/ Confidentiality policy

CONFIDENTIALITY POLICY FOR THE HEX-GROUP.EU WEBSITE

VFR01.0 26092018

HeX is committed to protecting your personal data. This Policy is intended to provide you with detailed information about how the HeX Group (Hygiene & Expertise SPRL) protects your personal data.

ARTICLE 1: INTRODUCTION

The purpose of this confidentiality policy is to explain to users of the website:
How their personal data is collected and processed. Personal data includes any data that might identify a user. In particular, this relates to first names and surnames, ages, postal addresses, email addresses, the user’s location or their IP address;

  • What their rights are in relation to this data:
  • Who is responsible for processing the personal data collected and processed.
  • To whom this data is passed on;
  • The site’s cookies policy.

This confidentiality is in addition to the legal notice and general terms and conditions, which users can find at https://www.hex-group.eu/en_BE/mentions-legales/

ARTICLE 2: GENERAL PRINCIPLES FOR COLLECTING AND PROCESSING DATA

In accordance with the provisions of article 5 of European Regulation 2016/679, the collection and processing of the website’s users’ data comply with the following principles:

Lawfulness, legality and transparency: the data can only be collected and processed with the consent of the user to whom the data belongs. Every time personal data is collected, the user will be told that their data has been collected, as well as the reasons why this data has been collected;

  • Limited purposes: data is collected and processed to fulfil one or more objectives defined in these general terms and conditions;
  • Minimisation of data collection and processing: only the data needed for the fulfilment of the objectives pursued by the website is collected;
  • Reduced period over which data is kept: the data is kept for a limited time;
  • Integrity and confidentiality of the data collected and processed: the data controller (the person responsible for processing data) undertakes to guarantee the integrity and confidentiality of the data collected.

In order to be lawful, and in accordance with the requirements of article 6 of European Regulation 2016/679, the personal data can only be collected and processed if one of the following conditions is fulfilled:

  • The user has specifically consented to the processing;
  • The processing is necessary for the performance of a contract;
  • The processing fulfils a legal obligation;
  • The processing can be explained by a need associated with protecting the vital interests of the person involved, or another person;
  • The processing can be explained by a need associated with the performance of a task carried out in the public interest, or in the exercise of official authority;
  • The processing and collection of data are necessary for the purposes of legitimate, personal interests pursued by the data controller or a third party.

ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED WITHIN THE CONTEXT OF BROWSING THE WEBSITE

A. DATA COLLECTED AND PROCESSED AND HOW IT IS COLLECTED

The following personal data is collected on the HEX-GROUP.EU website:

  • Login details: surname, first name, username, password
  • Information relating to employment: company, position
  • Contact details: postal address, email, telephone number
  • Information associated with digital activities: IP address, geolocation

This data is collected when a user carries out one of the following activities on the website:

  • Creates an account in the client area
  • Requests a meeting or a site visit
  • Requests a quote or asks for information
  • Submits a claim
  • Responds to a satisfaction survey
  • Requests an automatic call-back
  • Responds to an application

The data controller will keep the personal data relating to their clients for the duration of the contractual relationship and for 5 (five) years after the end of the contractual relationship, in its IT systems, using reasonable security measures. Beyond that, the data is archived for as long as Hygiene & Expertise SPRL’s liability might be invoked.

For prospective clients, the data is kept for 1 (one) year.

Data is collected and processed for the following purposes:

  • To manage HeX’s customers, including potential clients;
  • For communication about HeX’s services, offers and news;
  • For business development or direct marketing about the HeX group’s activities;
  • To analyse website visitors;
  • To improve and customise the user experience on the website.

B. PASSING ON DATA TO THIRD PARTIES

Certain data may be passed on to the third parties listed below:
Exact Holding B.V. : managing customer relations
Google LLC: IP address, geolocation to measure visitor numbers
Mailjet SAS: sending messages by email
OVH: telephone number for a call back

Hygiene & Expertise SPRL undertakes not to pass on user data outside the European Union.

If Hygiene & Expertise SPRL has to do this, users will be informed of the measures taken to control this passing on, and ensure the confidentiality of their data.

C. HOSTING DATA

The HEX-GROUP.EU website is hosted by OVH SAS, whose registered office is at 2 rue Kellermann 59100 Roubaix (France).
The data collected and processed by the website is exclusively hosted and processed in the European Union.

ARTICLE 4: DATA CONTROLLER

A. THE DATA CONTROLLER

The Data Controller (the person responsible for processing personal data) is Mrs Pauline Legrand, in her capacity as Quality Assurance Manager for the company Hygiene & Expertise SPRL. She can be contacted by post, telephone or email:
Porte des Bâtisseurs, 145 B-7730 Estaimpuis (Belgium)
Tel: +32 (0) 56 346 256
Email: info@hex-group.eu
The data controller is responsible for defining the purposes and resources for processing personal data.

B. OBLIGATIONS OF THE DATA CONTROLLER

The data controller undertakes to protect the personal data collected, not to pass it on to third parties, including outside the European Union, without the user being informed, and to respect the purposes for which this data has been collected.
The website has an SSL certificate to ensure that the information and the transfer of data via the site are secure.
The purpose of an SSL (“Secure Socket Layer”) certificate is to secure the data exchanged between the user and the website.
As well as this, the data controller undertakes to notify the user if data is corrected or deleted, unless this generates disproportional formalities, costs and procedures.
If the integrity, confidentiality or security of the user’s personal data is compromised, the data controller undertakes to inform the user of this by any means.

ARTICLE 5: RIGHTS OF THE USER

In accordance with the law of 8 December 1992 on privacy and personal data, modified by the law of 11 December 1998 and European Regulation 2016/679, the user has all the rights listed below.
In order for the data controller to comply with their request, the user is invited to send a letter or email to the data controller, specifying their surname and first name, the purpose of their request and, if applicable, their username for the client area, together with proof of their identity.
The data controller must respond to the user within 30 (thirty) calendar days.

A. ABOUT THE RIGHTS OF THE USER IN RELATION TO DATA COLLECTION AND PROCESSING

a. Right of access, rectification and the right of erasure
The user can see, update, change or request the deletion of data about them, within the limits of what is required by regulations, by following the procedure described above.
If the user has a client account, they can ask for it to be deleted, by following the same procedure.

b. Right to restriction and to object to the processing of data
The user has the right to request the restriction or to object to the processing of their data by the website, and the website cannot refuse this, unless it can demonstrate compelling and legitimate reasons that might override the user’s interests, rights and freedoms.
In order to request the restriction of the processing of their data, or object to their data being processed, the user must follow the procedure described above.

c. Right not to be subject to a decision based solely on automated processing
In accordance with the provisions of regulation 2016/679, the user has the right not to be subject to a decision based solely on automated processing if the decision results in legal consequences in their regard, or similarly significantly affects them.

d. Right to data portability
The user has the right to request the portability of their personal data held by the website to another site, by following the procedure described above.

e. Right to refer to the competent supervisory authority
If the data controller decides not to respond to the user’s request, and if the user would like to dispute this decision, or if they think one of the rights listed above has been adversely affected, they have the right to refer to the Autorité de Protection des données (APD), https://www.autoriteprotectiondonnees.be, or any competent judge.

B. PERSONAL DATA BELONGING TO MINORS

In accordance with the provisions of article 8 of European regulation 2016/679, only minors aged 13 or over can consent to the processing of their personal data in Belgium.
If the user is a minor under the age of 13, the agreement of a legal representative is required for the personal data to be collected and processed.
The HEX-GROUP.EU website and associated services are aimed at individuals over the age of 13.

ARTICLE 6: USE OF COOKIES

The website uses cookies.

A cookie is a small text file stored by the website in the user’s memory or hard drive, containing information about the session or the user’s browsing habits.

These files help to facilitate browsing, control access to the client area, analyse traffic or improve the service for the user’s benefit.

The user is asked to consent to the use of cookies that are not strictly necessary for the smooth running of the website.

This consent from the user is deemed to be valid for a period of no more than 13 (thirteen) months. At the end of this time, the website will once again ask for the user’s authorisation to save cookies in their memory or hard drive.

a. The user’s objection to the use of cookies by the website
The user’s attention is drawn to the fact that they can object to these cookies being saved by changing their browser settings.
For your information, users can visit the following addresses for information about how to configure their browser to object to cookies:

  • Chrome: https://support.google.com/accounts/answer/61416?hl=en
  • Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
  • Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
  • Opera: http://www.opera.com/help/tutorials/security/cookies/
  • Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac

If the user decides to deactivate cookies, they can still browse the website. However, if the website malfunctions because of this, it cannot be regarded as caused by the publisher of the website.

b. Description of the cookies used by the website
The publisher of the website would like to draw the user’s attention to the fact that the following cookies are necessary for browsing:

NameSupplierPurposeExpiry
covalisshex-group.euTo control access to the client area12 hours

By browsing the website, the user’s attention is drawn to the fact that preference or third party cookies might be stored.

NameSupplierPurposeExpiry
__cfduidglobalsign.comTo validate the SSL certificate12 months
moove_gdpr_popuphex-group.euTo record the user’s consent12 months
_gahex-group.euUnique identifier used by Google Analytics to generate statistical data about how the user browses the website.24 months
_gathex-group.euTo reduce the number of requests by Google AnalyticsSession
_gidhex-group.euUnique identifier used by Google Analytics to generate statistical data about how the user browses the website.Session

The website uses Google Analytics, a service offered by Google LLC that analyses visits. The cookies used by Google Analytics help to monitor and analyse the use of the website, and generate activity reports. The data is processed in the United States. In exceptional circumstances where personal data is transferred to the United States, such as the user’s IP address, Google is subject to the EU-US Privacy Shield. The data collected by Google Analytics will not be combined with other data kept by Google.

The website also contains links to videos, showing HeX’s activities, and social networking sites, allowing the user to share their activity on the website. Cookies used by platforms broadcasting video content and social networking sites therefore might be stored on the user’s terminal when they use these functions.

The user’s attention is drawn to the fact that these websites have their own confidentiality policies and general terms and conditions that might be different from the site’s. The publisher of the website invites users to view the confidentiality agreements and general terms and conditions for these sites.

ARTICLE 7: TERMS AND CONDITIONS FOR CHANGES TO THE CONFIDENTIALITY POLICY

This confidentiality policy may be viewed at any time at the following address:
https://www.hex-group.eu/en_BE/confidentiality-policy/

The publisher of the website reserves the right to change it to make sure it complies with the laws in force. Any translation of this policy, into English or Dutch, is provided to the user solely for their convenience. If there are any inconsistencies or contradictions between the French version and its translation, the French version shall prevail.

As a result, the user is invited to refer to this confidentiality policy regularly to keep up-to-date with the latest changes made to it.

The user’s attention is drawn to the fact that the latest update to this confidentiality policy took place on 08/01/2018.

ARTICLE 8: THE USER’S ACCEPTANCE OF THE CONFIDENTIALITY POLICY

By visiting this website, the user confirms that they have read and understood this confidentiality policy, and accepts its terms and conditions, in particular in relation to the collection and processing of their personal data, as well as the use of cookies.