Spencer for Vigo

The ‘Spencer’ application contains this privacy policy by default and the processing of your Personal Data is therefore subject by default to the data processing as stipulated in this privacy policy.

However, this privacy policy is a proposal from RECNEPS (as the Processor), which can always be amended and/or replaced by the Controller. Therefore, RECNEPS bears no responsibility whatsoever for the accuracy or completeness of this privacy policy, which is the responsibility of the Controller.

Word template (English)

Privacy Policy

Last modified on 11 June 2025.

First and foremost, we are delighted that you have chosen to use SPENCER (the “Application”). We make every effort to ensure that you do not have to worry about the protection of your Personal Data when using the Application.

In this privacy policy, we inform you about how we use the Personal Data you provide to us during the use of the Application.

We may ask you to share certain Personal Data with us, including but not limited to your first name, last name, and email address (identification data).

We only collect the Personal Data that is necessary to inform you about the Application and related services, to perform an agreement with you, to communicate with you, to exercise our legitimate interest, and to comply with a legal obligation to which we are subject.

We base this on the legal grounds of the agreement, our legitimate interest, your vital interest, and, in some cases, your consent (see also Article 2).

If you do not wish to share Personal Data with us, you will not be able to use the Application, and we recommend that you delete the Application from your mobile device.

The processing of your Personal Data is subject to this privacy policy. If you have any questions about this privacy policy and/or the processing of your Personal Data by the Controller, you can consult the online privacy page on the Controller’s intranet and submit your request via the available web form there.

1. Definitions

“Affiliated Company” means a company affiliated with the Company to the extent that it meets the conditions of an “affiliated company” within the meaning of article 1:20 of the Belgian Code of Companies and Associations.

“Application” means the “SPENCER” application developed for Web, mobile devices for iOS and Android operating systems, customized and managed by Recneps NV, a Belgian public limited liability company, with registered office at 2000 Antwerp (Belgium), Scheldestraat 11 and with enterprise number 0667.513.616, acting as Processor in this context.

“Company” means [company], with registered office at [address] and with enterprise number [enterprise number], acting as Controller in this context.

“Controller” means the natural or legal person who alone or jointly with others determines the purposes (the “why”) and means (the “how”) of processing Personal Data, as defined in General Data Protection Regulation 2016/679. The Company will qualify as the Controller with respect to the Personal Data processed through the Application.

“Personal Data” means any information relating to an identified or identifiable natural person (also referred to as “data subject”).

“Processor” means the natural or legal person processing Personal Data on behalf of/the Controller.

2. Processing purposes and legal bases

Data of employees and freelancers

In the context of the Application, we collect and process the identity and contact information of our employees and freelancers working for us. The purpose of processing this data is the performance of the agreement with our employees and freelancers. The legal bases for this processing are the performance of the agreement, our legitimate interests, the protection of the vital interests of our employees and freelancers, and, in some cases, their consent.

Specifically, we may use the Personal Data we collect for the following purposes:

to identify you as a user of the Application;
to enable you to use the Application and its functionalities, features, and services;
to process and handle any complaints or requests;
to assist us in evaluating the Application and all related products or services;
to share targeted communications with you based on organizational data, such as department, division, entity, or job title;
for internal purposes, including business administration and archival purposes;
to comply with legal, administrative, and accounting obligations.

3. The confidentiality of your Personal Data

Whenever you (as a user of the Application) provide Personal Data to us, we will treat this information in accordance with the provisions of this privacy policy and the legal obligations relating to the processing of Personal Data, including the General Data Protection Regulation (GDPR) 2016/679.

We implement appropriate procedures to secure and protect the Personal Data we collect through the Application or electronic communication. In this way, we commit ourselves, to the extent reasonably expected, to prevent illegal processing of Personal Data and unintentional loss or destruction of your Personal Data.

We seek to optimize the security of your Personal Data by limiting access to your Personal Data to individuals on a “need-to-know” basis (for example: only the Data Controller and her employees, staff, and subcontractors who require your Personal Data for the purposes as described in article 2 will have access to the data).

4. How do we collect your Personal Data and how long will it be retained?

Data collection

We collect your Personal Data – without limitation – in the following cases:

when you fill in personal data in surveys or forms within the Application;
when you log in with your (private) email address and/or phone number in the Application;
when we synchronize data related to segmentations (such as department, division, job title, work location or other non-sensitive HR information) from HR with the Application, so that you receive personalized news, documents, and links in the Application;
when you submit a complaint or request for information via the contact form provided in the Application;
when you call us, email us, or correspond with us in any other way than through the Application.

We avoid the collection of Personal Data that is not relevant for the purposes as set out in article 2.

Data Retention

We will not retain and process your Personal Data longer than necessary for the purposes of processing.

Personal data of our employees will be deleted from our systems (1) three months after the use of the Application within the Controller’s company has ended or (2) within two days after archiving if we no longer synchronize your Personal Data with the Application from our systems, except for the Personal Data that we are required to retain for longer periods based on specific legislation or in case of an ongoing dispute for which the Personal Data is still necessary. We would like to inform you that deleting the Application from your device does not result in the deletion or anonymization of your Personal Data. You should contact us if you wish for your Personal Data to be deleted.

5. Transfer of Personal Data?

We shall not transfer Personal Data to third parties located outside the European Economic Area unless there is an adequacy decision by the European Commission or we have Standard Contractual Clauses (as provided by the European Commission). Furthermore, we shall not transfer Personal Data to third parties located within the European Economic Area without your consent, unless:

(i) the transfer is necessary to enable employees, agents, subcontractors, suppliers or partners to provide a service or perform a task on our behalf;

(ii) this is required by law.

Any transfer of Personal Data to a recipient as listed above shall be in accordance with the provisions of the General Data Protection Regulation 2016/679.

We shall ensure that measures are taken to prevent the recipients from using the Personal Data for purposes other than those listed in Article 2 and that these recipients have implemented sufficient technical and organizational measures to protect this data.

In order to ensure the security of the Personal Data, we shall always enter into a data processing agreement with the aforementioned recipients of the Personal Data or, where applicable, Standard Contractual Clauses as provided by the European Commission.

Finally, we shall take all necessary precautions to ensure that our employees and staff who have access to the Personal Data process it solely in accordance with this privacy policy and the legal obligations under the General Data Protection Regulation 2016/679.

6. Rights of data subject

Under both Belgian and European legislation on the protection of Personal Data, you have the rights described below.

How do I exercise my rights?

You can exercise your rights through the online privacy page on the Company’s intranet using the available web form. If there is no reasonable certainty about your identity, we may request that you send a copy of the front of your identity card showing only your first and last name.

Are there any costs involved?

You can exercise your rights free of charge, unless your request is manifestly unfounded or excessive, in particular due to its repetitive nature. In that case, we have the right and the choice – in accordance with the relevant legislation – to (i) charge you a reasonable fee (in which case the administrative costs for providing the requested information or communication and the costs associated with taking the requested actions will be taken into account), or (ii) refuse to act on your request.

In what format will I receive a response?

When you submit your request electronically, the information will be provided electronically where possible, unless you request otherwise. In any case, you will receive a concise, transparent, intelligible, and easily accessible response from us.

When will I receive a response?

We will respond as soon as possible and in any case within one month of receiving your request. Depending on the complexity of the requests and the number of requests, this period may be extended by another month if necessary. In case of an extension of the deadline, we will inform you within one month of receiving the request.

The right of access to Personal Data

You have the right to instruct us to provide all Personal Data we hold about you, provided that the rights of other individuals are not affected.

You also have the right to receive a free copy of the processed data in an understandable form. The Company may request a reasonable fee to cover its administrative costs for any additional copies you request.

The right to rectification of Personal Data

You have the right to promptly correct incomplete, incorrect, inappropriate, or outdated Personal Data.

To keep your data up to date, we ask you to inform us of any changes, such as a change of address, a change of email address, or a renewal of your identity card. These changes can be communicated via the relevant tools.

The right to erasure of Personal Data

You have the right to have your Personal Data erased without undue delay in the following cases:

when it is no longer necessary to retain the Personal Data for the purposes for which it was collected or otherwise processed;
when it is required by law;
in case of withdrawal of consent for consent-based processing;
for processing intended for direct marketing; and
if the Personal Data has been processed unlawfully.

However, there are certain general exclusions to the right to erasure. These general exclusions include cases where processing is necessary:

for the exercise of the right to freedom of expression and information;
to comply with a legal obligation; or
to establish, exercise, or defend legal claims.

The right to restrict the processing of Personal Data

In the following cases, you have the right to restrict the processing of your Personal Data:

to challenge the accuracy of your Personal Data;
when the processing is unlawful, but you do not want the Personal Data to be erased; or
if you object to the processing of your Personal Data, pending verification of that objection.

If processing is restricted on this basis, we may continue to store your Personal Data. However, we will only process the data with your explicit consent to establish, exercise, or defend legal claims, to protect the rights of another natural or legal person, or for reasons of significant public interest.

The right to object

You have the right to object to our processing of your Personal Data in the following cases:

if we process your Personal Data for direct marketing purposes (including profiling for these purposes) based on our legitimate interest; and
due to your specific situation (your particular personal circumstances).

The right to data portability

If you wish to exercise your right to data portability, we will transfer the Personal Data in a structured, commonly used, and machine-readable format to a data controller of your choice.

The right to withdraw consent

To the extent that the legal basis for our processing of your Personal Data is your consent, you have the right to withdraw that consent at any time. However, such withdrawal will not affect the lawfulness of processing that occurred before the withdrawal.

The right to lodge a complaint with a supervisory authority

You can contact the Data Protection Authority at any time by sending an email to contact@apd-gba.be or by submitting a written request to the Data Protection Authority, located at 1000 Brussels (Belgium), Drukpersstraat 35. You have the option to appeal to the competent court.

7. Referral to third parties

The Application may contain links to other websites that are not operated by us. While we make every effort to ensure that the references on the Application only lead to websites that have corresponding security and confidentiality standards, we are in no way responsible for the protection and confidentiality of Personal Data, including data you provide on other websites after leaving the Application.

We emphasize the importance of exercising caution and consulting the privacy policy applicable to the respective website or application before providing personal data.

8. Amendments

We reserve the right to modify this privacy policy at any time by publishing a new version on the Application.

We recommend that you consult the Application regularly to verify whether you agree to any changes to this privacy policy.

In any case, you will be informed by email of any changes to this privacy policy, to the extent that we have your email address.

9. Cookies

We use “cookies” whenever you use the Application. A “cookie” is information sent to your device via the server and stored on the device’s hard drive. Cookies help us recognize your device when you use the Application. This enables us to make the processing more user-friendly and provide you with personalized service.

For more information, please refer to our cookie policy, which can be found on our Website (https://spencermultissov2prod.blob.core.windows.net/brand-assets/_general/Spencer-Cookie-Policy-English-20250404.pdf).