Het Nederlandse privacybeleid vindt u hier.
1.2. The Gimpex Group is responsible for the processing of your personal data obtained when you visit the website https://www.gimpex.be (hereinafter the “Website”), when you give your personal data or when the Gimpex Group obtains your personal data from third parties. As controller, we take the appropriate measures so that the processing complies with the applicable legislation on data protection, including the Regulation (EU) 2016/679 of 27 April 2016 (hereinafter the “Regulation”). The Gimpex Group employees or the processors used by the Gimpex Group who have access to your personal data are also obliged to comply with the Regulation.
2. Who are we and how can you contact us?
2.1. The Gimpex Group consists of (i) GIMPEX nv and (ii) JUNOCO nv. They jointly determine the purposes and means of processing of your personal data. Therefore, they are the joint controllers within the sense of article 26 of the Regulation. Both entities use your personal data for the same purposes as laid down hereinafter in article 3. They have decided to use the same means of processing. They also exchange your personal data between them.
2.2. Below you will find the company information and contact details of GIMPEX nv:
Legal form: Public limited company
Company name: GIMPEX
Commercial name: GIMPEX
Registered office: Godefriduskaai 12 box 201
2000 Antwerp (Belgium)
Company number: 0450.573.215
Telephone number: +32(0)3 369 26 30
Hyperlink Website: https://www.gimpex.be/
2.3. Below you will find the company information and contact details of JUNOCO nv:
Legal form: Public limited company
Company name: JUNOCO
Commercial name: JUNOCO
Registered office: Kardinaal Cardijnlaan 82 8800 Roeselare (Belgium)
Company number: 0470.976.273
Telephone number: +32(0)3 369 26 30
Hyperlink Website: https://www.gimpex.be/
3. Why do we process your personal data?
3.1. The Gimpex Group processes your personal data for the following purposes:
to contact you, to process any questions you may have and to give you the necessary information about us and our products;
customer and supplier management, to make and manage customer and supplier databases;
order management, follow-up of orders/supplies, (customer) administration, invoicing, accounting, follow-up of solvency;
to enter into and execute (sales and service) agreements for the delivery of products and services, including to offer after-sales services;
to ensure the most optimal operation of the Website;
to optimize the product and service offer of the Gimpex Group;
direct marketing, i.e. through our newsletter or any other means, send (commercial) information about our activities, products and services, such as promotions, updates, specific actions and products, newsletters, information leaflets, e-mails, marketing material or other information that may be interesting or convenient for you.
personnel and job applicant management;
the transfer to external suppliers, subcontractors and/or other contracting parties of the Gimpex Group for the execution of the previous items;
the compliance of the applicable legislation.
3.2. The processing of your personal data, on or through the Website or not, is not the object of so-called “automated individual decision-making” or profiling. Profiling is any form of automated processing of personal data evaluating the personal aspects, to analyse or predict aspects concerning the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements.
4. What is the legal ground for the processing of your personal data?
4.1. The Gimpex Group processes your personal data if:
it is necessary to enter into and/or execute agreements with you or at your request before entering into such an agreement to take specific measures or perform specific actions; or
you have given us your permission; or
it is necessary to defend the justified interests of the Gimpex Group (for example, for direct marketing), unless your interests or rights with respect to the protection of personal data prevail over our interests. Our justified interests consist, inter alia, in our necessity to inform you and send you publicity (for example, through direct marketing) on our products, for example, through publicity on new collections or events we organize, through newsletters, etc.; or
it is a legal obligation.
5. Which personal data do we process and how?
5.1. We process the following personal data:
your identification data: nationality, name, first name, address, telephone number, e-mail address, company number;
your financial information, bank account and/or other payment information;
your accounting information;
in case of personnel or job applicants management: also your date of birth, place of birth, gender, marital status and information about your education and/or your career;
information which is publicly available, for example because it is generally known in your area, because it was published or because it forms part of public databases to which Gimpex Group is subscribed (for example, the Crossroads Bank for Enterprises, Companyweb and similar databases, etc.).
Personal data are only processed insofar you provided them to us (for example, through the Website) or in case they are publicly available as mentioned above, always for the purposes as referred to in article 3.
5.3. The Gimpex Group may also obtain your personal data from third parties. In the first place, it is possible through suppliers, commercial agents and distributors who cooperate with the Gimpex Group. It is also possible if you published your personal data on your website, your blog or through publicly accessible social media profile(s). It is also possible because the information was published in the press or because it forms part of public databases or databases to which the Gimpex Group is subscribed (for example, the Crossroads Bank for Enterprises, Companyweb and similar databases, etc.).
5.3. The processing of the above-mentioned (personal) data is necessary for the purposes as laid down in article 3 above.
6. Who else receives and/or processes your personal data (apart from the Gimpex Group)?
6.1. The following (categories of) companies, institutions or entities receive and/or process your personal data (whether or not as controller by order of the Gimpex Group):
suppliers, external service providers or subcontractors used by the Gimpex Group, who receive and/or process your personal data in the context of the delivery of products and services by and of the Gimpex Group (for example, manufacturers, licensors, suppliers, independent managers and management companies and their employees, distributors, commercial agents, carriers, logistic partners, ICT-service providers, etc.);
affiliated companies of the Gimpex Group;
the bookkeeper(s) / accountant(s) / auditor (s) of the Gimpex Group;
the insurance brokers (s) and/or insurers of the Gimpex Group;
the legal counsel(s) of the Gimpex Group (for example, lawyer(s), judicial officer(s));
the debt collection agencies used by the Gimpex Group;
the marketing and communication offices of the Gimpex Group;
the social secretariat used by the Gimpex Group;
6.2. The third companies or entities to which the Gimpex Group is entitled or obliged to transfer your personal data may be established inside or outside the European Union.
If the Gimpex Group transfers your personal data to an entity outside the European Union, it will do this first to entities established in countries on which the European Commission has taken an adequacy decision as referred to in article 45.1 of the Regulation.
In the second place, the Gimpex Group may also transfer your personal data to an entity established in a country outside the European Union on which the European Committee has not yet taken an adequacy decision as referred to in article 45.1 of the Regulation. In that case, Gimpex Group offers appropriate safeguards about the processing of your personal data. These appropriate safeguards consist in entering into agreements with the entity (entities) concerned in accordance with the standard contract clauses on data protection as laid down by the European Committee in accordance with articles 46.2 and 93.2 of the Regulation. You may apply for a copy of these appropriate safeguards by sending an e-mail to email@example.com.
7. Where, how and how long do we keep your personal data?
7.1. Your personal data are kept on a secure server located in Belgium.
7.2. We will not keep your personal data longer than necessary to achieve the purposes referred to in article 3, unless specific legal provisions apply to the storage or processing of this information.
8. What are your rights?
8.2. You have the right to ask us:
to examine your personal data.
You may apply for a free copy of the information asked. If you need additional copies, the Gimpex Group may ask you to pay a reasonable fee as administration costs.
rectification of your personal data;
erasure of your personal data, unless the processing is, inter alia, required:
to comply with a legal obligation imposed on the Gimpex Group;
to bring, exercise or support a (legal) claim and/or for the defence against a claim.
restriction on the processing which refers to you.
8.3. You have the right to object to the processing of your personal data. You may at any time and free of charge object to the processing of your personal data for direct marketing.
8.4. You have the right to transfer your personal data to another controller.
8.5. If the processing of your personal data is based on your consent (see article 4 above), you have the right at any time to withdraw your consent. The withdrawal of your consent will not apply retroactively and will not affect the legitimate processing based on your consent before the withdrawal.
8.6. You may lodge a complaint with the Data Protection Authority (now still the Committee on the Protection of Privacy, Drukpersstraat 35, 1000 Brussels – e-mail: firstname.lastname@example.org).
In case of a complaint you may also contact us at email@example.com.
8.7. The provision of your personal data is a necessary condition to enter into an agreement with one of the entities of the Gimpex Group. For example, if you fail to provide your personal data, we are unable to deliver the goods to you.
8.8. The exercise of your rights, as mentioned above, depends on the requirements and conditions laid down in the Regulation.
8.9. To exercise the above-mentioned rights, you may send the Gimpex Group a request at firstname.lastname@example.org in which you have to identify yourself sufficiently.
If the Gimpex Group has reasons to doubt your identity, it may ask any additional information necessary to confirm your identity. The Gimpex Group will usually ask a copy of your identity card to verify who presents a request.
9. What are our obligations?
9.1. We take all appropriate security measures to protect your personal data. It means, inter alia, the necessary measures on access control, physical and operational security, in particular with respect to the Website and the servers of the Gimpex Group.
9.2. We keep a processing register in which also the (category) of processing of your personal data is described.
9.3. We cooperate with the competent Data protection authorities (at their request).
9.4. Where necessary and/or if obliged, we will report safety incidents and data leaks (including the unlawful processing, loss, unavailability, destruction, damage or unauthorized distribution of your personal data) immediately to the Data protection authority, within a period of 72 hours after becoming aware of it.
In case the infringement with respect to your personal data probably implies a high risk for your rights, and under the conditions referred to in the Regulation, we will also report it to you.
In case you are informed in any way of an infringement with respect to the personal data of others, you may contact the Gimpex Group at the e-mail address email@example.com.
9.5. If we use specific new technologies or applications to process your personal data, which imply probably higher risks of data protection for you, under the conditions laid down in the Regulation, we will carry out a so-called “Data Protection Impact Assessment” (DPIA) and, if required, first consult the Data Protection Authority with respect hereto.
9.6. For the installation and use of CCTV in its establishments, the Gimpex Group complies with the legislation on CCTV usage.
Questions? Please contact us: firstname.lastname@example.org.