1. General

SanRemo NG, with registered office at Rijweg 153, 3020 Leuven and registered with the KBO under number 0567,659,242 (hereinafter "OPYX") considers the protection of privacy extremely important. OPYX wants to inform, respect and give its customers and the users of its services as much information as possible about what happens to their data. OPYX wants to manage and use its customer data safely, respectfully and as a good family man in order to better serve its customers and provide the best possible experience. OPYX therefore starts from the principle that everyone must have control over their personal data. Below is information about what data OPYX collects, why, how long and how you control it.

OPYX invites its customers to take the time to read this Privacy Policy carefully, together with the Terms and Conditions and any other conditions that may apply to its products and services.

2. Application

This Privacy Policy applies to all our customers (current, former and future) and to all visitors to the OPYX website (s).

The European General Data Protection Regulation 2016/679 of 27 April 2016 ("General Data Protection Regulation"), the law of 8 December 1992 ("Privacy Act"), the law of 13 June 2005 ("Electronic Communications Act") and the accompanying implementing orders, as well as any future changes to this, regulate the protection of your personal data.

OPYX strives to fulfill its obligations and to respect the rights of the customer whenever OPYX processes your personal data. For more information about this, OPYX would like to refer you to the website of the Commission for the protection of privacy [https://www.privacycommission.be/en].

3. Processing of personal data and responsibilities

"Personal data" means the following: any information about an identified or identifiable natural person ("the data subject"), with the understanding that an individual who can be directly or indirectly identified is identified as identifiable, in particular on the basis of an identifier such as a name, an identification number, location data, an online identifier or one or more elements that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

The personal data collected and processed by OPYX primarily concern the data that the customer enters via the various pages of our website (s) and that OPYX obtains through your use of our website (s) and / or our products and / or services.

OPYX acts as responsible for the processing of personal data of its customers for the purposes described in this Privacy Policy.

This does not alter the fact that the customer has a number of obligations in connection with the processing of personal data that allows the customer to use the products and services of OPYX. In this capacity, the customer must always obtain, where necessary, the legally required authorizations from the end-users for the processing of their personal data by OPYX insofar as necessary within the framework of the products and services of OPYX.

4. Purposes

OPYX processes personal data for various purposes, whereby only the data that are necessary to realize the intended purpose is processed.

We use personal data:
When we have received permission;
In the context of the preparation or execution of our contract; To comply with the legal or regulatory provisions to which we are subject; and When OPYX has a legitimate interest, such as, for example, conducting direct marketing, fraud prevention, managing internal administration or monitoring appropriate network and information security, in which case we always strive to a balance between that interest and respecting the privacy of the person concerned. With permission, insofar as required, OPYX collects personal data for the following concrete objectives:

To process the application for our products and services.
If you visit our website to collect and / or request information about our products and services, or if you sign up for the OPYX newsletter, for example, OPYX needs your address information. All information that OPYX receives about you during this pre-contractual phase will only be used by OPYX to provide you with the requested information in the way you want. Even if you decide to become a customer at OPYX, OPYX will ask you for a number of personal details such as name, address, telephone number, e-mail address, customer number, and OPYX will also assign certain data to you, such as login details.

To offer the best service and to inform about usage possibilities.
OPYX uses personal data for setting up, maintaining and supporting products and services and for administrative purposes.

To inquire about (new) products and services from OPYX.
OPYX may use personal data to offer (in writing, by telephone or electronically) new products, services or special promotions that OPYX believes may be of interest to you. You can opt out of this type of message, see below.

To track performance.
OPYX can use personal data and consumer profiles to evaluate its products and services. This includes, among other things: requesting feedback on services (for example via market research), data obtained during answers to customer questions, fraud detection and quality assurance.

To comply with legal obligations.
In many instances, OPYX is legally obliged to retain certain personal data and / or communicate them to government agencies, for example in the light of general tax and accounting obligations. In the context of a police or judicial investigation, OPYX may be obliged to communicate certain data to the necessary authorities in a confidential manner.

To keep track of studies, tests and statistics for, for example, trend analysis.
OPYX may use anonymous, aggregated data to, for example, report internally and externally on the use of its services. The data used for this can not be returned to a specific individual. The information that OPYX derives from these analyzes is used to evaluate the current product and service portfolio and OPYX processes and to adapt these to new developments.

5. Security

OPYX strives at all times to protect personal data and privacy, both in the physical offices and on the OPYX network. OPYX ensures appropriate organizational and technical measures to secure personal data.

Employees of OPYX are trained to deal with confidential data correctly. In the case of privacy-sensitive projects, an estimate is also made with regard to security and the protection of personal data. OPYX also employs specialized people who are responsible for the security of the network, infrastructure and information systems. In addition, OPYX uses a variety of technical measures to protect personal data, such as: password protection, hard disk encryption software, firewalls, antivirus, intrusion and anomaly detection and access controls for employees.

If a data breach should occur with unfavorable consequences for personal data, the customer is personally informed in the circumstances provided for by law.

The number of OPYX employees who have access to personal information is limited and carefully selected. These employees are granted access to personal information to the extent that they need this information to perform their duties properly.

The existence and content of the personal communication that takes place via the OPYX network (for example: e-mail traffic, hosting, ...) is protected by the provisions on telecommunications secrecy. This means that OPYX and its employees are not allowed to take cognizance of the existence or content of such communication beyond the exceptions enumerated by law.

The OPYX websites sometimes mention links to third-party sites whose terms of use do not fall within the scope of this Privacy Policy. Carefully read their policy on the protection of personal data.

6. Providing data to third parties

OPYX does not sell personal data to third parties nor are they passed on to third parties unless:

To our legal successors.
OPYX transfers personal data to any legal successors and affiliated companies (such as subsidiaries and sister companies) for the same purposes as those stated in this Privacy Policy.

If necessary for our service.
For some aspects of our products and services we cooperate with third parties or we engage subcontractors. These third parties are always carefully selected and there is always an agreement between OPYX and this third party in accordance with the applicable legislation. For example, OPYX makes use of service providers of domain name registrations, providers of e-mail services, providers of SSL certificates and providers of cloud connect services. For more information about our subcontractors, you can always contact us via the contact details under point 10.

If you purchase from OPYX an online product or service from a manufacturer or supplier based outside the European Union, it is possible that additional measures are necessary to ensure the security of personal data, such as a certification under the EU-US Privacy Shield and / or a processor agreement with model clauses drawn up by the European Commission.

When a person refuses to have their details transmitted, it is possible that some services may no longer be offered by OPYX.

If there is a legal obligation.
OPYX refers to point 4 of this Privacy Policy.

There is a legitimate interest for or the third party involved.
This only happens if the interests or fundamental rights and freedoms of the person concerned do not weigh more heavily.

If OPYX has received permission from the person concerned.
If OPYX would otherwise provide personal data to third parties, this will be done with an explicit communication, in which the third party is informed, the purposes of the transfer and processing. Where required by law, OPYX obtains explicit and unambiguous consent from the person concerned. The person concerned also always has a possibility of resistance (see below).

As regards the international transfer of personal data, OPYX protects all personal data according to the level of protection required by European regulations.

In some cases OPYX uses anonymous, aggregated data for commercial purposes or for external reporting. These data can never be returned to a specific individual.

7. Rights of the person concerned

You may exercise a number of rights regarding the processing of your personal data with regard to OPYX, insofar as you have those rights under the applicable legislation.
You can exercise these rights by using the contact details mentioned under point 10 of this Privacy Policy. OPYX will respond to such requests and may or may not respond to such requests in accordance with applicable law and in principle within a period of one (1) month, also in accordance with applicable law.
In order to exercise your rights and to prevent any unauthorized disclosure of your personal data, you must provide us with proof of your identity. We therefore ask you to preferably add a copy of the front of your identity card to your application. The request can be sent to the data mentioned under point 10 of this Privacy Policy.
If you consider this necessary, you can also address or file a complaint with the Data Protection Authority (Belgian Privacy Commission) (commission@privacycommission.be).

Right of objection
You have the right to object at all times to the processing of your personal data based on the legitimate interests of OPYX due to your specific situation. If you object, OPYX will cease processing such personal data unless OPYX invokes compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or that are related to the institution, exercise or substantiation of a legal claim.

Right of access and transparency
You have the right to (free) access to the data that concerns you and to obtain a copy of this personal data. You can also ask us:
• Whether we process personal data of you; • For what purposes we process it; • Which categories of personal data we process; • With which categories of third parties we share your personal data; • What is the origin of the processed data; • What rights do you have.

Right to rectification and data change
As a data subject you have the right to correct or supplement incomplete, incorrect, inappropriate or outdated personal data yourself. In order to keep your data up-to-date, we request that you notify us of any change, such as in case of a move.

You also have the right to, without undue delay, erase your personal data if and in so far as:

1. the personal data is no longer needed for the purposes;
2. there is no longer a legal basis available,
   
3. you object to the processing, and there are no prevailing compelling justified grounds for the processing by OPYX;
   
4. the personal data have been processed unlawfully; or
   
5. the personal data must be deleted in order to comply with a statutory obligation on OPYX.

OPYX will send you a confirmation message after execution of a removal request. In case of partial removal, OPYX will also explain why the request could not be fully met.

It is possible that, depending on the nature of the request, some services may no longer be offered by OPYX.
OPYX can not always delete all requested data, for example to comply with legal obligations (for example, to meet accounting and fiscal obligations, OPYX is required to keep records for up to 7 years).

Right to limitation of processing.
You also have the right to obtain from OPYX the limitation of the processing of your personal data if and insofar as one of the following elements applies:

1. you dispute the accuracy of the personal data, in which case the processing is limited during a period that enables OPYX to check its accuracy;
   
   
2. the processing is unlawful and you oppose the erasure of the personal data and, instead, request the restriction of their use;
   
   
3. OPYX no longer needs the personal data for processing purposes, but you need it for the establishment, exercise or substantiation of a legal claim;
   
   
4. you objected to the processing, pending the answer to the question whether the justified grounds of OPYX outweigh those of the person concerned.
   
   

In case of limitation of the processing, the data may still be stored by OPYX.

Right to data portability
For personal data that is (i) processed in the context of the execution of the agreement, (ii) provided by yourself and (iii) processed through automated processes, you as a data subject have the right to obtain these data from OPYX in a structured, standard and machine-readable form, as well as requesting OPYX to transfer that data directly to another party, if technically possible, if you wish to transfer to another provider.

8. Retention periods

OPYX stores and processes your personal data for as long as is necessary to realize the purposes as described in point 4.

The retention period can therefore differ per purpose, for example to comply with legal obligations (to meet our accounting and fiscal obligations, OPYX is, for example, obliged to keep records for up to 7 years) or from the legal need to provide certain data as evidence. to keep in dispute, up to 10 years after termination of your contract. These archived data are, of course, only accessible to a limited extent.

9. Cookies & the website

In addition to the information you voluntarily share with OPYX when using our websites, OPYX also uses cookies and other technological means to collect data.

Websites
All information, whether in the form of text, files or images or any other form, is made available by OPYX for information purposes only.

Any interested person may take note of this information, but OPYX reserves the right to change the rules and conditions relating to access to the use of the website, or the entire website, at the time it deems appropriate, without any prior warning. or to subject parts of them to a limitation.

The access to such private parts of the website can be made dependent on the provision of information by the visitor / user of the website. The visitor / user who provides this information explicitly agrees that this information becomes the property of OPYX and that by the mere communication of information to OPYX, the latter is explicitly authorized to use information in accordance with the Privacy Policy.

The granting of access to the private part of the OPYX website through the use of usernames and passwords can at any time be changed or refused by OPYX without this leading to any compensation.

Cookies
On our website use is made of cookies or similar technologies where information on the device is stored and / or read (for ease of reading all such techniques are called 'cookie' here). For more information about which cookies we use, why and how, and what your choices are, click here for our cookie policy.

10. Contact information

A question or request regarding personal data or this Privacy Policy can at any time be addressed to:

SanRemo NG bvba
Attn: Data Protection Team
Rijweg 153, 3020 Herent, Belgium

e-mail: dataprotection@opyx.be

11. Changes

OPYX reserves the right to change this Privacy Policy. Changes will always be published on this website prior to its entry into force. It is advisable to consult this Policy regularly so that you are aware of these changes.