Privacy statement
PRIVACY POLICY – GPC EUROPE BVBA
Grid Parity Concepts Europe BVBA, with registered office at 8700 Tielt, Careelstraat 2, registered in the Crossroads Bank for Enterprises, under the number 0877.177.730, RPR Ghent department Bruges (hereafter, "we", "us" or "GPC Europe"), considers the protection of privacy extremely important. We therefore take all appropriate measures to protect your privacy in accordance with applicable laws and regulations, including the Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data on the free movement of such data and repealing Directive 95/46/EC (the 'AVG') .
Through this privacy policy, we wish to explain to you as clearly and transparently as possible what personal data we may collect from you, why we want to collect it, how we intend to use it, and how we intend to handle it. We also wish to inform you which privacy rights you have and how you can exercise them.
For the purposes of this privacy statement, 'personal data' means any information about an identified or identifiable natural person ('the data subject'). An identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. In other words, this is any information that can be used to identify a person. This includes, for example, your name, date of birth, address, telephone number and e-mail address, but also your IP address.
Anonymous data and data on deceased persons or legal entities are not personal data within the meaning of the AVG. There is only anonymous data if the user cannot in any way establish a connection with the person concerned.
The term 'processing' is very broad and covers, among other things, the collection, recording, organization, storage, updating, amendment, retrieval, consultation, use, dissemination, combination, archiving and erasure of data.
When do we process what personal data and on what legal basis?
We process your personal data when you:
visit our website;
place an order with us;
conclude/wish to conclude an agreement with us;
contact our customer service;
otherwise interact with us;
subscribes to a newsletter; or
otherwise communicate personal data about yourself to us (e.g. during the use of our website when you fill in a form online).
We hereby process the following personal data in the following cases:
When do we process personal data? |
What personal data? |
Personal data that you provide to us |
|
Delivery of our products The provision of personal data is necessary for the performance of the agreement. Consequently, if they are not provided, the agreement cannot be executed. |
|
Marketing campaigns and competitions The provision of personal data is not mandatory. If they are not provided, you cannot benefit from marketing campaigns or participation in competitions. |
|
Camera Surveillance |
|
Visits to our websites |
|
Personal information that we do not obtain directly from you |
|
Enrichment of your personal data obtained from external sources |
|
GPC Europe does not process sensitive data such as, among others, data concerning your racial or ethnic origin, political opinions, sexual preferences and health.
In principle, we also do not aim to collect personal data from persons under the age of 16. These young people may not transmit personal data to us or provide a consent form without the consent of the person who has parental responsibility.
Why do we process personal data and on what legal basis?
We process personal data for multiple purposes, processing only those personal data that are necessary to achieve the intended purpose.
When processing your personal data, the provisions of the AVG and all other applicable provisions relating to privacy legislation are complied with. Our processing activities are always based on one of the six possible legal grounds, as stated in Art. 6 AVG.
Generally, these are the following legal grounds:
- In the context of the preparation or performance of our contract;
To comply with legal or regulatory provisions to which we are subject;
when we have a legitimate interest to do so, in which case we will always strive to achieve a balance between this interest and respecting the privacy of the data subject; and when we have obtained your consent.
Specifically, your personal data may be processed by GPC Europe for the following purposes, based on the following legal grounds:
Processing purposes for which the personal data is intended |
Legal basis for processing |
in order to process and execute your request for our products |
as part of the preparation or execution of our contract |
for our customer administration |
as part of the preparation or execution of our contract |
to offer you the best service |
as part of the preparation or execution of our contract |
to improve the content of our products, services and our website |
our considered legitimate interest |
for direct marketing purposes |
our considered legitimate interest (customers) or your consent (non-customers) |
for the sale and promotion of our services and products |
our considered legitimate interest |
to keep studies, tests and statistics |
our considered legitimate interest |
for the management of our websites |
our considered legitimate interest |
to manage our contests and promotional actions |
our considered legitimate interest |
to prevent and detect abuse or fraud |
our considered legitimate interest |
to guarantee everyone's security |
our considered legitimate interest |
to inform you about (new) products and services from us and our affiliated companies (such as parent, daughter and sister companies) |
our considered legitimate interest (customers) or your consent (non-customers) |
to comply with laws and regulations |
to comply with legal or regulatory requirements to which we are subject |
How long do we keep the data?
GPC Europe does not keep personal data longer than necessary for the purpose for which it was provided. Please note that numerous (legal) retention periods result in personal data being (required to be) stored. This applies in particular to registration obligations and retention obligations relating to company law or tax law (e.g. Companies Code, Tax Code, Economic Law Code, etc.). To the extent that no retention obligation exists, personal data is routinely deleted after the purpose for which it was collected has been fulfilled.
In addition, we may retain personal data if you have granted us permission to do so or if we may need this data in the context of legal proceedings. In the latter case, we need to use certain personal data as evidence. For this purpose, we retain certain personal data in accordance with the statutory limitation period, which may be up to thirty years; however, the usual limitation period in connection with personal legal claims is ten years.
Do we pass on this personal data to third parties?
GPC Europe does not sell or transfer personal data to third parties except:
to our legal successors and other affiliated companies (such as parent, subsidiary and sister companies) for the same purposes as those stated in this privacy policy;
this is necessary for our services (e.g. to suppliers);
in relation to business transfers (in the event of a reorganization, restructuring, merger, sale or other transfer of business assets, we reserve the right to also transfer data, including personal data, provided that the receiving party agrees to process your personal data in accordance with our privacy policy);
there is a legal obligation;
there is a legitimate interest for GPC Europe or the third party involved;
you give us permission to do so.
We never pass on personal data to other parties with whom we have not concluded a processing agreement.
With these parties (processors) we will of course make the necessary agreements to ensure the security of your personal data.
Your personal data can also be shared outside Europe. GPC Europe commits itself to only appoint processors and/or processors outside the European Economic Area that offer sufficient guarantees regarding security and protection of personal data in accordance with the applicable privacy legislation. If a transfer is made to a country outside the EU, for which the European Commission has not determined that the country provides an adequate level of protection, the transfer is always subject to an agreement that meets all the requirements for transfers to third countries, such as the approved standard data protection clauses adopted by the European Commission. You can consult the standard provisions adopted by the European Commission at the following hyperlink: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_nl.
How do we secure your personal data?
We have taken appropriate technical and organizational measures to protect personal data from you against unlawful processing, for example, we have taken the following measures:
- all persons who can take knowledge of your data on behalf of GPC Europe are bound to secrecy;
We use a personal code to log in on all our systems;
We do an access control for the server room and the back-up room;
we pseudonymize and encrypt personal data when appropriate;
we make backups of the personal data in order to be able to restore them in case of physical or technical incidents;
we regularly test and evaluate our measures;
our employees are informed about the importance of protecting personal data.
What are your rights and how can you exercise them?
Right of access (article15 of the AVG) |
You have the right to access (free of charge) the data concerning yourself. You can ask us: Whether we process personal data about you; |
Right to rectification (article 16 AVG) |
You have the right to have incomplete, incorrect, inappropriate or outdated personal data corrected. To do so, you can contact us in the manner set out below. |
Right to erasure of data (‘right to be forgotten’) (article 17 AVG) |
You may ask us to delete your data under certain conditions. In this case, however, you should take into account that we will no longer be able to provide you with a service if you so wish. However, your right to oblivion is not absolute. We have the right to continue to keep your data when this is necessary for, among other things, compliance with a legal obligation or the establishment, exercise or substantiation of a legal claim. |
Right to restriction of processing (article 18 AVG) |
You have the right to ask us to restrict the processing of personal data if one of the following conditions applies: the personal data in our possession is not accurate; |
Right to data portability (article 20 AVG) |
You have the right to ask us to obtain all of your personal data in a structured, common and machine-readable form and, as far as technically possible, to have us transfer it to another controller, provided that both conditions are met: it concerns personal data that we have processed on the basis of your consent or on the basis of a contract; and |
Right to object (article 21 AVG) |
You have the right, for reasons specifically applicable to you, to object to the processing of your personal data. To object to the use of your personal data for direct marketing purposes, you do not need to provide a reason. In other words, you may object at any time. In that case, your personal data will no longer be processed for direct marketing purposes. |
The right not to be subject to automated individual decision-making |
You have the right to object to exclusive automated processing of your personal data, including profiling, which has legal consequences for you. However, if the processing is permitted by law or is necessary for the establishment or performance of the supplies of our products or services, we may not comply with a request not to be subject to automated individual decision-making. |
Right to withdraw your consent (article 7 AVG) |
Where your personal data is processed on the basis of your consent, you may withdraw this consent at any time upon simple request (without prejudice to the lawfulness of the processing on the basis of the consent before its withdrawal). |
Exercising your rights
To exercise the above rights, please contact: privacy@gpceurope.com. In order to verify your identity, we ask you to enclose a copy of the front of your identity card.
Controller
Your personal data is processed by GPC Europe who is the data controller ('data controller'). This means that we determine the purpose and means of processing your personal data.
How to contact us?
If after reading our privacy policy, or in a more general sense, you have any questions about it or wish to contact us, you can do so using the contact details below:
GPC Europe BVBA
Careelstraat 2
8700 Tielt
privacy@gpceurope.com
You have the right to complain to the Data Protection Authority, this is the supervisory authority in the field of privacy protection:
Data Protection Authority ('GBA')
Drukpersstraat 35
1000 Brussel
+32 (0)2 274 48 00
contact@apd-gba.be
https://www.gegevensbeschermingsautoriteit.be/
Modification of privacy policy
GPC Europe can change this privacy policy. We invite you to always consult the latest version of this policy on our website. Of course we will inform you of any substantive changes through our website or other common communication channels.