Table of Contents
2 Who is responsible for the processing of your personal data? 3
3 Which personal data do we process about you? 3
4 For which purposes and on what legal basis do we process your personal data? 5
4.1 Onyx as controller 5
4.1.1 Office visitors 5
4.1.2 Website visitors 6
4.1.3 Subscribers to our newsletters, seminars or events 6
4.1.4 Customers and their contact persons 6
4.1.5 Any other party with whom Onyx does business or is considering doing business (potential customers, other business contacts, etc.) 7
4.1.6 Social media users 7
4.1.7 Other contract partners and their contact persons 7
4.1.8 Applicants 8
4.2 Onyx as processor: users of Onyx One and HSSE and their employees 8
5 With whom do we share your personal data? 8
6 Do we transfer your personal data outside the European Economic Area (EEA)? 9
7 How do we protect your personal data and how long do we keep your personal data? 9
8 What about links to other websites and social media? 10
9 What are your rights as a data subject? 10
10 How can you contact us? 10
2 WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
Onyx is a private limited liability company (‘Besloten vennootschap met beperkte aansprakelijkheid’ / ‘Société privée à responsabilité limitée’), whose registered office is established at 9220 Hamme, Stationsstraat 16 (Belgium).
Onyx is the controller for the processing of your personal data. This means that we determine for what purposes and with what means your personal data will be processed (e.g. when you visit our offices, when you sign up for our newsletters, when you apply for a position with us and in the context of customer management).
Please note that our services constitute an online (contractor management and/or learning management) platform (hereafter referred to as “Onyx One” and “HSSE”) that we host on behalf of our customers. When Onyx processes your personal data on behalf of its customers (both clients and contractors), Onyx acts as a processor, e.g. in case of the registration of your personal data in order to create a profile so that you can access the online training courses that we organize on behalf of our customers. This processing by Onyx on behalf of its customers is governed by a Data Processing Annex with our customers.
3 WHICH PERSONAL DATA DO WE PROCESS ABOUT YOU?
The data that we process about you depends on the relationship we have with you. We collect your personal data in three ways:
• Information provided by you
We mainly collect your information and personal data that we get directly from you when you:
- visit our offices: data such as your name and your company name, email address, phone number and camera images processed by surveillance cameras at the entrance of our building.
- sign up for our newsletters, a seminar or other events: data such as your name, company name, function, phone number, a picture and your email address.
- contact us via email, via the contact form on our website or via other (social media) channels: data such as your name, and email address, phone number, the content of your correspondence with Onyx and any other personal data you provide that may be relevant to answering your question.
- give us your business card or if we otherwise receive your contact details: data such as your name, company name, function, phone number and email address.
- are a customer of Onyx: data such as your name, company name, function, place and date of birth, (billing) address, phone numbers, residence, tax identification number and financial information.
- have any other contractual relationship with Onyx: data such as your name, company name, function, place and date of birth, (billing) address, phone numbers, residence, tax identification number and financial information.
- when you submit an application for a position with us (both online and offline): data such as your name, your contact information, your resume, your grades, your correspondence with Onyx and other documents you provide us with.
- use Onyx One: data such as your name, login details, email address, national registry number, telephone number, language, country and company information.
- use HSSE: data such as your name, login details, email address, telephone number, language, country and company information.
• Information from third parties
We also collect information from other sources when you:
- give us your business card or if we otherwise receive your contact details: data we receive about you from other sources, such as third parties (e.g. Trends) and social media (e.g. LinkedIn) that help us update, expand our analyse our records and identify new customers.
- are an employee working for one of our customers: data such as your name, email address, function, national registry number, country, passport number and expiry date if Belgium is not the country of birth.
- are a customer of Onyx: data we may receive from other persons than yourself, such as your employer, your representative, etc. It is also possible that we collect these data from public sources such as the crossroads bank of enterprises.
- apply for a position with us: data we may receive about you from head-hunters, employment agencies and selection firms. We may also receive data from social media platforms such as LinkedIn. If you give us your permission, we may contact your previous employer.
4 FOR WHICH PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?
4.1 ONYX AS CONTROLLER
4.1.1 OFFICE VISITORS
For the protection of our offices from access by unauthorized persons
When you visit our offices, we process camera footage by using closed-circuit television (CCTV) in order to protect Onyx against unauthorized physical access to its offices and in particular to its IT infrastructure and confidential information.
The camera images are processed (collected and registered) in accordance with the applicable data protection rules in general and the applicable camera legislation in particular. In line therewith, all cameras are duly indicated by the appropriate pictogram, have been duly notified to the competent authority and are registered in a specific CCTV record.
The processing of camera images is based on the legitimate interest of Onyx in protecting our offices from unauthorized persons.
4.1.2 WEBSITE VISITORS
For the security and improvement of our website and newsletters or for answering your questions
We process personal data to optimise our website and to make it easy to use. This data also allows us to adequately secure our website. By using your data, we can check how our website and marketing content, such as newsletters, are used and how we can improve their content and layout. We do this by using cookies.
Moreover, when you ask us a question via our online contact form, we will process these data in order to answer your question.
The processing of these data is based on your consent (by submitting your information through our contact form) or on the legitimate interest of Onyx in providing a well-functioning and secure website and content that is relevant for you.
4.1.3 SUBSCRIBERS TO OUR NEWSLETTERS, SEMINARS OR EVENTS
In order to keep you in informed of our activities and to invite you to seminars or events
We process your personal data to keep you informed of our activities via our newsletters, invitations to seminars or other events etc. It is also possible that we take a picture of you when you are present at one of our seminars or events.
4.1.4 CUSTOMERS AND THEIR CONTACT PERSONS
To pursue our contractual relationship and to comply with our legal obligations
We process your personal data for providing our services to you, for customer management, marketing and for fulfilling our legal and regulatory obligations.
The processing of your personal data is based on the performance of a contract with you, a legal obligation to which Onyx is subject and/or Onyx’ legitimate interests to keep its clientele informed of its activities and services.
4.1.5 ANY OTHER PARTY WITH WHOM ONYX DOES BUSINESS OR IS CONSIDERING DOING BUSINESS (POTENTIAL CUSTOMERS, OTHER BUSINESS CONTACTS, ETC.)
To answer your questions and exchange information
If you ask us a question by phone, via the contact form on the website or by email, we will process your personal data in order to answer that question and to provide you with the relevant information.
4.1.6 SOCIAL MEDIA USERS
To provide you with the services that you want and to communicate with you
When you contact us via social media platforms, we process the personal data that you submit to us via the social media platform in order to provide you with the services that you want and to communicate with you.
The processing of these data is based on our legitimate interests, i.e. the interest in dealing with your questions or requests in the best possible way.
4.1.7 OTHER CONTRACT PARTNERS AND THEIR CONTACT PERSONS
To pursue our contractual relationship
We process your personal data for providing services to you, for customer and supplier management, marketing and for purposes required by law.
The processing of your personal data is based on the performance of a contract with you, a legal obligation to which Onyx is subject or its legitimate interests to keep its partners informed of its activities and services.
To make contact in the context of a selection and recruitment process
When you apply for a job, we process your personal data in order to contact you and to follow up on your application.
The processing of your personal data for this purpose is based on your request to take steps prior to entering into a contract. Onyx has a legitimate interest in retaining your information in our recruitment reserve to consider you for possible future opportunities.
4.2 ONYX AS PROCESSOR: USERS OF ONYX ONE AND HSSE AND THEIR EMPLOYEES
To pursue our contractual relationship and to provide you with the services that you want
When you are a user of Onyx One or HSSE, we process the personal data that you or your employer submit to us via the registration form in order to register you or one of your employees as a new user.
As a user of Onyx One, we ask you to provide your national registration number and/or your passport number. The processing of these data is used exclusively for the purpose of identifying and authenticating the user within the framework of access to Onyx One and is carried out in accordance with the applicable legislation (i.e. the law of 8 August 1983 regulating the National Register and the use of the national identity number, as amended by the law of 25 November 2018).
The processing of your personal data is based on the performance of a contract with you and/or Onyx’ and/or a third party’s legitimate interests in ensuring the proper functioning of Onyx One and HSSE.
5 WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
Onyx may share your personal data with the following third parties:
- service providers to provide services for us in relation to our websites, such as marketing agencies, web hosting companies, mailing vendors, …
- web analytics service providers such as Inspectlet in order to monitor usage (recorded sessions) of specific functionalities provided by Onyx One or HSSE and to solve support cases submitted by you as a user.
- IT service providers that provide technical support.
- attorneys and external advisors: in certain cases, we may transfer your personal data to attorneys and external advisors if this is necessary to give us advice or to defend our rights.
- supervisory authorities: in certain cases, we may transfer your personal data to police, judicial or other authorities if we believe that we are required to do so based upon the applicable legislation or regulation or based upon another lawful request or order.
- possible acquirers of Onyx or its assets in the unlikely event that (a part of) our activities would be taken over by a third party.
We are committed to ensuring the confidentiality of your data, which includes among other things that we conclude adequate contracts with our partners and service providers which impose confidentiality obligations on them.
6 DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)?
In principle, Onyx keeps your personal data on servers within the EEA. However, it is possible that we or service providers working for Onyx (as mentioned under Question 5 above) process your personal data outside the EEA.
In this respect, Onyx is committed to ensuring an adequate level of protection for your data, in particular via an adequacy decision under article 45 GDPR for the country to which data are transferred (including certifications under the EU-US Privacy Shield), by concluding standard contractual clauses under article 46.2 GDPR, or by any other appropriate safeguards. If you have any question or would like more information in this regard, you can send a dated and signed request to Onyx (see our contact information in Question 10.
For users of HSSE based in China, Hong Kong or Taiwan, Onyx keeps your personal data on a server in Hong Kong.
7 HOW DO WE PROTECT YOUR PERSONAL DATA AND HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Onyx takes reasonable security measures to protect your personal data from destruction, loss, modification or any other unauthorised processing. Despite these measures, due care should be taken when storing and/or sharing your personal data and login, particularly when connecting via unsecure or public networks.
For its HSSE platform, Onyx have introduced an automated functionality to identify ‘sleeping’ accounts, mark them and keep them isolated for three months prior to being deleted. An audit trail of this action is kept in the database in the event of enquiries or complaints afterwards. The automated routine does not exclude a user from the right to have his profile deleted from the database upon written request.
8 WHAT ABOUT LINKS TO OTHER WEBSITES AND SOCIAL MEDIA?
9 WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
You have a number of rights with regard to your personal data, subject to the conditions and exceptions set forth by chapter III of the GDPR.
You have a right to request:
- access to your personal data processed by Onyx and to receive a copy of them.
- the correction of your data if you think the data are inaccurate.
- the erasure of your data or a restriction of the processing of your data.
- the portability of your data, not to be subject to profiling and you may object to the processing of your personal data, without substantiation in the case of direct marketing, or substantiated in other cases.
- to file a complaint with the supervisory authority, which is the Belgian Data Protection Authority. The authority can be reached by mail at Rue de la Presse 35, 1000 Brussels, and by email at the following address: email@example.com.
When the processing of your data is based on consent, you may revoke your consent at any time. Withdrawal of your consent does not affect the lawfulness of the processing based on consent before withdrawal.
You can direct your request based on the above rights to firstname.lastname@example.org or by post to the address mentioned below. We cannot handle your request without proof of your identity.
10 HOW CAN YOU CONTACT US?
• via the contact form available on our websites: https://www.onyxonlinelearning.com/contact/ and https://www.onyx-one.com/contact/
• by email at email@example.com
• by regular mail to
Onyx Virtual Academy