Privacy policy

Andy´s privacy statement  

This Privacy Statement describes how Andy BV with company number 1010.377.041 (“we”) processes your data in the context of its activities.

We endeavour to process your personal data in compliance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”).

How do we use your personal data?

In the context of our activities, we process your personal data for the following purposes:

• Customer Management (contractual necessity)
• Identification data and contact details (name, surname, email address, home address, phone number)
• Financial data (payment details)
• Consumption habits

The information may be obtained indirectly, when we provide a delivery service for a third-party supplier where you ordered products.

• Supplier management (contractual necessity)
• Identification data and contact details (name, surname, email address, home address, phone number)
• Financial data (payment details)
• Professional data (profession)
• Criminal data (the processing of drivers’ criminal records is authorized under Belgian law based on article 596 of the Belgian “Code d’instruction criminelle”)

We may obtain personal data indirectly from your employer or colleagues, when they provide us with your personal data. We also collect some personal data from social media (e.g. LinkedIn).

• Direct marketing (legitimate interest, i.e. the freedom of entrepreneurship) (legitimate interest for customers and consent for data subjects who are not customers)
• Identification data and contact details (name, surname, email address, home address, phone number)
• Consumption habits
• Compliance with our legal obligations (legal obligation)
• Identification data (name, surname, email address, home address, phone number)
• Financial data (payment details)
• The legal ground is indicated for each processing.

If the legal ground is a contractual necessity or a legal obligation, then the personal data must be provided to enable the execution of the agreement or to comply with a legal obligation. In the absence of this information, we are unable to enter into a professional relationship with you.

The retention period of your personal data is limited to:

• Customer management: 10 years after the end of the customer relationship;
• Supplier management: 10 years after the end of the supplier relationship;
• Direct marketing: 3 years after the last meaningful contact;
• Compliance with our legal obligations: retention in accordance with the legal retention periods.

Additional information regarding the recipients of your personal data

We share your personal data under certain circumstances to a limited number of other third parties:

• Processors which provide us with services (delivery persons, software providers)
• National and European authorities if we are required to disclose personal data (legal obligation)
• Banks and payment service providers (in order to make or receive payments)
• Our professional advisers, such as accountants and lawyers (to the extent necessary for their assistance)
• Your personal data is usually processed within the European Economic Area.

However, Contaynor may transfer certain personal data outside of the European Union to be processed by Contaynor’s service providers in third countries, including the United States. When Contaynor transfers personal data outside of the EU to a country not determined as adequate by the European Commission, the transfer shall be based on (the latest available) version of the Standard Contractual Clauses adopted by the European Commission.

Which rights do you have regarding the processing of your personal data?

According to the General Data Protection Regulation (GDPR), you have the following rights:

• to access and receive a copy of your data;
• to rectify your data if it is inaccurate;
• to object to the processing for direct marketing and for reasons related to your particular situation;
• to erase your personal data (“right to be forgotten”) or restrict the processing of your data;
• when the processing is based on consent, to retract your consent at any time;
• to data portability when the processing is based on consent or contractual obligation.

The exercise of these rights may be subject to conditions defined by the GDPR. We may ask for additional documents, if we have reasonable doubts about your identity.

You have the right to lodge a complaint with the competent supervisory authority (for Belgium, this is the Belgian Data Protection Authority). If you consider lodging a complaint, we kindly ask you to contact us first to seek a speedy resolution of the issue.

To exercise these rights, you must respect the conditions provided by the GDPR. Alternatively, to make things easier, you can contact us at the address below. In case of reasonable doubt about your identity, we reserve the right to ask for proof of identity.

Implementation of security measures

We have implemented an adequate system of protection of your personal data.

Nevertheless, no security system can guaranty 100% of security. We strive to continuously improve the safety of our system. You also have an important role to play in the security of your personal data by keeping your account details confidential and ensuring its adequate security. 

How to contact us

To exercise your data protection rights or if you have any question relating to the processing of your personal data, do not hesitate to send an email to hello@andy.be

Updates

Please note that we reserve the right to update this document from time to time. In that case, we will notify you by e-mail.

This document was last updated on June 2024.