Privacy Policy

1. Identity and contact details of the controller

This privacy policy applies to all personal data processed by Oscart Group NV, with registered office at Politieke Gevangenenstraat 28, 8530 Harelbeke, with company number BTW BE0426.973.115, which is the controller of this website.

The Controller attaches great importance to your privacy and therefore processes your personal data in accordance with the European Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter "GDPR") as well as any future or supplementary legislation implementing it, insofar as applicable.

For further questions or comments regarding the way we handle your personal data, you can always contact us, either by email to info@oscart.eu or by post to the aforementioned postal address.

2. What does "processing personal data" mean?

The processing of personal data (hereinafter "data") includes any processing of data that can identify you as a natural person. You can read which data this concerns in this Privacy Policy. The concept of 'processing' is very broad and covers, among other things, the collection, storage and use of your data, or the sharing thereof with third parties.

3. Which data do we process?

Below we clarify which data we may process about you. Depending on the specific situation, your preferences and the way you contact us, we do not process all of the data listed below about you.

Customers and prospects

From our customers and prospects we may, depending on the specific situation, process the following data:

• Identification and contact details (e.g. surname, first name, position, email address, telephone number, company name, address);
• Account data of the MyOscart platform (e.g. username, language preference, user rights, password, two-step verification settings);
• Electronic identification and usage data (e.g. IP address, browser type, number of failed login attempts, actions and logging on the platform);
• Order, contract, payment and invoicing data;
• After-sales and contact history (e.g. email messages, messages sent via web forms);
• Feedback, testimonials and promotional content such as photos and videos;
• Footage from security cameras (e.g. for surveillance and the protection of our company buildings).

Suppliers – service providers

From our suppliers and service providers we may additionally process the following data:

• Contractual data (e.g. company name, address, VAT number, agreement, etc.);
• Payment and invoicing data (e.g. payment card data, invoices, etc.);
• Feedback, testimonials, quotes, promotional content such as photos and videos (e.g. reviews and experiences relating to our (co)operation, testimonials, quotes, attendance at events, etc.)

Candidate employees

From candidate employees we may additionally process the following data. Of course, this will largely depend on which data you wish to provide to us yourself in connection with your application.

• Personal particulars;
• Work-related data;
• Personality data;
• Photos

4. For which purposes do we process your data?

The personal data are processed exclusively within the framework of the company and in particular for the following purposes:

• Within the framework of our core activities
• Offering, managing and securing the MyOscart platform and the user accounts
• Delivering our products and services and performing our agreements
• Communication with customers and prospects and follow-up of quotations, orders and invoicing
• Complying with administrative, accounting and tax obligations
• Sending commercial information, newsletters and invitations (subject to your consent)
• Improving and securing our services and training employees
• Participating in trade fairs and organising events
• Recruitment procedure for employees

5. On which legal bases do we process your data?

We process your data for the purposes described below and do not collect or process more, or any other types of data than those that are necessary for these purposes.

We only process your data insofar as it is based on one of the legal bases listed in the GDPR, and as set out below.

Legal obligation

Certain data are processed by us in order to comply with legal or regulatory obligations to which we are subject. For example, in the context of tax and accounting obligations or in the field of data protection.

Necessary for the performance of the agreement

Certain data are processed by us because it is necessary for entering into, performing or terminating an agreement with you as a data subject. For example, for contacting, scheduling, responding to a request or requesting information in the context of entering into a contractual relationship, but also the actual performance of the contractual assignment within the framework of our core activity, in order to provide our services to you or to receive yours.

Legitimate interest

Certain data are processed by us on the basis of our legitimate interest which, in specific cases, outweighs any possible detriment to your rights. For example, for promoting our activities to business contacts; improving the quality of our services; training employees and evaluating and keeping data and statistics relating to our activities, in the broad sense; preserving and using evidence in the context of liability, proceedings or disputes and with a view to archiving activities; and ensuring security, both online on this website and in our company buildings.

Consent

Certain data are processed by us on the basis of your consent. For example, for promoting activities to potential business contacts; the use of certain analytical or marketing cookies; the placing of photos containing personal data on our website and social media channels. Data of applicants after the recruitment procedure will only be kept subject to consent.

6. Origin of the data

Most of the data we process about you we have also obtained directly from you. Within the framework of our services, it is possible that we obtain data about you via external service providers or public sources.

7. With whom do we share your data?

We do not pass on your data to third parties, unless this is strictly necessary in light of the aforementioned purposes, or if we are legally obliged to do so.

Where necessary, we call upon external service providers (processors) to support our operational purposes such as the management of our websites and IT systems. These external service providers carry out, where applicable, certain processing of data on our behalf. We will only share your data with these external service providers to the extent necessary for the relevant purpose. The data may not be used by them for other purposes. Moreover, these service providers are contractually bound to safeguard the confidentiality of your data by means of a "data processing agreement" concluded with these parties.

Specifically, this means that we share your data, insofar as relevant to your situation, with the following third parties for the following purposes, whereby these third parties in certain cases act as processors on our behalf:

• Postal companies, transport and delivery companies if we have to send you something by post;
• Payment service providers if we receive payments from you, or vice versa;
• External representatives and consultants or any other parties involved within the framework of our main or ancillary activities;
• The processors that assist us in the IT field in operating our organisation, with a view to secure and efficient digital data management within our organisation;
• Government bodies, judicial authorities and practitioners of regulated professions such as accountants and lawyers, with a view to compliance with our legal obligations and the defence of our interests, insofar as required.

8. How long do we keep your data?

We do not keep your data longer than necessary for the purpose for which the data were collected or are processed. Since the period for which the data can be kept depends on the purposes for which the data were collected, the storage period may vary in each situation. Sometimes specific legislation will require us to keep the data for a certain period. Our retention periods are always based on legal requirements and a balancing of your rights and expectations with what is useful and necessary for fulfilling the purposes. After the expiry of the retention period, your data are erased or anonymised.

9. Where do we keep your data and how are they protected?

We provide appropriate security measures at a technical and organisational level, in order to avoid, within the framework of our activities, the destruction, loss, falsification, alteration, unauthorised access or unlawful disclosure to third parties as well as any other unauthorised processing of these data.

In addition, we also pay attention to ensuring that the processors we call upon likewise take appropriate security measures to limit the risks of incidents as much as possible.

10. What are your rights?

You have various rights with regard to the data we process about you. If you wish to invoke one of the following rights, please contact our GDPR officer via the contact details included under the first heading of this Privacy policy.

11. How can you exercise your rights?

You can exercise your rights by contacting us, either by email to info@oscart.eu or by post to Politieke Gevangenenstraat 28, 8530 Harelbeke, enclosing a copy of the front of your identity card or another document by which you can be identified. The copy will only be used to identify you in accordance with the GDPR.

12. Changes

We reserve the right to amend this Privacy policy. The most recent version is available at all times on our websites. The date on which this Privacy policy was last amended can be found at the top. In the event of a substantial change to the Privacy policy, we will, where possible, directly inform the data subjects on whom this may have an impact.