Privacy Statement

Table of Contents

  1. Glossary
  2. Scope of application
  3. Responsibilities
  4. Purposes and legal basis for processing
  5. Disclosure of personal information
  6. Storage and retention
  7. Rights of the Customer
  8. Supervisory authority

1. Glossary

Data                   has the meaning defined in article 4 (7) GDPR.

Controller

““Data                  has the meaning defined in article 4 (8) GDPR.

Processor

GDPR”               Regulation 2016/679 f the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Indirect User”   natural person who gains access to the Product or Solution through a Customer and in that context discloses Personal Data to OneBonsai.

Personal            has the meaning defined in article 4 (1) GDPR.

Data

Privacy              refer to the privacy statement stipulated in this document.

Statement

Website”            the public website of OneBonsai available under the domain onebonsai.com

Capitalised terms not defined in the Privacy Statement are defined in the Terms and Conditions available at the following url: https://onebonsai.com/terms-of-sale/.

2. Scope of application

  1. Protecting the Personal Data of its Customers is of paramount importance to OneBonsai. OneBonsai recognizes that when a customer chooses to provide OneBonsai with personal information, the Customer places confidence in our ability to handle Customer privacy in a responsible manner.
  2. This Privacy Statement applies to the processing of Personal Data provided by Customer to OneBonsai for the purposes of providing the services under an Agreement.
  3. Modifications to the Privacy Statement shall be notified to the Customer. The new version of the Terms and Conditions shall become applicable in the absence of any opposition from the Customer at the latest one (1) month after this notification.

3. Responsibilities

  1. In order to provide the services to its customers, OneBonsai collects following Personal Data:
    1. contact details and billing information;
    2. username of authorised users and IP addresses
    3. company information;
    4. payment information.Administrative users are required to submit this Personal Data to create user accounts. With regard to this processing, OneBonsai is a Data Controller.

2. The Customer acknowledges that it acts in the capacity of Data Controller with regard to the Personal Data of Indirect Users that it uses or submits in or through the Product or Solution. The Customer decides alone which Personal Data of Indirect Users is being collected. In this context, the Customer understands that OneBonsai merely acts as a Data Processor.

3. Notwithstanding the above, OneBonsai may have access to a limited stream of technical data related to the use of the Product or Solution. OneBonsai ensures, upon the deployment of the Product or Solution, that such technical data is pseudonymised and encrypted prior to transmission to OneBonsai. This technical data, which includes VR/AR tracking data, is processed by OneBonsai to improve the services offered to the Customer. By agreeing with these Terms and Conditions, the Customer consents with the transmission of this data to OneBonsai.

4. Purposes and legal basis for processing

  1. OneBonsai collects the Personal Data of Customers for the sole purpose of offering a safe and optimised user experience. Technical data is collected to detect, prevent and mitigate technical issues.OneBonsai also uses Personal Data to keep Customers informed, and invite them to participate in, Product or Solution offerings. The Customer expresses consent to these notifications via an opt-in.

2. OneBonsai processes Personal Data on the following legal grounds:

  1. on the basis of the execution of the Agreement concluded with the Customer or the execution of pre-contractual steps taken at the request of potential Customers;
  2. on the basis of compliance with legal or regulatory provisions with regard to the management of the contractual relationship, invoicing in particular;
  3. on the basis of the Customer’s consent;
  4. articles 6 (1) (a) to (c) and (f) of the GDPR.

5.  Disclosure of personal information

  1. OneBonsai may engage third-party service providers for technical, hosting and support purposes. OneBonsai commits itself to only select third-party service providers giving sufficient guarantees to implement appropriate technical and organisational measures relating to the processing of Personal Data.To the extent that the third-party service provider acts as a Data Processor and processes Personal Data on OneBonsai’s behalf, OneBonsai will enter into a data processing agreement before any processing activity is carried out.
  2. In the course of using a Product or Solution, Customers may be invited to share Personal Data with third-party applications, for example when they choose to access a Product or Solution through such an application. OneBonsai is not responsible for how these third parties process such data.

6. Storage and retention

  1. OneBonsai has adopted reasonable security measures on a technical and organisational level to avoid the loss, unwanted modification, non-authorised access or the accidental communication of Personal Data to third parties, as well as its non-authorised processing.
  2. The Personal Data of a Customer is stored only for as long as necessary for the performance of the Agreement. The retention depends on the nature of the Personal Data and the storage technology. It is therefore not possible to specify a specific time frame for the deletion of the Personal Data of Customers.

7. Rights of the Customer

  1. As data subject, the Customer has the following rights with regard to the Personal Data processed by OneBonsai: right of access (article 15 GDPR), right to rectification (article 16 GDPR), right to erasure (article 17 GDPR), right to restriction of processing (article 18), right to data portability (article 20 GDPR), right to object (article 21 GDPR), and right to withdraw consent (article 7 (3) GDPR).
  2. With regard to Personal Data of Indirect Users made available through Customers, the rights listed above are fulfilled by the Data Controller.
  3. Inquiries relating to the exercise of the rights described under this article should be addressed to: [email protected]

8. Cookies

  1. OneBonsai uses cookies and similar tracking technologies to track the activity on the Website, Product or Solution.
  2. Cookies are used to offer personalised user experience, remember technical choices and detect and correct technical error which might be present on the Website, Product or Solution.
  3. When navigating to the Website, the visitor is asked for his consent to the cookies used on the Website. The same goes for an Indirect User when using a Product or Solution. While cookies may be refused or blocked, this may affect the proper functioning of the Website, Product or Solution.

9. Supervisory authority

Belgian law governs the processing activities conducted by OneBonsai.

The Belgian Data Protection Authority is competent to control the compliance of the processing activities of OneBonsai with the applicable regulation on Personal Data.