PRIVACY POLICY
1. Identity and Contact Information of the Data Controller
This privacy policy applies to all personal data processed by the Vision Healthcare Group, with its registered office at Grote Markt 41, 8500 Kortrijk, company number BE 0685.849.188, as well as Purasana NV, part of the Vision Healthcare Group with its registered office at Heulestraat 104, 8560 Gullegem, and company number BE 0438.537.691, acting as joint controllers under the GDPR (hereinafter referred to as 'data controller').
The data controller places great importance on your privacy and processes your personal data in accordance with the European Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter referred to as "GDPR"), as well as any future or supplementary legislation for its implementation, if applicable.
For further questions or comments on how we handle your personal data, you can always contact us by email at [email protected] or by post to the above-mentioned address.
Our Data Protection Officer (DPO), Mr Franklin BV - www.misterfranklin.be, can also be reached via the same contact details (mark as "Attention: DPO").
2. What Does 'Processing of Personal Data' Mean?
The processing of personal data (hereinafter referred to as "data") includes any handling of data that can identify you as a natural person. You will find details about the specific data in this privacy policy. The term 'processing' is very broad and includes activities such as collecting, storing, using, or sharing your data with third parties.
3. What Data Do We Process?
Below, we clarify the types of data we may process about you. We may receive the following data directly or indirectly from you.
We receive personal data directly from you when you make a purchase at one of the companies that are part of the Vision Healthcare Group, when you contact one of these companies, or when you, as a service provider/supplier, enter into a contract with one of the companies within the group.
It is also possible that we receive your personal data indirectly via third parties. In such cases, this personal data is not directly provided by you to one of the companies belonging to the Vision Healthcare Group. You may have authorised a third party to share your personal data further with other parties, including one of the companies within the Vision Healthcare Group.
3.1. Customer Data
3.1.1. Customer Account DataYou can create a personal customer account via this website, which allows you to place orders, make purchases, and track your purchase history. By creating such a customer account, you provide the following information to the data controller:
- General identification data (name, first name, date of birth);
- Contact details (name, first name, email address, address, telephone number);
- Payment card data (account number, expiry date, cardholder name);
- Order history;
- Company number and other company-related data, insofar as they may lead to the identification of a natural person;
- Delivery addresses (if different from the provided residential address);
- Shopping cart;
- Gender (optional);
- Account information (username, password).
It is not necessary to create an account to place an order. When placing such an order, the following customer data is processed:
- General identification data (name, first name);
- Contact details (name, first name, email address, and address);
- Payment card details;
- Delivery address (if different from the billing address).
For questions, complaints, comments, etc., you can always contact the company's customer service. When you contact our customer service, we process the following data:
- General identification data (name, first name);
- Contact details (name, first name, email address, and address if related to the reason for contacting customer service);
- Payment card details (if related to the reason for contacting customer service);
- Ordered products/services and order number/customer number.
Customer friendliness, optimal customer experience, and service are highly valued by Vision Healthcare NV. In this context, the data controller processes the following data:
- General identification data (name, first name);
- Contact details (name, first name, email address, and address if relevant);
- Ordered products/services and order number/customer number;
- Feedback on the sold products and, more generally, on the services provided.
3.2. Supplier Data
The Vision Healthcare group and its companies engage external service providers and suppliers for various services/products. The following personal data of these suppliers/service providers is processed:
- Contact details of the contact person within the supplier/service provider company (name, first name, email address, phone number);
- Company number and other business-related data, insofar as they can identify a natural person;
- Contractual data (e.g., company name, address, VAT number, agreement, etc.);
- Payment and billing data (e.g., payment card details, invoices, etc.);
- Account information for the platform (e.g., account registration details);
- Feedback, testimonials, quotes, promotional content such as photos and videos (e.g., reviews and experiences regarding our collaboration, testimonials, quotes, event attendance, etc.).
3.3. Prospective Employee Data
We may process the following additional data from future employees, depending largely on the information you choose to provide us during your application:
- Personal data (motivation letter, CV, diplomas);
- Job-related data (previous work experience, CV, etc.);
- Personality data;
- Photos.
3.4. Website Visitor Data
When you visit our website as a customer or non-customer, the following personal data may be processed depending on your personal preferences:
- IP address, browser type, location data, how the person reached the website, interests, and the way the person navigates through the web page (via strictly necessary, analytical, and marketing cookies);
- Name, first name, email address, phone number, subject of contact, and contact message (via the online contact form);
- Email address (via the online subscription form for the newsletter).
4. For What Purposes Do We Process Your Data?
Personal data is only processed within the framework of the company, specifically for the following purposes:
- Within the scope of our core activities and online stores;
- After-sales service;
- Marketing and promotional activities;
- Compliance with administrative and tax obligations;
- Communication with customers and prospects;
- Recruitment procedures for employees.
5. On What Legal Grounds Do We Process Your Data?
We process your data for the purposes described below and do not collect or process more or other types of data than necessary for these purposes. We only process your data if it is based on one of the legal grounds mentioned in the GDPR, as set out below.
Legal Obligation
Some data is processed by us to comply with legal or regulatory obligations imposed on us, for example, in the context of tax and accounting obligations or data protection laws.
5. On What Legal Grounds Do We Process Your Data?
We process your data for the purposes described below and do not collect or process more or other types of data than necessary for these purposes. We only process your data if it is based on one of the legal grounds mentioned in the GDPR, as set out below.
Legal Obligation
Some data is processed by us to comply with legal or regulatory obligations imposed on us, for example, in the context of tax and accounting obligations or data protection laws.
Necessary for the Performance of the Contract:
Certain data is processed by us because it is necessary to conclude, perform, or terminate a contract with you as the data subject. For example, for making contact, scheduling, responding to a request, or obtaining information for entering into a contractual relationship, as well as for the actual execution of the contractual task within the scope of our core activity to provide our services to you or receive services from you.
Legitimate Interest
Some data is processed by us based on our legitimate interest, which in specific cases outweighs a potential infringement of your rights. Examples include:
- Marketing activities for our customers;
- Improving the quality of our services;
- Training employees and evaluating and tracking data and statistics related to our activities in a broad sense;
- Preserving and using evidence in the context of liability, procedures, or disputes for archiving purposes;
- Ensuring security, both online on our websites and at our business premises.
Consent
Certain data is processed by us based on your consent. Examples include:
- Marketing activities that do not fall under legitimate interest;
- Use of specific analytical or marketing cookies;
- Use of media on our website and social media channels;
- Retention of applicant data after the recruitment process, only with their consent.
6. Source of Data
The majority of the data we process about you is obtained directly from you in the context of our services. It is possible that we obtain data about you from external service providers or public sources. You can always contact us for more information about the sources of our data about you.
7. With Whom Do We Share Your Data?
We do not share your data with third parties unless strictly necessary for the purposes mentioned above or if we are legally required to do so.
The company Vision Healthcare NV and each individual company that is part of the Vision Healthcare Group act as joint controllers of data processing. Personal data processed by the companies belonging to the Vision Healthcare Group may be shared within the group as long as this sharing is based on a legal processing ground provided in Article 6 of the GDPR and aligns with one of the processing purposes indicated in this privacy policy.
Where necessary, we engage external service providers (processors) to support our operational objectives, such as managing our websites and IT systems. These external service providers may, if applicable, carry out certain data processing activities on our behalf. We only share your data with these external service providers to the extent necessary for the specific purpose. They may not use the data for other purposes. Furthermore, these service providers are contractually obligated to ensure the confidentiality of your data through a 'data processing agreement' concluded with these parties.
Specifically, this means we share your data, as relevant to your situation, with the following third parties for the following purposes, whereby these third parties act as processors on our behalf in certain cases:
- Postal companies, transport, and delivery companies if we need to send you something by post;
- Payment service providers if we receive payments from you, or vice versa;
- External representatives and advisors or other parties involved in our core or ancillary activities;
- Processors assisting us in IT matters to ensure safe and efficient digital data management within our organisation;
- Government agencies, judicial authorities, and regulated professionals such as accountants and lawyers, to meet our legal obligations and to defend our interests, if necessary.
8. How Long Do We Retain Your Data?
We do not retain your data longer than necessary for the purpose for which the data was collected or processed. Since the duration of data retention depends on the purposes for which the data was collected, the retention period can vary per situation. Sometimes specific legislation requires us to retain data for a certain period. Our retention periods are always based on legal requirements and a balance between your rights and expectations and what is useful and necessary to fulfil the purposes. After the retention period expires, your data will be deleted or anonymised.
9. Where Do We Store Your Data, and How Is Your Data Protected?
We implement appropriate technical and organisational security measures to prevent destruction, loss, falsification, alteration, unauthorised access, or unauthorised disclosure to third parties, as well as any other unauthorised processing of this data, within the scope of our activities.
In addition, we ensure that the processors we work with also implement appropriate security measures to minimise the risks of incidents as much as possible.
If your data is processed outside the European Economic Area (EEA) when using specific services or software tools, this only occurs in/to countries that the European Commission has confirmed provide an adequate level of protection for your data, or measures are taken to ensure the lawful processing of your data in these third countries.
10. What Are Your Rights?
You have several rights regarding the data we process about you. If you wish to exercise any of the following rights, please contact our GDPR representative using the contact details in the first section of this Privacy Policy.
Right of Access and Copy: You have the right to view your data and obtain a copy of it. This right also includes the ability to request more information about the processing of your data, including the categories of data processed about you and the purposes of processing.
Right to Rectification: You have the right to have your data rectified if you believe we are holding incorrect data about you.
Right to Erasure (Right to Be Forgotten): You have the right to request that we delete your data without undue delay. However, we may not always be able to comply with such a request, particularly when the data is still needed for an ongoing contract or when retaining certain data for a specified period is legally required.
Right to Restriction of Processing: You have the right to restrict the processing of your data. This temporarily suspends processing until, for example, its accuracy is verified.
Right to Withdraw Consent: When processing is based on your consent, you have the right to withdraw this consent at any time by contacting us. For marketing messages you receive from us via email based on your consent, you can easily withdraw your consent by clicking the unsubscribe link at the bottom of such a message.
Right to Object: You have the right to object to the processing of your data based on legitimate interests. This must be based on specific reasons related to your situation. You can also object to the use of your data for direct marketing. Marketing emails will always provide an opt-out option.
Right to Data Portability: You have the right to obtain your data, which you provided to us with your consent or as part of the performance of a contract, in electronic form. This allows it to be easily transferred to another organisation. You also have the right to ask us to transfer your data directly to another organisation, where technically feasible.
Right to Lodge a Complaint with Your Supervisory Authority: If you believe that we are processing your data incorrectly, you always have the right to lodge a complaint with the data protection authority.
By Post:
Authority for Personal Data
P.O. Box 93374
2509 AJ The Hague
Online: https://www.autoriteitpersoonsgegevens.nl/en/submitting-a-tip-off-or-a-complaint-to-the-dutch-dpa
Data Protection Authority
Rue de la Presse 35
1000 Brussels
[email protected]
11. How to Exercise Your Rights
You can exercise your rights by contacting us, either by email at [email protected] or by post at Grote Markt 41, 8500 Kortrijk (Belgium). We may ask you to provide us with documents to verify your identity. These documents will only be used to fulfil your request in accordance with the GDPR.
12. Changes
We reserve the right to amend this Privacy Policy. The most recent version is always available on our websites. The date this Privacy Policy was last amended is stated at the top. In the case of a substantial change to the Privacy Policy, we will, where possible, directly inform the individuals concerned.