Ready for GDPR
This disclaimer defines the vision of Democo Group on the protection of data and its liability on this matter.
1. Introduction
DEMOCO GROUP NV, having its registered office at 3500 Hasselt, Herkenrodesingel 4b and registered with the Crossroads Bank for Enterprises with enterprise number 0479.223.847 attaches great importance to the secure, transparent and confidential collection and processing of your personal data. In particular, we want to protect the data of parties such as our customers, subcontractors and suppliers against, for example, loss, leaks, errors, unjustified access or unlawful processing.
We want to use this Data Protection Notice to inform you about the collection and processing of your personal data.
We request you to read this Data Protection Notice carefully, as it contains essential information on how your personal data are processed and for what. By sharing your personal data, you explicitly declare to be familiar with this Data Protection Notice and that you explicitly consent to it, as well as to the data processing itself.
2. Scope
This Data Protection Notice relates to all services provided by us and to all activities that we carry out in general.
3. Controller and its obligations
DEMOCO GROUP NV, having its registered office at 3500 Hasselt, Herkenrodesingel 4b and registered in the Crossroads Bank for Enterprises with enterprise number 0479.223.847, is the controller of your personal data.
During the collection and processing of your personal data, we comply with the Belgian regulations relating to the protection of personal data, as well as the General Data Protection Regulation (‘GDPR’) since its coming into force on 25 May 2018.
4. Personal data
You share the following personal data depending on your activities and your relationship with our company: your identity and contact data (name, term of address, address, email address, landline and mobile telephone number). For certain specific legal obligations (electronic attendance registration, 30bis declaration of work), you may have to provide us with additional data to register your attendance (such as E-ID data, Limosa number). We draw your attention to the fact that you bear responsibility for all data that you provide to us and that we assume they are correct. Should your data no longer be up to date, we request you to inform us of this immediately. You are not bound to share your personal data, but you understand that the provision of certain services or cooperation is impossible if you do not consent to the collection and processing of the data.
5. Processing purposes and legal basis
5.1 Customer data
Within the context of our service and our activities, we collect and process the identity and contact data of our customers, their personnel, employees, appointees and other useful contact persons. The purposes for which these processing operations are conducted include the performance of the agreements with our customers, customer management, accounting and direct marketing activities such as sending promotional or commercial information. The legal basis is the performance of the agreement, compliance with legal and regulatory obligations (such as the 30bis declaration of works) and/or our legitimate interest.
5.2 Data on suppliers and subcontractors
We collect and process the identity and contact data of our suppliers and subcontractors, as well as any of their (sub)contractor(s), their personnel, employees, appointees and other useful contact persons. The purposes for which these processing operations are conducted include the performance of this agreement, the management of suppliers/subcontractors, purposes relating to accounting and direct marketing activities such as sending promotional or commercial information. The legal basis is the performance of the agreement, compliance with legal and regulatory obligations (such as for example compulsory electronic attendance registration, the 30bis declaration of works, the attendance list or other obligations associated with public works, etc.) and/or our legitimate interest (such as for direct marketing). Where required, the E-ID data or Limosa number shall also be processed for electronic attendance registration. For direct marketing activities by email (such as a newsletter or invitation to events), permission will always be requested, and this permission can be withdrawn at any time.
5.3 Personnel data
We process the personal data of our employees for our personnel management and payroll administration. In view of the specific nature of these data, this processing is more extensively regulated in a Data Protection Policy for employees.
5.4 Other data
In addition to data relating to customers, suppliers/subcontractors and personnel, we also process personal data of others, such as possible new customers/prospects, useful contacts within our sector, network contacts, contacts of experts, etc. The purposes for which the aforesaid processing operations are conducted include interests relating to our activities, and to direct marketing and public relations. The legal basis is our legitimate interest or in some cases the performance of an agreement.
6. Duration of the processing
The personal data are saved and processed by us for a period required for the purposes of the processing and depending on the relationship (contractual or otherwise) we have with you. Customer data and data from suppliers or subcontractors shall in any case be deleted from our systems after a period of ten years after the agreement or project comes to an end, except for personal data that we are bound to retain for a longer period in accordance with specific legislation, or in connection with ongoing disputes for which the personal data are still required.
7. Rights
In conformity with and under the conditions of Belgian privacy law and the provisions of the General Data Protection Regulation, we inform you that you have the following rights:
Right of access and inspection:
you have the right to view the data stored by us concerning you free of charge and also to determine the purposes for which the same is used.
Right to rectification:
you have the right to rectify (correct) any of your personal data that may be incorrect or to complete personal data that may be incomplete.
Right to erasure or restriction:
you have the right to request that we erase your personal data or restrict the processing thereof under the circumstances and subject to the conditions laid down under the General Data Protection Regulation. We may refuse to implement the erasure or restriction of any personal data that may be required in order to enable us to fulfil a legal obligation, or to perform the agreement, or for our legitimate interest, for as long as such data may be necessary for the purposes for which such data was collected.
Right to data portability:
You have the right to obtain the personal data that you have provided to us in a structured, commonly used and machine-readable format. You have the right to transfer such data to another data controller.
Right to object:
you have the right to object to the processing of your personal data on serious and legitimate grounds. However, we request you to note that you cannot object to the processing of personal data that is required by us in order to fulfil a legal obligation, or to perform the agreement, or for our legitimate interest, for as long as such data is required for the purposes for which they were collected.
Right of withdrawal of consent:
If the processing of the personal data is based on prior consent, you have the right to withdraw this consent. These personal data will then only be processed if we have another legal basis for this.
Automatic decisions and profiling:
we hereby confirm that the processing of personal data does not include profiling and that you are not subject to fully automated decisions.
You can exercise these rights by contacting GDPR@democo.be. We make every effort to process your personal data with all due care and in a legitimate manner, in accordance with the applicable regulations. Should you nevertheless be of the opinion that your rights are being violated and you are not receiving a satisfactory response to your concerns from our company, you are free to submit a complaint to:
Commission for the Protection of Privacy
Drukpersstraat 35,
1000 Brussels
Tel. 02 274 48 00
Fax. 02 274 48 35
Email: commission@privacycommission.be
You may also approach a court of law if you believe that the processing of your personal data would prejudice your interests.
8. Transfer to third parties
Certain personal data collected by us will be transferred and possibly processed by third party service providers such as our IT supplier, accountant or auditor, as well as by the authorities (for example the 30bis declaration of works, electronic attendance registration or competition for public contracts).
It is possible that one or more of the abovementioned third parties are located outside the European Economic Area (‘EEA’). Personal data will, however, only be sent to third countries with a suitable level of protection.
The employees, managers and/or representatives of the abovementioned service providers or bodies and the specialised service providers appointed by them must respect the confidential nature of your personal data and can only use these data for the purposes for which they were provided. Your personal data may be passed on to other third parties if so required.
This can, for example, be the case when we wholly or partly reorganise, transfer our activities or should we be declared bankrupt. It is also possible that personal data must be shared as a result of a legal ruling or to comply with a certain legal obligation. In such case, we shall take reasonable efforts to inform you in advance concerning such communication to be made to other third parties. However, you do acknowledge and understand that this may not always be technically or commercially feasible under certain circumstances, or that legal restrictions may apply.
We will under no circumstances sell your personal data or make them commercially available to direct marketing agencies or similar service providers unless you have given your prior consent.
9. Technical and organisational measures
We take the necessary technical and organisational measures to process your personal data at an adequate security level and protect these data against destruction, loss, forgery, alteration, unauthorised access or accidental notification to third parties, as well as any other unauthorised processing of these data. Under no circumstances can DEMOCO GROUP NV be held liable for any direct or indirect damage resulting from incorrect or wrongful use of the personal data by a third party.
10. Access by third parties
For the purposes of processing your personal data, we provide access to your personal data to our employees, colleagues and appointees. We guarantee a similar level of protection by imposing contractual obligations on these employees, colleagues and appointees, which are similar to those in this Data Protection Notice.
11. More questions?
If after reading this Data Protection Notice you have any further questions or comments with respect to the collection and processing of your personal data, you can contact DEMOCO GROUP either by post to Herkenrodesingel 4b, 3500 Hasselt or by email to GDPR@democo.be.