GPC Europe BV, with registered office at 8700 Tielt, Careelstraat 2 and entered in the Crossroads Bank for Enterprises under number 0877.177.730, Register of Legal Entities of Gent division Bruges (hereinafter ‘we’, or ‘GPC Europe’), attaches great importance to the protection of privacy. We therefore take all appropriate measures to protect your privacy in accordance with applicable laws and regulations, including Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (‘GDPR’).


In this privacy policy we aim to explain as clearly and transparently as possible what personal data we may collect from you, why we intend to collect it, how we intend to use it, and how we intend to handle it. We also seek to inform you about the privacy rights you have and how you can exercise them. This privacy policy does not apply to our relationship with our employees. There is a separate privacy policy for this.


For the purposes of this privacy statement, ‘personal data’ means all information about an identified or identifiable natural person (‘the data subject’). A natural person is regarded as identifiable if he or she can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more elements characterising the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. In other words, personal data is any information on the basis of which a person can be identified. This includes, for example, your name, date of birth, address, telephone number and email address, as well as your IP address. 


Anonymous data and data about deceased persons or legal entities is not personal data within the meaning of GDPR. Data is only anonymous if there is no way that the user can establish a connection with the data subject.


The term ‘processing’ is very broad and covers, among other things, the collection, recording, organisation, storage, updating, modification, retrieval, consultation, use, distribution, combination, archiving and deletion of data.


When and what personal data do we process, and on what legal basis?


We process your personal data when you:

-        visit our website;

-        place an order with us;

-        enter into or express a wish to enter into a contract with us;

-        contact our customer service;

-        apply for a vacancy;

-        interact with us in any other way;

-        subscribe to a newsletter; or

-        provide us with personal data about yourself in any other way (e.g. if you request a quotation online or fill in another online form when using our website).

We process the following personal data in the following cases:


When do we process personal data?

What personal data?

Personal data that you provide to us

When providing our products


The provision of personal data is necessary for the performance of the contract. Consequently, if this data is not provided, the contract cannot be performed.











·         first name

·         surname

·         address (if applicable, delivery address)

·         phone or mobile phone number

·         bank account number

·         email address

·         language preference

·         data relevant to the provision of the product (e.g. times when you can be contacted, etc.)

·         if applicable, business data such as the company number and/or VAT number insofar as the data relates to an identified or identifiable natural person

·         payment details

Competitions and marketing promotions


The provision of personal data is not mandatory. If this data is not provided, you will not have access to marketing promotions or be able to enter competitions.


·         first name

·         surname

·         address

·         phone or mobile phone number

·         email address

·         language preference

Camera surveillance

·         images of you

Visits to our websites




·         IP address

·         Cookies (see our cookie policy for more information)

Job applications


The provision of personal data is necessary to be able to assess the application. Consequently, if this data is not provided, the application cannot be assessed.










  • first name
  • surname
  • age/date of birth
  • sex/gender
  • photo
  • marital status
  • contact details
  • education and training background
  • employment history
  • nationality/citizenship/place of birth
  • additional information that you give us
  • additional information that your reference provider gives us about you
  • decision regarding your application

Personal data that we have not obtained directly from you

Supplements to your personal data obtained from external sources





·         first name

·         surname

·         address

·         whether or not you are on the ‘Do not call me’ list


GPC Europe does not process sensitive data, for example about your racial or ethnic origin, political views, sexual preferences or health.


In principle we also do not collect personal data from anyone under the age of 16. These young people may not pass on personal data or make a declaration of consent without the permission of the person who has parental responsibility.


Why do we process personal data and on what legal basis?


We process personal data for multiple purposes; we only process the personal data that is necessary to achieve the intended purpose.


In the processing of your personal data, the provisions of GDPR and all other applicable privacy legislation are complied with. Our processing activities always take place on the basis of one of the six possible legal grounds, as stated in Art. 6 GDPR.


Usually, one of the following legal grounds is concerned:

·         in connection with the preparation or performance of our contract;

·         to comply with the legal or regulatory provisions to which we are subject;

·         when we have a legitimate interest to do so, in which case we will always strive to strike a balance between that interest and safeguarding the privacy of the data subject; and

·         when we have received your consent.


Specifically, your personal data may be processed by GPC Europe for the following purposes, based on the following legal grounds:


Processing purpose for which the personal data is intended


Legal basis for processing

to handle and carry out your request for our products and services

in connection with the preparation or performance of our contract

for our customer administration

in connection with the preparation or performance of our contract

to provide you with optimal service

in connection with the preparation or performance of our contract

in order to improve the contents of our products, services and website

our carefully considered legitimate interest

for direct marketing purposes

our carefully considered legitimate interest (customers) or your consent (non-customers)

for the sale and promotion of our services and products

our carefully considered legitimate interest

to keep track of studies, tests and statistics

our carefully considered legitimate interest

for the management of our websites

our carefully considered legitimate interest

for the management of our competitions and promotions

our carefully considered legitimate interest

to prevent and detect abuses or fraud

our carefully considered legitimate interest

to guarantee everyone’s safety

our carefully considered legitimate interest

to inform you about our existing or new products and services and those of our affiliated companies (such as parent, subsidiary and fellow group companies)

our carefully considered legitimate interest (customers) or your consent (non-customers)

to comply with laws and regulations

to comply with the legal or regulatory provisions to which we are subject

in connection with a job application

in connection with the preparation or performance of our contract


How long do we keep the data for?


GPC Europe does not keep personal data any longer than is necessary for the purpose for which it was provided. Bear in mind that numerous legally required and other retention periods entail the storage of personal data. This applies in particular to registration and retention obligations relating to company law or tax law (e.g. the Companies and Associations Code, tax legislation, the Code of Economic Law, etc.). Where no retention obligation exists, personal data is routinely deleted after the purpose for which it was collected has been achieved.


In addition, we may store personal data if you have given us consent to do so or if we may need it in connection with legal proceedings. In the latter case, we may need to use certain items of personal data as evidence. To this end, we store certain personal data in accordance with the statutory limitation period, which may be up to thirty years; however, the usual limitation period for personal legal claims is ten years. Personal data acquired in the context of a job application will be deleted no later than two years after the application process has been completed. If your application leads to an employment contract being concluded, your personal data will be processed according to our employee privacy policy.


Do we pass on personal data to third parties?


GPC Europe does not sell or pass on personal data to third parties, unless:

•         this is done to our legal successors and other affiliated companies (such as subsidiaries or fellow group companies) for the same purposes as those stated in this privacy policy;

•         this is necessary for our service provision (e.g. to suppliers);

•         in relation to business transfers (in the event of a reorganisation, restructuring, merger, sale or other transfer of assets, we reserve the right to also transfer data, including personal data, provided the recipient agrees to process your personal data in accordance with our privacy policy);

•         there is a legal obligation to do so;

•         GPC Europe or the third party concerned has a legitimate interest;

•         you give us consent to do so.


We will never pass on personal data to other parties with which we have not concluded a processing agreement.


We will of course make the necessary arrangements with such parties (data processors) to ensure the security of your personal data.


Your personal data may also be shared outside Europe. GPC Europe undertakes only to appoint data controllers and/or processors outside the European Economic Area who, in accordance with the applicable privacy legislation, provide sufficient guarantees regarding the security and protection of personal data. If a transfer takes place to a country outside the EU, and the European Commission has not determined that that country offers an adequate level of protection, the transfer is always subject to an agreement that meets all requirements for transfers to third countries, such as the approved standard data protection clauses drawn up by the European Commission. The standard provisions approved by the European Commission can be consulted via the following hyperlink:


How do we protect your personal data?


We have taken appropriate technical and organisational measures to protect your personal data against unlawful processing; for example, these include the following measures:

•         anyone who can access your data on behalf of GPC Europe is bound by a confidentiality requirement;

•         we have a user name and password policy on all our systems;

•         we pseudonymise and encrypt personal data if there is reason to do so;

•         we make backups of personal data so that we can restore it in the event of physical or technical incidents;

•         we regularly test and evaluate our measures;

•         our employees have been informed about the importance of protecting personal data;

•         only employees who need to see your personal data have access to it.


What rights do you have and how can you exercise them?


The right of access (Article 15 GDPR)


You have the right to access any data concerning you free of charge. You can ask us:

·         whether we process personal data concerning you;

·         what categories of personal data we process;

·         with what categories of third parties we share your personal data;

·         what we process it for;

·         how long we keep this personal data for;

·         the origin of the processed data; and

·         whether there is automated decision-making (including profiling), the underlying logic for this, and its significance and consequences for you.


The right to rectification (Article 16 GDPR)


You have the right to have incomplete, incorrect, inappropriate or outdated personal data corrected. You can contact us in the manner indicated below for this purpose.

In order to keep your data up to date, we request that you notify us of any changes.


The right to erasure (‘right to be forgotten’)(Article 17 GDPR)


Under certain conditions you can ask us to delete your data. In this case, however, you should bear in mind that we will no longer be able to offer you any services if you should want them. However, your right to be forgotten is not absolute. We have the right to keep your data when necessary for, among other things, compliance with a legal obligation or in order to establish, exercise or support legal claims.


The right to restriction of processing (Article 18 GDPR)


You have the right to ask us to restrict the processing of your personal data if one of the following conditions applies:

·         the personal data we have is incorrect;

·         you have expressed a general objection to such processing;

·         you believe that we are unlawfully processing your data and do not want the personal data to be deleted, but ask for its use to be restricted;

·         we no longer need the personal data for the purposes for which we requested it, but you need it in connection with a legal claim.


The right to data portability (Article 20 GDPR)


You have the right to ask us to provide you with all your personal data in a structured, commonly used and machine-readable form and, where technically possible, to have it transferred to another controller, if both the following conditions are met:

·         the personal data concerned was processed on the basis of your consent or on the basis of an agreement; and

·         the processing is done by automated means.

The technical feasibility of this will be exclusively assessed by us.


The right to object (Article 21 GDPR)


You have the right to object to the processing of your personal data for specific reasons applicable to you.


If you wish to oppose the use of your personal data for direct marketing purposes, you do not have to give any reason for this. In other words, you may object to this at any time. If you do so, your personal data will no longer be processed for direct marketing purposes.


The right not to be subject to automated individual decision-making (Article 22 GDPR)


You have the right to object to any purely automated processing of your personal data, including profiling, which has legal consequences for you.

However, if such processing is permitted by law or is necessary in order to realise or carry out deliveries of our products or services, we cannot act on a request not to be subject to automated individual decision-making.


The right to withdraw consent (Article 7 GDPR)


When your personal data is processed on the basis of your consent, you may withdraw that consent at any time by request (without prejudice to the lawfulness of the processing based on consent before its withdrawal).



Exercising your rights


To exercise the above rights, contact: To enable us to check your identity, please send us a copy of the front of your identity card.


Data controller


Your personal data is processed by GPC Europe, which is responsible for the processing (‘data controller’). This means that we determine the purpose and means of processing of your personal data.


How to contact us


If, after reading our privacy policy, or more generally, you have any questions or wish to contact us, you can do so using the contact details below:


GPC Europe BV

Careelstraat 2

8700 Tielt


You have the right to submit a complaint to the Data Protection Authority, which is the supervisory authority responsible for privacy protection:


Data Protection Authority (‘DPA’)

Drukpersstraat 35

1000 Brussels

+32 (0)2 274 48 00



Changes to our privacy policy


GPC Europe may make changes to this privacy policy. We therefore invite you to always look at the latest version of this policy on our website. We will of course let you know about any significant changes through our website or other current communication channels.