Where reference is made in this privacy declaration to Dyls, reference is made to Dyls NV, with registered office at 3000 Leuven, Naamsestraat 37 and registered in the Kruispuntbank van Ondernemingen with enterprise number 0877.573.054, RPR Leuven, as well as to each affiliated and/or related company to Dyls NV.
Dyls attaches great importance to the safe, transparent and confidential collection and processing of your personal data. In particular, we want to protect the data of our customers, subcontractors and suppliers, among others, against loss, leaks, errors, unauthorised access or unlawful processing.
We would like to inform you about the collection and processing of your personal data through this Data Protection Notice.
We ask that you read this Privacy Notice carefully, as it contains essential information about how your personal data is processed and for what purpose.
By submitting your personal data, you expressly declare that you have taken note of this privacy declaration and also expressly agree to it, as well as to the processing itself.
2. SCOPE OF APPLICATION
This Privacy Statement relates to all services provided by us and, in general, to all activities that we carry out.
3. CONTROLLER AND ITS COMMITMENTS
Dyls is the data controller of your personal data.
When collecting and processing your personal data, we respect the Belgian regulations on the protection of personal data, as well as the General Data Protection Regulation (“GDPR”) as of its entry into force on 25 May 2018.
5. PROCESSING PURPOSES AND LEGAL BASIS
5.1 Customer data
Within the framework of our services and our activities, we collect and process the identity and contact details of our clients and principals, their staff, employees, appointees and other useful contacts. The purposes of these processing activities are the execution of the agreements with our clients, client management, accounting, the execution of notarial deeds, studies, statistics and direct marketing activities such as sending promotional or commercial information. The legal grounds are the execution of the agreement, the fulfilment of legal and regulatory obligations (such as the 30bis declaration of works) and/or our legitimate interest. For the execution of notarial deeds, E-ID data and bank account number are also processed where applicable.
5.2 Data of suppliers and subcontractors
We collect and process the identity and contact details of our suppliers and subcontractors, as well as their (sub)contractor(s), if any, their staff, employees, appointees and other useful contacts. The purposes of these processes are the execution of this agreement, the management of the suppliers/subcontractors, accounting and direct marketing activities such as sending promotional or commercial information. The legal grounds are the execution of the agreement, the fulfilment of legal and regulatory obligations (such as the mandatory electronic attendance recording, the 30bis declaration of works, the attendance list or other obligations in public contracts, etc.) and/or our legitimate interest (such as for direct marketing). For the purpose of electronic attendance recording, the E-ID data or the Limo number are also processed where applicable. For direct marketing activities by e-mail (such as a newsletter or invitation to events), consent will always be requested and can also be withdrawn at any time.
5.3 Staff data
We process the personal data of our employees as part of our personnel management and payroll administration. Due to its specific nature, this processing is regulated in more detail in a Data Protection Policy for Employees.
5.4 Other data
In addition to the data of customers, suppliers/subcontractors and staff, we also process personal data of others, such as possible new customers/prospects, useful contacts within our sector, network contacts, expert contacts, etc. The purposes of these processing operations are set out in the following sections. The purposes of these processing operations are in the interest of our business, direct marketing and public relations. The legal basis is our legitimate interest or, in some cases, the performance of a contract.
6. DURATION OF PROCESSING
The personal data will be kept and processed by us for a period of time that is necessary in function of the purposes of the processing and in function of the (contractual or non-contractual) relationship that we have with you.
Customer data and data of suppliers or subcontractors will in any case be deleted from our systems after a period of ten years after the termination of the agreement or the project, except for these personal data which we must retain for a longer period on the basis of specific legislation or in the event of ongoing litigation for which the personal data is still necessary.
In accordance with and subject to the terms of Belgian privacy legislation and the provisions of the General Data Protection Regulation, we inform you that you have the following rights:
- Right of access and inspection: you have the right to consult, free of charge, the data that we hold about you and to find out what use it has been put to.
- Right to rectification: you have the right to obtain the rectification (correction) of your inaccurate personal data as well as the completion of incomplete personal data.
- Right to erasure or restriction: you have the right to request us to erase your personal data or to restrict its processing in the circumstances and under the conditions set out in the General Data Protection Regulation. We can refuse the erasure or restriction of any personal data that is necessary for us to carry out a legal obligation, the performance of the contract or our legitimate interest, and this for as long as this data is necessary for the purposes for which it was collected.
- Right to data portability: You have the right to obtain the personal data you have provided us with in a structured, commonly used and machine-readable form. You have the right to transfer this data to another data controller.
- Right to object: You have the right to object to the processing of your personal data for serious and legitimate reasons. However, please note that you cannot object to the processing of personal data which are necessary for us to carry out a legal obligation, the performance of the contract or our legitimate interest, and this as long as these data are necessary for the purposes for which they were collected.
- Right of withdrawal of consent: If the processing of personal data is based on prior consent, you have the right to withdraw this consent. These personal data will then only be processed if we have another legal basis for doing so.
- Automatic decisions and profiling: we confirm that the processing of personal data does not involve any profiling and that you will not be subject to any fully automated decisions.
You can exercise the aforementioned rights by sending an e-mail to firstname.lastname@example.org or a letter by post to Dyls, Naamsestraat 37, 3000 Leuven.
We make every effort to handle your personal data in a careful and legitimate way in accordance with the applicable regulations. If you nevertheless believe that your rights have been violated and your concerns have not been addressed within our company, you are free to file a complaint with:
Commission for the Protection of Privacy
Rue du Printing 35, 1000 Brussels
Tel. 02 274 48 00
Fax. 02 274 48 35
8. TRANSFER TO THIRD PARTIES
It is possible that one or more of the above-mentioned third parties is located outside the European Economic Area (“EEA”). However, personal data will only be transferred to third countries with an adequate level of protection.
The employees, managers and/or representatives of the above-mentioned service providers or institutions and the specialised service providers appointed by them must respect the confidential nature of your personal data and may only use these data for the purposes for which they have been provided.
If necessary, your personal data may be passed on to other third parties. This may be the case, for example, if all or part of our business is reorganised, if our activities are transferred or if we are declared bankrupt. It is also possible that personal data may need to be transferred in response to a court order or to comply with a specific legal obligation. In this case, we will make reasonable efforts to inform you in advance of such communication to other third parties. However, you will acknowledge and understand that in certain circumstances, this may not be technically or commercially feasible, or that legal restrictions may apply.
Under no circumstances will we sell or make your personal data commercially available to direct marketing agencies or similar service providers, except with your prior consent.
9. TECHNICAL AND ORGANISATIONAL MEASURES
We take the necessary technical and organisational measures to process your personal data with an adequate level of security and to protect them against destruction, loss, falsification, alteration, unauthorised access or notification to third parties, as well as any other unauthorised processing of these data.
Under no circumstances shall Dyls be held liable for any direct or indirect damage resulting from an erroneous or unlawful use of the personal data by a third party.
10. ACCESS BY THIRD PARTIES
For the purpose of processing your personal data, we grant access to your personal data to our employees, collaborators and appointees. We guarantee a similar level of protection by providing contractual obligations to these employees, workers and contractors that are similar to this Data Protection Notice.
11. ANY QUESTIONS?
If after reading this Data Protection Notice you have further questions or remarks about the collection and processing of your personal data, you can contact Dyls, either by mail to Naamsestraat 37 – 3000 Leuven, or by sending an e-mail to email@example.com.
Last modified 23 September 2020