Privacy policy

DISCLAIMER

All material on this website (e.g. texts, pictures, ...) remains the property of Haacht Brewery and may not be used in a way that could cause harm to our company's image. The possibilty of downloading the logo's and packshots on the downloadpages is only meant for use in the media or for publicity purposes and for printed matters such as posters, leaflets etc.

PRIVACY POLICY

for the Protection of Third-Party Personal Data by CO.BR.HA. plc and affiliated companies

We value your privacy as highly as we value your opinions, so you can rest assured that your personal information will never be disclosed to others.

This declaration (hereinafter called ‘the declaration’) is applicable to all data subjects (apart from employees) whose personal data are processed by CO.BR.HA. plc, registered office at Provinciesteenweg 28, 3190 Boortmeerbeek, Belgium, registered under CBE-number 0403.567.015 and its affiliated companies (hereinafter also referred to as ‘CO.BR.HA.’ or ‘we’).

‘Third Parties’ include among others all contractual parties, suppliers, business partners, clients, prospects, visitors and consumers.

  1. Purpose of this Policy

The purpose of this policy is to inform you about the persona data we collect and the way they are processed by CO.BR.HA., including the corresponding rights.

This policy is drawn up in compliance with the following stipulations:

  • The Act of 30 July 2018 concerning the protection of natural persons in relation to the processing of their personal data;
  • Regulation 2016/679 of the European Parliament and the Council of 27 April 2016 with regard to the protection of natural persons in relation to the processing of personal data and on free movement of such data (also knowns as GDPR: General Data Protection Regulation).

With this declaration with regard to the protection of personal data, we warrant the following:

  • To keep you updated about the processing of your personal data and your rights;
  • That you maintain control of the personal data we process;
  • That you can exercise your rights regarding your personal data.
  1. Definitions

In light of this policy, we have defined the following terms as follows:

  • ‘Personal data’: all the information about an identified or identifiable natural person.

  • ‘Processing’: any operation or a set of operations performed upon personal data or a set of personal data, whether or not by automated means, such as collection, structuring, recording, adaptation or alteration, storage, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, combination, deletion or destruction of personal data.

  • ‘Controller’: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  • ‘Processor’: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  • ‘Data Subject’: a natural person that is identifiable directly or indirectly, especially by reference to an identifier such as a name, an identification number, an online identifier or one of several special characteristics, which expresses the physical, genetic, mental, commercial, cultural or social identity of these natural persons.

  • ‘Consent’ by the Data Subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  • ‘Personal Data Breach’: a breach of security leading to the accidental or unlawful destruction, loss, alteration, or the unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

  1. Recipients of this Policy

This declaration is applicable to the personal data processing related to:

  • Our suppliers and/or business partners;
  • Our clients and/or prospective clients;
  • Visitors of our brewery and of our website;
  • Consumers.

If we collect and process third-party personal data that you provided to us (e.g., the name and contact information of your partner, children, etc.), we kindly request you inform these third parties of the transfer of these data and the existence of this policy, so they are aware of the processing of their personal data and their respective rights.

  1. CO.BR.HA. as Controller

4.1. Controller

CO.BR.HA. is responsible for the processing of personal data collected and/or used by us.

In light of our activities, it is possible that CO.BR.HA. processes your personal data (by collection, storage, etc). We will determine the purpose (why) and means (how) of the personal data processing. As such, we are considered to be the Controller.

As Controller, we pay special attention to the protection of your privacy and your personal data, which is why we commit to taking reasonable and necessary precautions to protect your personal data against loss, theft, publication or unlawful use.

However, we maintain the right to share your personal data in compliance with the provisions stipulated in this declaration below.

Contact information of the Controller:

Controller: CO.BR.HA. plc

Email: gdpr@haacht.com

Address: Provinciesteenweg 28, 3190 Boortmeerbeek, Belgium.

4.2. Data Protection Officer

We have appointed a Data Protection Officer.

For any concerns or complaints about the processing of your personal data, you can contact the Data Protection Officer, and if you wish to exercise one of your rights as described in section 10 of this declaration.

Contact information of the Data Protection Officer: Email: gdpr@haacht.com Address: Provinciesteenweg 28, 3190 Boortmeerbeek, Belgium.

  1. Processed Personal Data

5.1. Personal data of our clients, prospective clients, suppliers, visitors or other third parties that contact CO.BR.HA. directly.

In light of our contacts with you and the implementation of our mutual agreement, we collect and process personal data relating to you.

Furthermore, we can also process personal data of your business representatives, employees and/or independent employees (hereinafter generally referred to as “you” or “your”), that you have provided to us in order to be able to contact you or to be able to implement our mutual agreement.

If you provide us with the personal data of your representatives, staff and other third parties, you are assumed to inform them of the existence and content of this declaration.

More specifically, the personal data we process relate to the following data:

  • Identification information such as name, first name, gender, function, company, etc.;
  • Contact information such as telephone number, email address, etc.;
  • Financial information such as account number, etc.;
  • Footage from the security cameras in our parking lot and inside our brewery.

Furthermore, personal data from clients and prospective clients can be collected by you directly when you purchase or place orders with CO.BR.HA., during promotional campaigns or an event of the same nature, organised by CO.BR.HA. (contests, presence of CO.BR.HA. at trade fairs and other events, etc).

5.2. Personal data of visitors to our website

When you visit our website haacht.com, we also collect your personal information. This includes:

  • Your IP-address
  • ‘Cookies’.

Cookies are small data files that are stored onto your computer by your web browser and that enable us to acquire certain information about your behaviour on our website (e.g., language selection, duration of your visit to a page, preferences, etc.). They namely facilitate the navigation on our website (by using so-called necessary cookies) but they also enable us to better adjust our website to your needs and preferences. More information on this subject can be found on our website https://haacht.com in our ‘cookie policy’.

5.3. The processing of so-called sensitive personal data

We do not collect or process any sensitive personal data, such as:

  • Personal data consisting of any racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; genetic or biometric data;
  • Personal data related to your health;
  • Personal data related to sexual behaviour or sexual orientation.

We specify that surveillance camera footage does not contain any sensitive personal data.

Should we receive said sensitive personal data, we commit to not using it and disposing of it as soon as possible.

  1. For what purposes do we require your personal data?

6.1. Offering our goods and services and the proper implementation of agreements

We process the personal data of our suppliers, partners, clients, prospective clients and when applicable, of their employees in order to offer certain services and in light of the proper implementation of the agreement we concluded or will conclude with our suppliers, partners and clients.

Part of the information we request from you is required and a prerequisite for concluding our mutual agreement, seen as it contains necessary information to implement the agreement to the best of its abilities.

6.2. Proper functioning of our company

For a company to function to the best of its abilities, we can process your personal data in order to, among others:

  • Manage our activities (for administrative purposes), to prevent risks related to our activities (for example, to comply with certain statutory requirements, to prevent risks related to money laundering, fraud, etc);
  • Manage complaints and/or inquires;
  • Simplify the implementation, conclusion and/or termination of contractual relations with our clients and/or suppliers (for example, by using your personal data that have been collected for a previous agreement, to conclude a new agreement);
  • Allow us to defend ourselves in court, exercise and warrant our rights and protect the rights of the people we represent in court, included to be used as evidence in a possible dispute (including personal data related to a transaction/contractional relation);

This fits in with our legitimate interest as a company and/or is, if needed, based on the statutory requirements that befall us (in respect of matters related to taxation, accounting evidence, etc.).

6.3. Marketing activities

Your personal data can be used in order to advertise our goods and services and/or send out newsletters, if:

  • You are already one of our clients;
  • You have given prior consent to receiving this type of communication.

Furthermore, we can organise events such as contests, where we collect your personal data in light of this event, if you choose to participate.

6.4. Security of our assets and our staff members

Based on our legitimate interest to safeguard our properties (brewery, stock, etc.) and our staff members, we chose to install a number of security cameras, on the parking lot of our brewery and at a number of our warehouses.

The footage of these surveillance cameras is recorded automatically and deleted after about 5 months. This is an approximate term and can divert somewhat, depending on the quantity of storable footage.

6.5. Website security

Based on our legitimate interest to secure our website https://haacht.com, we collect and process your IP-address.

6.6. Use of cookies

During browsing of our website haacht.com, we install cookies:

  • Required for the proper functioning of our website, based on our legitimate interest to offer you a functional website, and;
  • To analyse your browsing behaviour on our website, only with your prior consent.

If you require more information on the use of our cookies, their storage duration, etc., we refer to our cookie policy, available on our website haacht.com.

6.7. Use of social media

To increase our internet visibility and to be closer to our clients and future clients, we also have a social media presence such as Facebook, Instagram, LinkedIn and YouTube.

By visiting these websites, you can, voluntarily, share part of your personal information with us directly by contacting us, commenting and/or sharing our posts.

We also recommend reading the privacy statement these third parties have published on their websites, to be aware of how they process your personal data in their capacity as Controller.

More specifically, CO.BR.HA. processes your personal data based on the legal grounds stipulated below.

  1. What is the legal foundation for processing personal data?

We use and process your personal data only if at least one of the following conditions is met:

  • Use of your personal data is necessary for the implementation of an agreement you concluded with us or to undertake the required steps to conclude this agreement.
  • Use of your personal data in light of our legitimate interests and in compliance with your interests and rights.

This will be primarily related to:

  • The use of surveillance cameras;

  • Distribution of commercial information or advertising to existing contact persons;

  • Collection and registration of your IP-address in order to secure our website;

  • The purposes mentioned in point 6.2 of this declaration.

  • We are legally bound to process certain personal data and if required, share with the competent authorities (e.g., in light of an audit).

  • We have your free and explicit permission to use your personal data for a specific purpose.

Should you not have any relation with us yet, we will ask your consent to contact you for direct marketing purposes.

  1. With whom do we share your personal data?

  • Only the employees who require access for the implementation of their professional assignments are granted access to your personal data. They operate under our supervision and we are accountable for their actions.

  • Furthermore, we count on external suppliers for certain processing activities, in order for us to be able to offer you our goods and services, more specifically ICT-services and judicial, financial, accounting and other services. Given the fact that these third parties (could) have access to personal data, we have taken technical, organisational and contractual measures to ensure that your personal data are exclusively processed and used for the purposes mentioned in point 6 of this declaration.

  • When legally obligated, we can transfer your personal data to control authorities, tax authorities and research services.

  1. Where do we store and process your personal data?

The personal data will not be transferred outside the European Union (hereinafter ‘EU’) and/or the European Economic Area (hereinafter ‘EEA’). If CO.BR.HA. intends to store and/or process these data outside the EU or EEA, we will explicitly announce this and ensure that the same level of protection is warranted.

Should we rely upon Processors in the sense of the GDPR, personal data can be transmitted to the countries the datacentres these Processors are located.

We will conclude an agreement with these Processors, warranting the same level of protection as CO.BR.HA. for personal data stored within the EU or EEA.

  1. For how long do we store your personal data?

We will only store your personal data exclusively for as far as necessary to achieve the purposes mentioned under point 6 of this declaration. Any deviations or clarifications of this principle are explicitly indicated under point 6, with the different purposes mentioned in this declaration.

Given the fact that this necessity to store personal data depends on the type of personal data and the purpose of processing, retention periods can differ significantly.

These are the criteria we use to determine the retention periods:

  • How long do we need the personal data to be able to deliver the requested service or implement the agreement?
  • Have we established and announced a specific retention period?
  • Do we have the permission to prolong the retention period?
  • Are we subjected to a legal, contractual or similar obligation?
  • Do we need to retain the personal data for a longer time due to a (possible) dispute?
  • Do we have a legitimate interest to retain longer?

As soon as we no longer require access to your personal data to achieve the intended purpose and/or we are no longer legally required to retain them, we will delete them permanently or, if this appears to be impossible, anonymise them in our system.

  1. What are your rights?

11.1. Your rights

You have certain rights related to the processing of your personal data by CO.BR.HA. Below, you can find an overview of these rights.

11.1.1. Right to information

You have the right to be informed about the processing we perform, your respective rights and exercising these rights, at the latest at the moment of collection of your personal data. We have drawn up this declaration for that reason.

11.1.2. Right of Inspection

You have access to the personal data CO.BR.HA. processes from you and you have the right to inspect these personal data. Upon your request, we will provide you with a free copy of your personal data. You also have the opportunity to receive an answer to any inquiry you might have concerning the processing of your personal data (processing purposes, recipients, retention period, etc.).

11.1.3. Right to rectification and deletion

You have the right to request deletion or rectification of erroneous, incomplete, inappropriate or outdated personal data.

11.1.4. Right to be forgotten

You have the right to obtain a deletion of your personal data, when:

  • Your personal data are no longer required for the intended purpose, inter alia, the implementation of the agreement;
  • The object of processing is unlawful;
  • There is a justified objection against the processing.

We can, however, retain the required personal data as evidence.

11.1.5. Right to transferability

With regard to the personal data that are processed based on your consent or as result of their necessity for the delivery of the requested goods or services, CO.BR.HA. will, upon your request and for as far as this is technically possible, provide you or your appointed third party with a copy of the transferred personal data, in a digital, legible and structured format.

The privacy legislation restricts this right to the personal data that you yourself have made available to the Controller.

11.1.6. Right to data processing limitation

You have the right to request a limitation to the processing of your personal data. We can, for instance, temporarily and/or partially freeze the processing. You can permanently halt a specific processing or all processing we perform on your personal data by relying on the right to object.

11.1.7. Right to withdraw consent

If the processing is based on your consent, you have the right to withdraw that consent at all time.

11.1.8. Right to object certain processing

If you don’t agree with the way in which CO.BR.HA. processes certain personal data in function of their legitimate interests, you have the right to object. You also have the right to dispute processing of your personal data for direct marketing purposes, if you do not/no longer wish to receive this type of communication from us. Your request is taken into consideration as quickly as possible, after which we will no longer process your personal data for said purposes.

11.2. Exercise of the rights with regard to data protection

To exercise the abovementioned rights, you need to sign and date a written application, including a copy of your identity card.

If you wish to exercise the abovementioned rights or have any inquiries or complaints about the processing of your personal data, you can contact us via the following channels:

The Data Protection Officer, via email: gdpr@haacht.com.

By post to the following physical address: Provinciesteenweg 28, 3190 Boortmeerbeek, Belgium.

This application is free of charge, except for applications that are assessed by the Controller to be noticeably unfounded or excessive (namely due to their repetitive nature).

The Controller can also demand payment of reasonable costs based on the administrative costs for every additional copy that is requested.

This application to obtain a copy of the personal data is processed within 30 days. This term can possibly be prolonged with two months, depending on the complexity and number of applications. In case of a prolongation of the term, you will be notified thereof and the reasons will be communicated as such.

The Controller will notify third parties the personal data was communicated to of every executed rectification, deletion or limitation, if this is not considered unreasonable and/or it does not require a disproportionate effort.

If you believe that CO.BR.HA. did not respond to your application, if you would like to discuss the exercise of your rights or if you are of the opinion that the processing of your personal data does not comply with legislation, you can lodge a complaint with the Belgian Data Protection Authority.

Below you can find the information of the Belgian Data Protection Authority:

Drukpersstraat 35, 1000 Brussels

Telephone: +32.2/274.48.00

Email: contact@apd-gba.be

Website: https://www.gegevensbeschermingsautoriteit.be

  1. Personal Data Security

Your personal data are considered strictly personal. CO.BR.HA. takes proper technical and organisational measures to protect the personal data against destruction, loss, unintentional alteration, damage, accidental or unlawful access or any other unjustified data processing.

In case of a breach of the personal data (for instance, destruction, loss, alteration, accidental or illegal access, etc.) within CO.BR.HA. and if this breach of the personal data appears to be of high risk to your rights and liberties, we will notify you as soon as possible.

  1. Notification and Modification of this Policy

This declaration is posted to the CO.BR.HA. plc website and affiliated companies.

CO.BR.HA. maintains the right to modify this declaration and to update it at any time. The modification date will be updated, following all important modifications.

We encourage you to consult this declaration regularly, to stay updated about the way we process and protect your personal data.

Version: May 2020