Version 1.0
Date: 17 February 2022
This Privacy Statement is applicable to all personal data processed by Gediflora BV, whose registered office is at Schierveldestraat 14, 8840 Staden (Belgium), and whose VAT number is BE0429.207.083.
The Controller is committed to protecting the privacy of its users to the fullest extent possible. In this respect, the Controller complies with European Regulation 2016/679 of 27 April 2016 on the protection of personal data (hereinafter referred to as “GDPR”) and/or any future or additional legislation that is applicable.
The processing of personal data (hereinafter referred to as “data”) includes any processing of data that could identify you as a natural person. This may include, but is not limited to, your contact details or order history. The term ‘processing’ is very broad and covers, among other things, the collection, storage, and use of your data, or the sharing thereof with third parties.
Listed below are the data that we may process relating to you. However, depending on your individual situation, your preferences and the way in which you contact us, we do not process all of the data stated below.
The following data may be processed by us in respect of all our contacts:
We may also process the data listed below about our customers and participants in competitions or events related to our commercial activities:
We may also process the data listed below about our suppliers and service providers:
We may also process the following data listed below about prospective employees. This will obviously depend to a large extent on what data you wish to provide us with in connection with your application.
Personal data is processed exclusively within a business context and in particular for the following purposes:
We may process your data for the following purposes :
This list is not exhaustive and is subject to change.
Pre-contractual phase :
Contractual phase :
We do not disclose your data to third parties, unless this is strictly necessary for the above-mentioned purposes, or unless we are legally obliged to do so.
We use external service providers, so-called “processors”, where necessary to support our operational purposes such as the management of our websites and IT systems. These external service providers carry out specific data processing operations on our behalf if necessary. We will only share your data with these external service providers up to the extent necessary for executing the respective purpose. The data may not be used by such processors for other purposes. Furthermore, these service providers are contractually bound to guarantee the confidentiality of your data by virtue of a so-called “processing agreement” concluded with the said parties.
This means that we share your data, as far as is relevant to your situation, with the following third parties for the following purposes, whereby these third parties in certain instances act as processors on our behalf :
Personal data will be retained by the Controller for a period necessary to fulfill the purposes of processing. Thereafter, your data will be deleted or rendered anonymous.
The Controller implements appropriate technical and organisational security measures to prevent, within the scope of its activities, the deletion, loss, falsification, alteration, unauthorised access or accidental disclosure to third parties of collected personal data, as well as any other unauthorised processing of such data.
The Controller shall ensure, to the greatest possible extent, that the processors, used by the the company, also take appropriate security measures to reduce the risk of incidents.
The Controller can under no circumstances be held liable for any damage, direct or indirect, arising from a wrongful or unlawful use of your personal data by any third party.
European Economic Area
Should your data, when accessing specific services or software tools, be processed outside the EEA (European Economic Area), such processing will only occur in/to countries that have been certified by the European Commission as being able to ensure an adequate level of protection for your data, or that measures will be taken to ensure the legitimate processing of your data in any such third country.
You have certain rights relating to the personal data we use. Should you wish to invoke any of the rights set out below, please contact our GDPR responsible person by using the contact details listed under the first article of this Privacy Statement.
Right to inspect and copy
You have the legal right to access your personal data and to request a copy thereof. This provision also includes the right of requesting further information concerning the processing of your personal data, including the categories of data that are processed and the purposes for which they are processed.
Right of modification or rectification
You have the legal right to obtain without undue delay the rectification of inaccurate personal data, should you consider that we hold inaccurate data.
Right of data erasure (right to be forgotten)
You have the legal right to request that your personal data be deleted without undue delay. We may however not always be in a position to comply with such a request, e.g. if the data is still needed in order to fulfil a current contract, or if the retention of some of your personal data is required by law for a fixed period of time.
Right to restriction of data processing
You have the legal right to restrict the processing of your personal data. Processing is thus temporarily halted until, e.g., there is absolute certainty about the accuracy of the data.
Right of withdrawal of consent
Whenever the processing is based on your consent (see above under Articles 5 and 6), you have the legal right to withdraw this consent at any time simply by contacting us. For any marketing messages that you receive from us via e-mail based on your consent, you can easily withdraw such consent by clicking on the ‘unsubscribe’ link at the bottom of any such message.
Right to object
You have the legal right to object to the processing of your personal data on the basis of legitimate interest. This should be based on reasons specific to your situation. You may also object to the use of your personal data for direct marketing purposes. Marketing messages sent by e-mail will always include an option to ‘opt out’.
Right of transferability
You have the legal right to obtain your data, which you have provided to us either with your consent or in execution of a contract, delivered in electronic form. In this way, the data can easily be transferred to another organisation. You also have the legal right to request us to transfer your data directly to another organisation, provided this proves technically possible.
Right to lodge a complaint with a supervisory authority
Should you have reason to believe that that your data has been subject to improper use, you have the legal right to lodge a complaint with your data protection supervisory authority at any time.
Belgische Gegevensbeschermingsautoriteit (GBA)
Drukpersstraat 35
1000 Brussel
Belgium
You may invoke your rights by contacting us, either by sending an e-mail to celine@gediflora.be or by post to Schierveldestraat 14, 8840 Staden (Belgium), enclosing a copy of the front of your identity card or any other document that can be used to identify you. The copy will only be used to identify you in compliance with the GDPR.
We reserve the right to amend this Privacy Statement. The most recent version is always available and can be consulted on our websites at any time. At the top of this document you will find the date when this Privacy Statement was last amended. Should there be any substantial amendments to the Privacy Statement, we will, wherever possible, inform the parties concerned about such amendments immediately.