1. Who are we ?
- Name: Ohana Consultancy SRL (the ‘Company’, ‘we, us’, ‘our, ours’)
- Registered address: 54 Avenue Louise, Brussels, 1050
- Business number: 0733.605.159
- VAT number: TVA BE 0733.605.159
- Website: www.ohanapublicaffairs.eu (the ‘Website’)
- Details of the data controller: Ms Pascale Moreau – email@example.com
2. Who are the Data Subjects ?
2.1. We process the personal data of:
- Our clients, natural persons.
- Our clients’ representatives.
- Our suppliers’ representatives.
- Our partners’ representatives.
- Individuals applying for employment with, or to carry out freelance work for, the Company.
- Users of our Website or our social networks, where applicable, and visitors to our work premises, including our partners’ facilities.
- Any natural person who contacts us for information about our services.
(the ‘Data Subject(s)’, ‘you’, ‘your, yours’).
3. What is our commitment to data protection ?
We commit to making our best effort to ensure that personal data is processed in accordance with applicable personal data protection legislation, including Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (‘GDPR’) and the law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, as modified, supplemented or replaced from time to time (‘Applicable Data Protection Legislation’).
4. For what purposes do we process your personal data ?
4.1. If you are the representative of one of our clients, we process:
- Your personal identification data, your professional identification data, and your contact data in order to begin, manage, and maintain our business relationship with our clients.
- Your personal identification data and your professional identification data to allow us to invoice our clients.
- Where applicable, your personal identification data, your professional identification data, and your contact data to send marketing communications.
4.2. If you are the representative of one of our suppliers, we process your personal identification data, your professional identification data, and your contact data in order to manage our business relationship with our suppliers.
4.3. If you are a candidate for a position with us, as an employee or a freelancer, we process your personal identification data, your professional identification data, your contact data, data relating to your professional life (skills, qualifications, experience, etc.), and personal data contained in your curriculum vitae to assess your profile with regard to our recruitment needs and to get back in contact with you.
4.4. If you use our Website, we may process electronic identification data relating to you on an aggregated basis in order to count visits to our Website, to improve the user experience, and to detect and prevent fraud and security breaches.
4.5. If our work premises are equipped with surveillance cameras, we are able to request access to images of you only when this access is necessary to pursue our legitimate interest in detecting offences and antisocial behaviour and to the extent permitted by the applicable law.
4.6. We may also process certain types of your personal data for the following purposes:
- Carrying out internal and external audits, in particular with the aim of improving our services.
- Managing legal disputes with Data Subjects and when processing is necessary for the establishment, exercise, or defence of legal claims.
5. In what capacity do we process your personal data ?
We process your personal data in the capacity of the data controller. In this context, we determine the purposes for which and means by which your data is processed, in accordance with Applicable Data Protection Legislation.
6. On what basis do we process your personal data ?
6.1. It may be necessary to provide your personal data:
- When executing a contract to which the Data Subject is a party or when carrying out precontractual measures at your request (for example, in the case of an application for a position within the Company or the submission of an offer).
- When complying with a legal obligation that applies to us (for example, in terms of accounting, taxation, prevention of money laundering, etc.).
- When pursuing our legitimate interests (or those of a recipient of the data) only if these interests override your fundamental rights and freedoms.
6.2. We ask for your prior, free, and informed consent before processing of certain types of your personal data (for example, each time the processing of your data entails the transfer of your image rights).
6.3. Our capacity to provide our services to you or to carry out our activities depends on your providing some of your personal data (for example, your personal identification data, etc.).
6.4. The possible consequences of not providing your personal data may include our inability to provide our services or carry out our activities, or a breach by us of one or more of our obligations under applicable legislation (for example, accounting and taxation or money laundering prevention legislation, etc.)
7. Where does your personal data come from ?
The personal data that we process may come from the following sources:
- Directly collected from you, for example, when you first make contact with us.
- From publicly accessible information (on the Internet), for example, when we verify the profile of candidates for a position within the Company.
- Through our Website.
8. Who has access to your personal data ?
The following recipients may receive or have access to certain types of your personal data (only if this is necessary for the performance of their duties):
- Members of our staff who are responsible for the commercial and administrative monitoring of files and clients have access to the personal identification data, the professional identification data, and the contact data of our clients and our clients’ representatives.
- Members of our team who are responsible for the follow-up of our suppliers and our partners have access to the personal identification data, professional identification data, and contact data of our suppliers’ and our partners’ representatives.
- Our legal advisors, accountants and lawyers have access to certain types of personal data of Data Subjects as part of operations to restructure our activities or in the event of legal disputes.
9. How do we manage the transfer of personal data with regard to our subcontractors and partners ?
9.1. We take appropriate measures to ensure that, if required, our subcontractors and partners process your personal data in accordance with Applicable Data Protection Legislation and our own standards.
9.2. We ensure, among other things, that our subcontractors and partners commit to only process personal data on the basis of and following our instructions, not to hire another subcontractor without our prior authorisation, to take appropriate technical and organisational measures to guarantee the security of personal data, to guarantee that persons authorised to access the personal data are subject to adequate confidentiality obligations, to return and/or destroy the personal data that they process once they are no longer of use, to comply with audits and to assist us in ensuring that requests of Data Subjects with regard to the exercise of their personal data rights are followed up.
10. Where do we process your personal data ?
In the event that your personal data is transferred to countries outside of the EEA, we will make sure that the following are guaranteed:
- The country to which your personal data is transferred has been granted an adequacy decision by the European Commission under article 45 of GDPR and the transfer falls within the scope of that adequacy decision.
- We have signed, with the recipient of the personal data, a contract containing the standard contractual clauses on personal data protection adopted by the European Commission under article 47 of GDPR.
- In the event of transfer to the United States, the recipient of the personal data has been granted certification under the EU-US Privacy Shield programme established under article 45 of GDPR and the transfer falls within the scope of application of the EU-US Privacy Shield programme.
11. What are the applicable retention periods ?
11.1. We make sure that your personal data is only stored for the period that is necessary for the purpose for which it is being processed.
11.2. We retain invoices and other accounting documents (which may contain some of your personal data) for a period of seven (7) years following the date of their issue in accordance with accounting law. These accounting documents, may, if applicable, contain some of your personal identification data, some of your professional identification data, and some of your contact data.
11.3. We also use the following criteria to determine the retention period of personal data based on the context and the purpose of each processing operation:
- The date of our most recent contact.
- Security reasons (for example, the security of our information systems).
- Any current or potential disagreement or legal dispute with a Data Subject.
- Any legal obligation to retain or delete personal data (for example, an obligation to retain data imposed by an accounting or taxation law).
12. What are your rights and obligations ?
12.1. Subject to Applicable Data Protection Legislation, you have the right to information, the right to access, rectify and erase your personal data, the right to object to or restrict the processing of your personal data, the right to the portability of your personal data, and the right to withdraw your consent for the processing of all or part of your personal data.
12.2. To exercise these rights, we invite you to contact our data controller using the details set out above. In the event of any doubt regarding your identity, we reserve the right to request proof of identity in order to prevent any unauthorised access to your personal data.
12.3. You are responsible for updating your Data, by informing us, if required, of any modification.
13. What level of security do we provide ?
13.1. We take appropriate technical and organisational measures to ensure a level of security that is appropriate to the risks involved in the processing of your personal data.
13.2. We follow sector best practices to make sure that personal data are not accidentally or unlawfully destroyed, lost, altered, disclosed in an unauthorised manner, or accessed in an unauthorised manner.
14. Do you have any questions or complaints ?
You have the right to complain to the competent supervisory authority about the inappropriate processing of your personal data. The competent authority for Belgium is: The Data Protection Authority, 35, Rue de la Presse, Brussels, 1000, +32 (0)2 274 48 00, firstname.lastname@example.org.
15. Policy updates
15.1. We reserve the right to update the Policy, in particular in order to meet the requirements of any modification of applicable legislation.
15.2. Where applicable and unless otherwise specified, any modification will enter into force immediately and will govern any ongoing situation.
15.3. In the event of conflict or incompatibility between a provision of the Policy and a provision of another policy or of another document relating to personal data processing, the provision of the Policy shall prevail.