Outdated browser. For a better experience, keep your browser up to date.
DATA PROTECTION NOTICE OF THE AERTSSEN GROUP NV AND ALL ITS AFFILIATED COMPANIES
Aertssen Group nv, with registered office at Laageind 91, 2940 Stabroek, BELGIUM and registered in the Crossroads Bank for Companies under company number 0423 833 976, together with its affiliated companies, attaches great importance to the secure, transparent and confidential collection and processing of your personal data. In particular, we want to protect the details of our employees, customers, subcontractors, suppliers/service providers and others against loss, databreaches, errors, unauthorized access or unlawful processing.
As a customer, subcontractor, supplier/service provider or interested party, we want to inform you about the collection and processing of your personal data by means of this Data Protection Notice.
We ask that you carefully read through this Data Protection Notice, as it contains essential information about how your personal data is processed and for what purposes.
2. Area of application
This Data Protection Notice relates to all services provided by us and, in general, to all activities we carry out, such as, for example, responding to enquiries, providing useful information regarding our operations or responding to job applications.
3. Data controller and its commitments
Aertssen Group nv, with registered office at Laageind 91, 2940 Stabroek, BELGIUM and company number 0423 833 976, as well as its affiliated companies, is the data controller for your personal data.
When collecting and processing your personal data, we comply with the Belgian regulations on the protection of personal data, as well as the General Data Protection Regulation ("GDPR").
For more information regarding the processing of your personal data, you can always contact us at firstname.lastname@example.org.
4. Personal data
Depending on your activities and your relationship with our company, you provide us with some of the following personal information: your identity and contact details (name, title, address, e-mail address, telephone and mobile number, CV and profile photo).
When you use our website, social media or communicate with us by telephone, e-mail, fax or other digital communication channel, we collect the following personal data:
- the basic identification data you provide us with (name, e-mail address, telephone number, the company you work for, your position);
- the content of your communication and the technical details of the communication itself (with whom you correspond, date and time, etc.);
- technical information related to the device you are using, such as your IP address, browser type, geographical location and operating system;
- information about your surfing habits, such as how long you surf, which links you click on, which pages you visit and how often you visit a page.
- any other personal information you provide to us.
For certain specific legal obligations (electronic attendance registration, 30bis declaration of work), you may have to provide us with additional information to register your presence (such as E-ID data, Limosa number) or maybe even sensitive personal data (whistleblowing). These sensitive personal data will receive enhanced protection in accordance with GDPR regulations.
We kindly inform you that you bear the responsibility for all information you provide us, and that we rely on its accuracy. If your details are no longer up-to-date, please inform us by return.
You are not obliged to communicate your personal data, but you understand that the provision of certain services or cooperation becomes impossible if you do not agree with the collection and processing thereof.
5. Processing purposes and legal basis
5.1 Customer data
Within the context of our services and our activities, we collect and process the identity and contact details of our customers and clients, their staff, employees, workers and other useful contacts. The purposes for these processing operations are the execution of agreements with our customers, customer management, accounting and ‘direct marketing’ activities, such as the sending of promotional or commercial information. The legal grounds are the execution of the agreement, the fulfilment of legal and regulatory obligations (such as, for example, the 30bis declaration of work) and/or our legitimate interest.
5.2 Data from suppliers/service providers and subcontractors
We collect and process the identity and contact details of our suppliers/service providers and subcontractors, as well as their (sub-)subcontractor(s), their personnel, employees, workers and other useful contacts. The purposes of these processing operations are the implementation of this agreement, the management of the suppliers/service providers/subcontractors, the accounting and the ‘direct marketing’ activities, such as the sending of promotional or commercial information. The legal grounds are the execution of the agreement, the fulfilment of legal and regulatory obligations (such as the mandatory electronic attendance registration, the 30bis declaration of work, the attendance list or other obligations in the case of public procurement, etc.) and/or our legitimate interest (such as for direct marketing). The E-ID data or the Limosa number are also processed for the electronic attendance registration, where applicable. In the case of direct marketing activities by e-mail (such as a newsletter or an invitation to events), permission will always be requested and can also be withdrawn at any time.
5.3 Other data
In addition to the data of customers and suppliers/service providers/subcontractors, we also process personal data of others, such as potential new customers/prospects, useful contacts within our sector, network contacts, contacts of experts, etc. The purposes of these processing operations are the interests of our activities, direct marketing and public relations. The legal basis is our legitimate interest or, in some cases, the implementation of an agreement.
The personal data that we collect through the website are intended to
- improve the content and overall experience on the website and social media pages, for which we rely on our legitimate interest to provide our web visitors with an interesting online experience;
- detect and prevent malware, illegal content and conduct and other forms of abuse, for which we rely on our legitimate interest to keep our online presence safe.
Our website and/or service is not intended to collect information about website visitors who are under 16 years of age, unless they have permission from their parents or guardian.
However, we cannot really check whether a visitor is older than 16. We encourage parents to become involved in the online activities of their children, in order to prevent data about children being collected without parental consent. If you are convinced that we have collected personal information about a minor without this permission, please contact us by e-mail so that we can delete this information.
6. Period of the processing
The personal data is stored and processed by us for the period that is necessary with regard to the purposes of the processing and with regard to the relationship (whether contractual or not) that we have with you.
The personal data generated via the website will be stored for one (1) year.
The period during which we keep your personal data differs based on the context of the services and activities provided, on our legal obligations or on the time needed to handle your enquiry. The following elements usually affect the retention periods:
- How long is necessary to keep the personal data in order to provide our services and activities?
- Is the personal data sensitive?
- Have you given permission for a longer retention period?
- Are we subject to a legal, contractual or similar obligation to retain your personal data?
Aertssen Group nv keeps your personal data for as long as necessary for the purposes of this Data Protection Notice. When it is no longer necessary to keep your personal information, we will delete it in a secure manner, in accordance with our data retention and deletion policy.
In accordance with and under the terms of the Belgian privacy legislation and the provisions of the General Data Protection Regulation, we hereby inform you that you have the following rights:
- Right of access and inspection: you have the right to review the data we hold about you free of charge, and to check what it can be used for.
- Right of rectification: you have the right to obtain rectification (correction) of your incorrect personal data, as well as to complete any incomplete personal data.
- Right to erase or restrict data: you have the right to request that we delete your personal data or restrict its processing in the circumstances and under the conditions stipulated by the General Data Protection Regulation. We may refuse the deletion or restriction of any personal data that is necessary in order for us to carry out a legal obligation, the execution of the agreement or our legitimate interest, and this as long as this information is necessary for the purposes for which it was collected.
- Right to transfer data: you have the right to obtain the personal data you have provided to us in a structured, standard and machine-readable form. You have the right to transfer this data to another data controller for the processing.
- Right of objection: you have the right to object to the processing of your personal data for serious and legitimate reasons. Please note, however, that you cannot oppose the processing of personal data that is required by us in order to meet a legal obligation, the execution of the agreement or our legitimate interest, and this applies as long as this information is necessary for the purposes for which it was collected.
- Right of withdrawal of consent: If the processing of the personal data is based on a prior consent, you have the right to withdraw this permission. This personal data will then only be processed if we have a legal basis for this.
- Automatic decisions and profiling: we confirm that the processing of personal data does not include profiling and that you are not subject to fully automated decision-making.
You can exercise the aforementioned rights by contacting our Data Officer via the number 03/561 00 20, or by e-mail: email@example.com.
We make every effort to handle your personal data in a careful and legitimate manner in accordance with the applicable regulations. If you are nevertheless of the opinion that your rights are being violated and that your concerns are not being attended to within our company, you are free to file a complaint with:
Data Protection Authority
Drukpersstraat 35, 1000 Brussel
Tel. 02 274 48 00
Fax. 02 274 48 35
You can also resort to a court if you believe that you could suffer damage as a result of the processing of your personal data.
8. Processors and transfer to third parties
Certain personal data collected by us will be passed on to and possibly processed by third-party service providers such as but not limited to: IT supplier, accountant, auditor, insurer, legal advisers, consultants, external parties for optimization and support of our services, as well as by the government (for example, in the 30bis declaration of work, the electronic attendance registration or the competition for public contracts).
It is possible that one or more of the above-mentioned third parties process personal data outside the European Economic Area ("EEA"). If a transfer of personal data outside the European Economic Area ("EEA") should take place, we will take sufficient security measures to protect your personal data in the event of a transfer (for example, by concluding an agreement based on model contractual clauses as drawn up by the European Commission) and/or by carrying out a TIA (transfer impact assessment).
The employees, managers and/or representatives of the above-mentioned service providers or institutions, and the specialist service providers appointed by them, must respect the confidential nature of your personal data and can only use this data for the purposes for which it was provided to them. To guarantee an appropriate level of security, we conclude processing agreements with third parties.
Your personal data may be passed on to other third parties where necessary. This may be the case, for example, if we were to be reorganized in whole or in part, if our activities were transferred, or if we were declared bankrupt. It is also possible that personal data has to be passed on following a court order or in order to comply with a specific legal obligation. In that case, we will make reasonable efforts to inform you in advance about this communication to other third parties. Kindly accept and understand, however, that this is not always technically or commercially feasible in certain circumstances, or that legal restrictions may apply.
Under no circumstances whatsoever will we sell your personal data or make it commercially available to "direct marketing" agencies or similar service providers.
9. Technical and organizational measures
We take the necessary technical and organizational measures to process your personal data at an adequate level of security and to protect it against destruction, loss, forgery, modification, unauthorized access or notification by mistake to third parties, as well as any other unauthorized processing of this data.
Under no circumstances can Aertssen Group nv and/or its affiliated companies be held liable for any direct or indirect damage resulting from the incorrect or unlawful use of the personal data by a third party.
The Aertssen Group nv reserves the right to change this Data Protection Notice at any time. This Data Protection Notice was last revised on 03/12/2021.
12. Any further questions?
If, after reading this Data Protection Notice, you have further questions or comments regarding the collection and processing of your personal data, you can contact our Data Officer on 03/561 00 20, or by mail to Aertssen Group nv for the attention of the Data Officer, Laageind 91, 2940 Stabroek, BELGIUM or by e-mail to: firstname.lastname@example.org.