Xenics nv, with registered offices at 3001 Leuven (Belgium), Ambachtenlaan 44, VAT no. 0473.044.848, telephone: +32 16 38 99 00, as well as all affiliated companies such as sInfraRed Pte Ltd (Singapore) and Xenics USA, Inc. (USA), hereafter “Xenics”, handles personal data with the utmost care at all times.
This Privacy Statement indicates which personal data is collected and how it is used, as well as how Xenics seeks to ensure an adequate protection of the data concerned.
Xenics strives to comply with the privacy legislation and in particular with the provisions of the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereafter “GDPR” (General Data Protection Regulation) and the provisions as incorporated in the Belgian Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data.
In addition, Xenics will ensure to comply, to the extent possible, to the provisions of the implementing decisions or legislative changes that are taken in accordance with the aforementioned legislation.
Visiting the website, using the services of Xenics, purchasing products and / or goods, and any and all communication with Xenics implies the express approval (through communication of your personal data or opt-in) of the data subject of the Privacy Statement and thus the manner in which Xenics collects, uses or acquires the personal data.
1.1. Personal Data
Personal data entail any information relating to an identified or identifiable person. A natural person is considered to be “identifiable” if he can be identified, directly or indirectly, in particular by reference to an identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person. As a controller, Xenics can collect e.g. a data subject’s name, address, telephone numbers, e-mail address and IP-address and all other personal data voluntarily transferred to Xenics.
Xenics may collect this personal information from or in connection with:
- Visiting the website;
- Cooperation with Xenics or Xenics companies;
- Correspondence with Xenics;
- Visiting the buildings / establishment of Xenics or Xenics companies;
- Completing any inquiry form;
- Requesting company or product information and / or quotation (verbally or written);
- The use the data subject makes of the services of Xenics;
- Exchanging business cards;
- The verification of the identity of the data subject.
The personal data collected by Xenics are thus explicitly and voluntarily provided by the data subject.
In addition, Xenics automatically collects anonymous information regarding the use of the website. For example, Xenics automatically logs which parts of the website the visitor visits, which web browser the visitor uses, which website the visitor visited when he accessed the Xenics website. Xenics cannot identify the visitor from this data and will only use this data for compiling statistics.
This personal data is processed and used by Xenics and Xenics companies in order to optimize her services and to work as efficient and accurate as possible. Xenics will process the data for, among others:
- The execution of her agreement with clients (including its follow-up);
- The compliance with her legal obligations;
- The implementation of marketing strategies (e.g. mailing newsletters);
- The execution of (internal) analyses and development of new products;
- Optimizing the quality, management and content of the website;
- Statistical purposes;
- Drawing up and sending offers;
- Follow-up after meetings;
- Registration of visitors to the building / establishment of Xenics or Xenics companies;
- The sending of invoices and the recovery of payments.
The processing of personal data by Xenics will be based on the following legal bases:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Processing is necessary for compliance with a legal obligation to which Xenics is subject;
- Processing is necessary for the purposes of the legitimate interests pursued by Xenics or by a third party, (e.g.: to ensure the continuity of its business activities) except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
As far as possible and can reasonably be expected, Xenics will make sure that the personal data she has is updated and that incorrect, incomplete and redundant personal data are corrected or deleted.
Moreover Xenics will, as far as possible and can be reasonably expected, make sure to only grant limited access to the personal data to her appointees. This access will be restricted to those appointees that need the personal data in order to execute their duties or to what is necessary information with regards to the requirements of the department. In this manner Xenics will attempt to offer an appropriate level of security for this personal data and the processing thereof.
The data subject will be required to provide all requested personal data to Xenics following a legal requirement and / or because it is a requirement necessary to enter into a contract and to enable the execution of that contract. In case the data subject does not provide the requested personal data, Xenics will not be allowed or able to deliver products or to render the services that have been demanded.
Furthermore, web beacons and other similar technologies, as well as Hotjar and Google Analytics are used. Xenics makes use of profiling. This way Xenics will attempts to inform her clients only regarding products they might show a particular interest in.
1.3. Disclosure of Personal Data to Third Parties
Xenics will not disclose personal information to any third party except as may be necessary for the performance of the agreement and its optimization (such as, but not limited to, the release of payments, the delivery of products and rending of services (of all kind) to Xenics). In this context, personal data may be disclosed to (legal) authorities (e.g. customs, departments of foreign affairs, Strategic Goods Control Units,…), distributors and representatives, suppliers, payment providers, software vendors, cloud partners, transport partners, financial institutions, insurance companies, external service providers (such as legal partners, lawyers, consultants or auditors).
If it is necessary for Xenics to disclose the personal data to third parties in this context, the third party in question is obliged to use the personal data in accordance with the provisions of this Privacy Statement.
Without prejudice to the foregoing, it is possible that Xenics may disclose the personal data:
- To the competent authorities (i) when Xenics is required to do so by law or in the context of any judicial or future legal process and (ii) to safeguard and defend Xenics’s (intellectual property) rights;
- When Xenics or substiantially all of its assets are acquired by a third party, in which case the personal information collected by Xenics will be one of the transferred assets;
- In case Xenics is insolved in a dispute with the data subject;
- In order to protect Xenics’s workers and clients;
- In order to guarantee product safety;
In all other cases, Xenics will not sell, rent or disclose your personal information to third parties unless it has (i) obtained your consent and (ii) concluded a data processing agreement with the third party in question, which contains the necessary guarantees regarding the confidentiality and privacy-compliant treatment of your personal information.
1.4. Cross-Border Processing of Personal Data
Any transfer of personal data outside the European Economic Area (EEA) to a recipient residing or having its registered office in a country not covered by an adequacy decision issued by the European Commission shall be governed by provisions of a data transfer agreement which shall either (i) contain the standard contractual clauses set out in the “Decision of the European Commission of February 5, 2010 (Decision 2010/87/EC)” and amended by the “Commission Implementing Decision (EU) 2016/2297 of 16 December 2016”, or (ii) provide appropriate safeguards by any other mechanism under the Privacy Law or any other legislation concerning the processing of personal data.
1.5. Storage of Personal Data
Unless a longer retention period is required or justified (i) by law or (ii) by compliance with another legal obligation, Xenics will retain and store the personal data that has been collected only for the time necessary to achieve and fulfil the purposes described in 1.2 of this Privacy Statement, with a maximum period of 10 years starting from the end of the partnership with the data subject, unless certain legal statutes of limitation or retention periods should demand a longer period.
1.6. Data Subject’s Rights
In the context of the processing of personal data, Xenics will facilitate the execution of the data subject’s following rights:
- The right of access to its personal data;
- The right to rectification, completion or update of incorrect personal data;
- The right to erasure of its personal data (“The right to be forgotten”);
- The right to restriction of processing of its personal data;
- The right to data portability;
- The right to object to automated individual decision-making;
- The right to object and oppose the processing of personal data.
In order to exercise this right / these rights, the data subject will need to send an e-mail in this regard to the following e-mail address: firstname.lastname@example.org. Seeing that Xenics will need the necessary assurances regarding the identity of the questioner, the data subject will need to add a copy of its identity document to the request. Xenics will respond promptly and in principle within one month, to the data subject’s request.
The exercise of these rights is in principle free of charge.
In any case the data subject has the right to withdraw its consent regarding the processing of its personal data at any time. However, this withdrawal will not affect the lawfulness of the processing based on that consent before its withdrawal.
1.7. Security of Personal Data
Xenics will take appropriate and reasonable physical, technical and organizational security measures to prevent (i) unauthorized or unlawful access to your personal information, as well as (ii) the loss, misuse or alteration of the personal data.
Xenics will store all personal data it has collected on the servers at Xenics’ registered office, as well as on a shared drive and the servers of third parties (including but not limited to the mail server, CRM, etc.)
Notwithstanding (i) Xenics’ security policy, (ii) the controls Xenics carries out and (iii) the actions it takes in this respect, an infallible level of security cannot be guaranteed. No method of transmission or transmission via the internet or any method of electronic storage is 100% secure, so that Xenics cannot guarantee absolute security in this context.
1.8. Update Privacy Statement
Xenics is entitled to amend and update this Privacy Statement at any time, without any prior notice, by posting a new version on the website. In this context, it is highly recommended to regularly consult the website and the relevant page on which the Privacy Statement is displayed, in order to be sure to be aware of any changes to this Privacy Statement.
1.9. References to Other Websites
The website may contain hyperlinks to other websites. When one of these links is clicked on, it may be possible that the website or internet source referred to, will use the personal data via cookies or other technologies.
Xenics has no responsibility, liability or authority to control these other websites or internet resources, or their collection, use or disclosure of personal data.
Xenics’s appointee responsible for security and privacy can be contacted at the following e-mail address: email@example.com .
Should the data subject believe that the processing of its personal data constitutes a breach of the provisions of the GDPR or other privacy legislation, the data subject will have the right to lodge a complaint with the competent supervisory authority.
1.11. Final Provisions
In case of any discrepancies between the provisions of this Privacy Statement and the possible agreement that has been concluded between Xenics and the data subject, the provisions as stated in the agreement will prevail.