A-one attaches great importance to the protection of your personal data and your privacy. In this privacy statement we explain which personal data we collect, why, how long we keep it and what rights you have. This statement has been drawn up in accordance with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.
1. Who we are: the data controller
The data controller within the meaning of the GDPR is:
- Name: A-one (sole proprietorship)
- Owner: Alessio Pavone
- Company number: BE 0768.925.136
- Address: Schemmersheide 28, 3600 Genk, Belgium
- Email: info@aone-group.com
- Website: consultancy.aone-group.com
A-one is not obliged to appoint a Data Protection Officer (DPO), but is open to all your questions and requests via the email address above.
2. What personal data we process
We process only the data you provide to us yourself or that is automatically generated during your visit to the Website.
2.1 Via the contact form
- Name
- Email address
- Company name (optional)
- Selected topic (optional)
- Content of your message
2.2 Automatically collected technical data
On each visit to the Website, technical data is automatically processed, such as:
- IP address (anonymised)
- Browser type and version
- Operating system
- Pages visited and time of visit
- Referring website (referrer)
We do not process any special categories of personal data (such as health data, political opinions or ethnic origin).
3. Purposes and legal bases for processing
3.1 Responding to contact requests
Purpose: Processing and responding to your questions, quote requests or introductory enquiries.
Legal basis: Performance of pre-contractual measures at your request (Art. 6(1)(b) GDPR) or our legitimate interest (Art. 6(1)(f) GDPR).
3.2 Technical management and security of the Website
Purpose: Keeping the Website functioning correctly, detecting technical problems and safeguarding security.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR): we have a legitimate interest in keeping our Website secure and functional.
3.3 Cookies with consent
Purpose: For non-functional cookies (analytical, marketing) we ask for your prior consent.
Legal basis: Consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time.
4. How long we keep your data
- Contact form data: A maximum of 2 years after our last contact, unless an ongoing business relationship justifies longer retention.
- Technical log data (server logs): A maximum of 12 months, unless needed for a security investigation or legal proceedings.
- Cookie data: In accordance with the retention periods stated in article 7 of this statement.
After the retention period expires, your data is securely deleted or anonymised.
5. Sharing personal data with third parties
A-one does not sell, rent or share your personal data with third parties for commercial purposes. We may, however, share your data with:
- Hosting providers and IT service providers that manage the technical infrastructure of the Website, solely as processors and on the basis of a data processing agreement;
- Competent government authorities where we are legally obliged to do so (e.g. a court order).
All external processors are contractually obliged to treat your data confidentially and to use it solely for the agreed purposes.
6. International transfers
In principle, A-one does not transfer your personal data outside the European Economic Area (EEA). Should this nevertheless be necessary (e.g. when using certain cloud services), we ensure adequate safeguards in accordance with the GDPR, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
7. Cookies and tracking technologies
7.1 What are cookies
Cookies are small text files stored on your device when you visit a website. They allow the website to remember certain information.
7.2 Types of cookies we use
The Website is deliberately kept simple. At present, A-one places no analytical cookies, no marketing cookies and no third-party tracking cookies. Only strictly necessary technical data required for the correct functioning of the Website is processed (see article 2.2).
Should A-one nevertheless use analytical or marketing cookies in the future, this statement will be updated beforehand and your prior consent will be requested via a cookie notice.
7.3 Managing cookie preferences
You can always manage or delete cookies and locally stored data via the settings of your web browser (see your browser's help function for instructions). Disabling strictly necessary data may affect the functioning of the Website.
8. Security of your data
A-one takes appropriate technical and organisational measures to protect your personal data against loss, unauthorised access, disclosure or destruction. This includes, among other things:
- A secure (HTTPS) connection to the Website;
- Access to personal data restricted on a need-to-know basis;
- Regular review of our security practices.
In the event of a data breach posing a high risk to your rights and freedoms, we will notify you as soon as possible, in accordance with Art. 34 GDPR.
9. Your rights as a data subject
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR): You have the right to know whether and which personal data we process about you.
- Right to rectification (Art. 16 GDPR): You can have inaccurate or incomplete data corrected.
- Right to erasure (Art. 17 GDPR): You can request the deletion of your personal data, unless we have a legitimate reason to retain it.
- Right to restriction of processing (Art. 18 GDPR): You can request that the processing of your data be temporarily restricted.
- Right to data portability (Art. 20 GDPR): You can receive your data in a structured, commonly used and machine-readable format.
- Right to object (Art. 21 GDPR): You can object to the processing of your personal data based on legitimate interest.
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time, without affecting the lawfulness of processing before the withdrawal.
To exercise any of these rights, you can contact us via info@aone-group.com. We respond to your request within 30 calendar days. We may ask you to confirm your identity before processing your request.
10. Complaints to the Data Protection Authority
If you believe that the processing of your personal data infringes the GDPR or Belgian privacy law, you have the right to lodge a complaint with the competent supervisory authority:
- Data Protection Authority (DPA / GBA)
- Drukpersstraat 35, 1000 Brussels, Belgium
- Tel.: +32 2 274 48 00
- Email: contact@apd-gba.be
- Website: www.dataprotectionauthority.be
However, we encourage you to contact us first, so that we can resolve your complaint directly where possible.
11. Changes to this privacy statement
A-one reserves the right to amend this privacy statement at any time, for example in response to legislative changes or changes in our processing practices. The most recent version is always available on this page. In the event of substantial changes that significantly affect your rights, we will inform you via the Website or by email.
12. Contact
For questions, comments or requests regarding this privacy statement or the processing of your personal data, you can reach us via:
- Email: info@aone-group.com
- Post: A-one, Alessio Pavone, Schemmersheide 28, 3600 Genk, Belgium