PRIVACY POLICY


1. Identity and Contact Information of the Data Controller

This privacy policy applies to all personal data processed by the Vision Healthcare Group, with its registered office at Grote Markt 41, 8500 Kortrijk, company number BE 0685.849.188, as well as Purasana NV, part of the Vision Healthcare Group with its registered office at Heulestraat 104, 8560 Gullegem, and company number BE 0438.537.691, acting as joint controllers under the GDPR (hereinafter referred to as 'data controller').

The data controller places great importance on your privacy and processes your personal data in accordance with the European Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter referred to as "GDPR"), as well as any future or supplementary legislation for its implementation, if applicable.

For further questions or comments on how we handle your personal data, you can always contact us by email at [email protected] or by post to the above-mentioned address.

Our Data Protection Officer (DPO), Mr Franklin BV - www.misterfranklin.be, can also be reached via the same contact details (mark as "Attention: DPO").

2. What Does 'Processing of Personal Data' Mean?

The processing of personal data (hereinafter referred to as "data") includes any handling of data that can identify you as a natural person. You will find details about the specific data in this privacy policy. The term 'processing' is very broad and includes activities such as collecting, storing, using, or sharing your data with third parties.

3. What Data Do We Process?

Below, we clarify the types of data we may process about you. We may receive the following data directly or indirectly from you.

We receive personal data directly from you when you make a purchase at one of the companies that are part of the Vision Healthcare Group, when you contact one of these companies, or when you, as a service provider/supplier, enter into a contract with one of the companies within the group.

It is also possible that we receive your personal data indirectly via third parties. In such cases, this personal data is not directly provided by you to one of the companies belonging to the Vision Healthcare Group. You may have authorised a third party to share your personal data further with other parties, including one of the companies within the Vision Healthcare Group.

3.1. Customer Data

3.1.1. Customer Account Data

You can create a personal customer account via this website, which allows you to place orders, make purchases, and track your purchase history. By creating such a customer account, you provide the following information to the data controller:

3.1.2. Data When Placing an Order Without an Account

It is not necessary to create an account to place an order. When placing such an order, the following customer data is processed:

3.1.3. Data When Contacting Customer Service

For questions, complaints, comments, etc., you can always contact the company's customer service. When you contact our customer service, we process the following data:

3.1.4. Data in the Context of After-Sales Service, Competitions, and Other Promotional Activities

Customer friendliness, optimal customer experience, and service are highly valued by Vision Healthcare NV. In this context, the data controller processes the following data:

3.2. Supplier Data

The Vision Healthcare group and its companies engage external service providers and suppliers for various services/products. The following personal data of these suppliers/service providers is processed:

3.3. Prospective Employee Data

We may process the following additional data from future employees, depending largely on the information you choose to provide us during your application:

3.4. Website Visitor Data

When you visit our website as a customer or non-customer, the following personal data may be processed depending on your personal preferences:

4. For What Purposes Do We Process Your Data?

Personal data is only processed within the framework of the company, specifically for the following purposes:

5. On What Legal Grounds Do We Process Your Data?

We process your data for the purposes described below and do not collect or process more or other types of data than necessary for these purposes. We only process your data if it is based on one of the legal grounds mentioned in the GDPR, as set out below.

Legal Obligation

Some data is processed by us to comply with legal or regulatory obligations imposed on us, for example, in the context of tax and accounting obligations or data protection laws.

5. On What Legal Grounds Do We Process Your Data?

We process your data for the purposes described below and do not collect or process more or other types of data than necessary for these purposes. We only process your data if it is based on one of the legal grounds mentioned in the GDPR, as set out below.

Legal Obligation

Some data is processed by us to comply with legal or regulatory obligations imposed on us, for example, in the context of tax and accounting obligations or data protection laws.

Necessary for the Performance of the Contract:

Certain data is processed by us because it is necessary to conclude, perform, or terminate a contract with you as the data subject. For example, for making contact, scheduling, responding to a request, or obtaining information for entering into a contractual relationship, as well as for the actual execution of the contractual task within the scope of our core activity to provide our services to you or receive services from you.

Legitimate Interest

Some data is processed by us based on our legitimate interest, which in specific cases outweighs a potential infringement of your rights. Examples include:

Consent

Certain data is processed by us based on your consent. Examples include:

6. Source of Data

The majority of the data we process about you is obtained directly from you in the context of our services. It is possible that we obtain data about you from external service providers or public sources. You can always contact us for more information about the sources of our data about you.

7. With Whom Do We Share Your Data?

We do not share your data with third parties unless strictly necessary for the purposes mentioned above or if we are legally required to do so.

The company Vision Healthcare NV and each individual company that is part of the Vision Healthcare Group act as joint controllers of data processing. Personal data processed by the companies belonging to the Vision Healthcare Group may be shared within the group as long as this sharing is based on a legal processing ground provided in Article 6 of the GDPR and aligns with one of the processing purposes indicated in this privacy policy.

Where necessary, we engage external service providers (processors) to support our operational objectives, such as managing our websites and IT systems. These external service providers may, if applicable, carry out certain data processing activities on our behalf. We only share your data with these external service providers to the extent necessary for the specific purpose. They may not use the data for other purposes. Furthermore, these service providers are contractually obligated to ensure the confidentiality of your data through a 'data processing agreement' concluded with these parties.

Specifically, this means we share your data, as relevant to your situation, with the following third parties for the following purposes, whereby these third parties act as processors on our behalf in certain cases:

8. How Long Do We Retain Your Data?

We do not retain your data longer than necessary for the purpose for which the data was collected or processed. Since the duration of data retention depends on the purposes for which the data was collected, the retention period can vary per situation. Sometimes specific legislation requires us to retain data for a certain period. Our retention periods are always based on legal requirements and a balance between your rights and expectations and what is useful and necessary to fulfil the purposes. After the retention period expires, your data will be deleted or anonymised.

9. Where Do We Store Your Data, and How Is Your Data Protected?

We implement appropriate technical and organisational security measures to prevent destruction, loss, falsification, alteration, unauthorised access, or unauthorised disclosure to third parties, as well as any other unauthorised processing of this data, within the scope of our activities.

In addition, we ensure that the processors we work with also implement appropriate security measures to minimise the risks of incidents as much as possible.

If your data is processed outside the European Economic Area (EEA) when using specific services or software tools, this only occurs in/to countries that the European Commission has confirmed provide an adequate level of protection for your data, or measures are taken to ensure the lawful processing of your data in these third countries.

10. What Are Your Rights?

You have several rights regarding the data we process about you. If you wish to exercise any of the following rights, please contact our GDPR representative using the contact details in the first section of this Privacy Policy.

Right of Access and Copy: You have the right to view your data and obtain a copy of it. This right also includes the ability to request more information about the processing of your data, including the categories of data processed about you and the purposes of processing.

Right to Rectification: You have the right to have your data rectified if you believe we are holding incorrect data about you.

Right to Erasure (Right to Be Forgotten): You have the right to request that we delete your data without undue delay. However, we may not always be able to comply with such a request, particularly when the data is still needed for an ongoing contract or when retaining certain data for a specified period is legally required.

Right to Restriction of Processing: You have the right to restrict the processing of your data. This temporarily suspends processing until, for example, its accuracy is verified.

Right to Withdraw Consent: When processing is based on your consent, you have the right to withdraw this consent at any time by contacting us. For marketing messages you receive from us via email based on your consent, you can easily withdraw your consent by clicking the unsubscribe link at the bottom of such a message.

Right to Object: You have the right to object to the processing of your data based on legitimate interests. This must be based on specific reasons related to your situation. You can also object to the use of your data for direct marketing. Marketing emails will always provide an opt-out option.

Right to Data Portability: You have the right to obtain your data, which you provided to us with your consent or as part of the performance of a contract, in electronic form. This allows it to be easily transferred to another organisation. You also have the right to ask us to transfer your data directly to another organisation, where technically feasible.

Right to Lodge a Complaint with Your Supervisory Authority: If you believe that we are processing your data incorrectly, you always have the right to lodge a complaint with the data protection authority.

By Post:

Authority for Personal Data
P.O. Box 93374
2509 AJ The Hague
Online: https://www.autoriteitpersoonsgegevens.nl/en/submitting-a-tip-off-or-a-complaint-to-the-dutch-dpa

Data Protection Authority
Rue de la Presse 35
1000 Brussels
[email protected]

11. How to Exercise Your Rights

You can exercise your rights by contacting us, either by email at [email protected] or by post at Grote Markt 41, 8500 Kortrijk (Belgium). We may ask you to provide us with documents to verify your identity. These documents will only be used to fulfil your request in accordance with the GDPR.

12. Changes

We reserve the right to amend this Privacy Policy. The most recent version is always available on our websites. The date this Privacy Policy was last amended is stated at the top. In the case of a substantial change to the Privacy Policy, we will, where possible, directly inform the individuals concerned.