Privacy Policy

At NextSDS, a Belgian company providing safety data and CLP compliance solutions, we are committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (GDPR) and Belgian privacy laws. This Privacy Policy explains how we collect, process, and protect your data.

1. Data Controller Information

Franz BV Gaston Crommenlaan 8 - 9050 Gent VAT: BE 1015.936.824 Email: [email protected] Tel: +32 478503892

2. Types of Data We Process

2.1. Account Data

• Company details (name, VAT number, address)
• User contact information (name, email, phone)
• Login credentials (encrypted)
• Role-based access permissions

2.2. Safety Documentation Data

• Safety Data Sheets (SDS)
• CLP classification data
• Product hazard information
• Chemical composition data (where provided)

2.3. Technical Data

• IP addresses
• Browser type and version
• Platform usage statistics
• Cookie data (see our Cookie Policy)

3. Legal Basis for Processing

We process your data under the following legal bases:

• Contract performance (Article 6(1)(b) GDPR)
• Legal obligations under EU CLP Regulation (EC) No 1272/2008
• Legitimate business interests (Article 6(1)(f) GDPR)
• Consent, where specifically requested

4. Data Processing Purposes

4.1. Core Service Provision

• SDS management and storage
• CLP compliance automation
• E-commerce hazard information display
• Customer safety data portal management

4.2. Legal Compliance

• Maintaining required safety documentation
• Audit trail maintenance
• Regulatory reporting requirements

4.3. Service Improvement

• Platform performance monitoring
• Feature usage analysis
• User experience enhancement

5. Data Sharing and Transfers

5.1. Within the EU/EEA

• All data is stored on servers located in the EU
• We use EU-based service providers where possible

5.2. Third-Party Processors

• Cloud infrastructure providers (EU-based)
• Analytics services (with appropriate safeguards)
• Customer support tools

5.3. No Data Sales We never sell your personal data or safety documentation to third parties.

6. Data Security Measures

6.1. Technical Measures

• Encryption at rest and in transit
• Multi-factor authentication
• Regular security audits
• Automated threat detection

6.2. Organizational Measures

• Staff confidentiality agreements
• Regular data protection training
• Access control policies
• Incident response procedures

7. Your Data Protection Rights

Under GDPR, you have the right to:

• Access your data
• Rectify inaccurate data
• Request data deletion (where legally permissible)
• Object to certain processing
• Request data portability
• Withdraw consent

Contact our DPO to exercise these rights: [email protected]

8. Data Retention

8.1. Account Data

• Active accounts: Duration of service
• Inactive accounts: 6 months after last activity

8.2. Safety Documentation

• As required by applicable regulations
• Minimum 10 years for safety data records
• Audit trails preserved per legal requirements

9. Cookie Usage

We use:

• Essential cookies for platform functionality
• Analytics cookies with consent
• See our separate Cookie Policy for details

10. Supervisory Authority

You have the right to lodge a complaint with the Belgian Data Protection Authority: Gegevensbeschermingsautoriteit (GBA) Drukpersstraat 35, 1000 Brussels Tel: +32 2 274 48 00 [email protected]

11. Policy Updates

11.1. We regularly review this policy and update it to reflect:

• Regulatory changes
• Service improvements
• User feedback

11.2. Material changes will be notified via:

• Email notification
• Platform announcement
• Website update

12. Contact Information

For privacy-related queries: Franz BV Gaston Crommenlaan 8 - 9050 Gent VAT: BE 1015.936.824 Email: [email protected] Tel: +32 478503892

Last updated: 20 January 2025