 

The data controller always uses encryption technologies that are recognized as industry standards within the IT sector when transferring or receiving data on the website.

 

The data controller has put in place appropriate security measures to protect and prevent the loss, misuse, or alteration of information received on the website.

 

If the personal data controlled by the data controller is compromised, they will act quickly to identify the cause of the breach and take appropriate remedial measures.

 

The data controller will inform you of this incident if required by law.

 

Claim and complaint

 

If you want to react to any of the practices described in this Policy, we advise you to contact the data controller directly.

You can also lodge a complaint with your national supervisory authority, whose contact details can be found on the official website of the European Commission: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

 

In addition, you have the option to file a complaint with the competent national courts.

 

Data Protection Officer

 

The data controller's Data Protection Officer is Lionel Convent.

 

Their contact details are: Avenue Léonard de Vinci 18, 1300 Wavre – info@quimesis.be.

 

Contact information

 

If you have any questions or complaints regarding this Policy, you can contact the data controller:

 

By email: info@quimesis.be.
By post: Avenue Léonard de Vinci 18, 1300 Wavre.

 

Modification

 

The data controller reserves the right to modify the provisions of this Policy at any time. Changes will be published directly on the data controller's website.

 

Applicable law and competent jurisdiction

 

This Policy is governed by the national law of the place where the data controller's main establishment is located.

 

Any dispute relating to the interpretation or execution of this Policy will be subject to the jurisdiction of that national law.

 

This version of the Policy is dated 19/08/2022.