GOAL ZERO
35317Passports
TOTAL ACTIVE PASSPORTS
  • PRIVACY POLICY

    PRIVACY POLICY – ONYX VIRTUAL ACADEMY

    VERSION 3.00



    The protection of your personal data is important to Onyx Virtual Academy (“Onyx”, “we” or “our”). This document (the “Privacy policy”) describes Onyx’ privacy policy as it pertains to its websites, mobile applications and related activities. 



    This Privacy policy can be modified from time to time, e.g. as a result of new functionalities or legal or regulatory changes. Any major changes will be announced and our websites will always contain the latest version of this Privacy policy. We therefore advise you to regularly check our website.  



    This version of the Privacy policy was last modified on April 9 , 2021.

     

    Table of Contents

    1                When does this Privacy policy apply?

    2                Who is responsible for the processing of your personal data?

    3                Which personal data do we process about you?                 

    4                For which purposes and on what legal basis do we process your personal data?

    4.1            Onyx as controller

    4.1.1         Office visitors

    4.1.2         Website visitors

    4.1.3         Subscribers to our newsletters, seminars or events

    4.1.4         Customers and their contact persons

    4.1.5         Any other party with whom Onyx does business or is considering doing business (potential customers, other business contacts, etc.)

    4.1.6         Social media users

    4.1.7         Other contract partners and their contact persons

    4.1.8         Applicants

    4.1.9         Mobile application visitors

    4.2            Onyx as processor: users of Onyx One, HSSE, CBRE SAFE and their employees

    5                With whom do we share your personal data?

    6                Do we transfer your personal data outside the European Economic Area (EEA)?

    7                How do we protect your personal data and how long do we keep your personal data?

    8                What about links to other websites and social media?

    9                What are your rights as a data subject?

    10             How can you contact us?

    1                WHEN DOES THIS PRIVACY POLICY APPLY?

    This Privacy policy applies to the processing of personal data in the context of the activities of Onyx, including its online learning website (https://www.onyxonlinelearning.com/), the Onyx One Platform (https://www.onyxone.com/), the HSSE-The Safety Passport Platform (https://www.hsse-thesafetypassport.com/) and its website (https://www.onyx-one.com/) (hereafter referred to as the “website”) and its mobile applications (CBRE SAFE app available via Google Play and the App Store) (hereafter referred to as the “mobile application”).



    2                WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?

    Onyx is a private limited liability company (‘Besloten vennootschap met beperkte aansprakelijkheid’ / ‘Société privée à responsabilité limitée’), whose registered office is established at 9220 Hamme, Stationsstraat 16 (Belgium).



    Onyx is the controller for the processing of your personal data. This means that we determine for what purposes and with what means your personal data will be processed (e.g. when you visit our offices, when you sign up for our newsletters, when you apply for a position with us and in the context of customer management). 



    Please note that our services constitute an online (contractor management and/or learning management) platform (hereafter referred to as “Onyx One” and “HSSE”) and a mobile application ((hereafter referred to as “CBRE SAFE”) that we host on behalf of our customers. When Onyx processes your personal data on behalf of its customers (both clients and contractors), Onyx acts as a processor, e.g. in case of the registration of your personal data in order to create a profile so that you can access the online training courses that we organize on behalf of our customers. This processing by Onyx on behalf of its customers is governed by a Data Processing Annex with our customers. 



    Through this Privacy policy we would like to explain which personal data we process, not only in our capacity as controller, but also as processor of your personal data (see in this regard in particular section 4.2 of the Privacy policy). If it appears that a request or complaint received by us relates to our processing activity as a processor, you will be asked to submit the request or complaint directly to our customer, the data controller, who will provide you with the necessary information.



    3                WHICH PERSONAL DATA DO WE PROCESS ABOUT YOU? 

    The data that we process about you depends on the relationship we have with you. We collect your personal data in three ways: 

    •                Information provided by you

    We mainly collect your information and personal data that we get directly from you when you: 

    -                 visit our offices: data such as your name and your company name, email address, phone number and camera images processed by surveillance cameras at the entrance of our building. 

    -                 sign up for our newsletters, a seminar or other events: data such as your name, company name, function, phone number, a picture and your email address. 

    -                 contact us via email, via the contact form on our website or via other (social media) channels: data such as your name, and email address, phone number, the content of your correspondence with Onyx and any other personal data you provide that may be relevant to answering your question.

    -                 give us your business card or if we otherwise receive your contact details: data such as your name, company name, function, phone number and email address.

    -                 are a customer of Onyx: data such as your name, company name, function, place and date of birth, (billing) address, phone numbers, residence, tax identification number and financial information.

    -                 have any other contractual relationship with Onyx: data such as your name, company name, function, place and date of birth, (billing) address, phone numbers, residence, tax identification number and financial information.

    -                 when you submit an application for a position with us (both online and offline): data such as your name, your contact information, your resume, your grades, your correspondence with Onyx and other documents you provide us with.

    -                 use Onyx One: data such as your name, login details, email address, national registry number, telephone number, language, country and company information.   

    -                 use HSSE: data such as your name, login details, email address, telephone number, language, country and company information.

    -                 use CBRE SAFE: data such as your installed application, language and country.   

     

    -                 … 



    •                Information from third parties



    We also collect information from other sources when you:

    -                 sign up for our newsletters: data we receive from our mailing providers about whether you have opened our newsletter, whether you have clicked on any links included in the newsletter and/or whether you have forwarded the newsletter to one of your contacts.  For more information about how we use cookies, please see our Cookie policy.

    -                 give us your business card or if we otherwise receive your contact details: data we receive about you from other sources, such as third parties (e.g. Trends) and social media (e.g. LinkedIn) that help us update, expand our analyse our records and identify new customers.

    -                 interact with us on social media platforms or access our social media content:  data we may receive from social media platforms about you, such as your name, email address and phone number. See in this regard also Question 8  of our Privacy policy.

    -                 are an employee working for one of our customers: data such as your name, email address, function, national registry number, country, passport number and expiry date if Belgium is not the country of birth.

    -                 are a customer of Onyx: data we may receive from other persons than yourself, such as your employer, your representative, etc. It is also possible that we collect these data from public sources such as the crossroads bank of enterprises.

    -                 apply for a position with us: data we may receive about you from head-hunters, employment agencies and selection firms. We may also receive data from social media platforms such as LinkedIn. If you give us your permission, we may contact your previous employer.

    -                 use Onyx One: data we receive from cookie providers and web analytics service providers such as Inspectlet in order to monitor usage (recorded sessions) of specific functionalities provided by Onyx One and to solve support cases submitted by you as a user. Inspectlet records specific information, including your Onyx One ID, that allow us to (indirectly) identify you as a user. More information on the use of cookies and web analytics service provides can be found in our Cookie policy.

    -                 use HSSE: data we receive from cookie providers and web analytics service providers such as Inspectlet in order to monitor usage (recorded sessions) of specific functionalities provided by HSSE and to solve support cases submitted by you as a user. Inspectlet records specific information, including your HSSE ID, that allow us to (indirectly) identify you as a user. More information on the use of cookies and web analytics service provides can be found in our Cookie policy.

    -                 use CBRE SAFE: data we receive from push notification and in-app messaging providers such as Pushwoosh in order to monitor sending and receipt of notifications and to solve support cases submitted by you as a user. Pushwoosh records device data, including your installed application, that allows us to (indirectly) identify you as a user.

    -                 when you browse our website: data we receive from cookie providers about your activity on our website such as the type of browser you are using, the type of device you are using, the operating system and version you are using, your IP address, your geographical location as indicated by your IP-address, the content you view, the web pages you visited immediately before and after visiting our website, the search terms you enter on our website, etc. More information on the use of cookies by Onyx can be found in our Cookie policy.



    4                FOR WHICH PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?

    4.1            ONYX AS CONTROLLER

    4.1.1         OFFICE VISITORS

    For the protection of our offices from access by unauthorized persons 



    When you visit our offices, we process camera footage by using closed-circuit television (CCTV) in order to protect Onyx against unauthorized physical access to its offices and in particular to its IT infrastructure and confidential information. 



    The camera images are processed (collected and registered) in accordance with the applicable data protection rules in general and the applicable camera legislation in particular. In line therewith, all cameras are duly indicated by the appropriate pictogram, have been duly notified to the competent authority and are registered in a specific CCTV record.



    The processing of camera images is based on the legitimate interest of Onyx in protecting our offices from unauthorized persons.

    4.1.2         WEBSITE VISITORS

    For the security and improvement of our website and newsletters or for answering your questions



    We process personal data to optimise our website and to make it easy to use. This data also allows us to adequately secure our website. By using your data, we can check how our website and marketing content, such as newsletters, are used and how we can improve their content and layout. We do this by using cookies.



    Moreover, when you ask us a question via our online contact form, we will process these data in order to answer your question. 



    The processing of these data is based on your consent (by submitting your information through our contact form) or on the legitimate interest of Onyx in providing a well-functioning and secure website and content that is relevant for you.



    4.1.3         SUBSCRIBERS TO OUR NEWSLETTERS, SEMINARS OR EVENTS 

    In order to keep you in informed of our activities and to invite you to seminars or events 



    We process your personal data to keep you informed of our activities via our newsletters, invitations to seminars or other events etc. It is also possible that we take a picture of you when you are present at one of our seminars or events.



    We process this information based on your consent (e.g. when we want to use your picture in our newsletter) or based on the legitimate interest of Onyx to keep its customers informed of its activities and services. You are free to choose to provide us with your personal data for this purpose, and you may withdraw your consent or object to the processing of your personal data for this purpose at any time (see further below under Question 9 of our Privacy policy).



    4.1.4         CUSTOMERS AND THEIR CONTACT PERSONS  

    To pursue our contractual relationship and to comply with our legal obligations 



    We process your personal data for providing our services to you, for customer management, marketing and for fulfilling our legal and regulatory obligations.



    As a customer, you will be informed about our activities and services via our newsletters. For more information about the purposes of this processing, see section 4.1.3 of our Privacy policy. 



    The processing of your personal data is based on the performance of a contract with you, a legal obligation to which Onyx is subject and/or Onyx’ legitimate interests to keep its clientele informed of its activities and services.



    4.1.5         ANY OTHER PARTY WITH WHOM ONYX DOES BUSINESS OR IS CONSIDERING DOING BUSINESS (POTENTIAL CUSTOMERS, OTHER BUSINESS CONTACTS, ETC.) 

    To answer your questions and exchange information



    If you ask us a question by phone, via the contact form on the website or by email, we will process your personal data in order to answer that question and to provide you with the relevant information.



    The processing of your personal data is based on your request to take steps prior to entering into a contract with you and/or Onyx’ legitimate interests to inform business contacts about Onyx’ activities and services. You are free to choose to provide us with your personal data, and you may withdraw your consent at any time (see Question 8 of our Privacy policy).   



    4.1.6         SOCIAL MEDIA USERS 

    To provide you with the services that you want and to communicate with you



    When you contact us via social media platforms, we process the personal data that you submit to us via the social media platform in order to provide you with the services that you want and to communicate with you. 



    The processing of these data is based on our legitimate interests, i.e. the interest in dealing with your questions or requests in the best possible way.



    4.1.7         OTHER CONTRACT PARTNERS AND THEIR CONTACT PERSONS  

    To pursue our contractual relationship 



    We process your personal data for providing services to you, for customer and supplier management, marketing and for purposes required by law.



    The processing of your personal data is based on the performance of a contract with you, a legal obligation to which Onyx is subject or its legitimate interests to keep its partners informed of its activities and services.  

    4.1.8         APPLICANTS

    To make contact in the context of a selection and recruitment process 



    When you apply for a job, we process your personal data in order to contact you and to follow up on your application.



    The processing of your personal data for this purpose is based on your request to take steps prior to entering into a contract. Onyx has a legitimate interest in retaining your information in our recruitment reserve to consider you for possible future opportunities.

     

    4.1.9         MOBILE APPLICATION VISITORS

    For the security and improvement of our mobile application and notifications or for answering your questions.



    We process device data to optimise our mobile application and to make it easy to use. This data also allows us to adequately secure our mobile application. By using your data, we can check how our mobile application and marketing content, such as push notifications and in-app messaging, are received and how we can improve their content and layout. We do this by using the services of Pushwoosh.



    Moreover, when you ask us a question via our online contact form, we will process these data in order to answer your question. 



    The processing of these data is based on your consent (by submitting your information through our contact form) or on the legitimate interest of Onyx in providing a well-functioning and secure website and content that is relevant for you.

     



    4.2            ONYX AS PROCESSOR: USERS OF ONYX ONE, HSSE AND CBRE SAFE AND THEIR EMPLOYEES  

    To pursue our contractual relationship and to provide you with the services that you want



    When you are a user of Onyx One, HSSE or CBRE SAFE, we process the personal data that you or your employer submit to us via the registration form in order to register you or one of your employees as a new user. 



    As a user of Onyx One, we ask you to provide your national registration number and/or your passport number. The processing of these data is used exclusively for the purpose of identifying and authenticating the user within the framework of access to Onyx One and is carried out in accordance with the applicable legislation (i.e. the law of 8 August 1983 regulating the National Register and the use of the national identity number, as amended by the law of 25 November 2018). 



    The processing of your personal data is based on the performance of a contract with you and/or Onyx’ and/or a third party’s legitimate interests in ensuring the proper functioning of Onyx One, HSSE or CBRE SAFE.



    5                WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

    Onyx may share your personal data with the following third parties: 



    -                 service providers to provide services for us in relation to our websites, such as marketing agencies, web hosting companies, mailing vendors, … 

    -                 web analytics service providers such as Inspectlet in order to monitor usage (recorded sessions) of specific functionalities provided by Onyx One or HSSE and to solve support cases submitted by you as a user.

    -                 push notification and in-app messaging providers such as Pushwoosh in order to monitor sending and receipt of messaging by CBRE SAFE and to solve support cases submitted by you as a user.

    -                 IT service providers that provide technical support. 

    -                 attorneys and external advisors: in certain cases, we may transfer your personal data to attorneys and external advisors if this is necessary to give us advice or to defend our rights.

    -                 supervisory authorities: in certain cases, we may transfer your personal data to police, judicial or other authorities if we believe that we are required to do so based upon the applicable legislation or regulation or based upon another lawful request or order.

    -                 possible acquirers of Onyx or its assets in the unlikely event that (a part of) our activities would be taken over by a third party. 

    -                 …



    We are committed to ensuring the confidentiality of your data, which includes among other things that we conclude adequate contracts with our partners and service providers which impose confidentiality obligations on them.



    6                DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)?

    In principle, Onyx keeps your personal data on servers within the EEA. However, it is possible that we or service providers working for Onyx (as mentioned under Question 5 above) process your personal data outside the EEA. 

     

    In this respect, Onyx is committed to ensuring an adequate level of protection for your data, in particular via an adequacy decision under article 45 GDPR for the country to which data are transferred (including certifications under the EU-US Privacy Shield), by concluding standard contractual clauses under article 46.2 GDPR, or by any other appropriate safeguards. If you have any question or would like more information in this regard, you can send a dated and signed request to Onyx (see our contact information in Question 10.



    For users of HSSE and CBRE SAFE based in China, Hong Kong or Taiwan, Onyx keeps your personal data on a server in Hong Kong.



    7                HOW DO WE PROTECT YOUR PERSONAL DATA AND HOW LONG DO WE KEEP YOUR PERSONAL DATA?

    Onyx takes reasonable security measures to protect your personal data from destruction, loss, modification or any other unauthorised processing. Despite these measures, due care should be taken when storing and/or sharing your personal data and login, particularly when connecting via unsecure or public networks.



    Onyx does not store your personal data for longer than necessary for the purposes outlined in this Privacy policy, unless a longer retention period is required or permitted by a legal or contractual obligation. This means for example that we will no longer use your personal data to send you our newsletters if you have informed us that you no longer want to receive them. We will for example also stop sending you mailings if it appears that your email address is no longer in use and we do not have other contact details.



    For its HSSE platform and CBRE SAFE mobile application, Onyx have introduced an automated functionality to identify ‘sleeping’ accounts, mark them and keep them isolated for three months prior to deleting the personal data of these ‘sleeping’ accounts. An audit trail of this action is kept in the database in the event of enquiries or complaints afterwards. The automated routine does not exclude a user from the right to have his profile deleted from the database upon written request.



    8                WHAT ABOUT LINKS TO OTHER WEBSITES AND SOCIAL MEDIA?

    The websites and mobile applications of Onyx can contain references (e.g. via hyperlinks) to other websites, which are offered by other organisations (e.g. of national associations) or by social media. Onyx is not responsible for the processing of personal data via these websites. Nor does this Privacy policy apply to these websites. Onyx advises you to check the privacy policies of these websites.



    If you share content from our websites via social media, your personal data will be visible for the visitors of these social media. Onyx is not responsible for the processing of personal data via these social media. Nor does this Privacy policy apply to these social media.



    9                WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

    You have a number of rights with regard to your personal data, subject to the conditions and exceptions set forth by chapter III of the GDPR.



    You have a right to request: 

    -                 access to your personal data processed by Onyx and to receive a copy of them.

    -                 the correction of your data if you think the data are inaccurate.

    -                 the erasure of your data or a restriction of the processing of your data. 

    -                 the portability of your data, not to be subject to profiling and you may object to the processing of your personal data, without substantiation in the case of direct marketing, or substantiated in other cases.

    -                 to file a complaint with the supervisory authority, which is the Belgian Data Protection Authority. The authority can be reached by mail at Rue de la Presse 35, 1000 Brussels, and by email at the following address: [email protected].  



    When the processing of your data is based on consent, you may revoke your consent at any time. Withdrawal of your consent does not affect the lawfulness of the processing based on consent before withdrawal. 



    You can direct your request based on the above rights to [email protected] or by post to the address mentioned below. We cannot handle your request without proof of your identity.



    10             HOW CAN YOU CONTACT US?

    If you have further questions or complaints about this website or about this Privacy policy, you can also contact us:

    •                via the contact form available on our websites: https://www.onyxonlinelearning.com/contact/ and https://www.onyx-one.com/contact/

    •                by email at [email protected]  

    •                by regular mail to 


    Onyx Virtual Academy  

    Privacy

    Stationsstraat 16

    9220 Hamme

    Belgium