- When you use our websites (such as, but not limited to, www.orielwindfarm.ie) or the contact form;
- When you use our social media;
- When you enter into an agreement with us, become a partner or a supplier or carry out works for us, register to use our (online) applications (each time you log in or use the service), or when you communicate with us in that context;
- When you are a shareholder in our company;
- When you apply for a job at ORIEL;
- When you subscribe to our newsletters;
- When you visit our premises; and
- When you communicate with us by e-mail, phone or any other digital communication channel.
2. What constitutes “processing of your data” and who is responsible for it?
ORIEL WIND FARM Ltd.
Digital Office Centre Swords
Balheary Demesne, Balheary Road,
Swords, Co. Dublin
ORIEL acts as the data controller of the personal data that it processes within the scope of the above-mentioned activities. We only collect and use personal data that is necessary within the scope of such activities.
In certain circumstances, third parties may (also) be responsible for the processing of your personal data. For example, if you click on a link and leave our website or if you use our social media (e.g., LinkedIn or Twitter) and have your own social media account. We have no control over the data social media providers collect about you. In that case, we recommend that you consult the privacy policies of these third parties.
For some services, we call upon specialized third-party operators which, in some cases, work as processors. In such cases, they are duty bound to follow our directives. In other cases, these third parties and ORIEL are jointly responsible for processing and they must therefore respect the legal obligations connected to this position as well.
3. What data is covered by our policy?
The data covered by our policy is personal data of natural persons. This is data that can directly or indirectly enable identification of a data subject. However, we never process data concerning your racial or ethnic origins, political opinions, religion, philosophical beliefs, trade union membership, genetic data, sex life or sexual preferences, unless obliged to do so by the law (e.g., when we organize social elections).
We will only process your personal data for a specific purpose and to the extent permitted by law. We further explain below in which cases we collect and use your personal data. If we do not receive your personal data directly from you, we will also inform you of this below.
When you use our website or the contact form
When you use our social media
With regard to the data from your interactions on our Facebook page, we inform you that:
- Facebook Ireland is a joint controller of the joint processing as described under Sections 2.a.iii to 2.a.v.1 of the Facebook Business Tools Terms (https://www.facebook.com/legal/terms/businesstools/)
- We collect and process your personal data regarding the joint processing to target our ads, deliver commercial and transactional messages and to improve ad delivery, personalize features and content and to improve and secure the Facebook products.
- The information required by Article 13(1)(a) and (b) GDPR can be found in Facebook Ireland’s data policy at https://www.facebook.com/about/privacy.
- Further information on how Facebook Ireland processes personal data, including the legal basis Facebook Ireland relies on and the ways to exercise data subject rights against Facebook Ireland, can be found in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy.
The essence of our Joint Controller Addendum with Facebook Ireland is the following:
- We entered into this Controller Addendum to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the Joint Processing (as specified in the Applicable Product Terms);
- We agreed that we are responsible for providing data subjects as a minimum with the information listed under no. 2 of the Joint Controller Addendum;
- We agreed that between the Parties, Facebook Ireland is responsible for enabling data subjects’ rights under Articles 15-20 of the GDPR with regard to the personal data stored by Facebook Ireland after the Joint Processing.
When you enter into an agreement with us, become a partner or a supplier or carry out works for us, register to use our (online) applications (each time you log in or use the service or when you communicate with us in that context
When you are a shareholder in our company
When you apply for a job at ORIEL
When you subscribe to our commercial mailings
When you visit our premises
When you communicate with us by e-mail, phone or any other digital communication channel
In all of the above cases
4. When is your personal data collected?
The data that we use can be collected directly from you in the above-mentioned situations, or can be obtained from the following sources with the aim of verifying or enhancing our databases:
- Publications/databases made accessible by the official authorities (e.g., the Belgian State Gazette).
- Our corporate partners, suppliers or other business contacts.
- Databases made public by third parties.
5. Who has access to your data and to whom are they transferred?
Only authorized users have access to your personal data to carry out the tasks mentioned above. An authorized user is somebody who, as part of carrying out their work for ORIEL, is authorized to process personal data within the framework of ORIEL’s directives (e.g., persons who work for us, as well as suppliers who help us process your personal data).
To accomplish the aforementioned tasks, ORIEL can disclose your personal data to:
- Shareholders of entities in the ORIEL-group;
- An external auditor;
- A legal advisor;
- A financial consultant;
- Another professional and/or service provider/consultant;
- A social bureau, banking organizations, insurers, funds;
- Our employees, suppliers or other contractors;
- Your employer or business partners;
- IT-companies or service providers for software and electronic data storage (servers, etc.);
- Legal, administrative or police authorities;
- Government or judicial authorities to the extent that we are obliged to share your personal data with them (e.g., tax authorities, police or judicial authorities or supervisory authorities).
6. How long do we keep your data?
We store your personal data for as long as necessary to achieve the purposes described above (such as good book-keeping, efficient management of our assets and responses, claim management and legal or regulatory demands) or, when we have asked you for your consent, until you withdraw your consent.
As a general rule, we will de-identify your personal data when it is no longer needed for the purposes described above or when the retention period, as explained in this Article 6, has expired. However, we cannot delete your personal data if there is a legal or regulatory obligation or a court or administrative order preventing us from doing so, or to the extent that such personal data are used or can be used as evidence in imminent or on-going disputes.
We retain all personal data collected through our website for as long as necessary to protect the legitimate interests stated above or until your consent is withdrawn. We retain technical information such as our server log files until one year after your visit to our website, after which it will be deleted or de-identified. Messages that you send us via the contact form will be retained as long as necessary to handle and follow up your question, request, comment, or other input. We also keep an archive of so-called tickets we received via the contact form. We will remove or de-identify tickets we have closed no later than 5 years after closure.
All personal data we collect through our social media we retain as long as necessary to protect the legitimate interests stated above. Messages that you send to us via social media and your identity and contact details and technical details related thereto, we will retain as long as necessary to handle and follow up your question, request, comment or other input. We will not retain this data longer than 5 years after your message, after which it will be deleted or de-identified.
We retain all personal data collected when we have an agreement with you, or when you become a partner, supplier or carry out work for us, for the duration of our contractual or business relationship with you and until 10 years after the end of that relationship. When you participate in a tender with us, we will retain your personal data for the whole duration of the tendering process and, if we win, until 10 years after the end of the assignment for which we tendered, or if we lose, until 5 years after we received the decision that we did not win or after the decision to revoke our participation to the call for tenders.
We retain all personal data of our shareholders for as long as you are a shareholder and until 5 years thereafter unless the law requires a longer retention period.
All personal data we collect when you visit our premises will be retained as long as necessary to protect the legitimate interests stated above or, if you have used our Wi-Fi network, until your personal data is no longer required for this purpose. We consider this retention to be necessary until 1 year after your last access to our Wi-Fi network. Identity and contact details and other information collected as part of your visit, we retain as long as necessary to manage our business activities responsibly and professionally. We will not retain this data longer than 3 months after your visit. We do not retain camera images recorded during your visit for more than 14 days after the image was recorded, unless there is a legitimate reason to retain these camera images for a longer period of time.
All personal data we collect through our interactions with you through social media, telephone, e-mail or other digital communication channels will be retained for as long as necessary to communicate with you, but also to maintain a historical record of our communications. This allows us to return to previous communications when you come back to us with new questions, requests, comments or other input.
Certain data is archived for a minimum duration to meet our legal obligations and for evidence purposes to safeguard your rights and the rights of our company. This archived data is only accessible for needs as evidence in legal proceedings, for inspection by authorized authorities (such as the tax authorities), or to provide documents to the legal, administrative or police authorities.
7. Security and confidentiality
ORIEL undertakes to adopt the required and appropriate technical, physical and organizational measures to protect personal data against unauthorized access, unlawful and unauthorized processing, loss or accidental damage and unauthorized destruction. These measures are regularly assessed and updated if necessary in order provide maximum protection for the personal data of the data subjects concerned.
In case of a data breach or computer flaw, as described below, ORIEL takes the required and appropriate measures to assess the extent and consequences, to put an end to such occurrences as quickly as possible and, where necessary, limit its impact for the data subjects concerned.
8. Transfer of data outside the EEA
In the case of international transfers from the EEA to a third-party country that the European Commission officially recognizes as having a level of personal data protection that is equivalent to the level stipulated by legislation within the EEA, we will rely on the relevant adequacy decision to transfer your personal data.
For transfers to countries outside the EEA that the European Commission does not officially recognize to have sufficient data protection, we base our action on a dispensation applicable to the situation (for example, in the case of international payments, such a transfer is necessary for performance of the contract).
If you require more information about how we transfer your personal data, please contact us by e-mail at firstname.lastname@example.org.
9. What are your rights and how can you exercise them?
Rights of data subjects
In compliance with enforceable regulations, you have various rights:
- The right to request access to personal data (A)
- The right to rectify such data (A)
- The right to delete such data (A)
- The right to oppose processing of such data (B)
- The right to request limitations on processing (B)
- The right to withdraw your consent (B)
- The right to data portability (C)
A. Right to access, rectification and deletion
Any data subject has the right to make a request to access their data. If a data subject exercises this right, ORIEL is required to provide the information regarding this matter, including:
- Giving a description and copy of the personal data.
- Informing the data subject why ORIEL processes such data.
If the data is inaccurate or incomplete, the data subject can request their rectification.
In certain circumstances, the data subject may, in compliance with data protection regulations, request the deletion of personal data concerning him, if, amongst other reasons, the personal data is no longer required for the purposes for which it was collected or processed. However, ORIEL can refuse to delete such data, for example due to the establishment, implementation or to proof of a right in legal proceedings.
To ensure your data is kept fully up-to-date, we ask that you inform us of any changes (for example, change in civil status, address, etc.).
ORIEL can only base itself on the personal data that were shared with ORIEL by the data subject itself and does not accept any responsibility in case this data should not be correct.
B. Right to oppose and limit processing of your data and the right to withdraw your consent
You have the right to oppose certain processing of your personal data that we wish to perform. This right is only valid if you have serious and legitimate reasons based on your specific situation to oppose the processing of your personal data. If this reason is justified, your data will not be further processed.
You may also request that processing of your data be restricted under certain conditions:
- If you contest the accuracy of your personal data, during the period that ORIEL needs to check your personal data;
- If the processing is unlawful and you oppose the erasure of the personal data
- If ORIEL no longer needs your personal data, but you need them for the establishment, exercise or defense of legal claims.
If you have given your consent for processing of your personal data, you have the right to withdraw this consent at any moment.
C. The right to data portability
When necessary and insofar as it is possible, the data subject may request to receive the personal data he supplied to ORIEL within the scope of managing and conducting his activities and to transfer such data to another data controller. In cases where it is technically possible, the data subject may request that ORIEL directly transfers such data to another data controller.
Who should you contact?
If the data subject wishes to exercise his or her rights concerning his or her personal data, he or she should contact:
- The Privacy Responsible
- By e-mail: email@example.com
- By post: ORIEL Windfarm Ltd. – For the attention of the Privacy Responsible – Sint-Maartenstraat 5, 3000 Leuven, Belgium
The request you send to us must be dated and signed. ORIEL reserves the right to request a scan or copy of the front side of your identity papers.
In compliance with regulations, you have the right to submit a claim to the mandated supervisory authority in Belgium via https://www.gegevensbeschermingsautoriteit.be/verzoek-klacht-indienen, or via the mandated supervisory authority of your choice.
10. How can you familiarize yourself with this policy and its modifications?
We therefore invite you to familiarize yourself with the latest version of this document on our website and we will try to inform you of any substantial modifications via our website or our normal methods of communication.
11. How to contact us
If you have any question concerning the use of your personal data by ORIEL or this policy, you can contact our Privacy Responsible by mail at the following address – ORIEL Windfarm Ltd. Privacy Responsible – Sint-Maartenstraat 5, 3000 Leuven, Belgium – or by e-mail at firstname.lastname@example.org.