PRIVACY POLICY

LEGILE NV is committed to your privacy and proper handling of your personal data. We therefore put every effort to plainly and clearly explain which personal data we collect, what purpose they will serve, and what your rights are in this respect.

The version of this privacy statement (version: 1.0) dates from 8^th of September 2023,

Table of Contents

1      Who implies ‘we’?. 1

2      Scope. 2

3      Why and how do we process your personal data?. 2

4      Sharing personal data with third parties. 4

5      Transfer of personal data outside the EEA. 4

6      How Long do We store your Personal Data?. 5

7      Automated individual decision-making. 5

8      What are your rights and how to exercise them?. 5

• 8.1       Right to information and right of access: 5
• 8.2      Right to rectification: 6
• 8.3      Right to restriction of processing: 6
• 8.4      Right to data portability: 6
• 8.5      Right to object: 6
• 8.6      Right to data erasure (‘right to be forgotten’): 7
• 8.7      Right to revoke your consent: 7
• 8.8      Right to object to the processing of your personal data in automated individual decision-making: 7

9      Whom to address questions or possible complaints about privacy?

10    Amendments to the Privacy Statement 8

 

1.Who implies ‘we’?

“We” or “our” implies LEGILE NV with registered office in: Bredestraat 4, 2000, Antwerp, and with registration number BE 0737.870.189.

If you have any questions, comments or complaints regarding this privacy statement or the processing of your personal data, or if you wish to exercise any of your rights, please contact us by email to dpo@legile.be.

 

2. Scope

This privacy statement applies to this website, our direct marketing activities, and the overall organisation of LEGILE NV.

 

3. Why and how do we process your personal data?

If you visit our website and/or are in contact with us, certain personal data may be processed. You will find more information on the different processing activities that may apply to you below.

Purpose of processing	Legal ground	What personal data do we collect about you?	How do we acquire your data	Data Retention Period	Data Processors	Data transfer outside the EU/EEA?	Automated decision-making?
Contact via website	Consent	Identification and contact data  Other possible voluntarily shared data in the job application form such as: Work related data, Leisure and interests, Particular personal details contained in the cv and / or motivation letter	Directly from you through email, Calendly, or when you apply for a job on our website.	Up to 1 year after the contact request has been completed plus the archiving period of related communications (such as emails)	Calendly (when you contact us), Cronos Service Desk (hosting partner)	Yes, Calendly user and invitee data is hosted in United States data centers provided by Google and Amazon Web Services (“AWS”). For additional information see:   https://cloud.google.com/security  https://kubernetes.io/docs/concepts/security/	No
(Prospective) Customer relations management	Legitimate interest	Identification and contact data  Other possible data shared during subsequent contacts: – Work related data  – Leisure and interests  – Particular personal details	Directly from you through email, Calendly, Sales Partners, or LinkedIn.	Up to 7 years after termination of a final project or contact.	Calendly,  Microsoft,  LinkedIn, Sales partners	Yes, Calendly user and invitee data is hosted in United States data centers provided by Google and Amazon Web Services (“AWS”). For additional information see:   https://cloud.google.com/security  https://kubernetes.io/docs/concepts/security/	No
Newsletter mailing	Consent	Identification and contact data	Upon subscription to our newsletters	As long as the consent is not revoked	Linkedin	No	No
Organisation of events	Consent	Identification and contact data Other possible voluntarily shared data:  – Work related data – Leisure and interests – Particular personal details – Dietary preferences or allergies	Upon registration and if you apply for our jobs	We keep personal data about your participation for up to 1 year after the event takes place.	Data processing partners cfr. event organisers to whom we appeal to organise and shape our events.	No	No
Recruitment and selection	Consent to (spontaneous) applications and to build a recruitment pool.  -Legitimate interest for active recruitment	Identification and contact data Other data possibly mentioned on your CV: – Personal characteristics – Social contacts – Psychological data (cfr. Personality description or character) – Family composition – Leisure activities and personal interests  – Academic curriculum – Professional competence – Professional experience – Membership or active participation in professional organisations. – Current position – Career – Business records (cfr. (partial) incapacity) – Work permit  – Social security number	(Spontaneous) application: at first hand during the application process  Active recruitment: Through crosspoint solutions HR business partner	Of non-retained applicants: we store your personal application data up to maximum 1 year after your candidacy.  Of recruitment pool applicants: as long as the consent is not revoked, up to 3 years after the candidacy.	Data processing partners through crosspoint solutions HR business partner to whom we appeal for recruitment and selection.	No	No
(Prospective) Suppliers relations management	Legitimate interest	Identification and contact data Other data possibly shared during subsequent contacts: – Work related data – Leisure and interests – Particular personal details	At first hand via relation management.	Up to 7 years after termination of a final contract or contact.	Data processing systems (cfr. our CRM-platform) which we use for our relation management.	No	No
Booking of appointments	Consent	Identification and contact data – Work related data	At first hand upon scheduling an appointment.	Up to 1 year after handling the contact request plus the archiving period of related communication (e.g. emails).	Calendly, Data processing partners ( Cronos and Crosspoint Solutions ) to whom we appeal for the arrangement of appointments.	Yes, Calendly user and invitee data is hosted in United States data centers provided by Google and Amazon Web Services (“AWS”). For additional information see:   https://cloud.google.com/security  https://kubernetes.io/docs/concepts/security/	No

 

4. Sharing personal data with third parties

When you visit our website or use our products and services as a customer, we may use third parties, such as partners, affiliated and associated companies and suppliers to whom we transfer your personal data as part of this process. The third parties help us provide, support, develop and understand the use of our products and services and provide services such as hosting, customer and technical support, marketing, analytics, content delivery and/or execution of online payment(s), among others.

In addition, we may also share data (including personal data) with third parties as part of a reorganisation, restructuring, merger, sale, or other transfer of business assets. We share information provided by you, automatically collected information and information from others with the third parties to the extent necessary to enable them to provide their services or support. In the activities described above, we indicate for each activity the categories of third parties, other than affiliated and associated companies, with which we share your personal data.

Furthermore, we may have to provide access to your data or transfer your data because of a legal obligation. This can imply authorities, government agencies or other third parties.

Finally, we may share your data if this proves necessary to your vital interest.

 

5. Transfer of personal data outside the EEA

LEGILE NV always tries to limit the transfer of personal data to third parties outside the European Economic Area (“EEA”).

Should this nevertheless occur, we will ensure as soon as possible that this transfer is brought into line with the GDPR (by, among other things, the presence of an adequacy decision in the country concerned or the establishment of an appropriate alternative, additional measures, if necessary, etc.).

We refer to the section “Why and how do we process your personal data?”) for specific transfers.

 

6. How Long do We store your Personal Data?

We will not retain your personal data for longer than strictly necessary to fulfil the purposes for which the personal data were collected or according to the legal obligation imposed on us. We refer to the section “Why and how do we process your personal data?”) for the specific retention period.

 

7. Automated individual decision-making

European data protection legislation (GDPR) imposes certain conditions on organisations when they make decisions about individuals solely on the basis of processing operations that are fully automated, including profiling, and when these decisions have legal effects or other significant consequences. LEGILE NV does not engage in this type of decision-making.

 

8. What are your rights and how to exercise them?

LEGILE NV considers it important that you always retain control over the processing of your personal data. Below you will find more information on the various rights you have and can invoke in relation to the processing of your personal data:

Depending on the processing and its legal ground, certain conditions or restrictions may be attached to the exercise of the rights below.

To exercise the aforementioned rights, or information about them, please contact dpo@legile.be.

We will provide more information if there are certain modalities associated with your request. Furthermore, we may request additional information to verify your identity so that your personal data are not erroneously deleted or shared with someone who is not entitled to them. We will endeavour to respond to your request without unreasonable delay, but in any event within a period of one month from receipt of your request. If we cannot respond within one month and wish to extend the deadline, or if we will not act on the request, we will notify you.

8.1    Right to information and right of access:

When we process your personal data, you have the right to access your personal data, as well as certain additional information as described in this privacy statement. You have the right to receive from us a copy of the personal data we hold, provided this does not adversely affect the rights and freedoms of others. The first copy will be provided to you free of charge, but upon repeated request we reserve the right to charge a reasonable fee.

 

8.2    Right to rectification:

If the personal data we hold about you are inaccurate or incomplete, you have the right to have this information corrected or, given the purposes of the processing – completed.

 

8.3    Right to restriction of processing:

You have the right to have the processing of your personal data restricted. This means that the personal data may only be stored by us and used only for limited purposes. This right applies if any of the following situations occur:  

• • You dispute the accuracy of the personal data, for a period that allows us to verify the accuracy of the personal data;  

• • The processing is unlawful, but you oppose the deletion of the personal data and request instead that its use be restricted;

• • We no longer need your personal data for the processing purposes described above but you need it for the establishment, exercise, or defence of legal claims; or,

• • You have objected to a processing operation and request to restrict the processing pending the answer to whether our interests outweigh yours.  

In addition to our right to store your personal data, we can still process them, but only:  

• • With your consent;  

• • For instituting, exercising, or defending legal action;

• • To protect the rights of another natural or legal person; or

• • For reasons of public interest.  

Before we lift the restriction on processing your personal data, you will be informed about it. 

 

8.4    Right to data portability:

If the processing of your personal data is based on your consent, and the processing is carried out through automated processes, you have the right to receive a copy of your personal data in a structured, common, and machine-readable form. You also have the right, where technically possible, to have your personal data transmitted directly by us to a third party. This right does not apply where this would infringe the rights and freedoms of others.

 

8.5    Right to object:

You have the right to object to the processing of your personal data in the activities described above. In the latter case, this is only possible if the activity is related to (1) the performance of a task in the public interest or in the exercise of a task in the exercise of public authority conferred on us or (2) the protection of our legitimate interests or those of a third party.  

If you object to the processing of your personal data, we will no longer process the personal data unless we can demonstrate legitimate interests for processing that outweigh your interests, fundamental rights, and freedoms.  

If your personal data are processed for direct marketing purposes, regardless of whether this is initial or further processing, you have the right to object to this processing at any time and free of charge, including in the case of profiling insofar as it relates to direct marketing. If you raise such an objection, we will cease to process your personal data for this purpose.

 

8.6   Right to data erasure (‘right to be forgotten’):

You have the right to request us to delete your personal data. This means that the personal data must be deleted by us without unreasonable delay. This right applies if any of the following situations occur:  

• • • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

• • • You withdraw your consent on which the processing is based, and there is no other legal basis for processing your personal data;

• • • Your personal data have been processed unlawfully;

• • • Erasure of your personal data is necessary to comply with European or Belgian law; 

If you request to delete your personal data, we will delete the personal data unless any of the following situations (exceptions) occur:  

• • • The processing is part of exercising the right to freedom of expression and information; 

• • • Deletion is not applicable for the reason of general interest in the domain of public health; 

• • • Deletion is not applicable given the need for archiving in the public interest, or statistical purposes;

A legal obligation to retain the data applies; or, 

• • • Deletion is not applicable given the institution, exercise, or substantiation of a legal claim.  

 

8.7    Right to revoke your consent:

If you have consented to certain processing of your personal data, you can withdraw your consent at any time. We try to make withdrawal of consent as simple as giving your consent possible, wherever possible.

 

8.8   Right to object to the processing of your personal data in automated individual decision-making:

When your personal data are used in the context of automated individual decision-making and when these decisions have legal effects or other significant consequences, you can ask us to stop using your data. If you oppose such processing, we will stop or restrict processing unless there are compelling reasons to do so.

 

9. Whom to address questions or possible complaints about privacy?

If after reading this privacy statement you have further questions or comments regarding the collection and processing of your personal data, you can always contact us at the following e-mail address: dpo@legile.be

In addition, you have the right to submit any comments and observations or complaints to the supervisory authority responsible for data protection. You can do this in the EU Member State where you reside, the place where you work or the place where the alleged breach took place. In Belgium, you can file a complaint with the Data Protection Authority:

 

Gegevensbeschermingsautoriteit (Data Protection Authority)
Drukpersstraat 35, 1000 Brussel
+32 (0)2 274 48 00
www.gegevensbeschermingsautoriteit.be/burger/acties/klacht-indienen
www.gegevensbeschermingsautoriteit.be

As we are committed to our mutual relationship, we ask you to always contact us first so that we can work out a solution to what lies at the root of your complaint.

 

10. Amendments to the Privacy Statement

Our organization and our website are a dynamic and innovative environment. This privacy statement may be modified if our services or applicable legislation so require. This means that we are constantly looking to provide a better service tailored to your needs. It is possible that there will be new applications where we will collect or process your personal data in a different way. As a matter of course, we will inform you when there are important changes to this privacy statement, and we will ask your permission if necessary.