INYTIUM S.A., with registered offices at rue de la Maîtrise 2, 1400 Nivelles, company number BE 0465.107.773 in Belgium’s companies register, the Banque Carrefour des Entreprises, makes every effort to ensure that your personal data is collected and processed in a secure, transparent and confidential manner. Specifically, we aim to protect data concerning our customers, subcontractors and suppliers against loss, breaches, errors and unauthorised access or use.
This data protection briefing note is intended to inform you about the collection and processing of your personal data.
Please read it carefully, as it contains important information about how, and why, we process your personal data.
By providing us with your personal details, you explicitly declare you have read and accept the contents of this data protection briefing note and agree to your data being processed.
This data protection briefing note covers all the services we provide and, more generally, all of our activities.
3. THE DATA CONTROLLER AND ITS UNDERTAKINGS
INYTIUM S.A., with registered offices at rue de la Maîtrise 2, 1400 Nivelles, company number BE 0465.107.773 in the Banque Carrefour des Entreprises, may on some occasions be responsible for processing your personal data.
We will collect and process your personal data in compliance with the Belgian data protection legislation and the General Data Protection Regulation (GDPR) as of its entry into force on 25 May 2018.
4. PERSONAL DATA
Depending on your business and the relationship you have with our company, you provide us with the following personal data: your identity and contact details (name, title, address, e-mail address, telephone and mobile number). To comply with specific legal requirements (electronic registration of attendance, 30bis declaration of works), you may be obliged to provide us with additional information so we can register your attendance (E-ID details, Limosa number, for instance).
We must remind you that you are responsible for all the data you provide to us and that we rely on its accuracy. Please inform us immediately if your details are no longer up to date.
Although you are not obliged to provide your personal data, you should understand that we will not be able to offer certain services or work with you if you do not authorise the collection and processing of certain data.
5. PURPOSE AND LEGAL GROUNDS
5.1. Customer data
In connection with our activities and the services we provide, we collect and process the identity and contact details of our customers and principals, their staff, employees, officers and other useful contacts. We process this data for the purposes of performance of customer agreements, customer management, accounts and direct marketing, such as sending out promotional and sales information. The legal grounds are the performance of a contract, compliance with legal and regulatory requirements (30bis declaration of works, for instance) and/or our legitimate interest.
5.2. Supplier and subcontractor data
We collect and process the identity and contact details of our suppliers and subcontractors, and of any sub-subcontractors they may work with, their staff, employees, officers and other useful contacts. We process this data for the purposes of performance of this agreement, supplier/subcontractor management, accounts and direct marketing, such as sending out promotional and sales information. The legal grounds are the performance of the contract, compliance with legal and regulatory requirements (for example the mandatory electronic registration of attendance, 30bis declaration of works, list of attendees or other obligations in the case of public procurement contracts, etc.) and/or our legitimate interest (such as for direct marketing). For electronic registration of attendance, where applicable, we will process E-ID details or the Limosa number. For direct e-mail marketing (such as newsletters or invitations to events), permission will always be requested and can be withdrawn at any time.
5.3. Employee data
We process our employees’ personal data for personnel management and payroll administration purposes. Given the specific nature of this processing, it is expanded upon in a Data Protection Policy for employees.
5.4. Other data
In addition to customer, supplier/subcontractor and employee data, we process the personal data of other persons such as new customers/prospects, useful contacts in our sector, networking contacts, experts, etc. We do this for business purposes and for direct marketing and public relations. The legal grounds are our legitimate interest or, in some instances, performance of a contract.
6. DURATION OF THE PROCESSING
We store and process personal data for the required period, which varies according to the purpose of the processing and the relationship (contractual or otherwise) between us.
Customer and supplier or subcontractor data will, in all cases, be deleted from our systems seven (7) years after the contract or the project has ended, with the exception of personal data we are required to hold for longer to comply with specific legislation or in the event of an ongoing dispute for which the personal data is required.
In compliance with and in accordance with Belgian data protection legislation and the provisions of the General Data Protection Regulation, we inform you that you have the following rights:
Right of access: you have the right to access free of charge the data we hold concerning you and to check the purposes for which it is used.
Right to rectification: you have the right to have incorrect personal data rectified (corrected) and incomplete personal data completed.
The right to erasure or restriction of processing: you have the right to request us to erase your personal data or to restrict its processing in the circumstances and under the conditions set out in the General Data Protection Regulation. We may refuse to erase or restrict the processing of the data we require for processing salaries, fulfilling a legal obligation or performing an employment contract and data that is in our legitimate interest, provided this data is necessary for the purposes for which it was collected.
Right to data portability: you have the right to receive the personal data you have provided to us, in a structured, commonly used and machine-readable format. You have the right to pass this data on to another data controller.
Right to object: you have the right to object to the processing of your personal data for valid, legitimate reasons. You cannot, however, object to the processing of the data required to fulfil a legal obligation or perform the employment contract or data that is in our legitimate interest, provided this data is necessary for the purposes for which it was collected.
Right to withdraw consent: if the personal data is processed on the basis of prior consent, you have the right to withdraw this consent. In such instances, the personal data will only be processed if we have other legal grounds for doing so.
Automatic decision-making and profiling: we confirm that the personal data is not used for profiling and that you will not be subject to any fully automated decisions.
To exercise the aforementioned rights, contact INYTIUM. The person to contact is: Carine LEMMENS firstname.lastname@example.org – Tel : +32 67 89 50 07
We do our utmost to ensure that your personal data is processed carefully and legitimately, in compliance with the applicable regulations. If, however, you feel that we have not respected your rights or listened to your concerns, you are free to lodge a complaint with the Belgian privacy commission:
Commission de la protection de la vie privée
Rue de la Presse 35, 1000 Brussels
Tel. + 32 2 274 48 00
Fax +32 2 274 48 35
You may also take legal action if you feel that you have suffered damage as a result of the processing of your personal data.
8. TRANSFER OF DATA TO THIRD PARTIES
Some of the personal data of Employees collected by the Employer will be transferred to, and may be processed by, third parties such as our IT provider, accountant and auditor, as well as the government (for example, in connection with the 30bis declaration of works, electronic registration of attendance or the awarding of public procurement contracts).
One or more of the above-mentioned third parties may be located outside the European Economic Area (EEA), but personal data will only be sent to third countries that have an adequate level of protection.
The employees, managers and/or representatives of the aforementioned service providers or institutions and the specialist service providers appointed by them are obliged to respect the confidentiality of all your personal data and may only use it for the purposes for which it was provided.
If necessary, your personal data may be transferred to other third parties. This may happen if our company undergoes a full or partial reorganisation, our business is transferred or we declare bankruptcy. Personal data may also be transferred to comply with a court order or a specific legal obligation. Should this happen, we will do our utmost to ensure you are notified prior to the data being disclosed to other third parties. You will, however, recognise and understand that in certain circumstances this is not always technically or commercially feasible, or that legal restrictions may apply.
Under no circumstances will we sell your personal data or supply it to a direct marketing firm or a provider of similar services without your prior consent.
9. TECHNICAL AND ORGANISATIONAL MEASURES
We will take the necessary technical and organisational measures to ensure your personal data is processed in a sufficiently secure manner and to protect it from destruction, loss, falsification, unauthorised access or accidental disclosure to third parties and unauthorised processing.
Under no circumstances can INYTIUM be deemed liable for any direct or indirect damage resulting from incorrect or unauthorised use of personal data by a third party.
10. ACCESS BY THIRD PARTIES
For processing purposes, we will authorise our workers, employees and officers to access your personal data. We guarantee an equivalent level of protection as these workers, employees and officers are bound by contractual obligations similar to those set out in the Data Protection Notice.
If, after reading this data protection briefing note, you still have questions about the collection and processing of your personal data, do not hesitate to contact us.