Privacy statement

This privacy statement applies to all companies belonging to the EFICO-group and describes how we collect, process, store and protect personal data. 

1. Which personal data do we collect?

The personal data we collect may include:

 

  • Name and surname
  • Username
  • Address
  • Telephone and/or mobile phone number
  • Email address
  • Date of birth
  • Gender
  • Job title and employer
  • Marital status and family composition
  • Career and education
  • Wages
  • Financial and fiscal data
  • Complaint details and requests specifically expressed by the data subject
  • Contractual agreements
  • IP address
  • Browser type
  • Language preference
  • Posts on social media applications we utilise
  • Online behaviour and preferences
  • Images and audiovisual data
  • Data relating to the performance of our services
  • Other relevant information

 

It is also possible that we collect personal data of a so-called “sensitive” nature (special data categories), like:

Health (e.g. a disablement or other specific medical condition that we should take into account (allergy, etc.) when the data subject enters our business premises or when we organise a business lunch)

Our products, services and website are not designed or intended for children. We therefore do not actively nor intentionally collect and store, except possibly for our employees, the personal data of children.

The personal data that we process always depends on specific circumstances, for example, the nature of the service or the product that we are to provide, the legal obligations to which we are subject, our related legitimate interests or the specific consent that you grant us to that end.

 

2. Who do we collect personal data from?

We collect personal data, amongst others, from:

  • our clients, suppliers, business contacts and potential clients (or from our contact persons at the latter);
  • our contact persons with government agencies and other (public) institutions;
  • our employees and job applicants;
  • the visitors to our website and social media;
  • the visitors to our business premises;
  • the family members of our employees.

 

3. How do we collect personal data?

We collect personal data in various ways, particularly personal data that we receive:

  • from the data subject him-/herself;
  • from the data subject’s employer or co-contractor (e.g. when our client or supplier is a company and the data subject is appointed by this company as the contact person, etc.);
  • from other parties (e.g. government agencies, headhunters, etc.);
  • via the use of our website, social media and other tools;
  • publicly available information.

 

4. Why do we process personal data?

Except in situations where we process personal data based on consent, we may process personal data for the following purposes and based on the following legal grounds (this is not an exhaustive list):

4.1. Delivery of products or services to our (potential) clients

We process personal data within the context of delivering our products and/or services to our (potential) clients (contract/pre-contractual phase/legitimate interests). The personal data are processed within the context of delivering products or services to the data subject him/herself, to the data subject’s employer (e.g. our (potential) clients) or to the data subject’s contracting party (our (potential) clients).

4.2. Fulfilling our legal obligations

In some cases, we are legally obliged to process certain personal data, such as:

As an employer we are, amongst other things, obliged to collect certain data (such as our employees’ national register number, marital status and family situation) and, should the need arise, disclose data to the competent government agencies.

4.3. Administrative and financial processing

We process personal data within the scope of our own administrative, accounting and corporate obligations based on our legitimate interests and legal obligations.

4.4. Personnel administration and employee recruitment

We have to process our employees’ and ex-employees’ data within the scope of our personnel administration (contract/legal obligation).

We collect job applicants’ personal data (contract and where applicable consent for data that the job applicant provides us with voluntarily, but without it being necessary and unsolicited) within the framework of the recruitment of new employees.

4.5. Direct marketing

We have a legitimate interest for processing our client’s (or contact persons at our clients) personal data for electronically transmitting advertising messages, newsletters, invitations to commercial events and such like, provided these pertain to similar products and services as delivered to them before.

We always ask the data subject’s consent for all other marketing campaigns transmitted by electronic means.

Finally, we have a legitimate interest for undertaking marketing campaigns by non-electronic means.

4.6. Collection of personal data via our website

We have a legitimate interest for processing the personal data of data subjects:

  • who leave their data behind on our website and this with a view to fulfilling their specific request;
  • that visit our website and this within the context of managing and improving our website. In this respect, we refer to our cookies policy.

4.7. Internal risk analyses, audits and penetration tests

We have a legitimate interest for processing personal data within the scope of internal risk analysis, audits and penetration tests, which are either conducted on our own initiative or on the initiative of a third party that is authorised to that end (for example, the competent data protection authority), or for contractual purposes.

4.8. Invitation to and promotion of events and workshops

We have a legitimate interest for processing personal data within the scope of the organisation of events and workshops for our clients and the promotion thereof by means of the publication of a report, video’s and images of the event or workshop on our website and social media pages.

 

5. Who do we disclose personal data to?

We only disclose personal data to commercial partners with your consent or when this is necessary for delivering our products or services.

Furthermore, we disclose personal data to our own processors (for example, our payroll agency, ICT and social media partners, etc.) subject to a data processing agreement, our other consultants that act as controllers (for example, our attorney-at-law, accountant, etc.), government and judicial authorities and (professional and government) inspection services.

We do not disclose any data to receivers established in third countries (non-EU countries) except with your consent, if this is necessary for the delivery of our services to the data subject or our client or if we are legally obliged thereto (for example, pursuant to an enforceable judgement or attachment).

If, for any of the above mentioned reasons, we have to disclose personal data to a receiver established in a third country, we shall comply with the legal obligations regarding such transfer.

 

6. How long do we store personal data?

We store personal data, as the appropriate case may be:

  • for the purpose of our liability period after providing our products/services;
  • as long as we are legally obliged to store the personal data;
  • in case of a judicial contention, administrative or arbitral proceeding, until a definitive decision is given in the context of this proceeding, unless we are legally required to store the personal data for a longer period;
  • in all other cases for a reasonable and proportionate period.

 

7. How do we protect your personal data?

We have developed a security policy, which is tested and adjusted at regular intervals, in the context of which technical and organisational measures are taken that are aimed at:

  • raising awareness regarding the treatment of personal data amongst our employees and other persons working for us and, from time to time, implementing adjustments (by way of inspections and periodic training);
  • restricting access to personal data (both at organisational and IT-technical level);
  • protecting personal data (by way of appropriate IT-technical measures taking into account the state of the art and the related costs and risks of processing, such as encryption, anti-virus software, firewalls, transfer via secure connections, etc.);
  • ensuring the correctness of the data;
  • ensuring confidential treatment of the personal data;
  • remedying, preventing and tracing data leaks (being accidental or unlawful destruction, loss, alteration, provision of or access to personal data that has been transferred, stored or otherwise processed), to the extent possible.

 

8. What are your rights as a data subject?

Your rights as a data subject whose personal data we process are:

  • right to transparency (right to be informed about the processing of your personal data by our offices in a clear and comprehensible language);
  • right to inspect, improve and delete your personal data;
  • right to transferability of your data into a normal machine-readable format;
  • right to withdraw your previously given consent;
  • right to request the processing to be restricted or to object to the processing;
  • right to file a complaint with the competent data protection authority.

 

It should be noted that these rights are not always absolute, that under certain circumstances we are entitled or even legally obliged to process your personal data further or that our secrecy obligation prevents us from providing certain information and that we therefore cannot always (fully) honour your request. If such is the case, we will inform you accordingly.

You can exercise these rights free of charge, except in case of misuse, in which case we are entitled to charge administration costs to meet your requests.

All queries relating to exercising your rights can be addressed to: privacy@efico.com.

 

9. Changes to this privacy statement

We have the right to change this privacy statement at any time in order to bring it into line with the (changes to) the relevant legislation, national and international official positions and judicial decisions.

You can consult the most recent version of this privacy statement at any time on our website.