Privacy Statement regarding the protection of Personal Data of third parties of NV CO.BR.HA and affiliated companies
This statement (hereinafter referred to as “the Statement”) applies to all persons (except employees) whose Personal Data is processed by NV CO.BR.HA, with registered office at Provinciesteenweg 28, 3190 Boortmeerbeek, registered under CBE number 0403.567.015 and its affiliated companies (hereinafter also referred to as “CO.BR.HA”, or “We”).
“Third parties” includes all contracting parties, suppliers, business partners, customers, prospects, visitors, and consumers.
The purpose of this Statement is to inform you about the Personal Data collected about you and how it is processed by CO.BR.HA. and the associated rights.
This Statement is prepared in accordance with the provisions of:
the law of July 30, 2018 concerning the protection of natural persons with regard to the processing of Personal Data;
Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (also known as “GDPR” and hereinafter referred to as “General Data Protection Regulation” or “GDPR”).
Through this Statement regarding the protection of Personal Data, we guarantee that you:
remain informed about the processing of your Personal Data and your rights;
maintain control over the Personal Data we process;
can exercise your rights regarding your Personal Data.
Within the context of this Statement, we have defined the terms below as follows:
“Personal Data”: any information relating to an identified or identifiable natural person.
“Processing”: any operation or set of operations performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, structuring, storage, updating or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, erasure, or destruction of data.
“Controller”: a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Processor”: a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.
“Data Subject”: a natural person who can be identified, directly or indirectly, by reference to data, in particular by reference to an identifier such as a name, identification number, online identifier, or one or more factors specific to their physical, genetic, mental, economic, cultural, or social identity.
“Consent” of the data subject: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Data relating to them.
“Personal Data Breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
This Statement applies to the processing of Personal Data relating to:
our suppliers and/or business partners,
our customers and/or prospects, and
visitors to our Brewery and visitors to our website.
consumers
If we collect and process Personal Data of third parties (e.g., the name and contact details of your partner, children, etc.) that you have provided to us, we request that you inform these third parties of the transfer of this data and the existence of this Statement, so they are aware of the processing we perform on their Personal Data and their rights.
CO.BR.HA. as Data Controller
CO.BR.HA. is responsible for processing Personal Data that we collect and/or use.
As part of our activities, CO.BR.HA. may process your Personal Data (through collection, storage, etc.). We determine the purposes (why) and means (how) of processing your Personal Data. As such, we are considered the Data Controller.
As Data Controller, we pay special attention to the protection of your privacy and your Personal Data, and therefore we commit to taking reasonable and necessary precautions to protect your Personal Data against loss, theft, disclosure, or unauthorized use.
However, we reserve the right to disclose your Personal Data in accordance with the provisions set out below in the Statement.
Contact details of the Data Controller:
Data Controller: CO.BR.HA. nv
Email: gdpr@haacht.com
Address: Provinciesteenweg 28, 3190 Boortmeerbeek.
We have appointed a Privacy Officer.
You can contact the Privacy Officer if you have questions or complaints about the processing of your Personal Data and if you wish to exercise any of the rights described in point 10 of the Statement.
Contact details of the Privacy contact person:
Email: gdpr@haacht.com
Address: Provinciesteenweg 28, 3190 Boortmeerbeek.
Personal Data of our customers, prospects, suppliers, visitors, or other third parties who directly contact CO.BR.HA.
In the context of our contacts with you and in the context of executing the agreement we have with you, we collect and process Personal Data concerning you.
Additionally, we may also process Personal Data of your company representatives, employees, and/or independent contractors (hereinafter generally referred to as “you” or “your”) that you provide to us to enable contact with you or to execute the agreement we have with you.
If you provide us with Personal Data of your representatives, staff members, and other third parties, you must inform them of the existence and content of this Statement.
Specifically, the Personal Data we process relates to the following information:
identification data such as name, first name, gender, function and company etc.,
contact details such as phone number, email address, etc.,
financial data such as bank account number, etc.
images from surveillance cameras in our parking lot and brewery.
Additionally, Personal Data of customers and prospects can be collected directly from you when you make purchases or place orders with CO.BR.HA., during promotional campaigns or similar events organized by CO.BR.HA. (competitions, CO.BR.HA.’s presence at trade fairs and other events, …).
Personal Data of visitors to our website
When you visit our website https://primus.be, we also collect personal information about you. These are:
– the IP address, and
– “cookies.”
“Cookies” are small files stored by your browser on your computer that allow us to obtain certain information about your use of our website (e.g., language choice, duration of your page visit, preferences etc.). They particularly facilitate navigation on our website (through the use of so-called necessary cookies) but also allow us to better adapt the website to your wishes and preferences. More information on this subject can be found in our “cookie policy” which is available on our website https://primus.be.
We do not collect or process sensitive Personal Data, namely:
Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic or biometric data.
Personal Data concerning health;
Personal Data concerning sexual behavior or sexual orientation.
We specify that surveillance camera images do not constitute sensitive Personal Data.
If we were to receive such sensitive Personal Data, we commit to not using it and deleting it as quickly as possible.
For what purposes do we need your Personal Data?
Offering our products and services and proper execution of agreements
In order to offer you certain services and to execute the agreement we have concluded or will conclude with our suppliers, partners and customers as well as possible, we process the Personal Data of our suppliers, partners, customers, prospects and, where applicable, their employees.
Some of the information we request from you is mandatory and is a condition for concluding the contract with you, as this is necessary information to execute the agreement to the best of our ability.
The proper operation of our company
To function as effectively as possible as a company, we may process your Personal Data in order to:
manage our activities (for administrative purposes), prevent risks related to our activities (for example, to comply with certain legal obligations, prevent risks related to money laundering, fraud, etc.),
manage complaints and/or questions,
facilitate the execution, establishment and/or termination of contractual relationships with our customers and/or suppliers (for example, by reusing your Personal Data collected during a previous contract to conclude a new contract),
enable us to defend ourselves in court, exercise our rights and ensure them and protect the rights of the people we represent in court, including using them as evidence in a possible dispute (including Personal Data relating to a transaction/contractual relationship).
….
This falls within our legitimate interest as a company and/or is based on legal obligations that apply to us (in terms of taxation, accounting evidence, etc.)
Your personal data may be used to advertise our products and services and/or send newsletters if:
you are already our customer,
you have previously given consent to receive this type of communication.
Additionally, we may also organize events such as “competitions” for which we collect your Personal Data as part of this event, if you choose to participate.
Based on our legitimate interest in securing our properties (brewery, inventory, etc.) and our personnel, we have chosen to install surveillance cameras in our brewery parking lot and at several warehouses.
The surveillance camera footage is automatically recorded and deleted approximately 5 months after recording. This period is approximate and may be longer or shorter depending on the amount of footage to be stored.
Based on our legitimate interest in securing our website https://primus.be, we collect and process your IP address.
While browsing our website https://primus.be, we install “cookies”:
that are necessary for the proper functioning of our website, based on our legitimate interest in providing you with a functional website, and
for analyzing your browsing behavior on our website only if you have given prior consent.
If you would like more information about our use of cookies, their storage times, etc., please refer to our cookie policy available on our website https://primus.be.
To increase our internet presence and to be closer to our customers and future customers, we are also present on social media such as Facebook, LinkedIn and YouTube.
By visiting these websites, you can, on a voluntary basis, directly share some of your Personal Information with us by contacting us, commenting and/or sharing our publications.
Additionally, we recommend reading the privacy statement published by these third parties on their website to be aware of the processing of your Personal Data by these third parties in their capacity as controllers of your Personal Data.
Specifically, CO.BR.HA. processes your Personal Data based on the legal grounds set out below.
We only use and process your Personal Data if one of the following conditions is met:
The use of your Personal Data is necessary for the execution of an agreement you have with us or to take the necessary steps to conclude this agreement.
The use of your Personal Data is in the context of our legitimate interests and in accordance with your interests and rights.
This will particularly be the case with regard to:
the use of surveillance cameras,
sending commercial information or advertising to existing contacts.
collecting and recording your IP address to secure our website,
and the purposes mentioned in point 6.2 of this Statement.
We are legally required to process certain Personal Data and, where applicable, share it with the competent authorities (e.g., in the context of an audit).
We have your free and explicit consent to use your Personal Data for a specific purpose.
If you do not yet have a relationship with us, we ask for your consent to contact you for direct marketing purposes.
Only employees who need access to Personal Data for the execution of their professional tasks are granted access. They act under our supervision and we are responsible for them.
We also use external suppliers who handle certain processing tasks so that we can offer you our products and services, specifically IT services and legal, financial, accounting, and other services. Since these third parties may have access to Personal Data for the execution of the requested services, we have taken technical, organizational, and contractual measures to ensure that your personal data is exclusively processed and used for the purposes mentioned in point 6 of this Statement.
When legally required, we may provide your Personal Data to regulatory authorities, tax authorities, and investigative services.
The Personal Data will not be transferred outside the European Union (hereinafter “EU”) and/or the European Economic Area (hereinafter “EEA”). If CO.BR.HA. intends to store and/or process these outside the EU or EEA, we will explicitly mention this and ensure that the same level of protection is guaranteed.
If we use processors in the sense of the GDPR, Personal Data may be transferred to the countries where these processors’ data centers are located.
With these processors, we conclude an agreement whereby these processors guarantee the same level of protection as CO.BR.HA. for Personal Data stored within the EU or EEA.
We keep your Personal Data only as long as necessary to achieve the purposes mentioned in point 6 of this Statement. Any deviations or clarifications of this principle are explicitly indicated for the various purposes mentioned in point 6 of this Statement.
Given that the necessity to retain Personal Data depends on the type of Personal Data and the purpose of processing, retention periods can vary significantly.
These are the criteria we use to determine the retention periods:
How long do we need the Personal Data to provide the requested service or to perform the agreement?
Have we established and announced a specific retention period?
Have we received consent to extend the retention period?
Are we subject to a legal, contractual, or similar obligation?
Should the Personal Data be retained longer in the context of a (potential) dispute?
Do we have a legitimate interest to retain the data longer?
As soon as we no longer need your Personal Data to achieve the intended purpose and/or we are no longer legally obliged to retain it, we will permanently delete it or, if this proves impossible, we will anonymize it in our system.
You have certain rights regarding the processing of your Personal Data by CO.BR.HA. Below you will find an overview of these rights.
You have the right to be informed, at the latest at the time of collecting your Personal Data, about the processing we carry out, your related rights, and the exercise of these rights. That is why we have drawn up this Statement.
You have access to the Personal Data concerning you processed by CO.BR.HA. and you also have the right to inspect this Personal Data. Upon your request, we will provide you with a free copy of your Personal Data. You also have the possibility to receive an answer to any question regarding the processing(s) of your Personal Data (processing reasons, recipients, retention period…).
You have the right to request the erasure or rectification of incorrect, incomplete, inappropriate, or outdated Personal Data.
You have the right to obtain the erasure of your Personal Data if:
the Personal Data are no longer necessary for the intended purpose, including the performance of the agreement;
the subject of processing is unlawful;
a legitimate objection is raised against the processing.
However, we may retain the required Personal Data as evidence.
Right to Data Portability
Regarding the Personal Data processed based on your consent or due to their necessity for the provision of the requested products or services, CO.BR.HA. will, upon your request and insofar as technically possible, make available to you or the third party you have designated a copy of the Personal Data provided by you in a digital, readable, and structured format.
Privacy law limits this right to the Personal Data that you yourself have made available to the controller.
You have the right to request the restriction of the processing of your Personal Data. This allows us to temporarily and/or partially halt (freeze) the processing we carry out. You can permanently stop a specific processing or all processing activities we perform on your Personal Data by invoking the right to object.
If the processing is based on your consent, you have the right to withdraw that consent at any time.
If you do not agree with the way CO.BR.HA. processes certain Personal Data based on our legitimate interests, you have the right to object to it.
You also have the right to object to the processing of your Personal Data for direct marketing purposes if you no longer wish to receive such communications from us. Your request will be considered as soon as possible, after which we will no longer process your Personal Data for such purposes.
Exercise of Data Protection Rights
To exercise the aforementioned rights, you must date and sign your written request and enclose a copy of your identity card.
If you wish to exercise the above-mentioned rights or have questions or complaints about the processing of your Personal Data, you can contact us through the following channels:
By email to the Data Protection Officer: gdpr@haacht.com
By post at the following address: Provinciesteenweg 28, 3190 Boortmeerbeek
This request is free of charge, except in the case of requests deemed manifestly unfounded or excessive by the Controller (particularly due to their repetitive nature).
The Controller may also demand payment of reasonable fees based on the administrative costs for each additional copy requested.
This request for obtaining a copy of the Personal Data will be processed within one month. This period may be extended by two months, taking into account the complexity and number of requests. In case of an extension of the period, you will be informed thereof and the reasons will be communicated to you.
The Controller will notify third parties to whom the Personal Data have been disclosed of any rectification, erasure, or restriction carried out, if this does not prove impossible and/or if this does not involve disproportionate effort.
If you believe that CO.BR.HA. has not acted on your request, if you have comments regarding the exercise of your rights, or if you are of the opinion that the processing of your Personal Data is not in accordance with the legislation, a complaint can be filed with the Belgian Data Protection Authority.
Below you will find the contact details of the Data Protection Authority:
Drukpersstraat 35, 1000 Brussels
Phone: 02/274.48.00
Email: contact@apd-gba.be
Website: https://www.gegevensbeschermingsautoriteit.be/
Your Personal Data are considered strictly personal. CO.BR.HA. takes appropriate technical and organizational measures to protect Personal Data against destruction, loss, unintended alteration, damage, accidental or unlawful access, or any other unauthorized data processing.
In the event of a Personal Data breach (for example, destruction, loss, alteration, accidental or illegal access, etc.) within CO.BR.HA., and if this Personal Data breach proves to pose a high risk to your rights and freedoms, we will inform you as soon as possible.
Notice and Amendment of this Statement
This statement is posted on the website of NV CO.BR.HA and affiliated companies.
CO.BR.HA. reserves the right to amend and update this Statement at any time.
In case of significant changes, the amendment date will be updated.
We encourage you to consult this Statement regularly so that you remain informed about how we process and protect your Personal Data.
