Privacy Statement

Table of Contents

  1. Glossary
  2. Scope of application
  3. Responsibilities
  4. Purposes and legal basis for processing
  5. Disclosure of personal information
  6. Storage and retention
  7. Rights of the Customer
  8. Supervisory authority

1. Glossary

Data Controller” has the meaning defined in article 4 (7) GDPR.

Data Processor” has the meaning defined in article 4 (8) GDPR.

GDPR” Regulation 2016/679 f the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Indirect User” natural person who gains access to the Product or Solution through a Customer and in that context discloses Personal Data to OneBonsai.

Personal Data” has the meaning defined in article 4 (1) GDPR.

Privacy Statement” refer to the privacy statement stipulated in this document.

Capitalised terms not defined in the Privacy Statement are defined in the Terms and Conditions available under this link.

2. Scope of application

  1. This Privacy Statement applies to the processing of personal data provided by Customer to OneBonsai for the purposes of providing the services under an Agreement.
  2. Modifications to the Privacy Statement shall be notified to the Customer. The new version of the Terms and Conditions shall become applicable in the absence of any opposition from the Customer at the latest one (1) month after this notification.

3. Responsibilities

  1. In order to provide the services to its customers, OneBonsai collects following Personal Data:
    1. contact details and billing information;
    2. username of authorised users and IP addresses
    3. company information;
    4. payment information.

    Administrative users are required to submit this Personal Data to create user accounts. With regard to this processing, OneBonsai is a Data Controller.

  2. The Customer acknowledges that it acts in the capacity of Data Controller with regard to the Personal Data of Indirect Users that it uses or submits in or through the Product or Solution. The Customer decides alone which Personal Data of Indirect Users is being collected. In this context, the Customer understands that OneBonsai merely acts as a Data Processor.
  3. Notwithstanding the above, OneBonsai may have access to a limited stream of technical data related to the use of the Product or Solution. OneBonsai ensures, upon the deployment of the Product or Solution, that such technical data is pseudonymised and encrypted prior to transmission to OneBonsai. This technical data, which includes VR/AR tracking data, is processed by OneBonsai to improve the services offered to the Customer. By agreeing with these Terms and Conditions, the Customer consents with the transmission of this data to OneBonsai.

4. Purposes and legal basis for processing

  1. OneBonsai collects the Personal Data of Customers for the sole purpose of offering a safe and optimised user experience. Technical data is collected to detect, prevent and mitigate technical issues.
    OneBonsai also uses Personal Data to keep Customers informed, and invite them to participate in, Product or Solution offerings. The Customer expresses consent to these notifications via an opt-in.
  2. OneBonsai processes Personal Data on the following legal grounds:
    1. on the basis of the execution of the Agreement concluded with the Customer or the execution of pre-contractual steps taken at the request of potential Customers;
    2. on the basis of compliance with legal or regulatory provisions with regard to the management of the contractual relationship, invoicing in particular;
    3. on the basis of the Customer’s consent;
    4. articles 6 (1) (a) to (c) and (f) of the GDPR.

5. Disclosure of personal information

  1. OneBonsai may engage third-party service providers for technical, hosting and support purposes. OneBonsai commits itself to only select third-party service providers giving sufficient guarantees to implement appropriate technical and organisational measures relating to the processing of Personal Data.
    To the extent that the third-party service provider acts as a Data Processor and processes Personal Data on OneBonsai’s behalf, OneBonsai will enter into a data processing agreement before any processing activity is carried out.
  2. In the course of using a Product or Solution, Customers may be invited to share Personal Data with third-party applications, for example when they choose to access a Product or Solution through such an application. OneBonsai is not responsible for how these third parties process such data.

6. Storage and retention

  1. The Personal Data of a Customer is stored for as long as necessary for the performance of the Agreement. The retention depends on the nature of the Personal Data and the storage technology. It is therefore not possible to specify a specific tile frame for the deletion of the Personal Data of Customers.

 

7. Rights of the Customer

  1. As data subject, the Customer has the following rights with regard to the Personal Data processed by OneBonsai: right of access (article 15 GDPR), right to rectification (article 16 GDPR), right to erasure (article 17 GDPR), right to restriction of processing (article 18), right to data portability (article 20 GDPR), right to object (article 21 GDPR), and right to withdraw consent (article 7 (3) GDPR).
  2. With regard to Personal Data of Indirect Users made available through Customers, the rights listed above should be fulfilled by the Data Controller.
  3. Inquiries relating to the exercise of the rights described under this article should be addressed to: [email protected]

8. Supervisory authority

The Belgian Data Protection Authority is competent to control the compliance of the processing activities of OneBonsai with the applicable regulation on Personal Data.