Privacy Policy

Personal Data Protection Policy for Users 

OIKOSOS Environmental Health Consultancy 

Version 1.1 

December 2024 

Public 

This Personal Data Protection Policy is intended to inform you about what types of Personal Data we might collect or hold about you, how we use it, who we share it with, how we protect it and keep it secure, and your rights about your Personal Data. Oikosos Environmental Health Consultancy (hereinafter “Oikosos Consultancy”, “Oikosos”, “we”, “us”, “our”), recognizes the importance of effective and meaningful Personal Data protections when it collects and uses the Personal Data of its Users (as defined below). We place great value on integrity and we are committed to building strong and lasting relationships with you based on trust and mutual benefit. Privacy protection is essential to us. This Personal Data Protection Policy expresses the strong commitment of the Oikosos Consultancy to respect and protect Personal Data of every individual and to ensure international compliance with data protection laws. 

This Personal Data Protection Policy covers all Personal Data collected and used by Oikosos Consultancy worldwide. Please note that this Policy has been drafted in accordance with one of the most stringent regulations in the world, the European General Data Protection Regulation 2016/679 dated on April 27, 2016 (“GDPR”). Since Oikosos Consultancy operates in various countries, other data protection or privacy laws or regulations may apply. In this regard, a local data protection policy may be implemented. In case of contradiction between a local data protection policy and this Personal Data Protection Policy, the local data protection policy shall prevail. In the countries where no local data protection policy exists, this Personal Data Protection Policy applies to Users by default. 

Personal data” means any information or pieces of information that could identify you either directly or indirectly. This means that Personal Data includes things like email/home addresses, phone number, usernames, user generated content, financial information, IP address, etc. 

User(s)” means any prospects, customers, service providers, partners, subcontractors, candidates and more generally anyone who is in contact with us (hereinafter “you” or “your”). 

Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

Please note that we may update this Personal Data Protection Policy at any time to adapt it to potential new practices and legislative or regulatory change. In such case, we will change the “last update” date and we will indicate the date on which the changes have been made. Depending on the nature of the change, we will inform you individually via an email and/or through any communication means directly accessible by you (e.g. Oikosos website). 

  1. What are the principles for processing Personal Data? 

Oikosos legal entity acting as your co-contractor that collects or uses your Personal Data for its business needs acts as the “data controller”. According to data protection laws, it must determine the purposes and the means of the processing of your Personal Data. This means we have responsibility for the Personal Data that you share with us. We process your Personal Data in compliance with the applicable laws and regulations and, in particular, the GDPR. 

We undertake to: 

Obtain and process your Personal Data fairly and lawfully; 

Obtain your Personal data for specified, explicit and legitimate purposes, and not process it subsequently in a manner that is incompatible with those purposes; 

Process only Personal Data that is adequate, relevant and not excessive in relation to the purposes for which it is obtained and its further processing; 

Ensure that your Personal Data is accurate, complete and, where necessary, kept up-to-date; 

Store your Personal Data for a period no longer than is necessary for the purposes for which it is obtained and processed and in accordance with applicable legislation and statute of limitations. 

  1. What Personal Data do we collect, why and how do we use it? 

In order for you to have the clearest view on how we use or may use your Personal Data, we have a table where you can find information by searching with the context/purposes of the data collection: 

Column 1 – This column explains what activity or scenario you are involved in when we use or collect your Personal Data; 

Column 2 – This column explains what types of Personal Data we collect; 

Column 3 – This column explains what we do with your Personal Data, and the purposes for collecting; 

Column 4 – This column explains the reason why we may use your Personal Data. 

When we collect data through forms including electronic forms, we will indicate the mandatory fields. In certain situations, failure to provide the data marked with an asterisk or your objection to Processing might affect your access to a service. Sometimes you will provide your Personal Data to us directly (e.g. when you contact us via our websites, when you ask for a quote estimate), sometimes we collect it indirectly (e.g. using cookies to understand how you use our websites) or sometimes we receive your data from other third parties. 

  1. Notification and Consent 

In certain circumstances, we ask for your consent prior to collecting, using or disclosing your Personal Data, in particular when: 

  • You wish to receive commercial communications; 
  • We use non-essential cookies, or cookie-like technology, and/or collect information about the device you use to access our websites; 
  • You ask us questions about our services. 

Where we collect your prior consent, you will be informed at the time of collection of your Personal Data. You may withdraw your consent at any time by using the provided opt-out mechanism and indicated at the time of collection of your Personal Data, or by contacting us at the contact details provided in Article 9 “Contact” of this Personal Data Protection Policy. 

  1. Who are the recipients of your Personal Data? 

Some of your Personal Data may be accessed: 

  • Within Oikosos Consultancy, and by any person authorised by virtue of their duties or functions. This will only be done on a need-to-know basis, within the limits of their respective powers and the performance of these duties and functions and where necessary to provide you with the services you have asked for, or in the context of a contract between you and Oikosos, or with your consent (in particular for marketing purpose) or to protect our interests and rights; 
  • By trusted service providers acting as subcontractors (i.e. data processors), which will carry out certain services necessary for the purposes indicated above on our behalf (marketing services, hosting services, database maintenance, etc.). We only provide them with the information they need to perform such services, and we require that they do not use your Personal Data for any other purpose. These service providers will only act upon our instructions and will be contractually bound to ensure a level of security and confidentiality for your Personal Data that is the same as the level Oikosos is bound to ensure and to comply with applicable personal data protection laws and regulations. 

Besides, Oikosos may share your Personal Data with third parties: 

  • To protect the rights, property or safety of Oikosos Consultancy, our users, our employees or others (e.g. technical service provider); or 
  • In the event of a merger or sale of the company’s assets (in such case your Personal Data will be disclosed to the prospective buyer); or 
  • To comply with a legal obligation or to respond to legal proceedings of any nature, court orders, any legal action or implementing enforcement measures that are required by the competent authorities; or 
  • For other purposes required by applicable legislation or with your prior consent. 
  1. Where do we store your Personal Data? 

Since some of our service providers are located abroad, the data that we collect from you may be transferred from a country located within the European Economic Area (“EEA”) to a country located outside of the EEA. Where Oikosos transfers Personal Data outside of the EEA, this will always be done in a secure and lawful way: 

  • Either by transferring Personal Data to a data recipient located in a country which is the subject to an adequacy decision adopted by the European Commission, establishing that this third country ensures an adequate level of protection for your Personal Data; 
  • Or by executing the European Standard Contractual Clauses which have been approved by the European Commission as providing an adequate level of protection for your Personal Data. 
  1. How long is your Personal Data retained? 

We will keep your Personal Data only as long as necessary for the purposes of the processing for which it was collected (typically the length of the contract). We may, however, keep your data for a longer period of time in application of specific legal or regulatory provisions and/or to comply with applicable statute of limitations periods. In case of longer data retention for other reasons, we will inform you of such reasons and of the applicable retention period upon collecting your Personal Data. 

To determine the data retention period of your Personal Data, we use in particular the following criteria: 

  • Where you subscribe to a service, we keep your Personal Data for the duration of our contractual relationship and then in accordance with the statute of limitations; 
  • Where you contact us for an enquiry we keep your personal data for the duration needed for the processing of your enquiry; 
  • Where you have consented to direct marketing we keep your Personal Data until you unsubscribe or require us to delete it or after a period of inactivity (no active interaction with us) defined in accordance with local regulations and guidance; 
  • Where cookies are placed on your computer, we keep them for as long as necessary to achieve their purposes) and for a period defined in accordance with local regulations and guidance. 
  1. How is your Personal Data protected? 

We are committed to keeping your Personal Data secure and taking all reasonable precautions to do so. We implement all necessary organisational and technical measures in accordance with this Personal Data Protection Policy and applicable laws and regulations to protect your Personal Data against any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. We contractually require that service providers who handle your Personal Data for us do the same. 

  1. Your rights 

In accordance with applicable Personal Data protection laws and regulations, you benefit from a certain number of rights in respect of your Personal Data, namely: 

  • A right of access and information: you have the right to be informed in a concise, transparent, intelligible and easily accessible form of the way in which your Personal Data is processed. You also have the right to obtain (i) confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case (ii) to access such Personal Data and obtain a copy thereof; 
  • A right to rectification: you have the right to obtain the rectification of inaccurate Personal Data. You also have the right to have incomplete Personal Data completed, including by means of supplying a supplementary statement; 
  • A right to erasure (‘right to be forgotten’): in some cases, you have the right to obtain the erasure of your Personal Data. However, this is not an absolute right and Oikosos Consultancy may have legal or legitimate grounds for keeping such Personal Data; 
  • A right to restriction of processing: in some cases, you have the right to obtain restriction of the processing of your Personal Data; 
  • A right to data portability: you have the right to receive your Personal Data which you have provided to Oikosos, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from Oikosos Consultancy. This right only applies when the processing of your Personal Data is based on your consent or on a contract and such processing is carried out by automated means; 
  • A right to object to processing: you have the right to object at any time to the processing of your Personal Data based on the legitimate interests of Oikosos, on grounds relating to your particular situation. In such a case, Oikosos may invoke compelling legitimate grounds overriding your rights and freedoms to continue the processing; 
  • The right to revoke your consent, at any time, to processing that is based on your consent: you may revoke your consent to the processing of your Personal Data when such processing is based on your consent. The revoking of consent does not affect the lawfulness of the processing carried out on the basis of such consent prior to the revocation of consent; 
  • The right to give instructions concerning the use of data after death: you have the right to give general instructions registered with a trusted third party and/or specific instructions to Oikosos concerning the use of your Personal Data after death; 
  • The right to file a complaint with the supervisory authority: you have the right to contact your Data Protection Authority to complain about Oikosos’ Personal Data protection practices. 
  1. Contact 

If you have any questions about how we treat and use your Personal Data, or would like to exercise any of your rights above, please contact the Data Protection Officer at: https://oikosos.eu