1. Information about us
Our platform and our website are an initiative of ArtiQ NV/SA a limited liability company incorporated and existing under the laws of Belgium with registered address at Boskouter 15 3010 Leuven, Belgium and with company number 0720.636.061 (hereinafter referred to as “ArtiQ” or “we” or ‘us’).
You can contact our Data Protection Officer (‘DPO’) by writing him at the following address: ArtiQ, for the attention of the DPO–at Boskouter 15 3010 Leuven, Belgium or by sending an email to email@example.com.
2. What is personal data?
Personal data is defined as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in section 4 of this Privacy Notice.
3. What are my rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
• The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in section 10.
• The right to access the personal data we hold about you. Section 9 will tell you how to do this.
• The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in section 10 to find out more.
• The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please note that this right is not absolute and can only be exercised if (i) we no longer need your personal data for the original purpose, (ii) if you withdraw your consent for processing it, (iii) if you object to us processing your personal data for our legitimate interest, (iv) if we unlawfully process your personal data or (v) if a local law requires us to erase your personal data. Please contact us using the details in section 10 to find out more.
• The right to restrict (i.e. prevent) the processing of your personal data. You have the right to ask us to restrict the use of your personal data if (i) you believe that the personal data which we hold is inaccurate, (ii) if we are processing the personal data unlawfully, (iii) you have objected to us processing your personal data for our legitimate interests or (iv) we no longer need the personal data for the purposes of processing but you want us to keep this for the establishment, exercise or defence of legal claims.
• The right to object to us using your personal data for a particular purpose or purposes. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims
• The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
• Rights relating to automated decision-making and profiling. You have the right not to be subject to decisions which may legally or significantly affect you and that were based solely on automated processing using your personal data. We will however not use your personal data in this way.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in in section 10.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. The contact details of your supervisory authority can be found here. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in section 10.
4. What personal data do we process?
Depending upon your use of our services and/or our website, we may collect some or all of the following personal data:
|Usage data||Your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.|
|Contact data||Your name, email address, and personal data that may be contained in the content of the message you send to us via contact form on the website.|
|Job application data||email address and personal data contained in your CV and motivational letter.|
|Contact data obtained in the course of the sales activities||Contact data obtained in the course of the sales activities
Your name, email address, phone number, company name, job title.
The legal basis and purpose for which we process the personal data shall be the following:
|Legitimate interest||communicate with you about the recruitment process, and keep records related to our hiring processes, (iv) for maintaining insurance coverage, (v) for marketing purposes (i.e. to offer similar products or services (vi) establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.|
|Consent||We may process your personal data upon receipt of your consent. This will be the case when you subscribe to our newsletter.|
We will not sell your personal data to third parties and will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in section 10. If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.
5. Do we share your personal data?
Use of processor(s)
We are free to rely on data processors. A processor is the natural or legal person who processes your personal data upon request and on behalf of us, the controller. The processor is required to ensure the security and confidentiality of the personal data. The processor will always act on our instructions. We rely on processors for marketing, and Customer Relationship Management (CRM) purposes.
With a view to the optimal protection of your personal data, we have made the necessary contractual arrangements with our processors to ensure that they apply the highest privacy standards. In any event, data processors shall be required to have the necessary technical and organisational measures in place to protect the personal data.
Sharing of personal data to third parties (other than processors)
In some circumstances we may share certain of your data with other third parties.
|Internal/external||Details on sharing|
|Externally||We may share certain data with or receive certain data with public and/or tax authorities, regulators and supervisory bodies in order to comply with our legal and regulatory obligations;
Judicial and/or investigative authorities (e.g. the police, public prosecutors or courts);
Postal services, if such would be required to contact you;
The ombudsman (or similar extrajudicial mediation services) or competent data protection authority to whom you file a complaint.
6. International transfers of your personal data
In certain circumstances, we may store or transfer some or all of your personal data in countries that are not part of the EEA. This might for instance be the case when we are making use of processors who make use of specific sub- processors. These are known as “third countries” and may not have data protection laws that are as strong as those in Belgium and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the EEA and under the Data Protection Legislation as follows:
We transfer your personal data to third countries whose levels of data protection are deemed ‘adequate’ by the European Commission. More information is available from the European Commission.
We use specific contracts with external third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts require the same levels of personal data protection that would apply under the GDPR.
Please contact us using the details below in section 10 for further information about the particular data protection mechanisms used by us when transferring your personal data to a third country.
7. How long will we keep your personal data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was originally collected. After that we will, in accordance with the applicable laws and regulations, delete your personal data, anonymize it or aggregate the data to a level that it can no longer be identified. The effective retention period may depend on the circumstances. Often such retention period is defined by a specific law. Where there is no specific legal requirement, we will look at the applicable statutes of limitations and keep your personal data for such period.
8. How do we protect your personal data
The security of your personal data is essential to us, and to protect your data we will take appropriate technical and organisational precautions. This means that we have the necessary policies and procedures and IT security measures in place to ensure the confidentiality and integrity of your personal data. These policies, procedures and measures are periodically updated to keep them in line with regulations and market developments.
Internal access to the personal data is limited on a strict ‘need-to-know’ basis. Only authorized personnel, whose activity will be monitored to prevent any misuse, will be able to access the personal data.
9. How can you access your personal data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in section 10 (How do I exercise my rights?).
There is in principle no charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 15 working days and, in any case, not more than one month after receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
10. How do I exercise my rights?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Email address: firstname.lastname@example.org
11. About cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
12. Changes to this Privacy Notice
We reserve the right to change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our website in a way that affects personal data protection and privacy.
Every change will be published on our platform or through our other usual communication channels.
Last update: 24/02/2022