Privacy policy

1. Who are we? Controller

Name: Ohana Consultancy SRL (the “Company”, “we”, “our”)

Registered office: Avenue des Arts, 44, 1040 Brussels

Enterprise number: 0733.605.159

VAT number: TVA BE 0733.605.159

Website: www.ohanapublicaffairs.eu (the “Website”)

Details of the controller: Ms Pascale Moreau – info@ohanapublicaffairs.eu

 2. Who are the Data Subjects?

We process personal data relating:

  • To our customers who are natural persons;
  • To our customers’ representatives, employees and contact persons;
  • To our suppliers’ representatives, employees and contact persons;
  • To our partners’ representatives, employees and contact persons;
  • To the individuals applying for a student, intern, temping, employee or freelance position within the Company;
  • To the users of our Website and our social networks, our newsletter subscribers, where applicable, and those visiting our workplace, including the premises of our partners;
  • To any natural person who contacts us to obtain information about our services; and
  • To any natural person active within (or working for) the European institutions (in particular within the European Parliament, the Council of the European Union and its Member States, the European Commission and European Agencies) with whom we are in contact;

the “Data Subject(s)”, “you”, “your”).

This privacy policy (the “Policy”) shall apply to all processing of your personal data that we perform for the purposes described below.

 3. What is our data protection commitment?

We undertake to use our best endeavours to ensure the processing of personal data in accordance with the applicable data protection legislation, including Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”) and the law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, as amended, supplemented or replaced from time to time (the “Applicable Data Protection Legislation”).

 4. Which personal data do we process and for what purpose?

If you are a representative, employee or contact person of one of our customers, we process:

  • Your personal identifying data, your professional identifying data and your contact data needed to activate, manage and maintain our business relationship with our customers;
  • Your personal identifying data and your professional identifying data for the purpose of invoicing our customers;
  • Where applicable, your personal identifying data, your professional identifying data and your contact data for the purpose of sending out marketing material.
  • If you are a representative, employee or contact person of one of our suppliers, we process your personal identifying data, your professional identifying data and your contact data needed to manage our business relationship with our suppliers;
  • If you are a representative, employee or contact person of one of our partners, we process your personal identifying data, your professional identifying data and your contact data needed to manage our business relationship with our partners.
  • If you submit a job application to us (student, intern, temp, employee or freelancer), your personal identifying data, your professional identifying data, your contact data, the data relating to your career (skills, qualifications, experience, etc.) and the personal data in your CV for the purpose of assessing your profile in relation to our recruitment needs and contacting you.
  • If you use our Website, we may process electronic identification data about you in aggregated form to measure the frequency of visits to our Website, to improve the browsing experience and to detect and prevent fraud and IT security breaches.
  • If you use our Website to contact us or submit a request, we use the data from our contact form or the data provided by you by email to get back in contact with you or to respond to your request.
  • If you use our Website to sign up to our newsletter, we use the data from our newsletter subscription form to send you our newsletter or for marketing purposes.
  • If you are a person that is active within or working for a European institution, we process your personal identifying data, your professional identifying data, your contact data and, where applicable, your political opinions in order to contact you, to request a meeting with you, to send you documentation that is relevant to your job, to invite you to an event, to send you proposed amendments or position papers at any time during the legislative process.
  • If our workplaces are fitted with surveillance cameras, we are permitted to request access to images of you only when this access is needed to pursue our legitimate interest in detecting offences or incivilities and to the extent authorised by the applicable law.
  • We may also process some of your personal data for the purpose of conducting internal and external audits, in particular with a view to improving our services; or for managing disputes with Data Subjects and when the processing is necessary for the establishment, exercise or defence of legal claims.
  •  

 5.  In what capacity do we process your personal data?

We process your personal data in our capacity as controller. In this capacity, we establish the purposes for and means of processing your personal data in accordance with the Applicable Data Protection Legislation.

 6. On what grounds do we process your personal data?

It may be necessary to provide your personal data:

  • To perform a contract to which the Data Subject is a party or to take steps at your request prior to entering into a contract (for example, in relation to an application for a position within the Company or the submission of an offer);
  • To comply with an applicable legal obligation (for example, accounting, taxation or anti-money laundering obligation, etc.);
  • To pursue our own legitimate interests (or those of a data recipient) providing these interests take precedence over your fundamental freedoms and rights.
    • We ask for your prior, freely given and informed consent before processing any of your personal data, particularly where this is the only legal basis on which we can lawfully process your data.
    • We may also process personal data relating to you when you have made those data public yourself.
    • The provision of certain personal data (for example, your personal identifying data, etc.) is required to enable us to provide you with our services or perform our activities.
    • If you do not provide your personal data, we may not be able to provide you with our services or perform our activities or we may be infringing one or more obligations under applicable legislation (for example, accounting, tax and anti-money laundering legislation, etc.).

 7.  Where do your personal data come from?

The personal data that we process may come from various sources:

  • Directly collected from you, for example when we first contact you or at an event;
  • From publicly available information (on the Internet), for example when we check the profile of applicants for a position within our Company;
  • Via our Website.

 8.  Who has access to your personal data?

The following recipients may receive or have access to some of your personal data (only when it is needed to perform their task):

  • The members of our staff responsible for the commercial and administrative follow-up of files and customers have access to the personal identifying data, the professional identifying data and the contact data of our customers and the representatives of our customers;
  • The members of our team responsible for monitoring our suppliers and partners have access to the personal identifying data, the professional identifying data and the contact data of the representatives of our suppliers and partners;
  • Our legal advisers, accountants and lawyers have access to some personal data concerning the Data Subjects in the event of restructuring operations or legal disputes.

 9.  How do we manage the transmission of personal data to our processors and partners?

  • We take adequate measures to ensure that our processors and partners process, where applicable, your personal data in accordance with the Applicable Data Protection Legislation and our own standards.
  • We also ensure that our processors and partners undertake to only process personal data on the basis of, and in accordance with, our instructions; not to hire another processor without our prior consent; to take adequate technical and organisational measures to guarantee the security of the personal data; to guarantee that the persons that are authorised to access personal data are bound by adequate non-disclosure obligations; to return and/or destroy the personal data that they process at the end of their services; to comply with audits and to assist with the processing of the requests of Data Subjects to exercise their rights over their personal data.

10. Where do we process your personal data?

In addition to the controller, its agents or other processors, the recipients of the data collected and processed are the controller’s carefully selected commercial partners located in Belgium or in the European Union, which help it provide its services.

Where possible, the Company chooses to process your data inside the European Union. In the event of data transfers outside the European Union, such transfers are performed with co-contractors that comply with the European General Data Protection Regulation.

11.  What are the applicable retention periods?

We ensure that your personal data are retained for no longer than is necessary for the purposes for which they are processed and in accordance with the legal and regulatory requirements.

  • We retain the invoices and other accounting documents (which may contain some of your personal data) for a period of ten (10) years as of their date of issue in accordance with accounting legislation. These accounting documents may contain personal identifying data, professional identifying data and contact data.
  • We also use the following criteria to determine the period of retention of personal data based on the context and purposes of each of the processing operations:
  • The date on which we last contacted you;
  • Security grounds (for example, the security of our information systems);
  • Any ongoing or potential disagreement or legal dispute with a data subject;
  • Any legal obligation to retain or delete the personal data (for example, a retention obligation imposed by an accounting or tax law).
    • If, in your capacity as a user, you have exercised your right to object to the processing of your personal data or your right to be forgotten, your data are erased from our database no later than the end of the quarter during which you submitted the request to our Company.
    • The data of Users that have been inactive for a period of at least three months are also erased from our database no later than at the end of the quarter during which the three months of inactivity was reached.
    • The personal data of a user that is regarded as a customer are retained for no more than two years after the end of the contractual relationship with our Company. However, we reserve the right to retain these data in accordance with Article 11.2. above.
    • The personal data of an applicant for a position within our Company can be retained for up to two years after the end of the relevant recruitment process with a view to any future recruitment drive within our Company.
    • At the end of the retention period, we take all steps to guarantee that the personal data are no longer available.

 

12. What are your rights over your data?

Access to the data and a copy of the data.

By sending a written, dated and signed request to the address of our Company’s registered office or by email, you may, after proving your identity, obtain at no cost a written statement or a copy of the personal data concerning you that have been collected.

We may request payment of a reasonable fee based on administrative costs for any additional copy you may require.

When you submit this request electronically, the information is provided in a commonly used electronic form unless you request otherwise.

The copy of your data will be sent to you no later than 30 days after receipt of the request.

  • Right to rectification

 

By sending a written, dated and signed request to the address of our Company’s registered office or by email, you may, after proving your identity, obtain at no cost, without undue delay and within no more than 30 days, the rectification of inaccurate, incomplete or irrelevant data concerning you.

 

  • Right to object to processing

 

By sending a written, dated and signed request to the address of our Company’s registered office or by email, you can, after proving your identity and without justification and at no cost, object to the processing of your personal data when your data are collected for direct marketing purposes (including profiling), which is not generally a use we make of your data.

We respond to you without undue delay and within no more than 30 days and provide reasons when we decide not to accept such a request.

  • Right to restriction of processing

 

By sending a written, dated and signed request to the address of our Company’s registered office or by email, you may, after proving your identity, obtain restriction of processing of your personal data where one of the following applies:

  • When you contest the accuracy of the personal data and only for a period enabling us to verify the accuracy;
  • When the processing is unlawful and you prefer the restriction of the processing to erasure;
  • When the personal data are no longer needed for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  • When you have objected to processing pending the verification of the legitimacy of the request.

We inform you as soon as the restriction of processing is lifted.

  • Right to be forgotten

 

By sending a written, dated and signed request to the address of our Company’s registered office or by email, you may, after proving your identity, obtain the erasure of your personal data where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were processed;
  • You have withdrawn your consent on which the processing is based and there is no other legal ground for the processing;
  • You object to the processing and there are no overriding legitimate grounds for the processing and/or you object to the processing for direct marketing purposes (including profiling);
  • The personal data have been unlawfully processed;
  • The personal data have to be erased for compliance with a legal obligation (in Union or Member State law) to which we are subject in our capacity as the controller.

We may refuse to erase the personal data in the cases established in the General Data Protection Regulation and in any legal standard applicable at the time of the data erasure request.

We must respond to your request without undue delay and within no more than 30 days and provide reasons when we decide not to accept such a request.

You also have the right, under the same conditions, to obtain, at no cost, the deletion or prohibition of use of any personal data concerning you which, having regard to the purpose of the processing, are incomplete or irrelevant, or the recording, communication or storage of which is prohibited, or which have been stored for longer than is necessary and authorised.

  • Right to data portability

 

By sending a written, dated and signed request to the address of our Company’s registered office or by email, you may at any time and at no cost, after proving your identity, receive your personal data in a structured, commonly used, machine-readable and interoperable format with a view to transmitting them to another controller, where the processing of personal data is carried out by automated means; and where the processing is carried out on the basis of your consent or the processing is necessary for the performance of a contract between you and us.

 

Subject to the same conditions and arrangements and where technically feasible, you have the right to have your personal data transmitted directly from one controller to another.

13.  What level of security do we guarantee?

  • We take the technical and organisational measures necessary to ensure a level of security that is tailored to the risks linked to the processing of your personal data.
  • We follow best practices in the sector to ensure that the personal data are not, either accidentally or unlawfully, destroyed, lost, altered, or subject to unauthorised disclosure or access.

14.  Do you have any queries or complaints?

  • If you have any queries or complaints, please first contact us by email at info@ohanapublicaffairs.eu or by post at our company address (OHANA CONSULTANCY SRL – Avenue des Arts, 44 à 1040 Brussels) so that we can process your request effectively and resolve any complaints.
  • You also have the right to send a complaint to the competent supervisory authority. The competent authority for Belgium is: Autorité de Protection des Données [Data Protection Authority], rue de la Presse 35, 1000 Brussels, +32 (0)2 274 48 00, contact@apd-gba.be or you can file a complaint at your local court of first instance.

15. Updating the Policy

  • We reserve the right to update the Policy, including to comply with any applicable legislative amendment.
  • Where applicable and unless otherwise stipulated, any amendment shall enter into force with immediate effect and shall govern any prevailing situation.
  • In the event of a contradiction or incompatibility between a provision of the Policy and a provision of another policy or another document relating to personal data processing, the provision of the Policy shall take precedence.

Date of this version: August 2024

  • Avenue des Arts 44 1040 Brussels
  • T: +32 494 48 45 45
  • info@ohanapublicaffairs.eu
Linkedin-in