Privacy declaration

OERAL

PRIVACY STATEMENT OF FUEL SERVICE BVBA VERSION 1.0

OERAL, located at B – 3600 Genk, C-mine 12, is responsible for the processing of personal data as shown in this privacy statement.

WHO ARE WE?

Since we comply with the GDPR / AVG – Legislation that has been in force since 25/05/2018, we present you this privacy statement. If you still have questions after reading this statement, you can always contact our data protection officer or DPO (Data Protection Officer) via this route: [email protected]

1. WHAT:

In it we explain how we handle your personal data, what your rights are, how you can enforce them, etc.
– Terms used:
– Personal data: by this the GDPR / AVG means all information that could identify a natural person, directly or indirectly. Further referred to as “data.” So it is NOT about company data !!
– Processing: collecting, recording, organizing, structuring, storing, updating or changing, requesting, consulting, using, providing by means of forwarding, dissemination or otherwise making available, aligning or combining, shielding, deleting or destroying data .

2. WHICH:

We process the following personal data from you:
Name, address, telephone number and / or mobile phone number and e-mail address.This information came to us through:
1. That you have provided them to us yourself during or prior to a personal interview
2. By registering and logging in to our website: www.oeral.be
We do not collect data in any other way.

3. PURPOSE:

We do this with the aim of contacting you or staying in touch with you regarding services and / or goods to be delivered, following up on services and / or goods delivered or to be able to answer all your questions. This is a pre-contractual or contractual relationship. If, by exception, we nevertheless receive other personal data from you privately, this will only be used for 1 specific purpose and only temporarily stored.

4. STORAGE:

We will keep your data as long as you use our internet application and as long as we need your personal data to be able to offer you a certain service or product.

More specifically:
– Trade books: 7 years in original or electronic form, with the retention period starting from 1 January of the year following the close of the financial year. Here we follow Article III.86 Code of Economic Law and article 9 of the Royal Decree of 12/09/1983 implementing the law of 17/07/1975 on the accounting of the company.
-Justifying documents: 7 years in original or electronic form, with the retention period starting after the closing of the financial year. Here we follow Article II.86 Code of Economic Law.
-Documents that do not serve as evidence to third parties: 3 years in original or copy, again with Article III.86 of the Code of Economic Law.

5. SECURITY:

For this processing, we take the appropriate technical and organizational measures to optimally protect your data, taking into account the nature of the data and the associated risks. We do not store any special personal data and have the following measures in place for the security of your data:

-The computers on which data are processed are protected by default with a username and a complex password.
-All computers are equipped with a Small Office Security solution, which of course is always kept “up-to-date” and automatically performs multiple scans. All Windows installations are automatically provided with updates. The installation is checked at least once a month and started manually if necessary.
-The data is stored on a part of the disk that is set up as a “data vault.” This is encrypted and can only be reached after starting the computers + Windows login + opening the safe using Kaspersky and a long and complex password.
-To avoid data loss when the computers are lost, we make daily backups to an encrypted cloud environment. -The data is first compressed, then encrypted with at least AES256 bit key and this form stored in the off-site location. Those responsible for the backups cannot read data in this way, as the encryption key is only known by us and stored in a special “password manager”.
-All passwords are managed by Kaspersky password manager and stored in the cloud environment.
-Our employees are fully informed about the safe handling of your personal data and are kept confidential by their employment contract.
-No data is kept on paper given the possibility of online registration and is not accessible to unauthorized persons. The past tells us that no risk is completely avoided and should we become aware of unauthorized access to our IT systems or unlawful alteration, damage or possible loss of your data, we will immediately take all necessary measures to mitigate this risk. to minimize and avoid in the future. This will also limit the possible damage for you.

6. TRANSFER:

We pass on your data to the following parties for the purposes stated below;

-The accountant to comply with our legal accounting requirements;
-For employees: The social secretariat with the aim of calculating wages;
-The supplier of this application with the aim of ensuring the security and operation of this internet application.

PS This only concerns your general personal data and this will not be passed on to organizations and / or persons for marketing purposes. For other parties, we only do this after express permission from you or on your behalf. We conclude processing agreements with the parties mentioned above, in which it is stipulated that they must also comply with the GDPR / AVG guidelines. We will at all times ensure that your personal data will NOT be stored outside the EEA without a proper guarantee from any relevant parties that they also fully comply with the GDPR / AVG legislation.

YOUR RIGHTS:

Below is a summary of your rights regarding the processing of your personal data, whether it applies and how you can enforce them:

Access: You have the right to request access to what data we hold about you and if there are errors or incompleteness, ask for rectification, addition and even deletion.
Attention !: If you request deletion, this can only be carried out if we no longer need your data for reasons other than those stated in our purpose description point 3. Think especially of tax and social legislation.
Transferability: If you wish to change providers, we will hand over your personal data in a digitally readable standard format to the new organization. Objection to automated decision-making and profiling: Since we do not implement this, this does not apply.
Objection to data processing: This only applies if your data is used for direct marketing, but since we do not carry out this either, this does not apply.
Right to transparency: You will be informed about the content of this privacy statement via this link, as an attachment to every electronic contact and placed visibly in our offices. You can receive a statement on simple request.

If you want to assert one or more of these rights, please request this in writing with proof of your double Opt-In verification by email and we will respond within 30 days.

8. COMPLAINTS:

If you do not agree with the way in which we handle your personal data, respect your rights or this privacy statement, please let us know first so that we can respond appropriately.You can always submit a complaint to the Data Protection Authority = GBA (the old Privacy Commission) via www.dataprotectionauthority.be in 1000 Brussels, Drukpersstraat 35 or by e-mail to [email protected] or by telephone on 02 / 274.48.00

9.VARIA:

This privacy statement takes effect on January 28, 2019, i.e. at the same time as the web application is displayed online. We reserve the right to change this privacy statement at any time.