Data Ethics Policy

Data Ethics Policy

This policy sets out Ovobel N.V.’s principles and guidelines on data ethics. It forms an integral part of our corporate governance framework and supplements the other internal and external policies published by Ovobel N.V. This policy also serves as Ovobel’s official statement on data ethics as required under applicable European and Belgian regulations.

Data ethics concerns the responsible and sustainable collection, use, and sharing of data. It ensures that our use of data contributes positively to people, society, and technological development. Data ethics becomes especially relevant whenever data processing may have a direct or indirect impact on individuals, partners, employees, or the broader public. Accordingly, IT security and personal data protection form important components of data ethics.

Ovobel recognizes that digital technologies evolve rapidly and form an essential part of modern industry. As we embrace new digital solutions and data-driven processes, we also embrace the responsibility to handle data in an ethical, lawful, and transparent manner. Maintaining the trust of our customers, partners, and employees is essential for Ovobel’s long-term sustainability.

Ovobel approaches data ethics from three key perspectives:

  1. Risk Management: Ovobel identifies and assesses risks associated with data use and implements appropriate measures to maintain a high level of information security.
  2. Compliance: Ovobel complies with applicable laws, including GDPR, and respects the rights of individuals whose data we process.
  3. Ethical Responsibility: Ovobel establishes internal rules, principles, and awareness initiatives to ensure we handle data responsibly from both an individual and societal standpoint.

This Data Ethics Policy is published to provide transparency to our stakeholders and to inform all parties interested in Ovobel’s approach to ethical data processing.

The policy applies across the Ovobel organization. Each Ovobel entity is responsible for ensuring proper implementation of the principles within its respective operations.

The following principles address how Ovobel approaches data processing, how data is obtained, and how new technologies are evaluated within the company.

Purpose

This policy establishes the ethical principles that guide Ovobel’s use of data, with a focus on compliance, transparency, responsibility, and IT security.
The policy also aims to support Ovobel’s employees and partners in evaluating ethical considerations and navigating any data-related dilemmas that may arise.

Scope

This policy applies to all data processing activities conducted by Ovobel N.V., including:

  • Personal data and non-personal data
  • Data processed by Ovobel employees, systems, and digital platforms
  • Data handled by selected partners where Ovobel can influence processing practices
  • All technologies and processes implemented or controlled by Ovobel

This policy supplements Ovobel’s Privacy Policy and Cookie Policy, which provide detailed guidance on the handling of personal data.

Ovobel may act as a Data Controller when determining the purposes and means of processing personal data. In certain cases, Ovobel may act as a Data Processor when processing personal data on behalf of another organisation. In both roles, Ovobel ensures compliance with GDPR obligations and maintains appropriate contractual and technical safeguards.

Data Ethical Principles

  1. Data processing is conducted legally, fairly, and confidentially

Ovobel processes all data with respect, diligence, and confidentiality — the same standards we expect from our partners.

Risks of unintended consequences (including disclosure, misuse, manipulation, or security incidents) are mitigated to the greatest extent possible. This is achieved through:

  • Internal procedures
  • Defined purposes prior to processing
  • Compliance with applicable laws, conventions, and internal rules

Ovobel performs Data Protection Impact Assessments (DPIA) for any processing activity that may pose a high risk to individuals’ rights and freedoms. DPIAs help evaluate risks, define mitigation actions, and ensure that new technologies and processes comply with GDPR requirements.

Ovobel ensures that any automated tools, analytics systems, or digital decision-support technologies are used responsibly and with human oversight. Automated systems must be transparent, fair, and designed to avoid unintended discrimination or bias.

  1. Data subjects are informed about the collection and processing of data

When Ovobel processes personal data, we ensure that individuals have the opportunity to understand:

  • What data is collected
  • How their data is used
  • Their rights and options

Ovobel provides this information through its Privacy Policy, Cookie Policy, and relevant communication.

  1. Personal data is processed in accordance with GDPR

Ovobel respects the privacy of all individuals and processes personal data strictly in accordance with:

  • The EU General Data Protection Regulation (GDPR)
  • Belgian data protection laws
  • Industry-specific regulations (when applicable)
  1. Value, transparency, and security for stakeholders

Ovobel uses data to create value responsibly and sustainably.
This includes:

  • Applying suitable technical and organisational security measures
  • Performing risk-based evaluations
  • Avoiding the sale of data or unnecessary disclosure to third parties
  • Only sharing data when legally required or operationally justified

Ovobel prioritises transparency in all matters involving data.

  1. Employee training on data ethics, security, and GDPR

Ovobel promotes awareness of data ethics and data protection among employees.
This is achieved through:

  • Onboarding programs
  • Internal training
  • Communication of policies and best practices
  • Continuous education initiatives

All employees who regularly handle data must understand and comply with Ovobel’s ethical standards.

  1. Responsibility

Responsibility for data ethics starts with Ovobel’s management and extends to every employee in the organisation.
Each employee must act according to Ovobel’s ethical principles and ensure that data is processed in a manner that upholds trust and integrity.

IT Security

Ovobel’s IT systems and cybersecurity framework are managed by trusted internal and external IT partners.
We ensure that:

  • Only reputable and secure IT vendors are selected
  • Systems are designed and implemented with security as a key objective
  • Ethical considerations regarding data use and third-party access are part of procurement and implementation decisions
  • Ovobel cooperates with relevant authorities in the event of a data breach or security incident

IT security policies and guidelines are available to all employees, and new employees are introduced to these policies during their onboarding process.
Employees with access to critical systems must complete cybersecurity awareness training within their first months of employment.

Ovobel ensures that all new systems, tools, and processes involving personal data are designed in accordance with the principles of data protection by design and by default. This includes minimising data collection, limiting access, ensuring appropriate security settings, and embedding GDPR considerations at every stage of system development and implementation.

Ovobel is committed to providing clear, accessible, and timely information about any data processing that may affect individuals.

When engaging third-party service providers that process data on Ovobel’s behalf, Ovobel ensures that they meet strict security, confidentiality, and GDPR compliance standards, and that data processing agreements are in place.

Protection of Personal Data

Ovobel processes personal data from various sources, including:

  • Customers
  • Suppliers
  • Website visitors
  • Employees (subject to internal employee-specific policies)

All processing of personal data is handled in accordance with Ovobel’s Privacy Policy and GDPR obligations.

Employees processing personal data must complete mandatory GDPR training within their first months of employment.

Review Procedure

This policy is reviewed at least annually by Ovobel’s management team.
The review ensures continued alignment with legal developments, internal practices, and Ovobel’s data ethics objectives.

The policy forms the basis of Ovobel’s annual data ethics statement included in management reporting.