Privacy Policy

Last modified on 1 January 2020.

First of all, we are excited that you are interested in SPENCER (the “Application”).

This Application is offered to you by RECNEPS and {{Company}} (hereafter “We” or “Us”). When using this Application, We will need to process your Personal Data. In this regard, {{Company}} will qualify as the Data Controller, and RECNEPS – who manages and delivers the Application – qualifies as Data Processor.

To use the Application you will need to log in with your company credentials. As you log in, the Application will obtain and may capture certain Personal Data about you. This may include your first name, last name, phone number, e-mail address, your profile picture from Outlook, department, job title, office location, mailbox alias, cloud services, communication preferences, (the “Personal Data”).

If you do not wish to share any Personal Data with Us, you will not be able to use the Application and We suggest you do not log in.

We only collect and process the Personal Data that is required for the Application to function optimally.

The Personal Data that RECNEPS obtains from {{Company}} or from you, as you use the Application is subject to this privacy statement.

By using the Application, you are deemed to have acknowledged the use of your Personal Data in accordance with this privacy statement.

1. Definitions

Controller” means the legal entity which alone or jointly with others determines the purpose (the “why”) and the means (the “how”) of the processing of Personal Data. Your employer will be the Controller of the personal data processed via the Application. This means either {{Company Group BVBA}} with registered offices at Neervelstraat 105, 1200 Brussels, with VAT number 0462.925.669, or {{Company BVBA}}, with registered offices at Liersesteenweg 4, 2800 Mechelen, with VAT number 0473.416.418. (together referred to as “{{Company}}”)

Personal Data” means any information relating to an identified or identifiable individual.

Processor” means the legal person which processes the Personal Data on behalf of the Controller. RECNEPS is the owner/licensor of the Application and is the Processor of Personal Data in the framework of the Application. RECNEPS means NV RECNEPS, a company with registered office situated at 2000 Antwerp, Scheldestraat 11, registered in the Belgian Crossroad Bank for Enterprises with number 0667.513.616 (further referred to as “RECNEPS”).

2. The confidentiality of your Personal Data

Every time you as a user of the Application submit Personal Data, We shall handle this information in accordance with the stipulations of this privacy statement and any legal obligations applicable to the processing of Personal Data, including the General Data Protection Regulation (GDPR) 2016/679.

We shall establish appropriate procedures to secure and protect the data We collect via the Application or via electronic correspondence.

We optimize the security of your Personal Data by limiting the access to your Personal Data to persons on a “need-to-know” basis (for example: only Employer or RECNEPS employees or associates and subcontractors who need your data for the purposes as described here below shall receive permission to access the data).

3. How do we collect your Personal Data?

We collect your Personal Data:
• When you log in to the Application;
• When you access and use the Application;
• When you file a complaint, or ask for information;
• When you call or mail Us or correspond with Us via another way than the Application.

We will store and process your Personal Data no longer than necessary, and in any case not longer than a subsequent period of two years after the last time you log in to the Application.

We avoid the collection of Personal Data which are not relevant for the purposes set out in section 4.

4. What do we do with your Personal Data?

We can use the Personal Data we collect for the following purposes:
• To identify you as a user in the Application;
• To allow you to make use of the Application;
• To make relevant content and feature suggestions;
• To process and treat possible complaints or requests;
• To help us evaluate, correct and improve the Application and any related products or services;
• For internal reasons, including business administration and filing purposes.

In addition to the specific purposes for which We may process your Personal Data, We may also process your Personal Data where such processing is necessary for compliance with a legal obligation to which We are subject, or in order to protect your vital interests or the vital interests of another natural person.

Please do not supply any other person’s Personal Data to Us unless We prompt you to do so.

5. To whom do we report your Personal Data?

We will not transfer your Personal Data to third parties outside the European Union, unless to subcontractors outside the European Union with whom agreements are in place, offering the minimum legal securities as required under the General Data Protection Regulation (GDPR) 2016/679.

Furthermore, We will not transfer your Personal Data to third parties inside the European Union without your permission, except:
• To Affiliated Companies;
• When these data are necessary to permit employees, agents, subcontractors, suppliers or commercial partners to provide a service or accomplish a task in the framework of the product agreement between RECNEPS and {{Company}} (including providing customer services);
• If it is required by law.

Any transfer of Personal Data to one of the third parties mentioned in the list above, is in accordance with the stipulations of the General Data Protection Regulation (GDPR) 2016/679.

We ensure that measures are taken to make sure that third parties cannot use your Personal Data for other purposes than the purposes mentioned in section 4, and that these third parties have taken the necessary technical and organizational measures.

We will have data processing agreements in place with the aforementioned third parties in order to ensure the security of the data.

We shall take all necessary precautionary measures to assure that our employees, associates and subcontractors who have access to Personal Data will process these Personal Data exclusively in accordance with this statement and our obligations under the privacy regulations.

6. Rights of the data subject

Under the GDPR, you have the following rights regarding the processing of your personal data by Us. These rights are not absolute and their implementation may be subject to certain conditions and exceptions as provided for in the GDPR.

The right to be informed

By means of this privacy statement we inform you which Personal Data We process and for what purposes, as well as your rights in the context of these processing activities.

The right of access to Personal Data

You have the right to know at any time from Us whether or not We process your personal data, and if we process them to view those data and receive additional information about:
• the processing purposes;
• the categories of personal data concerned;
• the recipients or categories of recipients (particularly those in third countries);
• if possible, the retention period or, if that is not possible, the criteria for determining that period;
• the existence of your privacy rights;
• the right to lodge a complaint with the supervisory authority;
• the information we have about the source of the data if we obtain personal data from a third party; and
• the existence of automated decision-making.

You also have the right to receive a free copy of the processed data in an intelligible form. {{Company}} may charge reasonable fees to cover its administrative costs for any additional copy you request.

If access to personal data is refused, the reason will be communicated.

The right to rectification of Personal Data

You have the right to have incomplete, erroneous, inappropriate or outdated personal data corrected without delay.

In order to keep your data up-to-date, we ask you to notify us of any changes, such as a change of address, a change in your e-mail address or a renewal of your identity card. These changes can be communicated via the relevant tools.

The right to erasure of Personal Data

In some circumstances you have the right to the erasure of your Personal Data without undue delay. Those circumstances include:
• the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• the withdrawing of the consent to consent-based processing;
• You object to the processing of your personal data and there are no more serious, justified grounds for the processing by {{Company}}; and
• in case the Personal Data are unlawfully processed.

Please note, however, that we may not always be able to delete all requested personal data, for example if processing is necessary for compliance with our legal obligations.

The right to restrict the processing of Personal Data

In the following circumstances you have the right to restrict the processing of your Personal Data:
• when you contest the accuracy of the Personal Data;
• when the process is unlawful but you don’t want the Personal Data to be erased; or
• when you objected to processing, pending the verification of that objection.

Where processing has been restricted on this basis, We may continue to store your Personal Data. However, We will only process it with your explicit consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest.

The right to object to processing of Personal Data

You have the right to object to our processing of your Personal Data if that processing operation is based on the legitimate interest of {{Company}} or in the public interest, and on the condition that your interest outweighs the latter interests.

The right to data portability

You have the right to ‘recover’ your personal data, for example if you change employer. This is only possible for the personal data that you yourself have provided to {{Company}}, based on permission or after agreement. In all other cases, therefore, you cannot enjoy this right (for example, when your data are processed on the basis of a legal obligation).

There are two aspects to this right:
• You can request {{Company}} to provide you with the personal data concerned in a structured, common and machine readable form; and
• You can request {{Company}} to transmit the personal data concerned directly to another Data Controller. You are responsible for the accuracy and security of the (e-mail) address that you provide for the transfer. {{Company}} has the right to refuse this if the transfer is not technically possible.

The right to withdraw consent

To the extent that the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. However, withdrawal will not affect the lawfulness of processing before the withdrawal.

How do I exercise my privacy rights? You can exercise your privacy rights via the online Privacy page on the {{Company}} Intranet, using the therein available webform.

Are there costs associated with this? You can exercise your privacy rights free of charge unless your request is manifestly unfounded or disproportionate, in particular due to its repetitive nature. In such a case – in accordance with the privacy legislation – we have the right and choice (i) to charge you a reasonable fee (in which case the administrative costs are taken into account to provide the requested information or communication and the costs, which are associated with taking the requested measures), or (ii) to refuse to follow up your request.

In what format do I receive a reply? When you submit your request electronically, where possible the information is provided electronically, unless you request it otherwise. In any case we will provide you with a brief, transparent, intelligible and easy-to-access response.

When will I receive an answer? We will respond as quickly as possible to your request, and in any case within one month of receipt of your request. Depending on the complexity of the requests and the number of requests, this period may be extended for a further two months, if required. In case of an extension of the period, we will notify you of this within one month of receipt of the request.

What if {{Company}} does not follow up my request? We will in each case inform you in our response about the option of submitting a complaint to a supervisory authority and lodging an appeal to the court.

7. Geolocation

By explicitly granting permission in the Application to use your location data, you agree that your mobile device can be used to detect your presence in one of the company offices of {{Company}} while using the Application.

We will never track your GPS location, instead the Application will detect that you’re entering a perimeter as defined by {{Company}}. This information may be used to provide location specific services, including meeting room suggestions, colleague availability, office specific information, emergency communication, lunch menu, etc.

We will store such information for the limited duration of 8 hours.

You can at any time opt-out from the use of your mobile device for geolocalisation services.

8. Third Party Links

The Application may contain links to other websites which are not controlled by Us. Although We will do our utmost to make sure that the links on the Application lead exclusively to websites which share our safety and confidentiality standards, We are not responsible for the protection and confidentiality of data, among which Personal Data, which you submit on other websites after you have left the Application. Before submitting personal information on other sites or in other applications We recommend that you proceed carefully and consult the privacy statement which applies on the website concerned.

9. Contact

If you have any questions about this Privacy Statement and/or the processing of your personal data by {{Company}}, please consult the online Privacy page on the {{Company}} Intranet and lodge your request via the therein available webform.

To report a complaint or a personal data breach, you can contact your company’s Data Protection Officer, or Belgian Data Protection Authority via contact@apd-gba.be.