Privacy policy
1. The importance of data protection
Paleo BV (“Paleo”, “we”, “us”, “our”) acknowledges the importance of proper protection of the data it processes, in particular personal data. On the basis of this policy, Paleo wants to establish at a strategic level how your personal data is protected, which responsibilities have been assigned and which priorities Paleo has determined with regard to collecting and processing your personal data on our website (www.paleo.bio) (the “Website”) in accordance with Belgian and European data protection laws, including the EU General Data Protection Regulation 2016/679 (“GDPR”) as well as any applicable national implementing and supplementing laws.
By visiting our Website or by disclosing your personal data to us via our Website, you acknowledge that you have read this policy and that you understand the way we collect and process your personal data.
2. Who we are and how to contact us
Paleo is a company incorporated under Belgian law and acts as data controller in respect of the personal data collected via its Website:
Registered office Meilrijk 98, 3290 Diest, Belgium
Company number 0756.986.614
We have appointed a privacy contact, whom you can contact for questions about this privacy policy and the processing of your personal data.
Privacy Contact : Andy de Jong
E-mail address : info@paleo.bio
3. Scope of the privacy policy
This policy applies to the personal data collected and processed through or via our Website, as from the obtaining of the information to the eventual deletion of information within our organization.
This policy applies to all users of the Website
4. What categories of personal data do we collect?
We collect different types of personal data (depending on how you use our Website and which personal data you choose to share with us):
• Identification and contact details (such as your name, telephone number and email address);
• Professional information (such as your job function or role in an organisation);
• Technical and usage information (such as log information, including IP address; browser information; the external web page from which you come; the pages you have visited on our Website; time and duration of the pages visited; device data (for example which device you use to visit our Website), and cookies); and
• any other type of personal data you may decide to share with us through free field forms.
For more information about our use of cookies, we would like to refer you to our cookie policy.
5. What we use the personal data for, on which legal basis and for how long?
Depending on your use of the Website we may process your personal data for the purposes specified hereunder.
Purpose
Type of personal data
Legal basis
Retention period
To manage and respond to your contact requests and questions (e.g. after you have submitted the online contact form).
To manage and respond to your contact requests and questions (e.g. after you have submitted the online contact form). Identification and contact details. Professional information. Any other type of personal
data you choose to share with us during our contact. Legitimate interest or performance of a contract (as applicable). For the duration of our interaction with each other. Your personal data will in any event
be deleted for this purpose no later than five (5) years after our last interaction.
Legitimate interest or performance of a contrac t (as applicable).
For the duration of our interaction with each other. Your personal data will in any event be deleted for this purpose no later than five (5) years after our last interaction.
To provide, operate maintain, protect and improve our Website.
Technical and usage information. Any feedback you choose to provide us.
To provide, operate maintain, protect and improve our Website. Technical and usage information. Any feedback you choose to provide us. As applicable, legitimate interest or consent (as given via the cookie
banner on our Website). The consent you give is always free. You have the right, at any time and free of charge, to withdraw your consent by sending an email to:
info@paleo.bioAnother legal basis as is applicable pursuant to our cookie policy. The retention period varies from as long as the duration of a Website-visit, to as long as your
consent is not withdrawn (as applicable). Reference is made to our cookie policy.
The retention period varies from as long as the duration of a Website-visit, to as long as your consent is not withdrawn (as applicable). Reference is made to our cookie policy.
To carry out recruitment and selection activities.
Identification and contact details. Professional information. Any other type of personal data you choose to share with us during your application (such as CV, cover letter). Legitimate interest or performance
of a contract (as applicable). Your personal data will be deleted within four (4) weeks after the application process, unless: – you are hired (in which case our internal privacy statement for employees
applies); or – you agree to be included in our talent pool (see below). Please note that we may keep your personal data for a maximum of five (5) years if we reasonably believe there is a prospect of litigation
or claim from you in relation to the application process. Such personal data will only be used for the purposes of defending ourselves against such possible litigation or claim from you.
Legitimate interest or performance of a contract (as applicable).
To carry out recruitment and selection activities. Identification and contact details. Professional information. Any other type of personal data you choose to share with us during your application (such as CV,
cover letter). Legitimate interest or performance of a contract (as applicable). Your personal data will be deleted within four (4) weeks after the application process, unless: – you are hired (in which case
our internal privacy statement for employees applies); or – you agree to be included in our talent pool (see below). Please note that we may keep your personal data for a maximum of five (5) years if we
reasonably believe there is a prospect of litigation or claim from you in relation to the application process. Such personal data will only be used for the purposes of defending ourselves against such possible
litigation or claim from you.
To create a talent pool for future vacancies and recruitment purposes.
Identification and contact details. Any documents and information you choose to share with us during your application (such as CV, cover letter).
Consent You have the right, at any time and free of charge, to object to the processing of your personal data, by sending an email to: info@paleo.bio
Up to five (5) years after obtaining your consent. Your personal data will in any event be deleted in the event you withdraw your consent.
For direct marketing purposes (such as to send promotional emails and newsletters about our products, including about special offers and other information which we think might interest you).
Identification and contact details.
Consent You have the right, at any time and free of charge, to object to the processing of your personal data for direct marketing purposes, by sending an email to: info@paleo.bio
As long as your consent is not withdrawn.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes determined in the table above, and for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or the organization you work for. Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed in a file.
The applicable retention periods that apply to each processing activity are set out in the table above.
6. Data Security
Paleo is committed to trying to make sure that your personal data is secure and makes all reasonable and appropriate efforts to protect the confidentiality of your personal data. We have implemented appropriate technical and organizational measures, safeguards and assurances to process your personal data in accordance with the GDPR, in particular to protect your personal data against loss, misuse, or unauthorized alteration or destruction.
Please contact us if you would like more information on the specific measures taken.
Despite the measures taken by us, you should be aware that there are always risks associated with sending personal data over the internet. The security and protection of your personal data can never be fully guaranteed, nor can we guarantee that unauthorized third parties will never be able to defeat those measures or use your personal data for improper purposes.
7. Personal data of third parties
If you share any personal data of third parties with us, you guarantee that you have informed those third parties and you have received all necessary consents to communicate the third parties’ personal data to Paleo.
8. Who do we share personal data with?
Paleo may share your personal data, as required for the purposes set forth in section 5, with:
• affiliated entities and subsidiaries;
• third party service providers (such as IT service providers, security providers, or hosting providers);
• professional advisers (such as lawyers or auditors); and
• third parties to whom we intend or choose to sell, transfer or merge (parts of) our shares, business or assets.
Besides the above categories of recipients, we only share your personal data with companies other than Paleo, provided we have your permission for this. Be aware that when you click on a social media button, the privacy policy of this provider applies.
For legal reasons we may have to share your personal data in order to comply with a legal obligation, or if we determine in good faith that such disclosure is required in order to comply with any pending judicial inquiry, judicial order or litigation and/or to safeguard our rights.
We may also share your personal data with (sub-)processors on a “need-to-know” basis, that process personal data on behalf of Paleo. These processing operations are recorded in a processing agreement between Paleo and the (sub-)processor that meets the requirements of the GDPR. We require all our processors or sub-processors to take appropriate technical and organizational (including security) measures to protect your personal data in line with our policies. We do not allow our processors or sub-processors to use your personal data for their own purposes.
Upon request, Paleo shall, as soon as possible after the request, inform you of the third parties with whom your personal data have been shared by providing you a more detailed list.
9. Your rights
You can ask us:
• What data we have about you;
• What is the purpose of a particular processing operation;
• Who processes your personal data.
Within the limits defined in the GDPR, you have the right:
• To obtain confirmation from us as to whether or not we are processing your personal data, to access that personal data and how and why it is being processed, as well as to receive a copy of your personal data that we process for a specific purpose (“right of access”);
• To submit a request to delete your data (“right to erasure”, ”right to be forgotten”);
• To ask us to stop processing your personal data (if you have a valid and legal reason for this) (“right to object”);
• To ask us to correct your personal data or to complete it (“right to rectification”);
• To obtain the personal data you have provided to us in a structured, commonly used and machine-readable form, and to transfer (have transferred) that personal data to another controller (“right to portability”);
• To have the processing restricted (“right to restriction”).
The exercise of your rights is in principle free of charge. Only in the event of unreasonable or repeated requests, we may charge a reasonable administrative fee. We will always inform you of the applicable fee before charging it.
In your request, make sure to clearly specify which right you wish to exercise so we can help you as efficient as possible. Please note that in some case we may require you to give more information about yourself to ensure that we are dealing with the correct person.
If you contact us to exercise your rights, we will respond within 1 month. Exceptionally this may take longer (up to 3 months), but then we will inform you within 1 month of the reasons why.
10. Right to lodge a complaint with a supervisory authority
If you consider that our processing of personal data infringes the GDPR, you have the right to file a complaint with a supervisory authority, in particular in the member state of your habitual residence, the place of work or the place of alleged infringement.
In Belgium the competent supervisory authority is the Data Protection Authority (“Gegevensbeschermingsauthoriteit” “Autorité de protection des données”):
www.gegevensbeschermingsautoriteit.be
Drukpersstraat 35, 1000 Brussels, Belgium
+32 (0)2 274 48 00 contact@apd-gba.be.
However, we would appreciate the chance to deal with your concerns before you approach the authority, so please contact us in first instance.
11. Liability
If Paleo has legitimately transmitted your personal data to a third party (not being its (sub-)processor), Paleo shall not be liable for any unlawful processing or unlawful use by that third party.
Paleo is in any case only liable for the damage caused by the processing of personal data if it did not comply with its specific obligations under the GDPR and our liability shall not exceed an amount equal to the amounts actually paid out by our insurer for the damage causing event. Paleo shall in no event be liable for any special, incidental, indirect or consequential losses or damages.
The foregoing exclusions and limitations shall only apply to the maximum extent permitted by applicable law.
12. Changes to this privacy policy
Paleo may amend this privacy policy at all times. Any changes we may make to our privacy policy will be indicated on the Website. The date of the most recent version is shown below. Please review our privacy policy periodically to stay informed of changes that may affect you.
Amended versions of this privacy policy take effect immediately after their publication on the Website.
13. Applicable law and competence
This privacy notice shall be governed, interpreted, and implemented in accordance with Belgian laws.
The courts in Leuven are exclusively competent to decide on any dispute that may arise from the interpretation or implementation of this privacy policy, without prejudice to the data subjects right to present a dispute before a competent court on the basis of a mandatory statutory provision.
14. Contact information
If you have additional questions about the processing of personal data, or if you want to submit a request to exercise your legal rights (as set out in section 9), you can send us an email at info@paleo.bio.
Last updated: 23.04.2024