OERAL, located at bvba Fuel Service, B - 1050 Brussels, Avenue Louise 283 bus 25, is responsible for the processing of personal data as shown in this privacy statement.
Since we comply with the GDPR / AVG - Legislation in force since 25/05/2018, we present you this privacy statement. If you still have questions after reading this statement, you can always contact our data protection officer or DPO (Data Protection Officer) via this route: [email protected]
Here we explain how we handle your personal data, what your rights are, how you can enforce them, etc.
- Terms used:
- Personal data: this means the GDPR / AVG all information that a natural person could identify, directly or indirectly. Also referred to as "data." So it is NOT about company data !!
- Processing: collecting, recording, organizing, structuring, storing, updating or modifying, retrieving, consulting, using, providing by means of transmission, distribution or otherwise making available, aligning or combining, protecting, deleting or destroying data .
We process the following personal data from you:
Name, address, telephone number and / or mobile phone number and e-mail address These data have been sent to us by:
1. That you have delivered them to us yourself during or prior to a personal interview
2. By registering and logging in to our website: www.oeral.be
We do not collect data in any other way.
We do this with the aim of getting in or staying in contact with you regarding services and / or goods to be delivered, following up services and / or goods delivered or to be able to answer all your questions. This is a pre-contractual or contractual relationship. If we exceptionally receive other personal data from you privately, this will only be used for 1 specific purpose and only stored temporarily.
We will keep your data as long as you use our internet application and as long as we need your personal data to be able to offer you a certain service or product.
- Trading books: 7 years in original or electronic form with the retention period starting from January 1 of the year following the closing of the financial year. Here we follow Article III.86 of the Code of Economic Law and Article 9 of the Royal Decree of 12/09/1983 implementing the law of 17/07/1975 on the accounting of the company.
- Legal documents: 7 years in original or electronic form, with the retention period starting after the closing of the financial year. Here we follow Article II.86 of the Code of Economic Law -Documents that do not serve as proof to third parties: 3 years in original or copy where again Article III.86 of the Code of Economic Law applies.
For this processing we take appropriate technical and organizational measures to optimally protect your data, taking into account the nature of the data and the associated risks. We do not store any special personal data and have the following measures in place for the security of your data:
-The computers on which data are processed are secured by default with a user name and a complex password.
-All computers are equipped with a Small Office Security solution, which of course is always kept "up-to-date" and automatically performs multiple scans. All Windows installations are automatically updated. The installation is checked at least once a month and possibly started manually.
-The data is stored on a part of the disk that is set up as a “data safe.” This is encrypted and can only be accessed after the computers have been started + Windows logon + opening the safe with Kaspersky and a long and complex password.
-To avoid data loss in the event of loss of computers, we make daily backups to an encrypted cloud environment. -The data is first compressed, then encrypted with at least AES256 bit key and this form is stored at the off-site location. The responsible for the backups cannot read data in this way as the encryption key is only known by us and stored in a special "password manager". -All passwords are managed by Kaspersky password manager and stored in the cloud environment.
-Our employees are fully informed about the safe handling of your personal data and are kept confidential by their employment contract.
- No data is kept on paper due to the possibility of online registration and is not accessible to unauthorized persons. The past teaches us that no risk is completely avoided and if we are aware of unauthorized access to our IT systems or unauthorized modification, damage or possible loss of your data, we will immediately take all necessary measures to reduce this risk to a minimum and to avoid in the future. This will also limit the potential damage for you.
We pass on your details to the following parties for the purposes stated below;
-The bookkeeper to meet our legal accounting requirements;
-For employees: The social secretariat for the purpose of wage calculation;
-The supplier of this application with the aim of ensuring the security and functioning of this internet application.
P.S. This only concerns your general personal data and these will not be passed on to organizations and / or persons for marketing purposes. For other parties, we only do this with your express permission or on behalf of you. We conclude processing agreements with the parties mentioned above, which stipulate that they too must comply with the GDPR / AVG guidelines. We will at all times ensure that your personal data will NOT be stored outside the EEA without a solid guarantee from any parties involved that they also fully comply with GDPR / AVG legislation.
Below is a summary of your rights regarding the processing of your personal data, whether it applies and how you can apply it:
Inspection: You have the right to request access to information about your data and if there are errors or omissions, requests for rectification, addition and even deletion.
Attention !: If you ask for removal, this can only be done if we no longer need your data for reasons other than those stated in our goal description point 3. This is especially tax and social legislation. Transferability: If you want to change service providers, we will hand over your personal data in a digitally readable standard format to the new organization. Objection to automated decision-making and profiling: Since we do not implement this, this does not apply either.
Objection to data processing: This only applies if your data is used for direct marketing, but since we also do not implement this, this does not apply.
Right to transparency: You will be informed about the content of this privacy statement via this link, as an attachment to every electronic contact and visibly placed in our offices. On simple request you can receive a debit.
If you want to apply one or more of these rights, please request this in writing with proof of your double Opt-In verification by email and we will respond within 30 days.
If you do not agree with the way we handle your personal data, respect your rights or this privacy statement, let us know first so that we can respond appropriately You can always submit a complaint to the Data Protection Authority = GBA (the old Privacy Commission) via www.gegevensbeschermingsautoriteit.be in 1000 Brussels, Drukpersstraat 35 or via mail to [email protected] or by telephone on 02 / 274.48.00
This privacy statement takes effect on January 28, 2019, at the same time as the web application is displayed online. We reserve the right to change this privacy statement at any time.