1. Objective

Protection of your privacy and your personal data is of capital importance to ORIEL WINDFARM Ltd (ORIEL). This document comprises the privacy policy defined by ORIEL within the scope of the following activities:

  • When you use our websites (such as, but not limited to, www.orielwindfarm.ie) or the contact form;
  • When you use our social media;
  • When you enter into an agreement with us, become a partner or a supplier or carry out works for us, register to use our (online) applications (each time you log in or use the service), or when you communicate with us in that context;
  • When you are a shareholder in our company;
  • When you apply for a job at ORIEL;
  • When you subscribe to our newsletters;
  • When you visit our premises; and
  • When you communicate with us by e-mail, phone or any other digital communication channel.

This privacy policy has been written to comply with the European Regulation 2016/679 dated 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).

The goal of this privacy policy is to give you comprehensive information on this subject, to explain how we collect, use and store your personal data and what your rights are.

We also use cookies on our website. For more information, we kindly refer you to our cookie policy Parkwind Oriel windfarm | Cookie policy.

  1. What constitutes “processing of your data” and who is responsible for it?

“We” in this privacy policy refers to ORIEL:

Name:

ORIEL WIND FARM Ltd.

Address:

Digital Office Centre Swords

Balheary Demesne, Balheary Road,

Swords, Co. Dublin

IRELAND

Company number:

318186

E-mail:

gdpr@parkwind.eu

ORIEL acts as the data controller of the personal data that it processes within the scope of the above-mentioned activities. We only collect and use personal data that is necessary within the scope of such activities.

In certain circumstances, third parties may (also) be responsible for the processing of your personal data. For example, if you click on a link and leave our website or if you use our social media (e.g., LinkedIn or Twitter) and have your own social media account. We have no control over the data social media providers collect about you. In that case, we recommend that you consult the privacy policies of these third parties.

For some services, we call upon specialized third-party operators which, in some cases, work as processors. In such cases, they are duty bound to follow our directives. In other cases, these third parties and ORIEL are jointly responsible for processing and they must therefore respect the legal obligations connected to this position as well.

We ensure that these processors only receive the data that is strictly necessary for the performance of their tasks, as defined in our agreements with them. They have to implement a privacy policy, in line with the legal obligations and the privacy policy of ORIEL as well.

  1. What data is covered by our policy?

The data covered by our policy is personal data of natural persons. This is data that can directly or indirectly enable identification of a data subject. However, we never process data concerning your racial or ethnic origins, political opinions, religion, philosophical beliefs, trade union membership, genetic data, sex life or sexual preferences, unless obliged to do so by the law (e.g., when we organize social elections).

We will only process your personal data for a specific purpose and to the extent permitted by law. We further explain below in which cases we collect and use your personal data. If we do not receive your personal data directly from you, we will also inform you of this below.

When you use our website or the contact form

What personal data?
Why?Legal basis?
Technical information (e.g., server log files) about your visit and the device you use (e.g., IP address, time and browser type and version). We cannot identify you on the basis of this information, but third parties may be able to identify you (e.g., your internet service provider).To ensure the most fault-free operation of our website and to detect and prevent malware, illegal content and conduct and other forms of potential abuseOur legitimate interest in keeping our online presence safe.
Identity and contact details provided by you through our contact form (e.g., name, e-mail address and telephone number) and the content of the message and the technical details of the message itself (e.g., date and time).To enable communication between you and us.Our legitimate interest in being able to respond to requests, questions or comments or to contact you proactively for questions of any kind.

When you use our social media

What personal data?Why?Legal basis?
When you send messages to us via social media, we collect your identity and contact information, your message content and your message technical details (e.g., date and time).To enable messages between you and us via social media. These messages are not public. However, if you post a comment or like or post other data on our public social media, then these data are public.Our legitimate interest in being able to respond to requests, questions or comments or to contact you proactively for questions of any kind.

With regard to the data from your interactions on our Facebook page, we inform you that:

  • Facebook Ireland is a joint controller of the joint processing as described under Sections 2.a.iii to 2.a.v.1 of the Facebook Business Tools Terms (https://www.facebook.com/legal/terms/businesstools/)
  • We collect and process your personal data regarding the joint processing to target our ads, deliver commercial and transactional messages and to improve ad delivery, personalize features and content and to improve and secure the Facebook products.
  • The information required by Article 13(1)(a) and (b) GDPR can be found in Facebook Ireland’s data policy at https://www.facebook.com/about/privacy.
  • Further information on how Facebook Ireland processes personal data, including the legal basis Facebook Ireland relies on and the ways to exercise data subject rights against Facebook Ireland, can be found in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy.

The essence of our Joint Controller Addendum with Facebook Ireland is the following:

  • We entered into this Controller Addendum to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the Joint Processing (as specified in the Applicable Product Terms);
  • We agreed that we are responsible for providing data subjects as a minimum with the information listed under no. 2 of the Joint Controller Addendum;
  • We agreed that between the Parties, Facebook Ireland is responsible for enabling data subjects’ rights under Articles 15-20 of the GDPR with regard to the personal data stored by Facebook Ireland after the Joint Processing.

When you enter into an agreement with us, become a partner or a supplier or carry out works for us, register to use our (online) applications (each time you log in or use the service or when you communicate with us in that context

What personal data?Why?Legal basis?
Identity and contact details provided by you in the context of the agreement (e.g., name, e-mail address and professional function).To ensure the proper performance of agreements made, and if you are a partner or a supplier, to provide our services, including processing, performing or delivering services or processing payments and communicating with you in this context.If you are our partner or supplier as an individual, we rely on the necessity of processing your personal data for the performance of the contract we have with you. However, when you act on behalf of a company or other legal entity, we rely on our legitimate interest in being able to contract with partners and suppliers.
Identity and contact details provided by you within the framework of the agreement and, if applicable, your company and bank, financial and transaction details (e.g., bank details, account numbers, data related to transfers including communication and, more generally, any data recorded during your bank transfers).To ensure ORIEL’s financial and accounts management and to carry out our normal business administration (e.g., invoicing and relationship managementOur legitimate interest in managing our business activities in a responsible and professional manner.
Usage data when you use our platforms (e.g., the time and means of signing into our platforms, changes made to the data, … This also entails the data usage reporting and processing thereof).To give you access to our platforms, to maintain those platforms, to report on your use of our platforms and to ensure the security of those platforms, unless stipulated otherwise in a dedicated privacy notice one or more platformsOur legitimate interest in providing you access to our platforms, monitoring usage and keeping those platforms relevant, secure and operational
Any information contained in CVs and other supporting documents forming part of a tender and any communication exchanged in that contextTo be able to draft and submit tendersOur legitimate interest in participating to call for tenders with you if you operate as an independent, or with your employer or customer if you are an employee or subcontractor respectively


When you are a shareholder in our company

What personal data?Why?Legal basis?
Identity and contact details (e.g., name, e-mail address, postal address and telephone number), power of attorney and voting conduct.For the administration of our shareholders, organize shareholder events and compliance with any legal obligations to which we are subjectOur legitimate interest in managing our shareholders, organizing shareholder events. We also rely on the necessity of processing to comply with any legal obligations to which we are subject in relation to shareholder management.


When you apply for a job at ORIEL

What personal data?Why?Legal basis?
Identity and contact details (e.g., name, e-mail address, postal address and telephone number), information that you have included in your resume and cover letter, information you have made public on social media and any other personal data you have chosen to include in your application.To assess your application.We rely on the necessity of processing your personal data to reach a possible agreement with you. If we decide not to cooperate with you, we will request your consent to be included in our recruitment reserve. You can always revoke your consent by managing your data in our recruitment platform.


When you subscribe to our commercial mailings

What personal data?Why?Legal basis?
Your e-mail address and other personal data to personalize your newsletter (e.g., name and language).To send you our personalized newsletter or other electronic communication.Your consent, unless you are an existing customer who we wish to keep informed of our services. In that case, we rely on our legitimate interest to keep you informed.


When you visit our premises

What personal data?Why?Legal basis?
Identity and contact information provided by you to us during your visit (e.g., name and company name) and information about your visits (e.g., date, arrival and departure time and the person you are visiting).To ensure the safety of our sites and facilities and to notify the person you come to visit of your arrival.Our legitimate interest in managing our business activities responsibly and professionally and in meeting contractual obligations with our business partners.
Camera images taken during your visit on which you are recognizable.To ensure the safety and security of our sites and facilities.Our legitimate interest in managing our business activities responsibly and professionally.
Technical information about your device with which you connect to our Wi-Fi network (e.g., MAC address).To let you make use of our Wi-Fi network for guests in a safe manner.An agreement with you by your acceptance of the applicable terms and conditions.


When you communicate with us by e-mail, phone or any other digital communication channel

What personal data?Why?Legal basis?
Identity and contact details provided by you to us, the content of the communication, the technical details of the communication itself (e.g., date and time) and, if applicable, the device you used.To enable communication between you and us (e.g., when you use our contact form or contact us via social media, telephone or e-mail).Our legitimate interest in being able to respond to requests, questions or comments or to contact you proactively for questions of any kind.


In all of the above cases

What personal data?Why?Legal basis?
Above-mentioned personal data.To comply with our legal obligations or to comply with any reasonable request from competent police authorities, judicial authorities, government institutions or bodies, including competent data protection authorities.Our legal obligation.
Above-mentioned personal data.To prevent, detect and combat fraud or other illegal or unauthorized activities.Our legal obligation.
Above-mentioned personal data.To defend ourselves in legal proceedings.Our legitimate interest in using your personal data in these proceedings.
The personal data mentioned in the first two rows of the table in section “When you enter into an agreement with us, become a partner or a supplier or carry out works for us, register to use our (online) applications (each time you log in or use the service) or when you communicate with us in that context”.To inform a third party in the context of a possible merger with, acquisition of/by or demerger by that third party, even if that third party is located outside the EU.Our legitimate interest in entering into business transactions.


  1. When is your personal data collected?

The data that we use can be collected directly from you in the above-mentioned situations, or can be obtained from the following sources with the aim of verifying or enhancing our databases:

  • Publications/databases made accessible by the official authorities (e.g., the Belgian State Gazette).
  • Our corporate partners, suppliers or other business contacts.
  • Databases made public by third parties.
  1. Who has access to your data and to whom are they transferred?

Only authorized users have access to your personal data to carry out the tasks mentioned above. An authorized user is somebody who, as part of carrying out their work for ORIEL, is authorized to process personal data within the framework of ORIEL’s directives (e.g., persons who work for us, as well as suppliers who help us process your personal data).

To accomplish the aforementioned tasks, ORIEL can disclose your personal data to:

  • Shareholders of entities in the ORIEL-group;
  • An external auditor;
  • A legal advisor;
  • A financial consultant;
  • Another professional and/or service provider/consultant;
  • A social bureau, banking organizations, insurers, funds;
  • Our employees, suppliers or other contractors;
  • Your employer or business partners;
  • IT-companies or service providers for software and electronic data storage (servers, etc.);
  • Legal, administrative or police authorities;
  • Government or judicial authorities to the extent that we are obliged to share your personal data with them (e.g., tax authorities, police or judicial authorities or supervisory authorities).
  1. How long do we keep your data?

We store your personal data for as long as necessary to achieve the purposes described above (such as good book-keeping, efficient management of our assets and responses, claim management and legal or regulatory demands) or, when we have asked you for your consent, until you withdraw your consent.

As a general rule, we will de-identify your personal data when it is no longer needed for the purposes described above or when the retention period, as explained in this Article 6, has expired. However, we cannot delete your personal data if there is a legal or regulatory obligation or a court or administrative order preventing us from doing so, or to the extent that such personal data are used or can be used as evidence in imminent or on-going disputes.

We retain all personal data collected through our website for as long as necessary to protect the legitimate interests stated above or until your consent is withdrawn. We retain technical information such as our server log files until one year after your visit to our website, after which it will be deleted or de-identified. Messages that you send us via the contact form will be retained as long as necessary to handle and follow up your question, request, comment, or other input. We also keep an archive of so-called tickets we received via the contact form. We will remove or de-identify tickets we have closed no later than 5 years after closure.

All personal data we collect through our social media we retain as long as necessary to protect the legitimate interests stated above. Messages that you send to us via social media and your identity and contact details and technical details related thereto, we will retain as long as necessary to handle and follow up your question, request, comment or other input. We will not retain this data longer than 5 years after your message, after which it will be deleted or de-identified.

We retain all personal data collected when we have an agreement with you, or when you become a partner, supplier or carry out work for us, for the duration of our contractual or business relationship with you and until 10 years after the end of that relationship. When you participate in a tender with us, we will retain your personal data for the whole duration of the tendering process and, if we win, until 10 years after the end of the assignment for which we tendered, or if we lose, until 5 years after we received the decision that we did not win or after the decision to revoke our participation to the call for tenders.

We retain all personal data of our shareholders for as long as you are a shareholder and until 5 years thereafter unless the law requires a longer retention period.

We will retain all personal data we collect from you as part of your application for the duration of the application process and, if we choose to employ you, in accordance with our privacy policy for employees. If we do not choose to employ you, but we have invited you for an interview, we will retain your personal data for 2 years after the review process has ended. If you consent to the inclusion of your personal data in our recruitment reserve, we will retain your personal data for 2 years after receipt of your personal data.

All personal data we collect when you visit our premises will be retained as long as necessary to protect the legitimate interests stated above or, if you have used our Wi-Fi network, until your personal data is no longer required for this purpose. We consider this retention to be necessary until 1 year after your last access to our Wi-Fi network. Identity and contact details and other information collected as part of your visit, we retain as long as necessary to manage our business activities responsibly and professionally. We will not retain this data longer than 3 months after your visit. We do not retain camera images recorded during your visit for more than 14 days after the image was recorded, unless there is a legitimate reason to retain these camera images for a longer period of time.

All personal data we collect through our interactions with you through social media, telephone, e-mail or other digital communication channels will be retained for as long as necessary to communicate with you, but also to maintain a historical record of our communications. This allows us to return to previous communications when you come back to us with new questions, requests, comments or other input.

Certain data is archived for a minimum duration to meet our legal obligations and for evidence purposes to safeguard your rights and the rights of our company. This archived data is only accessible for needs as evidence in legal proceedings, for inspection by authorized authorities (such as the tax authorities), or to provide documents to the legal, administrative or police authorities.

  1. Security and confidentiality

ORIEL undertakes to adopt the required and appropriate technical, physical and organizational measures to protect personal data against unauthorized access, unlawful and unauthorized processing, loss or accidental damage and unauthorized destruction. These measures are regularly assessed and updated if necessary in order provide maximum protection for the personal data of the data subjects concerned.

In case of a data breach or computer flaw, as described below, ORIEL takes the required and appropriate measures to assess the extent and consequences, to put an end to such occurrences as quickly as possible and, where necessary, limit its impact for the data subjects concerned.

  1. Transfer of data outside the EEA

In the case of international transfers from the EEA to a third-party country that the European Commission officially recognizes as having a level of personal data protection that is equivalent to the level stipulated by legislation within the EEA, we will rely on the relevant adequacy decision to transfer your personal data.

For transfers to countries outside the EEA that the European Commission does not officially recognize to have sufficient data protection, we base our action on a dispensation applicable to the situation (for example, in the case of international payments, such a transfer is necessary for performance of the contract).

If you require more information about how we transfer your personal data, please contact us by e-mail at gdpr@parkwind.eu.

  1. What are your rights and how can you exercise them?

Rights of data subjects

In compliance with enforceable regulations, you have various rights:

  • The right to request access to personal data (A)
  • The right to rectify such data (A)
  • The right to delete such data (A)
  • The right to oppose processing of such data (B)
  • The right to request limitations on processing (B)
  • The right to withdraw your consent (B)
  • The right to data portability (C)

A. Right to access, rectification and deletion

Any data subject has the right to make a request to access their data. If a data subject exercises this right, ORIEL is required to provide the information regarding this matter, including:

  • Giving a description and copy of the personal data.
  • Informing the data subject why ORIEL processes such data.

If the data is inaccurate or incomplete, the data subject can request their rectification.

In certain circumstances, the data subject may, in compliance with data protection regulations, request the deletion of personal data concerning him, if, amongst other reasons, the personal data is no longer required for the purposes for which it was collected or processed. However, ORIEL can refuse to delete such data, for example due to the establishment, implementation or to proof of a right in legal proceedings.

To ensure your data is kept fully up-to-date, we ask that you inform us of any changes (for example, change in civil status, address, etc.).

ORIEL can only base itself on the personal data that were shared with ORIEL by the data subject itself and does not accept any responsibility in case this data should not be correct.

B. Right to oppose and limit processing of your data and the right to withdraw your consent

You have the right to oppose certain processing of your personal data that we wish to perform. This right is only valid if you have serious and legitimate reasons based on your specific situation to oppose the processing of your personal data. If this reason is justified, your data will not be further processed.

You may also request that processing of your data be restricted under certain conditions:

  • If you contest the accuracy of your personal data, during the period that ORIEL needs to check your personal data;
  • If the processing is unlawful and you oppose the erasure of the personal data
  • If ORIEL no longer needs your personal data, but you need them for the establishment, exercise or defense of legal claims.

If you have given your consent for processing of your personal data, you have the right to withdraw this consent at any moment.

C. The right to data portability

When necessary and insofar as it is possible, the data subject may request to receive the personal data he supplied to ORIEL within the scope of managing and conducting his activities and to transfer such data to another data controller. In cases where it is technically possible, the data subject may request that ORIEL directly transfers such data to another data controller.

Who should you contact?

If the data subject wishes to exercise his or her rights concerning his or her personal data, he or she should contact:

  • The Privacy Responsible
  • By e-mail: gdpr@parkwind.eu
  • By post: ORIEL Windfarm Ltd. – For the attention of the Privacy Responsible – Sint-Maartenstraat 5, 3000 Leuven, Belgium

The request you send to us must be dated and signed. ORIEL reserves the right to request a scan or copy of the front side of your identity papers.

In compliance with regulations, you have the right to submit a claim to the mandated supervisory authority in Belgium via https://www.gegevensbeschermingsautoriteit.be/verzoek-klacht-indienen, or via the mandated supervisory authority of your choice.

  1. How can you familiarize yourself with this policy and its modifications?

In a world of constantly changing technology, we regularly update our privacy policy.

We therefore invite you to familiarize yourself with the latest version of this document on our website and we will try to inform you of any substantial modifications via our website or our normal methods of communication.

  1. How to contact us

If you have any question concerning the use of your personal data by ORIEL or this policy, you can contact our Privacy Responsible by mail at the following address – ORIEL Windfarm Ltd. Privacy Responsible – Sint-Maartenstraat 5, 3000 Leuven, Belgium – or by e-mail at gdpr@parkwind.eu.

This privacy policy is applicable with effect from 04/08/2023