X – Personal data
X.1 The information collected by NATRA, including, without limitation, contact details of (representatives and contact persons at) the Purchaser and data required for invoicing, are carefully processed in strict compliance with applicable data protection laws, in particular the European General Data Protection Regulation 2016/679 of 27 April 2016 (so-called “GDPR”).
X.2 These personal data are processed by NATRA in order to ensure compliance with applicable laws and in its legitimate business interests described below.
X.3 Both the Purchaser and NATRA are considered as data controllers in the context of the applicable data protection legislation: the Purchaser as the party disclosing the information to NATRA in the framework of the agreement, and NATRA as the party using the information.
X.4 The Purchaser undertakes to inform its representatives/contact persons or any other person whose personal data are provided to NATRA (the “data subjects”) about the data processing in the framework of the agreement, including among others:
- the details of the Purchaser and NATRA as data controllers in the context of the agreement;
- the purposes of the processing of the data (see below);
- the legal grounds for the processing (see above);
- the possible third parties who are involved or can be involved in the iperformance of the agreement, and can also process (i.e. the processors) or receive (i.e. the recipients) personal data in this context;
- the rules concerning the duration of the period during which personal data will be processed and/or stored;
- the possibility to lodge a complaint with the Data Protection Authority;
- the rights of the data subjects concerning access, rectification, erasure (in case of valid ground thereto under the GDPR), objection and restriction.
X.5 The personal data of (the contact persons and representatives of) the Purchaser will only be processed for the performance of the agreement, for complying with obligations imposed by laws and regulations and for the following legitimate business reasons: customer management, order management, invoicing purposes, the provision of information about products and services, technical-commercial information, dealing with enquiries, communication (merely to contact someone), dispute management, statistics, access control and security.
X.6 The recipients of such data within NATRA are the finance, logistics and sales departments and this on a strict need-to-know basis. NATRA will not transfer any personal data to recipients which are located in countries outside the European Economic Area (EEA) whose laws may not provide the same level of data protection.
X.7 As a general rule, NATRA will hold the personal data during a period of 10 years as of the end of the contractual relationship. The data will not be used for automated decision making.
X.8 The (contact person and representative of the) Purchaser has the right to contact Natra’s Human Resources department (firstname.lastname@example.org, 0032 3 312 95 00) if it wants to:
- access, correct or delete its personal data retained by NATRA,
- restrict the processing and transfer of its personal data;
- object to this, in which case NATRA will cease the processing unless it has compelling legitimate grounds for the processing.
X.9 If you feel that NATRA has violated the data protection legislation, you may file a complaint with the relevant Data Protection Authority.