1. Purpose of data storage
Hottlet Frozen Foods is a family owned business that imports frozen food items, mainly seafood, from mainly South East Asia and that distributes these products from it’s premisses in Belgium all over the European market.
Hottlet Frozen Foods only sells to professional buyers, not to private buyers. Every data storage has one sole objective : establishing the commercial relations with customers in a normal way eg by sending out commercial documents, by sending price lists as part of B2B commercial activities.
2. Which data are stored?
The personal data which are stored can be divided into 3 categories :
Personal data of Hottlet Frozen Foods staff members : these are data necessary for establishing and executing a labour agreement.
Data concerning commercial contacts : this concerns contact data of employees of customers and suppliers of Hottlet Frozen Foods. The requested data are strictly limited to contact data of various departments of commercial partners which are vital to the correct execution of company activities. The data supplier is explicitely informed about the use of the data and is asked permission for the data use. There’s a standard information sheet for the data supply.
Data of potential customers gathered through the website. Interested, professional prospects often make first contact through the website. Here as well the requested data are limited to the minimum, which are the contact data necessary to build normal commercial relations : name and surname of the contact person, company adress, phone, email. Based on these data a prospect is created in the ERP package “Dimasys” with which offers can be sent.
3. Use of data
Hottlet Frozen Foods uses the supplied data strictly for professional purposes. Staff personal data for the execution of the labour agreement, customer and supplier data for B2B business transactions. Use of data for other purposes is not allowed.
4. Period of data storage
Staff personal data are stored as long as legally required. Data gathered in the context of commercial relations are stored as long as the customer / supplier is active. Once it is clear a company is no longer active, it’s account is blocked in the system.
5. Transfer of data
No data are transferred to third parties, with the exception of staff personal data required for salary administration.
6. Data security
Hottlet Frozen Foods is AEO – certified. For AEO data security is a key aspect. A person responsible for online security was appointed which also follows up on data security. All data are stored on a central server positioned in a closed area. Access to this area is only possible by means of a key located in another locked area. With ICT partners for both hard – and software agreements were made for disaster recovery. Internally ICT rules of conduct were established available to all employees. In addition ICT procedures were established. There is also a cyber insurance to limit cyber risks. Hottlet frozen Foods nv is conscience of the GDPR rules and opts for minimal data storage. The number of staff members that can process data is limited to the person responsible for security (or his replacement in case of absence) and the head of the financial department.
7. Data request
A natural person can asks the personal data stored about him / her through phone or email as well as the history of the use of those data. This data request will be dealt with centrally, by the person responsible for security. He will also make sure the request and the identity of the requesting person are authentic.
8. Person responsible for data security
In the process of AEO certification a person was appointed responsible for safety and security. This responsibility was given to Filip Van der Vennet, manager of EPI bvba who within the framework of a interim management agreement assumes management activities within Hottlet Frozen Foods.
9. Breach of data
In case a breach of data by non authorised persons, the person concerned is informed first.
In a next phase and in case of a serious breach of privacy the privacy commission is informed. This is done via the website www.privacycommission.be.