Privacy

DATA PROTECTION Notice

NV WILLEMEN GROEP

1. Introduction

NV Willemen Groep, with registered office at Boerenkrijgstraat 133, 2800 Mechelen, registered in the Crossroads Bank of Companies with company registration number 0466.256.432, attaches great importance to the secure, transparent and confidential collection and processing of your personal data. In particular we want to protect the data of parties such as our customers, subcontractors and suppliers against, for example, loss, leaks, errors, wrongful access or wrongful processing.

We want to use this Data Protection Notice to inform you about the collection and processing of your personal data.

We ask you to read this Data Protection Notice carefully, as it contains essential information on how your personal data are processed and for what.

By sharing your personal data you explicitly declare to be familiar with this Data Protection Notice and you explicitly consent to it, as well as to the data processing itself.

2. Area of application

This Data Protection Notice relates to all services provided by us and to all activities that we carry out in general.

3. Controller and its obligations

NV Willemen Groep, with registered office at Boerenkrijgstraat 133, 2800 Mechelen, registered in the Crossroads Bank of Companies with company registration number 0466.256.432 is the controller of your personal data.

During the collection and processing of your personal data we comply with the Belgian regulations relating to the protection of personal data, as well as the General Data Protection Regulation (GDPR) since its coming into force on 25 May 2018.

4. Personal data

You share the following personal data depending on your activities and your relationship with our company: your identity and contact data (name, term of address, address, email-address, landline and mobile telephone number). For certain specific legal obligations (electronic attendance registration, 30bis declaration of work), you may have to provide us with additional data to register your attendance (such as E-ID data, Limosa number). If you have liked our company on social media, we also come into possession of your personal data.

We draw your attention to the fact that you bear responsibility for all data that you provide to us and that we assume their correctness. Should your data no longer be up to date, we request you to inform us of this immediately.

You are not bound to share your personal data, but you understand that the provision of certain services or cooperation is impossible if you do not consent to the collection and processing of the data.

5. Processing purposes and legal basis

5.1 Customer data

Within the context of our service and our activities, we collect and process the identity and contact data of our customers, their personnel, employees, appointed parties and other useful contact persons. The purposes for this processing are the carrying out of the agreements with our customers, customer management, accounting and direct marketing activities such as sending promotional or commercial information. The legal basis is the carrying out of the agreement, compliance with legal and regulatory obligations (such as the 30bis-declaration of work) and/or our legitimate interest.

5.2 Data on suppliers and subcontractors

We collect and process the identity and contact data of our suppliers and subcontractors, as well as any of their (sub)contractor(s), their personnel, employees, appointed parties and other useful contact persons. The purposes of this processing are the carrying out of this agreement, the management of suppliers/subcontractors, accounting and direct marketing activities such as sending promotional or commercial information. The legal basis is the carrying out of the agreement, compliance with legal and regulatory obligations (such as for example compulsory electronic attendance registration, the 30bis-declaration of work, the attendance list or other obligations associated with public works, etc.) and/or our legitimate interest (such as for direct marketing). If required, E-ID-data or the Limosa number will also be processed for electronic attendance registration. For direct marketing activities by email (such as a newsletter or invitation to events) permission will always be requested, and this permission can be withdrawn at any time.

5.3 Personnel data

We process the personal data of our employees for our personnel management and pay administration. In view of the specific nature of these data, this processing is more strictly controlled in a Data Protection Policy for employees.

5.4 Other data

Besides data on customers, suppliers/subcontractors and personnel, we also process personal data on other parties such as potential new customers/prospects, useful contacts within our sector, network contacts, contact data on experts, etc. The purposes of this processing are the interests of our activities, direct marketing and public relations. The legal basis is our legitimate interest or in some cases the carrying out of an agreement.

We only process personal data on minors (persons younger than 16 years of age) if we have written permission for this from the parent or legal representative.

6. Duration of processing

The personal data are saved and processed by us for a period required for the purposes of the processing and depending on the (contractual or otherwise) relationship we have with you.

Customer data and data on suppliers or subcontractors will in each case be deleted from our systems after a period of seven years after last use of the data or the termination of the agreement or the project, subject to us having to save these personal data for a longer period under specific legislation, or in the case of a current dispute for which the personal data are still required.

7. Rights

In conformity with and under the conditions of Belgian privacy law and the provisions of the General Data Protection Regulation, we inform you that you have the following rights:

  • Right to access and viewing: you have the right to view the data that we have on you free of charge and to know what these data will be used for.
  • Right to rectification: you have the right to rectify (correct) your incorrect personal data, and to complete incomplete personal data.
  • Right to data erasure or restriction: you have the right to  request us to erase your personal data or restrict its processing in the circumstances and under the conditions as determined by the General Data Protection Regulation. We can refuse the erasure or restriction of any personal data that are required by us  to comply with a legal obligation, to carry out the agreement or that are required in our legitimate interest, and this for as long as these data are required for the purposes for which they were collected.
  • Right to transferability of data: you have the right to obtain the personal data that you have provided to us in a structured, usual and machine-readable form. You have the right to transfer these data to another data controller for processing.
  • Right of objection: you have the right to object to the processing of your personal data for serious and legitimate reasons. Please note that you cannot object to the processing of personal data that are required by us to comply with a legal obligation, to carry out the agreement or that are required in our legitimate interest, and this for as long as these data are required for the purposes for which they were collected.
  • Right of withdrawal of permission: If the processing of the personal data is based on prior permission, you have the right to withdraw this permission. These personal data will then only be processed if we have another legal basis for this.
  • Automatic decision-making and profiling: we confirm that the processing of the personal data involves no profiling, and that you will not be a subject of fully automated decisions.

You can exercise the abovementioned rights by contacting the contact person for this: Mr Filip Hofkens, Administrative Director with contact details: tel.: 015 569 965; e-mail : Filip.Hofkens@Willemen.be.

We make every effort to process your personal data in a careful and legitimate way in accordance with the applicable regulations. Should you nevertheless be of the opinion that your rights are being violated and you are not receiving a satisfactory response to your concerns from our company, you are free to submit a complaint to:

Commissie voor de Bescherming van de Persoonlijke Levenssfeer
Drukpersstraat 35, 1000 Brussel
Tel. 02 274 48 00
Fax. 02 274 48 35
E-mail:  commission@privacycommission.be

You can also approach a law court should you believe that you may suffer damage as a result of the processing of your personal data.

8. Transfer to third parties

Certain personal data collected by us will be transferred and possibly processed by third party service providers such as our IT supplier, accountant or revisor, as well as by the authorities (for example the 30bis-declaration of work, electronic attendance registration or for competing for public procurements).

It is possible that one or more of the above-mentioned third parties are located outside the European Economic Area (“EEA”). Personal data will, however, only be sent to third countries with a suitable level of protection.

The employees, managers and/or representatives of the abovementioned service providers or bodies and the specialised service providers appointed by them must respect the confidential nature of your personal data and can only use these data for the purposes for which they were provided.

If necessary your personal data can be shared with other third parties. This can, for example, be the case when we wholly or partly reorganise, transfer our activities or should we be declared bankrupt. It is also possible that personal data must be shared as a result of a legal ruling or to comply with a certain legal obligation. We will in that case make reasonable efforts to inform you beforehand about this data sharing with other third parties. You will, however, acknowledge and understand that this is in certain circumstances not always technically or commercially feasible, or that legal restrictions may be applicable.

We will under no circumstances sell your personal data or make them commercially available to direct marketing agencies or similar service providers unless you have given your prior permission for this.

9. Technical and organisational measures

We take the necessary technical and organisational measures to process your personal data at an adequate security level and protect these data against destruction, loss, forgery, changing, unauthorised access or inadvertent sharing with third parties, as well as any other not permitted processing of these data.

Under no circumstances can NV Willemen Groep be held liable for any direct or indirect damage resulting from incorrect or wrongful use of the personal data by a third party.

10. Access by third parties

For the purposes of processing your personal data, we provide access to your personal data to our employees, colleagues and appointed parties. We guarantee a similar level of protection by imposing contractual obligations on these employees, colleagues and appointed parties, that are similar to those in this Data Protection Notice.

11. Do you have any further questions?

If after reading this Data Protection Notice you have any further questions or remarks with respect to the collection and processing of your personal data, you can contact Mr Filip Hofkens, either by post to Boerenkrijgstraat 133, 2800 Mechelen or by email to Filip.Hofkens@Willemen.be.

 


Drawn up in Mechelen on 24 May 2018
This Data Protection Notice is applicable in its current form up to the time of the next change.