(Updated: 18/09/2023)
The protection of your personal data and privacy is a major concern for O’Naturalis srl, publisher of the O’Naturalis website, whose address is onaturalis.bio, and for its partners. We are committed to protecting and processing your personal data in strict compliance with the European General Data Protection Regulation (Regulation 2016/679 of April 27, 2016, commonly known as “GDPR” – for “General Data Protection Regulation” – or, in French, “RGPD” – for “Règlement Général sur la Protection des Données”) and the law, in full transparency. This privacy statement aims to provide you with comprehensive information on the subject and explains how we collect, use and store your personal data. The contractual conditions applicable between us remain unchanged. We invite you to take the time to read this statement to familiarize yourself with our practices in this area. Chapter 6 informs you of your rights (access, rectification, deletion, opposition, restriction of processing, etc.) and how to exercise them.
Article 1. Definitions and scope of the privacy policy
1.1. Current regulations
The protection of your personal data is governed by the General Data Protection Regulation (RGPD or GDPR), number 2016/679 of April 27, 2016, applicable in every member state from May 25, 2018, and by the law of December 8, 1992 (known as the “Privacy Law”) and its implementing royal decrees. We undertake to respect our obligations and your rights when we need to process your data. We undertake to respect our obligations and your rights when we need to process your data.
For more information on this subject, we recommend the website of the Data Protection Authority (Rue de la Presse, 35, 1000 Brussels – +32 (0)2 274 48 00): https: //www.autoriteprotectiondonnees.be/.
1.2. What does it mean to “process your data” and who is responsible?
Personal data is any information that directly or indirectly identifies you as an individual (e.g. name, address, telephone number, e-mail address, photograph, date of birth, etc.).
The processing of personal data is any operation or set of operations, whether or not carried out using automated processes and applied to personal data.
O’Naturalis srl, whose registered office is at Haute Levée 19A, 4970 Stavelot (Belgium), is responsible for the processing of personal data that it may carry out in the context of its contractual or commercial relations with you or its partners.
Consequently, O’Naturalis srl is your contact as well as that of the supervisory authorities (e.g. the Data Protection Authority – https://www.autoriteprotectiondonnees.be) for any questions relating to the use of your data in the context of our professional activities.
For certain services, we call on specialized partners who, depending on the case, act as subcontractors. These must then follow our instructions and comply with the GDPR and our personal data protection policy.
In other cases, these partners are also jointly responsible for data processing, and must comply with their legal obligations in this area.
We ensure that our partners only receive data that is strictly necessary to perform their part of the contract.
Examples of regular partners of O’Naturalis srl :
Brevo(https://www.brevo.com; e-mailing, sending transactional e-mails, CRM database,…);
CBC and other banks (bank transfers, financial transactions) ;
MultiSafepay B.V.(https://www.multisafepay.com), Paypal and other payment accounting and settlement institutions.
We also act as subcontractors for others. In this case, it is these entities that are responsible for processing personal data. We then follow their instructions.
1.3. Who’s concerned?
This data protection policy applies to :
- all current and potential customers of O’Naturalis srl ;
- all other natural persons involved in a transaction with O’Naturalis srl as guarantors or representatives of our natural or legal person customers (e.g. company directors, agents, legal representatives, other contact persons).
Legal entities are not covered by our data protection policy.
- What data is involved?
The data covered by this data protection policy is the personal data of natural persons, i.e. data that directly or indirectly makes it possible to identify a natural person.
In the course of your interactions with O’Naturalis srl, we may collect various types of personal data:
- identification data: your name, address, date of birth, photo, account number, telephone number, e-mail address, IP address [1], etc.
- transactional data: data relating to your banking operations on our behalf, i.e. account names and numbers, communication and, in general, all data relating to a payment, transfer, etc. made by you on our behalf;
- data relating to your behavior and habits concerning the use of our channels: our publications, our websites, our tablet and smartphone applications… ;
- data relating to your preferences and interests, which you communicate to us directly or indirectly, for example via participation in our competitions or events, your television viewing habits, your hobbies, etc. ;
- data from third parties ;
- data from your interactions on our dedicated social media pages.
In accordance with the law, we do not process sensitive data, i.e. data concerning :
- racial or ethnic origin;
- political opinions ;
- religion or beliefs;
- union membership;
- genetic characteristics ;
- health ;
- sex life;
- criminal convictions or related security measures ;
- biometric data.
Article 2. When is your personal data collected?
Some of your data may be collected by O’Naturalis srl :
- when you order a product or service from us and, in general, when you become an O’Naturalis srl customer;
- when you register to use our online services (each time you log on or use them);
- when you fill in the forms and contracts we submit to you;
- when you use our services and products;
- when you subscribe to our newsletters or respond to our invitations (conferences, training courses, competitions, etc.);
- when you contact us through the various channels at your disposal;
- when your data is published or transmitted by :
- authorized third parties (companies belonging to our Group, business partners, etc.); or
- professional data providers ;
We take care to obtain your explicit consent for the collection of any data that is not strictly necessary for the proper performance of a contract binding us to you (sale of goods or services, etc.).
Some of the personal data we collect about you is essential for us to be able to fulfil our contractual obligations towards you. In some cases, we are required by law to collect certain information. Depending on the type of personal data and the purposes for which we process it, if you refuse to provide it, we may not be able to meet our contractual obligations or, in extreme cases, to continue our relationship with you.
Article 3. For what purposes are your data processed?
We process your personal data for various purposes. For each processing operation, only data relevant to the intended purpose is processed.
3.1. In general, we use your personal data either :
- when we have obtained your consent ;
- as part of
- performance of the contract or pre-contractual measures;
- to comply with all legal and regulatory requirements to which we are subject; or
- for reasons that fall within the legitimate interests of O’Naturalis srl. When we carry out this type of processing, we take care to preserve the balance between this legitimate interest and respect for your privacy.
3.2. You will find below a more concrete explanation of our objectives:
- management of your orders for products and/or services (creation of an order, management of delivery and invoicing addresses, sending of invitations to pay, delivery notes and invoices, delivery of goods or execution of services ordered, etc.);
- proof of transactions (e.g. an order, newsletter subscription, registration for a visit, conference or training course, opening of a direct debit mandate, etc.);
- prevention of abuse and fraud :
- we process and manage contact and security data (password, “second factor” authentication key, etc.) in order to validate, track and ensure the security of transactions and communications via our remote channels;
- we use security cookies on our websites.
- supply of services and products using subcontractors (e.g. MultiSafepay B.V. for Internet transactions, bpost for distribution);
- staff training thanks to recordings of certain telephone calls to our employees and partners;
- monitoring our activities (measuring sales, number of appointments, number of calls, visits to our website, e-mail openings, etc.);
- improving our existing products and services (or those under development) through customer and non-customer surveys, statistics, tests, comments sent directly to us or posted on our YouTube, Twitter, Facebook pages… ;
- improving the quality of individual service to our customers :
- we segment our customers to offer them the most appropriate service. This segmentation includes cosmetics consumption preferences;
- we take into account your preferences concerning the means of communication (telephone, e-mail…);
- we are reviewing the frequency of our contacts with you in order to limit them to a reasonable number;
- direct marketing related to publishing products, services, or other products that we promote or that are promoted by partner companies of O’Naturalis srl.
3.3. In order to offer you products and services tailored to your needs,
- we analyze your behavior in different channels (opening emails, messages on Messenger, visiting our website…) in order to deduce your preferences (for example the channel most used) and to take them into account when personalizing information, web pages visited and online advertising;
- we analyze your potential needs in relation to the use of a product or service in order to optimize our offer of products, services or content;
- we assess your interest in a product or service on the basis of certain customer characteristics. These include the development of predictive models that use anonymized data from previous purchasers of the same products and services to determine which offers are most likely to be of interest to you;
- we improve the use of the communication tools and channels made available to you by automatically completing or correcting certain data in our possession (first name, last name, address, etc.) and then asking you to confirm them;
- we take into account signals that you leave indirectly concerning a particular service or product, for example when you take part in a competition or an event related to that service or product;
- we will contact you if you place an unfinished order on one of our websites;
- we send you personalized information following the processing described above.
Article 4. Access to your personal data and transfers to third parties
We authorize access to your personal data only to those persons for whom it is necessary for the performance of their work, within the strict framework of the data processing defined and ordered by O’Naturalis srl.
We pass on your data to our employees, to companies affiliated to us and to companies belonging to the group to which we belong, solely for the purposes indicated in point 3. We will only pass on your data for commercial use to third parties outside O’Naturalis srl with your prior and explicit consent.
To carry out certain tasks, we call on specialized partners who act as subcontractors. We only provide them with the information they need to carry out the service and ask them not to use your personal data for any other purpose. We always make every effort to ensure that all third parties with whom we work maintain the confidentiality and security of your data. We may, for example, make your personal data accessible to third parties who assist us and help us provide IT and storage services (platform providers, hosting services, maintenance and technical support services).
With regard to international transfers, we always ensure that we protect your personal data to the level of security required by the GDPR. If we need to transfer your data outside the European Union, to a country that does not guarantee this level of protection, we reinforce IT security and add appropriate contractual clauses to increase data protection. We also inform the Data Protection Authority.
Article 5. How do we protect your data?
The restrictions on access to your data, specified in point 4, limit access to authorized persons only, and only in the context of their duties, within the strict framework of the purposes of the processing defined by O’Naturalis srl.
We have implemented technical measures such as data encryption, protection of our computer networks, rigorous management of passwords and access rights to computer resources, and strong encryption SSL certificates for our web sites and applications. These resources are evaluated and updated on a regular basis.
Here are a few other tips for securing your data:
- Always try to use the most recent operating system possible on your computer. Switch when the vendor no longer provides updates and support for a given operating system.
- Keep your operating system up-to-date with the latest (security) updates. You can also automate the procedure.
- Always use the most recent version of your browser (Chrome, Safari, Internet Explorer, Edge, Firefox, …). Here, too, you should systematically carry out all security updates.
- Make sure a firewall is activated on your computer, so you can constantly monitor incoming and outgoing information flows.
- Install a proper antivirus program on your computer. Viruses can seriously damage your computer. In addition, they may affect the confidentiality of your personal data. Make sure your antivirus software is always up-to-date, preferably every time you log on.
- Don’t give viruses any chance of reaching your computer. To buy online, only visit the sites of well-known, reliable operators. Avoid sites or networks that illegally broadcast programs, music, films, etc.
- Remember to run a full scan of your computer on a regular basis with a fully-updated antivirus program.
- Secure your wireless connection (WiFi), preferably with a WPA2 key.
- If your device remains inactive for a few seconds, it will automatically lock the keypad, along with a PIN code to unlock it afterwards. Don’t use terms or numbers that are too obvious; combine enough numbers and letters…
- Never leave your device unattended.
- Our websites may sometimes contain links to third-party websites (social media, organizers of events that we sponsor, etc.) whose terms of use do not fall within the scope of this privacy statement. We therefore recommend that you read their privacy policy carefully to find out how they respect your privacy.
Article 6. Your rights and how to exercise them
The Data Protection Regulation explicitly defines your rights with regard to your personal data vis-à-vis the data controller (see Chapter 3 of the GDPR, entitled “Rights of the Data Subject” and, in particular, Articles 15 to 23) :
6.1. Right of access
You have the right to obtain confirmation from O’Naturalis srl as to whether or not your personal data are processed by it. When O’Naturalis srl processes your personal data, you can ask us :
- whether or not we process your personal data;
- for what purposes we process them ;
- which categories of data are processed ;
- to which categories of recipients they are communicated;
- the origin of the data processed ;
- the logic behind the automated processing of some of your personal data.
6.2. Right of rectification
If you find that any of your personal data is inaccurate or incomplete, you can ask us to rectify it. In certain very specific cases, the law also allows them to be removed or banned (see Article 17 of the GDPR).
In order to keep your data as up-to-date as possible, please inform us of any changes (e.g. relocation, change of telephone number or e-mail address).
6.3. Right to erasure or forgetting
In certain cases, you have the right to obtain the deletion or suppression of your personal data. This is not an absolute right, insofar as we may be obliged to retain your personal data for legal or legitimate reasons.
6.4. Right to restrict processing
You have the right to request the restriction of the processing of your personal data. This means that we can only continue to store your data but cannot use it. This right applies in specific circumstances provided for by the RGPD, namely:
- when you dispute the accuracy of the personal data we process about you. In this case, our processing of your personal data will be limited to the time required to verify the accuracy of the data;
- when You object to our processing of your personal data for the purposes of our legitimate interests. You can request that the data be restricted while we verify our reasons for processing your personal data;
- when your data has been processed unlawfully by us, but you would prefer us to restrict its processing rather than delete it;
- when we no longer need to process your personal data but it is still required for the establishment, exercise or defense of legal claims
6.5. Right to object to the processing of your data
You have the right to object to certain processing of your personal data by us. In particular, you have the right to object, without justification, to the use of your data for direct marketing purposes.
However, this right can only be exercised under certain conditions:
Your request must be dated and signed.
Except in the case of opposition to direct marketing, you must have serious and legitimate reasons relating to your particular situation to object to the processing taking place. In the event of justified opposition, the data may no longer be processed.
However, you cannot object to necessary processing:
- the performance of a contract entered into with you or the performance of pre-contractual measures taken at your request; or
- compliance with any legal or regulatory provisions to which the data controller may be subject.
Even when we have the right to process your personal data, we will ask for your specific consent to use electronic mail (email, sms, etc.) for advertising purposes.
We always ask for your explicit consent to send you commercial messages by SMS or e-mail about products unrelated to those you already own. You can change your decision at any time by responding to SMS messages or e-mails.
You may also object at any time to receiving commercial proposals by post or telephone.
However, we reserve the right to continue to contact you by e-mail, telephone or post, or by any other means, as part of the performance of your contract or if we are required to do so by law.
6.6. Right to withdraw consent
You may withdraw your consent to the processing of your personal data at any time once you have given it.
6.7. How to exercise your rights
All requests must be sent in writing, dated and signed, to :
O’Naturalis srl
Haute Levée 19A
4970 Stavelot (Belgium)
Or by email to: privacy@onaturalis.bio
In the case of a request made by e-mail, O’Naturalis srl may, depending on the circumstances, request additional information by post.
In the event of a dispute concerning the processing of your personal data, you may contact the Data Protection Authority to submit a request for mediation or lodge a complaint:
Data Protection Authority
Rue de la Presse, 35
1000 Brussels (Belgium)
Tel. : +32 (0)2 274 48 00
E-mail: contact@apd-gba.be
Website: https: //www.autoriteprotectiondonnees.be/.
Article 7. How long we keep your personal data
As a general rule, we only keep your personal data for as long as is necessary for the purposes for which it was collected.
In the case of an order for goods or services, your data will be kept for proof and marketing purposes for two years from the end of the contract. Prospect data is kept for a maximum of one year, depending on the project cycle for which it was collected.
At the end of this retention period, your data will be deleted from our processing systems.
Your data may, however, be archived for a longer period to meet our legal obligations (for example, to satisfy our accounting and tax obligations), for the purposes of legal evidence, at your request as part of the exercise of your rights to restrict processing, for the purposes of control by an authorized body (e.g. the tax authority, the Data Protection Authority), for internal audit purposes, … The length of the archiving period varies from case to case and can sometimes be lengthy. In this case, your data will no longer be accessible for operational and marketing purposes.
Article 8. Your use of our websites and mobile applications
Concerning our website: If you are not a customer and you visit one of our websites, you agree that we may use the data generated during this visit. For further information, please consult the general conditions governing the use of our websites.
In addition to the data that you voluntarily communicate to us when using the site, we use the following technological means to collect data:
Article 9. Cookies
A cookie is a small file sent by our bank’s server to the hard drive of your computer, tablet or smartphone that identifies your browsing device.
In particular, we use functional and comfort cookies. To find out more, please read our cookie policy.
Other technological resources
In addition to cookies, we sometimes use other technological means for statistical purposes. For example, web beacons or action tags count the number of visitors who have visited our website or applications after seeing our advertising on a third-party site. The sole purpose of these tags is to evaluate the success of our advertising campaigns and not to access your personal data.
Article 10. How can I stay informed about changes to this privacy statement?
In a changing world where technologies are constantly evolving, this privacy statement may be subject to change. We invite you to consult the latest online version of this declaration and will inform you of any changes through our usual communication channels.
Last update: March 14, 2022
Article 11. Data controller contact details :
O’Naturalis srl
Rue Henri Massange 12
4970 Stavelot (Belgium)
Company number : BE0782.698.344
Tel. : +32 80 770 422
E-mail: privacy@onaturalis.bio
[1] The IP address is the number that identifies any computer connected to the Internet.