PRIVACY POLICY

Object

This Policy is established by Panora.me located at 13 avenue Jules Bordet, 1140 Brussels, listed under the registration number: BE 0658.757.979 (hereinafter referred to as "the controller").

The purpose of this Policy is to inform visitors to the website hosted at the following address: panora.me (hereinafter referred to as the "website") in the manner in which the data are collected and processed by the controller.

This Policy is in line with the controller's desire to act in a transparent manner, in compliance with its national provisions and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation").

The controller pays particular attention to the protection of the privacy of its users and therefore undertakes to take the reasonable precautions required to protect the personal data collected against loss, theft, disclosure or unauthorised use.

Personal data" is defined as all personal data relating to the user, i.e. any information that makes it possible to identify him/her directly or indirectly as a natural person.

If the user wishes to react to any of the practices described below, he or she may contact the controller at the postal address or email address specified in the "contact data" section of this Policy.

What data do we collect?

The controller shall collect and process, in accordance with the methods and principles described below, the following personal data:

  • its domain (automatically detected by the controller's server), including the dynamic IP address;

  • its name, e-mail address & phone number if the user has previously disclosed it, for example by sending messages or questions to the website, communicating with the controller by e-mail, participating in discussion forums, accessing the restricted part of the website by identification, etc.;

  • all information concerning the pages that the user has consulted on the website;

  • any information that the user has voluntarily provided, for example in the context of information surveys and/or registrations on the website, or by accessing the restricted part of the website through identification.

The controller may also collect non-personal data. These data are qualified as non-personal data because they do not make it possible to identify directly or indirectly a particular person. They may therefore be used for any purpose whatsoever, for example to improve the website, the products and services offered or the advertisements of the controller.

The following data are collected via cookies:

  • user’s selected language

  • user’s preferences when playing embedded videos from Vimeo

  • unique ID to generate statistical data on how the user uses the website (Google Analytics)

  • Facebook cookie

  • LinkedIn cookie

In the event that non-personal data are combined with personal data, so that identification of the data subjects is possible, these data will be treated as personal data until their connection with a particular person is made impossible.

Collection methods

The controller collects personal data in the following way:

  • Automatic detection (IP address)

  • Form submission by user (name, e-mail address & phone number)

Purposes of the processing operation

  • Personal data are collected and processed only for the purposes mentioned below:

  • ensure the management and control of the execution of the services offered;

  • sending and tracking of quotations;

  • sending promotional information on the products and services of the controller;

  • sending promotional material;

  • answer the user's questions;

  • produce statistics;

  • improve the quality of the website and the products and/or services offered by the controller;

  • transmit information on new products and/or services of the controller;

  • for commercial prospecting actions;

  • allow a better identification of the user's interests.

The controller may be required to carry out processing operations not yet provided for in this Policy. In this case, he will contact the user before reusing his personal data, in order to inform him of the changes and give him the possibility, if necessary, to refuse such reuse.

Legitimate interests

Some of the processing operations carried out by the controller are based on the legal basis of the legitimate interests of the controller. These legitimate interests are proportionate to the respect of the user's rights and freedoms. If the user wishes to be informed of the details of the purposes based on the legal basis of legitimate interests, it is recommended to contact the controller (see point on "contact data").

Retention period

In general, the controller shall keep personal data only for as long as is reasonably necessary for the purposes pursued and in accordance with legal and regulatory requirements.

A customer's personal data shall be kept for a maximum of 10 years after the end of the contractual relationship between the customer and the controller.

At the end of the storage period, the controller shall make every effort to ensure that the personal data have been made unavailable and inaccessible.

Enforcement of rights

For all the rights listed below, the controller reserves the right to verify the identity of the user for the application of the rights listed below.

This request for additional information will be made within one month of the user's submission of the request.

Data access and copying

The user may obtain free of charge the written communication or a copy of the personal data concerning him/her that have been collected by the controller.

The controller may require the payment of a reasonable fee based on administrative costs for any additional copies requested by the user. When the user makes this request electronically, the information shall be provided in an electronic form in common use, unless the user requests otherwise.

Unless otherwise provided for in the general data protection regulation, the user will be provided with a copy of his data no later than one month after receipt of the request.

Right of rectification

The user may obtain free of charge, as soon as possible, the rectification of his personal data which are inaccurate, incomplete or irrelevant, as well as their completion if they prove to be incomplete.

Unless otherwise provided for in the general data protection regulation, the request for application of the right of rectification shall be processed within one month of its introduction.

Right to object to the processing operation

The user may at any time, for reasons relating to his particular situation, object free of charge to the processing of his personal data, when:

  • the processing is necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller;

  • the processing is necessary for the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data (in particular where the data subject is a child) prevail.

The controller may refuse to exercise the user's right of opposition when he establishes the existence of compelling and legitimate grounds justifying the processing, which take precedence over the interests or rights and freedoms of the user, or for the establishment, exercise or defence of a legal claim. In the event of a dispute, the user may lodge a complaint in accordance with the "Complaint" section of this Policy.

The user may also, at any time, object, without justification and free of charge, to the processing of personal data concerning him/her when his/her data are collected for commercial prospecting purposes (including profiling).

Where personal data are processed for scientific or historical research or statistical purposes in accordance with the general data protection regulation, the user has the right to object, on grounds relating to his particular situation, to the processing of personal data relating to him, unless the processing is necessary for the performance of a task in the public interest.

Except where otherwise provided for in the general data protection regulation, the controller must reply to the user's request as soon as possible and at the latest within one month and give reasons for his reply if he intends not to comply with such a request.

Right to limitation of processing

The user may obtain a limitation on the processing of his or her personal data in the cases listed below:

  • when the user disputes the accuracy of a data and only for as long as the controller can check it;

  • when the processing is unlawful and the user prefers the limitation of the processing to deletion;

  • when, although no longer necessary for the purposes of the processing operation, the user needs it for the establishment, exercise or defence of his rights in court;

  • for the time necessary to examine the merits of an opposition request submitted by the user, in other words, for the controller to check the balance of interests between the legitimate interests of the controller and those of the user.

The controller will inform the user when the processing restriction is lifted.

Right to erase (right to be forgotten)

The user may obtain the deletion of personal data concerning him/her, when one of the following reasons applies:

  • the data are no longer necessary for the purposes of the processing operation;

  • the user has withdrawn his consent for his data to be processed and there is no other legal basis for the processing;

  • the user objects to the processing and there are no compelling legitimate grounds for the processing and/or the user exercises his specific right of opposition in matters of direct marketing (including profiling);

  • the personal data have been unlawfully processed;

  • personal data must be erased in order to comply with a legal obligation (under Union law or the law of the Member State) to which the controller is subject;

  • personal data have been collected in the context of the provision of information society services for children.

However, the deletion of data shall not apply in the following cases:

  • where the processing is necessary for the exercise of the right to freedom of expression and information;

  • where the processing is necessary for the purposes of complying with a legal obligation requiring processing under Union law or the law of the Member State to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  • where the processing is necessary for reasons of public interest in the field of public health;

  • where the processing is necessary for archival purposes in the public interest, for scientific or historical research or for statistical purposes and provided that the right to erasure is likely to render impossible or to seriously jeopardise the achievement of the objectives of the processing in question;

  • where the processing is necessary for the establishment, exercise or defence of legal claims.

Except where otherwise provided for in the general data protection regulation, the controller must reply to the user's request as soon as possible and at the latest within one month and give reasons for his reply if he intends not to comply with such a request.

Right to "data portability"

The user may at any time request to receive his personal data free of charge in a structured, commonly used and machine-readable format, with a view in particular to forwarding them to another controller, when:

  • the data processing is carried out using automated processes; and when

  • the processing is based on the consent of the user or on a contract concluded between the user and the controller.

Under the same conditions and in the same way, the user has the right to obtain from the controller that his personal data be transmitted directly to another controller of the processing of personal data, insofar as this is technically possible.

The right to data portability shall not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Recipients of data and disclosure to third parties

The recipients of the data collected and processed are, in addition to the controller himself, his employees or other subcontractors, his carefully selected business partners, located in Belgium or in the European Union, who collaborate with the controller in the context of the marketing of products or the provision of services.

In the event that the data are disclosed to third parties for direct marketing or commercial prospecting purposes, the user will be informed in advance so that he/she can choose to accept the transfer of his/her data to third parties.

As long as this transfer is based on the user's consent, the user may, at any time, withdraw his consent for this specific purpose.

The controller complies with the legal and regulatory provisions in force and will in all cases ensure that its partners, employees, subcontractors or other third parties having access to such personal data comply with this Policy.

The controller shall disclose the user's personal data in the event that a law, judicial procedure or an order from a public authority makes such disclosure necessary.

No transfer of personal data outside the European Union shall be made by the controller.

Safety and security

The controller shall implement appropriate technical and organisational measures to ensure a level of security of the processing and data collected with regard to the risks represented by the processing and the nature of the data to be protected appropriate to the risk. It takes into account the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the processing operation as well as the risks to users' rights and freedoms.

The controller has put in place appropriate security measures to protect and avoid the loss, misuse or alteration of the information received on the website.

In the event that the personal data that the controller controls are compromised, he will act quickly to identify the cause of the violation and take appropriate remedial measures.

The controller shall inform the user of this incident if required by law.

Complaint

If the user wishes to react to any of the practices described in this Policy, it is advisable to contact the controller directly.

The user can also lodge a complaint with his national supervisory authority, whose details are available on the official website of the European Commission: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

In addition, the user has the possibility to bring a complaint before the competent national courts.

Data Protection Officer

Contact details

The Data Protection Officer of the controller is Antoine MAROT.

For any questions and/or complaints regarding this Policy, the user may contact the controller:

By email: dpo@panora.me

By mail:

Panora.me

Av. Jules Bordet, 13

1140 Brussels

BELGIUM

Modification

The controller reserves the right to modify the provisions of this Policy at any time. The changes will be published directly on the website of the controller.

Applicable law and competent jurisdiction

This Policy shall be governed by the national law of the principal place of business of the controller.

Any dispute relating to the interpretation or execution of this Policy shall be submitted to the courts of such national law.

This version of the Policy is dated 30/09/2018.