1.1. This is the general privacy statement of Hospidex NV, with its registered office at Grijpenlaan 23, 3300 Tienen, Belgium and registered at the Crossroads Bank for Enterprises under number 0442.014.647, telephone number: +32 16 77 89 31, e-mail: firstname.lastname@example.org ('Hospidex') and / or its associated companies according to the Belgian Company Code (hereinafter referred to together or separately as the 'Hospidex Group').
1.2. This privacy statement applies to all Hospidex Group operations (including those on the website http://hospidex.eu) (hereinafter referred to as the 'Website'), unless it is expressly stated that another more specific privacy statement applies.
1.3. Hospidex Group provides solutions in specific healthcare domains through the distribution of medical devices and related health products. These solutions are intended for end-users in the home environment, such as patients and consumers, and for professional users, such as hospitals, care and nursing homes, pharmaceutical companies and distributors such as medical shops, distribution partners and pharmacies,... In this context, Hospidex Group works with suppliers, distribution partners, clients acting as trade intermediaries and end-users.
1.4. This privacy statement is provided to you electronically or on paper and is always available under the 'Privacy statement' section of the Website.
1.5. The aim of this Hospidex Group privacy statement is to inform you, as you are a data subject of the personal data that is processed by the Hospidex Group. The Hospidex Group can change this privacy statement at any time, so make sure to consult it regularly. All privacy statement updates are published on the Website. They automatically take effect on the date of publication on the Website, which is stated at the bottom of the privacy statement.
2. Legal framework
2.1. The Hospidex Group acts as the controller when processing your personal data or personal data about others you communicate to the Hospidex Group directly or indirectly (for example, via the Website, by e-mail or personal contact) ('Personal Data').
2.2. This privacy statement is subject to regulations to protect Personal Data, such as:
(i) The Law of 30 July 2018 on the protection of privacy in terms of personal data processing;
(ii) The General Data Protection Regulation (EU) 2016/679 (GDPR) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
(iii) All other applicable rules and regulations on the protection of privacy and the processing of personal data.
(hereinafter referred to together or separately as the 'Privacy Law'.)
2.3. This privacy statement generally applies to all operations of the Hospidex Group and therefore to, for example, all the pages of the Website. However, this privacy statement does not apply to any third-party operations or any third-party web pages that are referred to by the Website or that refer to the Website themselves, as they may be subject to other privacy statements.
3. Legal grounds and scope
3.1. The Hospidex Group has the following legal grounds for processing your Personal Data:
(i) The agreement you concluded with the Hospidex Group;
(ii) Your free, specific, informed and unambiguous consent allowing the Hospidex Group or its partners (for example subcontractors or contracting parties) to process the Personal Data. This consent can be given in any way, for example: by letter, by e-mail, in an online or offline consent form, by clicking on a link, by registering and verbally;
(iii) A legal obligation and/or
(iv) A legitimate interest of the Hospidex Group.
3.2. This privacy statement does not necessarily apply to any referenced third-party services, operations or products (including websites or applications referred to by our Website with (authorised) hyperlinks), as they may be subject to other privacy statements.
4.1 The Hospidex Group processes the Personal Data in accordance with the provisions of the Privacy Law and this privacy statement, with a view to:
(i) Carry out its respective operations as described in Article 1.2 (including the conclusion and execution of agreements in this respect);
(ii) Manage a (possible) contractual relationship with you and provide products or services in the context of this (possible) relationship;
(iii) Send information on (changes to) your purchased product;
(iv) Send sales invoices and other commercial documents;
(v) Ensure the optimal operation of the Website;
(vi) Engage in (similar or different) direct marketing about its operations, such as promotions, updates, specific offers and services, newsletters, brochures, e-mails, marketing materials and other information on the Hospidex Group or the industry that may be of interest or use;
(vii) Create personal access to the Website (an account);
(viii) Understand your needs and preferences, so that the Hospidex Group can tailor its range, products and methods better;
(ix) Achieve certain statistical purposes;
(x) Outsource the execution of the previous items to subcontractors and contracting parties;
(xi) Comply with the applicable regulations.
(hereinafter referred to together or individually as the 'Purpose').
5. Personal data
5.1. The Hospidex Group can retrieve, collect and process:
(i) Personal Data that may be useful to achieve the Purpose, such as first name, surname, address, e-mail address, telephone number, bank account number, IP address, professional interests and preferences, other information provided to the Hospidex Group and cookies;
(ii) Personal Data that is collected in the context of the operations of Hospidex Group as defined in Article 1.2.
5.2. Registration with the Website or other websites or the communication of such a registration to the Hospidex Group makes the personal data automatically accessible and available to the Hospidex Group for further use in order to achieve the Purpose.
6. Transfer to third parties
6.1. The Hospidex Group can use subcontractors or partners to handle certain processing operations, such as website hosting and other ICT objectives, etc. The Hospidex Group concludes a processing agreement with these third parties, who can access the Personal Data.
6.2. The Hospidex Group guarantees that it shall not pass on any Personal Data to third parties other than within the group (see definition in Article 1.1) and those mentioned in Article 6.1, unless:
(i) It has a legal obligation to pass on the Personal Data;
(ii) The Hospidex Group has a legitimate interest to do so.
6.3. The third parties to which the Hospidex Group can or must transfer the Personal Data according to the above categories may be based inside or outside the European Union. The provided Personal Data may therefore also be provided to companies or authorities in non-EU countries. The Hospidex Group shall not be held responsible in the context of the Personal Data transfer and cannot be held liable for further processing of the Personal Data by third parties other than the processors acting on behalf of the Hospidex Group.
7. Statements and guarantees
7.1 You guarantee that you are authorised (on behalf of the data subject) to transfer the Personal Data he or she provided to the Hospidex Group. This data may concern you, your employees, your partners and so on. You guarantee that you have obtained the required consent for the Personal Data transfer obtained above and that you shall indemnify the Hospidex Group against any claim in this regard (including compensation).
7.2 By accepting this privacy statement, you guarantee that the (Personal) Data you provide are accurate and complete.
7.3 You are aware that any violation of this provision shall be considered a serious error.
7.4 The communication of false identities, incomplete or incorrect data or data belonging to third parties that has not been authorised by the visitor / user may result in the temporary or permanent denial of visitor / user access to all or some of the Website.
8. Processing period
The Hospidex Group stores and may use the Personal Data in accordance with this privacy statement and the Privacy Law for as long as is required to achieve the Purpose and in any case up to 10 years after your last agreement with the Hospidex Group has come to an end. The Hospidex Group shall delete the Personal Data after this period.
9.1. The Privacy Law grants all people certain rights with respect to their Personal Data. All individuals are entitled to do the following in terms of their Personal Data free of charge:
(i) They can access and copy the Personal Data;
(ii) They can correct the Personal Data in case of any errors;
(iii) They can have the Personal Data deleted provided that:
a. The Personal Data are no longer necessary to achieve the Purpose;
b. Consent is withdrawn and there is no other legal basis for processing the Personal Data;
c. An objection has been made and there is no other legal basis for processing the Personal Data;
d. The Personal Data were processed without observing the rules and regulations;
e. There is a legal obligation to delete the Personal Data.
(iv) They can have the processing of Personal Data restricted;
(v) They can have the Personal Data transferred to a third party;
(vi) They can object to the processing of their Personal Data, particularly in the context of direct marketing;
(vii) They can revoke the consent that entitles the Hospidex group to process the Personal Data;
(viii) They can file a complaint with the Data Protection Authority ('Privacy Commission') if they feel that the processing of their Personal Data is in conflict with the Privacy Law.
9.2. If you provide proof of identity (a copy of front side of your identity card), you can send a written, dated and signed request to exercise the above rights and to ask further questions. You can submit your request by post to Hospidex NV, Grijpenlaan 23, 3300 Tienen, Belgium or by e-mail to email@example.com.
9.3. However, exercising your rights as explained above depends on the requirements and conditions as stipulated in the Privacy Law.
10. Storage and protection
10.1. The Personal Data are stored by the Hospidex Group or its ICT provider located in the EU.
10.2. Hospidex shall take all reasonable steps (or shall ensure that all reasonable steps are taken) to the best of its ability to protect the Personal Data against loss, destruction, alteration or unauthorized access. It shall do this by implementing technical security regulations and an adequate security policy.
10.3. You acknowledge and accept that forwarding and storing Personal Data is never without risk and consequently any damage suffered by you or the data subject due to unauthorized third-party use of the Personal Data shall never be recovered from the Hospidex Group.
10.4. If you become aware of a data leak, you shall inform Hospidex NV immediately and no later than 2 hours after detecting the data leak by calling +32 16 77 89 31 and / or by sending an e-mail to firstname.lastname@example.org.
11.1. The Hospidex Group can only be held liable for damage resulting from errors or negligence perpetrated by the Hospidex Group with regard to the processing of the Personal Data. Under no circumstances shall the Hospidex Group be held liable (i) in case of force majeure, (ii) for any indirect or consequential damage, (iii) for any damage resulting from errors, shortcomings or negligence perpetrated by you or by third parties other than the Hospidex Group's processors.
11.2. The Hospidex Group's total liability shall always be limited to EUR 1.000,00 (thousand) for any violation of this privacy statement and/or the Privacy Law.
12.1. If a provision in this privacy statement is deemed unlawful or unenforceable, it shall be amended as necessary to make it legal or enforceable while maintaining its original meaning as much as possible.
12.2. Where possible, the provisions of this privacy statement shall be interpreted in such a way that they are valid and enforceable under the applicable law. However, if one or more provisions of this privacy statement are found to be fully or partially invalid, unlawful or unenforceable, the remainder of that provision and this privacy statement shall remain in full force as if this invalid, unlawful or unenforceable provision had never been included.
13. Applicable law and competent court
13.1. You agree that any disputes between you and the Hospidex Group in connection with Personal Data and privacy matters are governed exclusively by Belgian law.
13.2. Any Personal Data disputes shall be under the exclusive jurisdiction of the courts of Leuven to the exclusion of any other court.
Tienen, 15 November 2018