1. Who are we?
- Name: Carioka BV (the “Company”,”we“, “us/our“)
- Seat: Rue Armand Campenhout 11, 1050 Ixelles
- Company number: 0748.723.796
- VAT number : BE 0748.723.796
- Website: https://www.carioka.be (the “Website“)]
- Contact details of the contact person for data protection matters : M. Simon Castex – firstname.lastname@example.org
2. Who are the data subjects?
- We process personal data from:
- our customers, natural persons ;
- our customers’ representatives;
- our suppliers’ representatives
- the representatives of our partners and subcontractors ;
- the persons applying for a position as an employee or self-employed person within the Company;
- users of our Website and social networks, where applicable, and visitors to our workplaces, including the facilities of our partners; and
- any natural person who contacts us in order to obtain information about our services; (the “data subjects“, “you/your“).
3. What is our commitment regarding data protection?
We undertake to use our best efforts to bring our personal data processing activities into compliance with applicable data protection law including Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR“) and the Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data, as amended, supplemented or replaced from time to time (the “Applicable Data Protection Law“).
4. For which purposes do we process your personal data?
- If you are a representative of one of our customers, we process:
- your personal identification data, professional identification data and contact data for the activation, management and continuation of the commercial relationship with our customers;
- your personal identification data and professional identification data to enable us to follow-up on the invoicing of our customers;
- if applicable, your personal identification data, professional identification data and contact data for sending communications for marketing purposes;
- If you are a representative of one of our suppliers, we process your personal identification data, professional identification data and contact data for the management of our commercial relationship with our suppliers.
- If you are a candidate for employment with us, we process your personal identification data, professional identification data, contact data, data relating to your professional life (skills, qualifications, experience, etc.) and personal data contained in your curriculum vitae to assess your profile in relation to our recruitment needs and to get in touch with you.
- If you visit our Website, we may process your electronic identification data in aggregate form to measure the frequency on our Website, improve your browsing experience and to detect and prevent fraud and computer security breaches.
- If our workplaces are equipped with surveillance cameras, we are able to request access to images about you only when such access is necessary to pursue our legitimate interest in detecting offences or incivilities and to the extent permitted by applicable law.
- We may also process some of your personal data for the following purposes:
- carry out internal and external audits, particularly with a view to improving our services;
- manage disputes with data subjects and where processing is necessary for the establishment, exercise or defence of a legal claim.
5. In what capacity do we process your personal data?
We process your personal data in a capacity of controller. In this context, we determine the purposes and means of the processing of your personal data.
6. On which basis do we process your personal data?
- The provision of your personal data may be necessary:
- for the performance of a contract to which the data subject is a party or for the performance of pre-contractual steps taken at your request (for example, in the event of a request to work with us or the submission of an offer);
- for compliance with a legal obligation applicable to us (e.g. accounting, taxation, money laundering prevention etc.);
- to pursue our legitimate interests (or those of a data recipient) provided that these interests prevail over your fundamental rights and freedoms.
- We ask for your prior, free and informed consent before processing some of your personal data (for example, whenever the processing of your data involves a transfer of your image rights or with a view to carrying out certain direct marketing actions).
- The provision of some of your personal data (e.g. your personal identification data, etc.) may be a condition to enable us to provide you with our services or perform or activities.
- The possible consequences of not providing your personal data may include our inability to provide you with our services or perform our activities or a breach by us of one or more obligations under applicable laws (e.g. accounting and tax laws, money laundering prevention).
7. Where do we source your personal data from?
The personal data we process come from the following sources:
- directly from you, e.g. during the first contact we make with you;
- from publicly available information (on the Internet), e.g. when we check the profile of candidates for employment with us.
- through our Website
8. Who has access to your personal data?
The following recipients may receive or have access to some of your personal data (only if necessary for the performance of their tasks):
- the members of our staff tasked with commercial and administrative follow-up have access to the personal identification data, professional identification data and contact data of our customers and our customers’ representatives;
- the members of our staff tasked with monitoring our suppliers have access to personal identification data, professional identification data and contact data of our suppliers’ representatives and our partners;
- our legal advisors and lawyers have access to certain personal data of data subjects in the context of the restructuring of our activities or litigation.
9. How do we manage the transfer of personal data to our subcontractors and partners?
- We take appropriate measures to ensure that our subcontractors and partners process your personal data in accordance with Applicable Data Protection Law and our own standards.
- Among other things, we ensure that our subcontractors and partners undertake to process personal data only on our instructions, not to hire subcontractors without our prior authorisation, to take appropriate technical and organisational measures to guarantee the security of personal data, to ensure that persons authorised to access personal data are subject to adequate obligations of confidentiality, to return and/or delete the personal data they process at the end of their services, to comply with audits and to provide us with assistance in following up requests from data subjects for the exercise of their rights regarding their personal data.
10. Where do we process your personal data?
- Some recipients of personal data may be organisations whose headquarters are located in a country outside the European Economic Area (“EEA“) or may process certain personal data from a country outside the EEA.
- In the event that certain of your personal data are transferred to countries outside the EEA, we will ensure that we take the following safeguards:
- the country where the personal data are transferred to has benefitted from an adequacy decision from the European Commission pursuant to article 45 of the GDPR and the transfer falls within the scope of such adequacy decision;
- we have concluded a contract with the recipient of personal data that contains the standard data protection clauses adopted by the European Commission pursuant to Article 47 of the GDPR;
- in the event of a transfer to the United States, the recipient of personal data has been certified under the EU-US Privacy Shield programme established pursuant to Article 45 of the GDPR and the transfer falls within the scope of the EU-US Privacy Shield programme.
11. What are the applicable retention periods?
- We ensure that your personal data are only kept for as long as necessary for the purposes for which they are processed.
- We keep invoices and other accounting documents (which may include some of your personal data) for a period of seven (7) years from the end date of the accounting year when they were issued in accordance with accounting laws. These accounting documents may, where applicable, contain certain personal identification data, professional identification data and contact data.
- We also use the following criteria to determine the retention periods of personal data according to the context and purposes of each processing activity:
- the date of our last contact;
- security reasons (for example, the security of our information systems);
- any current or potential dispute or litigation with a data subject;
- any legal obligation to retain or delete personal data (for example, a retention obligation imposed by accounting or tax laws).
12. What are your rights and obligations?
- Subject to Applicable Data Protection Law, you have the right to be informed, the rights of access, rectification and erasure of your personal data, the right to object to or limit the processing of your personal data, the right to data portability and the right to withdraw your consent.
- Please forward any request relating to the exercise of your rights regarding your personal data that we process in our capacity as controller to our contact person for data protection matters using his or her contact details as set out in the Policy. Please note that we may, in the event of doubt as to your identity, ask you for proof of identity in order to prevent any unauthorised access to your personal data.
- You are responsible for updating your Data, in particular through your client account accessible online, via our Website.
13. What level of security do we ensure?
- We take appropriate technical and organisational measures to ensure a level of security appropriate to the risks associated with the processing of your personal data.
- We follow industry best practices to ensure that personal data are not accidentally or unlawfully destroyed, lost, altered, altered, disclosed in an unauthorized manner or accessed in an unauthorized manner.
14. Do you have any questions or complaints?
You have the right to lodge a complaint with the competent supervisory authority. The competent authority for Belgium is: Data Protection Authority, rue de la presse/drukpersstraat 35, 1000 Brussels, +32 (0)2 274 48 00, email@example.com.] You have the right to lodge a complaint with the competent supervisory authority.]
15. Updating of the Policy
- We reserve the right to update the Policy from time to time. We inform you of any changes we may make to the Policy.
- Where applicable and unless otherwise specified, any changes will take effect immediately and will govern any ongoing situation.
- In the event of a conflict or inconsistency between a provision of the Policy and a provision of another policy or document relating to the processing of personal data, the provision of the Policy prevails.