Privacy

CONTENT
I. Introduction – Who are we
II. How we process your Personal Data
A. When do we collect your Personal Data?
B. Which Personal Data of you do we collect?
C. Why and how do we use your Personal Data?
D. On which legal grounds do we collect your Personal Data?
III. How long we keep your Personal Data
IV. What measures do we take to secure your Personal Data
V. Transfers of Personal Data
VI. Your rights
VII. Updates to this Statement
VIII. Questions about this Statement

I. Introduction


Andacon NV undertakes to respect the applicable data protection legislation as specified in Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (hereafter “General Data Protection Regulation” or “GDPR”).
Andacon NV, with registered office at Beselarestraat 72, 8890 Dadizele (Belgium) and registered with the Crossroads Bank for Enterprises under the number BE 0446.988.767 (hereafter: “Andacon”, “our”, “us” or “we”) believes in protecting the privacy and the confidentiality of the Personal Data we process.
We acknowledge that you may have privacy and security concerns with respect to the Personal Data we collect, use, and possibly disclose to third parties for the purpose of allowing us to offer and provide our products and services. To this end, we have developed this Privacy Statement (“Statement”).
Personal Data is considered to be any information that can be used to identify an individual, as defined in the GDPR (hereafter “Personal Data”). All processing of Personal Data by Andacon will be treated in accordance with applicable data protection legislation and this Privacy Statement.
It also sets out our practices regarding the use of such information, the steps we take to protect it, as well as the choices and rights that data subjects (“you” or “your”). This Statement is applicable for our corporate clients (and individuals associated with our corporate clients), suppliers (including subcontractors and individuals associated with our suppliers and subcontractors), business contacts (existing and potential clients and/or individuals associated with them) or any other individual who gets in touch with us.
Should you have any comments or questions about this Privacy Statement you can contact us via our contact information provided under VII. Questions about this Statement.

 

 

II. How we process your Personal Data


A. When do we collect your Personal Data?

The Personal Data collected and processed by Andacon is generally received when you or the company you work for engage or maintain a contractual relationship with us, when you apply for a job with us, when you are supplier from us or you have contacted us.
If Andacon would receive Personal Data of you from third parties and we use this information for further processing as a controller, we will inform you about such processing at the latest at the moment of first contact with you.

 

B. Which Personal Data of you do we collect?
We may collect and process the following (non-exhaustive) Personal Data. Depending on the situation and the relationship we have with you we do not maintain all information mentioned hereafter.
– Contact information, such as your name, e-mail address, phone number and any other contact details that you provide to us.

– Personal and identification details, such date of birth, place of birth, copy of an identity card, ….

– Contact history, such as sent and received communication (e.g. e-mail messages), … as a result of the communication we have with each other.

– Work related details (mostly in case of job applicants), such as CV, education, testimonials, language skills, employer (including history of former employers), professional activities, professional skills, publications, salary, assessment & development reports, interview report, reference research, social media profiles, … Information relating to criminal convictions and offences can be requested but are not stored by Andacon.
Andacon does not process special categories of Personal Data (e.g. information on race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data, sexual life or sexual orientation).

 

C. Why and how do we use your Personal Data?
As mentioned above, we generally obtain your Personal Data from you directly. We only collect the Personal Data necessary for the purposes as mentioned hereafter and we ask you to only share your Personal Data where it is strictly needed for those purposes.
Andacon can use the Personal Data for the following purposes:
– Business or commercial purposes, such as: selling and providing our products and services; administering, managing and developing our businesses, business relationships, contracts, products and services; providing information about us or our range of services; complying with any legal or regulatory requirement of law, ….

– Operational purposes, such as: administering and managing products; considering a job application, answering requests for information,….

 

D. On which legal grounds do we collect your Personal Data?
Andacon processes your Personal Data on the following legal grounds:
– The processing is necessary for the performance of a contract with, for example, our client or supplier, or in order to take further action upon your request in order to enter into a contract with us.

– For commercial and business purposes the processing is based upon our legitimate interests. Where we rely on this legal processing ground, we will mitigate the effect(s) this might have on your privacy by appropriately minimising our use and putting in place adequate access and security safeguards to prevent unauthorised use.

– We may also process your Personal Data when we have a legal obligation to do so.

– The processing can also be based upon your explicit consent. This will be the case if you are applying for a job with us and you explicitly send your personal data such as a CV to us. You can withdraw your consent at any time. For more information please see section VI. Rights below.

 

III. How long we keep your Personal Data


We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected. Considering the data retention period for which Personal Data can be held, depends on the purposes for which the information was collected, the data retention period can vary in each situation.

 

 

IV. What measures do we take to secure your Personal Data


Andacon takes the security of the Personal Data we process seriously. Therefore we implemented appropriate technical and organisational measures to secure the processing of Personal Data. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Data, and include measures designed to keep Personal Data protected from unauthorized access. If appropriate, the safeguards include, firewalls, access controls, separation of duties, and similar security protocols. We restrict access to Personal Data to our staff members and third parties that require access to such information for legitimate and relevant business purposes.
All our staff members, contractors and third parties who will have access to your Personal Data on Andacon’s instructions will be bound to confidentiality and we use access controls to limit access to individuals that require such access for the performance of their responsibilities and tasks.

 

 

V. Transfers of Personal Data


We will only share your Personal Data with others when we are legally permitted to do so and where it’s necessary to fulfil the purposes related to those described above.
When we share Personal Data with others, we put contractual arrangements and security mechanisms in place to protect the Personal Data and to comply with our own data protection, confidentiality and security standards.

 

 

VI. Your rights


The GDPR provides you with certain rights in relation to your Personal Data. These rights are listed below. Please contact us if you wish to exercise any of the rights below. You can find our contact information under Questions about this Statement, as set out below.
Please be aware that certain exceptions apply in exercising these rights which means you may not be able to exercise these in all situations:
a) Subject Access: You have a right to have access to your Personal Data held by Andacon.

b) Rectification: You can ask us to have inaccurate Personal Data corrected.

c) Erasure (‘Right to be forgotten’): You can ask us to erase Personal Data in certain circumstances and we will take reasonable steps to inform data processors that are processing the Personal Data on our behalf that you have requested the erasure of any links to, copies or replication of your Personal Data.

d) Restriction: You can require certain Personal Data to be marked as restricted and also restrict processing in certain other circumstances.

e) Portability: You can ask us to transmit the Personal Data of you to a third party electronically insofar as permitted under the GDPR.

f) Raise a complaint: You can raise a complaint about our processing with the data protection regulator, the (Belgian) “Data Protection Authority”, Drukpersstraat 35, 1000 Brussel, (tel) 32 (0)2 274 48 00, (email) contact@apd-gba.be
In addition, under certain conditions, you have the right to:
– object to any processing of personal that Andacon justifies on the “legitimate interests” legal ground, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and

– object to direct marketing (including any profiling for such purposes) at any time.

 

VII. Updates to this Statement


Andacon reserves the right to revise and update this Statement at any time. The date of the last update can be found at the top of this Statement.
If we make revisions that materially change or affect whether or how we collect or use personal information we will notify you with a notice on our Website prior to entry into force of the amended Statement.

 

VIII. Questions about this Statement


Should you have any comments or questions about this Privacy Statement or the processing of your Personal Data by Andacon acting as a controller, you may contact us:
– Via postal mail: Andacon NV
Beselarestraat 72,
8890 Dadizele (Belgium)
– Via e-mail: privacy@andacon.com
– Via telephone: +32 (0)56 50 45 40