HELIOXGROUP B.V. and AFFILIATES - June 2021
Dear Visitor,
Heliox has over 30 years of Professional Power Conversion experience and is a Global Market Leader in charging infrastructure for electric buses. Our products are being used in the world’s largest opportunity DC charging projects in Europe. Our excellent R&D capabilities enable us to create and develop, together with our visitors and suppliers, innovative and high quality future proof charging solutions in the most demanding markets.
Heliox has a strong focus on Compliance and Corporate Social Responsibility. We care about the impact we have on our visitors, customers, suppliers, our people, our environment and future generations to come. Part of it is personal data of the persons we are doing our business with.
Heliox (“we”, “Heliox”) and Heliox Affiliated Companies take the protection of your personal data seriously. We are committed to process your personal data held by us in accordance with the applicable legislation and regulations for the protection of personal data.
DATA CONTROLLER
For the purpose of this Heliox Privacy Notice Visitors (“Privacy Notice”), the data controller is Heliox Group B.V., with registered offices at De Waal 24, (5684 PH) Best.
Heliox Affiliated Companies may also receive and process your personal data, either in the capacity of controller or processor and this Privacy Notice applies equally to them.
Michael Colijn, CEO Heliox
We believe that taking care of people and the environment is fundamental to the success of our business.
[1] “Affiliate” means a (legal) entity that is affiliated with,or that directly or indirectly controls, is controlled by or is under commoncontrol with, Heliox. ‘Control’ meaning ownership of 50% (fifty percent) ormore of the share capital or the right to exercise 50% (fifty percent) or moreof the voting rights in the appointment of the directors of such company, firm,partnership or other legal entity, but any such legal entity shall be deemed tobe an Affiliate only as long as such liaison exists.
1. TYPES OF VISITORS PERSONAL DATA WE COLLECT
We process the following personal data of our visitors:
Reception desk - At the reception desk in our buildings and premises, we collect first name, last name, company name, car number plate, entry and exit time, host name, reason of visit, signature and date of the visit, photo/video of our visitors.
Our contractors accessing to our sites (or sites of our clients) to perform work - We also collect personal data of our contractors or suppliers entering our sites or sites of our customer: first name and last name, company he/she works for, role or function, telephone number, car number plate, entry and exit time, host name, reason of visit, signature and date of the visit, photo/video of our visitors, site to access, possession of health and safety certificate or compliance with the safety rules.
2. SOURCES OF THE PERSONAL DATA:
We collect your personal data when as an individual you:
- visit our buildings or premises;
- visit buildings and premises of our customers; or
- otherwise provide us or any of our employee with your contact details or other personal data.
Personal data may also be obtained from published sources (e.g. Chamber of Commerce (Kamer van Koophandel) to confirm for example signatory powers, social media) and from Heliox Affiliated Companies.
3. PURPOSES OF THE PERSONAL DATA PROCESSING
Purposes of the personal data collected
The personal data are collected for the following purposes:
- to perform our contractual obligations with our services providers, contractors or customers;
- to ensure compliance with our legal obligations (e.g. health and safety legal obligations) (e.g. intervene in case of work accidents or accidents of third parties on sites or premises, manage and investigate such accidents, report such accidents to insurance companies and other relevant third parties) towards our staff, contractors, services providers, customers and visitors accessing our sites and premises;
- to serve our legitimate business interests to ensure the security of our sites and premises.
4. LEGAL BASIS OF THE PERSONAL DATA PROCESSING
The mentioned processing activities are necessary to:
(i) to serve our legitimate interests; or
(ii) to comply with our legal (health and safety) obligations.
We will ask your consent for the activities described in this Privacy Notice when required by applicable law and the activities are not covered by one of the above mentioned legal basis for personal data processing.
If you do not want to provide us with your personal data and they are necessary for the purposes described above, we will not be able to enter into a contract with you or conduct business with you or provide you access to our buildings and premises or the premises of our customers.
5. HOW WE DISCLOSE OR TRANSFER YOUR PERSONAL DATA
To the extent permissible by applicable laws and in line with this Privacy Notice, we may disclose your personal data:
• to Heliox Affiliated Companies, for purposes consistent with this Privacy Notice. We take precautions to limit the access to your personal data only to those staff members who have a legitimate business need to access it in accordance with the Privacy Notice;
• to our third-party services providers or our clients such as payment or invoicing processing, IT services, website hosting, order fulfilment, infrastructure provision, security, auditing services and other services, to enable them to provide their services;
• to any competent law enforcement body, regulatory, government agency, court or other third party, such as without being limited to, the police authorities, the tax authorities, the social security authorities, when such transfer is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, (iii) to protect your vital interests or the ones of any other individual, or (iv) based on a court order;
• to our auditors, advisors, legal representatives and similar agents in connection with advisory services they provide to us for legitimate purposes and in accordance for the purposes described in this Privacy Notice;
• in the event that we, or any portion of our assets, are acquired, we may share all types of personal data with the acquiring company.
We do not transfer your personal data to third parties outside the EEA (European Economic Area) other than to Heliox Affiliated Companies, except in the following cases:
• you have explicitly consented to the transfer;
• the transfer is necessary for the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request;
• the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;
• the transfer is necessary for important reasons of public interests;
• the transfer is necessary for the establishment, exercise or defence of legal claims;
• the transfer is necessary in order to protect your vital interest or of other persons, where the data subject is physically or legally incapable of giving consent;
• when using standard EU model clauses; or
• when authorized by the data protection authority.
We always put adequate safeguards (European Commission or Standard Contractual Clauses) and take necessary measures to protect your personal data while transferring your personal data to the third parties within or outside EU or EEA.
6. HOW WE PROTECT YOUR PERSONAL DATA
We take technical and organizational measures to adequately protect your personal data and to maintain its quality. We make improvements to this protection on an ongoing basis in line with technical progress. We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure.
7. HOW LONG WE KEEP YOUR PERSONAL DATA
We retain your personal information for the period necessary to fulfil the purposes mentioned above:
• For a period of 1 month after your visit; or
• as long as the statutory limitation period to initiate a claim or legal action; or
• for a longer retention period if it is required or permitted by law (e.g. health and safety legislation, in case of a litigation).
8. HOW CAN YOU EXERCISE YOUR RIGHTS?
You have a number of rights under the applicable data protection laws.
Right to be informed - You have the right to be informed about how we process your personal data. This is the purpose of this Privacy Notice.
Right to access - You have the right to access your personal data and review your personal data.
Right to have your data erased - You have the right to have your personal data deleted.
Right to have your data corrected -You have the right to have your personal data to be corrected or updated.
The right to restrict data processing - You have the right to object or restrict processing of your personal data.
The right to data portability - You have the right to ask portability of your personal data and to receive your personal data in a structured, machine-readable format for your own purposes or to request to share it with a third party.
Right not to be subject to a decision based on an automated process - You have the right not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you.
Right to withdraw your consent - You have the right to withdraw your consent at any time, where we rely on it to process your personal data.
The above rights may be subject to some legal conditions. To exercise any of your above rights, or if you have any questions on this Privacy Notice, please contact us at this email address: legal@heliox-energy.com.
We will take all reasonable steps to respond to your request in accordance with applicable data protection laws. When you exercise any of the above rights, we will ask you to provide us with a copy of a valid identification document (e.g. your ID card) in order to authenticate you.
You may also use the above contact details if you have any concern or wish to make a complaint to us relating to how we process your personal data.
You have also the right to complaint to your local data protection authority in your jurisdiction.
9. UPDATE TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time. To let you know when we make changes to this Privacy Notice, we will amend the revision date at the top of the page. The new modified or amended Privacy Notice will apply from the revision date. Therefore, we encourage you to periodically review this Privacy Notice to be informed about how we are protecting your personal data.