/ Confidentiality policy

POLITIQUE DE CONFIDENTIALITÉ DU SITE WEB HEX-GROUP.EU

VFR01.0 26092018

HeX attache une grande importance à la protection de vos données personnelles. Cette Politique a pour mais de vous fournir des informations détaillées sur la manière dont HeX Group (Hygiene & Expertise SPRL) protège vos données personnelles.

ARTICLE 1 : PRÉAMBULE
La présente politique de confidentialité a pour objet d’expliquer aux utilisateurs du site :

Comment leurs données personnelles sont collectées et traitées. Les données personnelles sont toutes les données susceptibles d’identifier un utilisateur. Cela inclut les noms et prénoms, l’âge, l’adresse postale, l’adresse e-mail, la localisation de l’utilisateur et l’adresse IP ;
Quels sont les droits des utilisateurs concernant ces données ?
Qui est responsable du traitement des données personnelles collectées et traitées ?
À qui ces données sont transmises ;
La politique en matière de cookies du site.
Cette politique de confidentialité complète les mentions légales et les Conditions Générales d’Utilisation, que les utilisateurs peuvent consulter sur https://www.hex-group.eu/mentions-legales/.

ARTICLE 2 : PRINCIPES GÉNÉRAUX DE COLLECTE ET DE TRAITEMENT DES DONNÉES
Conformément aux dispositions de l’article 5 du Règlement européen 2016/679, la collecte et le traitement des données des utilisateurs du site respectent les principes suivants :

Lawfulness, fairness and transparency: data may only be collected and processed with the consent of the user who owns the data. Whenever personal data is collected, the user will be informed that his or her data is being collected, and for what purpose the data is being collected;
Limited purposes: the collection and processing of data is carried out to meet one or more of the purposes set out in these general conditions of use;
Minimization of data collection and processing: only the data necessary for the proper execution of the purposes pursued by the site are collected;
Data storage limited in time: data is stored for a limited period of time;
Integrity and confidentiality of data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.

In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data may only take place if they comply with at least one of the conditions listed below:

The user has expressly consented to the processing;
Processing is necessary for the proper performance of a contract;
Processing is required by law;processing is necessary in order to safeguard the vital interests of the data subject or of another natural person;Processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority;The processing and collection of personal data are necessary for the purposes of the legitimate and private interests pursued by the data controller or by a third party.

ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED WHEN BROWSING THE SITE

A. DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION
The personal data collected on the HEX-GROUP.EU website is as follows:

Identification information: surname, first name, login, password
Employment information: company, position
Contact details: postal address, e-mail, telephone number
Information related to digital activity: IP address, geolocation
This data is collected when the user carries out one of the following operations on the site:

Creation of an account in the customer area
Requesting an appointment or an intervention
Request for quotation or information
Request for a complaint
Reply to a satisfaction survey
Request an automatic call-back
Reply to a job application
The data controller keeps personal data relating to its customers in its IT systems, under reasonable security conditions, for the duration of the contractual relationship and for 5 (five) years after the end of the contractual relationship. Beyond this period, data is archived for as long as Hygiene & Expertise SPRL may be held liable.
In the case of prospective customers, data is kept for 1 (one) year.

Data is collected and processed for the following purposes:

Management of HeX customers, including potential customers;
Communication about HeX group services, offers and news;
Commercial prospecting or direct marketing relating to the activities of the HeX group;
Website audience analysis;
Improvement and personalization of the user experience on the site.

B. TRANSMISSION OF DATA TO THIRD PARTIES
Certain data may be transmitted to the third parties listed below:

vExact Holding B.V.: customer relationship management
Google LLC: IP address, geolocation for audience measurement
Mailjet SAS: e-mail communications
OVH SAS: telephone number to be called back

Hygiene & Expertise SPRL undertakes not to transfer user data outside the European Union.

Should Hygiene & Expertise SPRL do so, users will be informed of the measures taken to control the transfer and ensure the confidentiality of their data.

C. DATA HOSTING
The HEX-GROUP.EU site is hosted by OVH SAS, headquartered at 2 rue Kellermann 59100 Roubaix (France).
The data collected and processed by the site is exclusively hosted and processed in the European Union.

ARTICLE 4: DATA CONTROLLER
A. DATA CONTROLLER

The person responsible for processing personal data is Mrs Pauline Legrand, in her capacity as Quality Assurance Manager of Hygiene & Expertise SPRL. She can be contacted by post, telephone or e-mail:
Porte des Bâtisseurs, 145 B-7730 Estaimpuis (Belgium)
Tel: +32 (0) 56 346 256
E-mail: info@hex-group.eu
The data controller is responsible for determining the purposes and means of processing personal data.

B. OBLIGATIONS OF THE DATA CONTROLLER
The data controller undertakes to protect the personal data collected, not to pass it on to third parties, including outside the European Union, without the user’s knowledge, and to respect the purposes for which the data was collected.
The site has an SSL certificate to guarantee that information and data transfer via the site are secure.
An SSL certificate (“Secure Socket Layer” Certificate) secures data exchanged between the user and the site.
In addition, the data controller undertakes to notify the user of any rectification or deletion of data, unless this would entail disproportionate formalities, costs or steps.
In the event that the integrity, confidentiality or security of the user’s personal data is compromised, the data controller undertakes to inform the user by any means necessary.

ARTICLE 5: USER RIGHTS
In accordance with the law of December 8, 1992 on the protection of privacy with regard to the processing of personal data, amended by the law of December 11, 1998, and with European regulation 2016/679, the user has the rights listed below.
In order for the data controller to comply with his/her request, the user is invited to send an ordinary letter or an e-mail to the data controller, specifying his/her surname, first name, the subject of his/her request and, where applicable, his/her customer login, accompanied by proof of his/her identity.
The data controller is obliged to reply to the user within a maximum of 30 (thirty) calendar days.

A. PRESENTATION OF THE USER’S RIGHTS WITH REGARD TO DATA COLLECTION AND PROCESSING
a. Right of access, rectification and deletion
The user may access, update, modify or request the deletion of data concerning him/her, within the limits of the regulations, by following the above-mentioned procedure.
If he/she has one, the user has the right to request the deletion of his/her customer area by following the same procedure.

b. Right to limit and object to data processing
The user has the right to request the limitation of, or to object to, the processing of his/her data by the site, without the site being able to refuse, unless it can be shown that there are legitimate and overriding reasons, which may override the interests and rights and freedoms of the user.
In order to request the limitation of the processing of his/her data or to formulate an objection to the processing of his/her data, the user must follow the above-mentioned procedure.

c. Right not to be subject to a decision based exclusively on an automated process
In accordance with the provisions of Regulation 2016/679, the user has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects concerning him, or significantly affects him in a similar way.

d. Right to data portability
The user has the right to request the portability of his/her personal data, held by the site, to another site, by following the aforementioned procedure.

e. Right to contact the competent supervisory authority
In the event that the data controller decides not to respond to the user’s request, and the user wishes to contest this decision, or, if he/she believes that any of the rights listed above have been infringed, he/she is entitled to refer the matter to the Data Protection Authority (DPA), https://www.autoriteprotectiondonnees.be, or any competent judge.

B. PERSONAL DATA OF MINORS
In accordance with the provisions of Article 8 of European Regulation 2016/679, only minors aged 13 or over may consent to the processing of their personal data in Belgium.
If the user is a minor under the age of 13, the consent of a legal representative is required in order for personal data to be collected and processed.
The HEX-GROUP.EU website and associated services are intended for people over the age of 13.

ARTICLE 6: USE OF COOKIES
The site uses “cookies”.
A “cookie” is a small text file stored by the site in memory or on the user’s hard disk, containing information relating to the user’s session or browsing habits.
These files enable the site to facilitate navigation, control access to the customer area, analyze traffic and improve service for the user’s comfort.
For the use of cookies that are not strictly necessary for the proper operation of the site, the user’s consent is requested.
This consent is considered valid for a maximum period of 13 (thirteen) months. At the end of this period, the site will again request the user’s authorization to store cookies in memory or on the hard disk.

a. Opposition of the user to the use of cookies by the site
Users are informed that they may oppose the recording of cookies by configuring their browser software.
For further information, please refer to the following addresses for instructions on how to configure your browser to prevent cookies from being stored on your computer:

  • Chrome : https://support.google.com/accounts/answer/61416?hl=fr
  • Firefox : https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences
  • Internet Explorer : https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
  • Opera : http://www.opera.com/help/tutorials/security/cookies/
  • Safari : https://support.apple.com/fr-fr/guide/safari/sfri11471/mac
  •  
  • Should the user decide to deactivate cookies, he/she will be able to continue browsing the site. However, any malfunction of the site caused by this manipulation cannot be considered to be the fault of the site editor.

    b. Description of cookies used by the site
    The site editor draws the user’s attention to the fact that the following cookies are required for browsing:

    NomFournisseurFinalitéExpiration
    covalisshex-group.euContrôle d’accès à l’espace client12 mois

    When browsing the site, users are informed that preference or third-party cookies may be stored.

    NomFournisseurFinalitéExpiration
    __cfduidglobalsign.comValidation du certificat SSL12 mois
    moove_gdpr_popuphex-group.euEnregistrement du consentement de l’utilisateur12 mois
    _gahex-group.euIdentifiant unique utilisé par Google Analytics pour générer des données statistiques sur la façon dont l’utilisateur navigue le site.24 mois
    _gathex-group.euDiminution du nombre de requêtes par Google AnalyticsSession
    _gidhex-group.euIdentifiant unique utilisé par Google Analytics pour générer des données statistiques sur la façon dont l’utilisateur navigue le site.Session

The site uses Google Analytics, an audience analysis service provided by Google LLC. The “cookies” used by Google Analytics enable the tracking and analysis of website usage and the generation of reports on website activity. The data is processed in the USA. For exceptional cases in which personal data would be transferred to the United States, such as the user’s IP address, Google has submitted to the EU-US Privacy Shield. The data collected by Google Analytics will not be combined with other data held by Google.
In addition, the site contains links to videos, presenting HeX’s activity, and social networking buttons, enabling users to share their activity on the site. Cookies from video content distribution platforms and social networks may therefore be stored on the user’s terminal when he or she uses these functions.
Users should note that these sites have their own privacy policies and general conditions of use, which may differ from those of the site. The site editor invites users to consult the privacy policies and general conditions of use of these sites.

ARTICLE 7: CONDITIONS FOR MODIFYING THE PRIVACY POLICY
This privacy policy may be consulted at any time at the address below:
https://www.hex-group.eu/politique-confidentialite/
The site editor reserves the right to modify it in order to ensure its compliance with current legislation. Any translation of this policy into English or Dutch is provided for the user’s convenience only. In the event of any inconsistency or contradiction between the French version and any translation, the French version shall prevail.
Consequently, the user is invited to consult this privacy policy regularly in order to keep abreast of the latest changes.The user is advised that this privacy policy was last updated on 08/01/2018.

ARTICLE 8 : ACCEPTATION DE LA POLITIQUE DE CONFIDENTIALITÉ PAR L’UTILISATEUR
En naviguant sur le site, l’utilisateur certifie avoir lu et comprend la présente politique de confidentialité et en acceptant les conditions, notamment en ce qui concerne la collecte et le traitement de ses données personnelles, ainsi que comme l’utilisation de « cookies ».