Privacy Policy

Last updated: 22/04/2024 (version 7)




  • While using our website, service or while working at we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. (e.g.: name, organization and e-mail,…)
  • values privacy and is therefore committed to protect the (personal) data of all its stakeholders with the greatest possible care, and to process personal data only in a fair and lawful manner. This Privacy Statement is applicable to our customers, investors, partners, employees and website visitors for the personal data collected and processed by through the website and the related services.
  • We adhere to the principles of privacy by design and privacy by default;
  • This Privacy Statement contains essential information on how, as the data controller, collects and processes personal data, for what purposes and explains your rights as a data subject.
  • To demonstrate compliance to the latest regulations, such as GDPR, we are implementing ISO 27001 + ISO27701 and set up an information security management system (ISMS);
  • A risk assessment has showed how data is being used in our processes, this is also logged in our ROPA stored in the GDPR folder on Google Drive;
  • We have implemented measures to ensure adequate protection of data, both in transit and at rest;
  • Processes have been adjusted to make sure data is never stored longer than necessary to perform our services;
  • If you want to find out which measures and security controls have been implemented, we have prepared an Assurance statement which is available upon request.


What information do we collect:


  • (potential) Employees: By applying for a job at, we collect the information you provide to us, such as identity and contact details, resume and cover letter.
  • Once working here, OHMX  processes more personal information like
    • Payroll aministration and benefits
    • expense notes
    • extract of criminal record
    • degrees
    • absence (sickness, leave,holidays)
    • pictures
    • login and profile information for software used in the company
    • Acces management
Marketing and sales:
  • name, organization and e-mail,… of (potential) customers who contact us through the website, via email or other channels. This information can be added to our opportunities software.
  • uses cookies to collect information about visotors use of our website, if they accept the cookie statement.
  • Invoicing and accounting information
  • Contracts and agreements with clients
  • Name, organization and e-mail of (future) suppliers, partners and investors.
Medical and Scientific Research:
  • Pseudonomised (patient) data
  • (genetic) Human data


Why do we collect this information?


  • So we can offer you the best possible service in with a high focus on security while handling your requests.
  • To keep contact with customers, needs to collect your data.
  • We can use your name and contact details for direct marketing campaigns and to inform you with regard to the activities of
  • collects contact details of our current or future suppliers, partners and investors. We process this information to enter into our agreements and to manage our relationships or collaborations. This processing is therefore based on the conclusion and execution of our contracts and business relations.
  • The website may integrate plugins from LinkedIn and Twitter. From the moment you access our website, these social plug-ins send information to the third-party platform about your device, which pages you visit and how you use our services.
  • We keep employee, customer and supplier information about your purchases to execute our agreements, to comply with our legal obligations.


Who has access to your data?


  • The team has access to your data, and the in house document structures are based on need-to-know bases, so depending on the data classification, some restrictions apply.
  • uses different cloud based software systems for its daily operation. These systems are listed and classified based on the their sensitivity and secured accordingly. These parties are legally obliged to ensure your privacy at all times. They can only process your data in accordance with our purposes.
  • Finally, Personal data can be shared with third party service providers to which outsourced certain processing activities. In any case, this will be communicated to the controller and they are limited to processing your personal data in accordance with our instructions and if necessary, a data processing agreement will be concluded so they are obliged to comply with all obligations required by the applicable data protection legislation.


How long do we keep your data?


  • acknowledges the importance of the protection of personal data. We do not retain your personal data no longer than strictly necessary for the realization of the purposes for which we received the data, or for the execution of a contract or for fulfilling a legal obligation. The retention periods differ with regards to the type of processing activity and the purpose for which the personal data were collected. The personal data that we collect on the basis of your consent will be kept by us for as long as your consent remains valid.
  • We keep customer and supplier information about your purchases for as long as reasonably necessary to execute our agreements, to comply with our legal obligations (such as accounting and tax obligations) and to resolve disputes or enforce agreements. Therefore, this personal information is retained for the duration of our contractual relationship and for 5 years thereafter.
  • In all cases, personal data may be retained for a longer period if there is a legal or regulatory reason to do so, or for a shorter period if the data subject objects to the processing of his/her personal data and if there is no longer a legitimate reason to retain them.
  • We guarantee to only provide limited access to archived data and to remove or render anonymous your personal data if the retention period has passed.


What can you do?


Your Rights as a Data Subject: At all times, the data subject has the possibility to exercise his or her rights as described in the General Data Protection Regulation. The data subject can exercise the following rights:

  • Right of access

You have the right at any time and free of charge to access your personal data and to request a copy of the personal data that collects about you.

  • Right to rectification

You always have the right to have incorrect personal data corrected, or incomplete personal data completed.

  • Right to erasure (“right to be forgotten”)

You can request to have your personal data removed from’s systems. The request to erase your personal data cannot always be granted due to contractual or legal obligations. will take these obligations into account when replying to your request.

  • Right to object

You have the right to object to the processing of your personal data if the processing takes place on the ground of the legitimate interest of or on the ground of the public interest. We will stop processing unless we can prove that there are compelling legitimate grounds for the processing or for the exercise of legal claims. You can also object in the case of direct marketing, so the personal data will no longer be processed for these purposes.

  • Right to withdraw consent

For the processing of your personal data collected by with your consent, you can withdraw your consent at any time. For example, you can always unsubscribe from the newsletters. However, the withdrawal of your consent does not apply to processing previously carried out by

  • Right to restriction of processing

In certain cases, the data subject is entitled to obtain the restriction of the processing of his or her personal data. We will continue to store your data, but we will restrict its use. You can e.g. submit this request when you think that your personal data is inaccurate, or the processing by is unjustified. We only have to grant these requests in specific cases as defined by law.

  • Right to data portability

You have the right to receive the personal data concerning him or her, processed by, in a structured, commonly used and machine-readable format and/or to transmit those data to another controller.

These rights can be exercised free of charge by sending an e-mail to We commit to answer your request within one month upon its receipt. It is possible that we request additional information first in order to confirm your identity and ensure the request originates from you.

  • Right to lodge a complaint

If you are a European Economic Area resident, and you believe that NV infringes your privacy, you have the right to lodge a complaint with the Belgian Data Protection Authority: Gegevensbeschermingsautoriteit, Drukpersstraat 35, 1000 Brussels, Tel +32 (0)2 274 48 00, e-mail: