1. Introduction

DESOTEC is committed to maintaining the privacy and security of the personal data that we process. This privacy policy (hereinafter the “Privacy Policy”) outlines our practices regarding the collection, use, and protection of personal information in accordance with applicable data protection laws and regulations, including the Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation (GDPR)).

If you have any questions or requests in relation to the processing of your personal data, please email us at GDPR@desotec.com.

In addition to this Privacy Policy, we have a specific cookie policy. For further information on how we process personal data via cookies, social plug-ins, pixels and other types of tracking technology, you are kindly referred to the applicable Cookie Policy.

2. Who is responsible for the processing of your personal data?

DESOTEC NV, a limited liability company incorporated in Belgium, with registered office at Regenbeekstraat 44, 8800 Rumbeke, Belgium, registered with the Crossroads Bank of Enterprises under number 0441.856.180, is the controller of your personal data and is the entity responsible for your personal data as covered in this Privacy Policy (hereinafter “DESOTEC", “we”, “us, “our”.)

As DESOTEC NV is part of a group of undertakings it may be that you are in contact with a different legal entity of the group. Nevertheless, whichever of our group entities is/are involved in the processing of your personal data in the context of your specific relationship with DESOTEC, only the present Privacy Policy applies.

3. Which personal data do we process from you, for which purposes, for how long, and the legal basis

In the context of our business activities, we process personal data from employees, contractors, customers, consultants, job applicants, and any other individuals who initiate contact with us or who otherwise express their interest in our products. If any of such persons is a legal entity, we still process data of our contacts at these entities and the Privacy Policy shall also apply.

Personal data includes any information relating to an identified or identifiable natural person (also known as a “data subject”). This may include, but is not limited to: your name, address, email address, phone number, identification number or place of work.

We use your personal data solely for the purposes of processing your requests, to conduct our business, to develop analytics and aggregated data that allow us and our partners to improve our website and related services or to correspond with you.

We will only process your personal data if we have obtained your prior consent, if the processing is necessary to perform our contractual obligations or to take pre-contractual steps at your request, if the processing is necessary to comply with legal or regulatory obligations or if the processing is necessary for our legitimate interests.

Your personal data are only processed for as long as needed to achieve the purposes listed under this article 3 of this Privacy Policy or up until such time where you withdraw your consent for processing them.

When you apply for a position at DESOTEC, we only process relevant personal data necessary to evaluate your application and to communicate with you: your name, personal contact details (e.g. address, telephone number, and email address), date and place of birth, age and gender, your CV, information about your education, and your professional and other experience. If relevant to the position, we may also process personal data in the context of personality tests and/or references. In case of non-hiring, we retain applicants' personal data for up to 2 years after the conclusion of the selection process.

Images from surveillance cameras are stored temporarily. Cameras are used in and around our buildings, and they comply with legal requirements. Buildings with camera surveillance are marked with a sticker. The footage is kept for up to 30 days, except when it is needed as evidence in a crime, to demonstrate damage, or for the identification of those involved. We process these images to protect our property (under our legitimate interest).

4. With whom do we share your personal data

DESOTEC is a company group which consists of different companies. We may share your personal data with other entities within our group based on our legitimate interests. We will ensure that all DESOTEC group entities will take due care that all processing of your personal data is in line with what is set out in this Privacy Policy. In addition, due to our centralized approach on data management, a customer or vendor of one of our companies is considered a customer or vendor of the entire group. 

In certain circumstances, we may transfer your personal data to third parties outside the DESOTEC group. This may occur when it is strictly required for the purposes described in article 3 of this Privacy Policy, or where we are legally obliged to do so.

These third parties may be engaged to perform certain services on behalf of the DESOTEC group, including but not limited to data hosting, cooperation with financial institutions, website management, provision of IT solutions, product transportation, or dispute resolution. Where such third parties act as processors within the meaning of the GDPR, we will enter into a data processing agreement in compliance with legal requirements. Only the personal data necessary for the execution of the assigned services will be shared with such third parties. As a general policy, the DESOTEC group does not sell, rent, distribute or otherwise make your personal data commercially available to third parties unless you consent to it.

5. Transfer outside of the European Economic Area

Your data may be transferred to countries outside the European Union. In such cases, we will ensure that the processing of personal data is always adequately protected in accordance with specific contractual obligations and the requirements of the GDPR.

6. Security

DESOTEC applies appropriate technical and organisational measures to safeguard personal data against accidental or unlawful destruction, loss, alteration, unauthorized processing, disclosure or access. Access to personal data is restricted to authorized recipients on a need-to-know basis and subject to strict confidentality undertakings.

In the event of a data breach, we will take all appropriate measures to contain and assess the incident without undue delay. Where the breach is likely to result in a risk to your rights and freedoms, we will notify the Belgian Data Protection Authority within the timeframes set by applicable law and, where legally required, inform you directly. We will also take all reasonable steps to mitigate any potential adverse effects and to prevent recurrence.

7. Your rights as a data subject

As a Data Subject, you have the following rights:

  1. the right to access the personal information that we keep on you;
  2. the right to obtain the rectification of inaccurate personal data that we keep on you;
  3. where the processing is based on your consent, the right to withdraw consent at any given time, without affecting the lawfulness of processing based on consent before its withdrawal;
  4. the right to erasure where the conditions of article 17 of the GDPR have been met;
  5. the right to restriction of processing where the conditions of article 18 of the GDPR have been met;
  6. the right to data portability insofar as the conditions of article 20 GDPR apply to you;
  7. the right to object to processing of personal data concerning you, insofar as the conditions under article 21 GDPR have been met;
  8. the right to lodge a complaint with a supervisory authority. The coordinates of the Belgian Data Protection Authority are Drukpersstraat 35, 1000 Brussels, + 32 2 275 48 00, contact@apdgba.be; and
  9. the right to opt out of any direct marketing communications that we (with your consent) may send you. 

You can exercise these rights at any given time by emailing us at GDPR@Desotec.com.

8. Changes

This Privacy Policy may be revised from time to time. Any changes to this Privacy Policy will be indicated through the mention of effective date. Continued use of our sites after changes made to our Privacy Policy indicates your consent to the use of newly submitted information. We encourage you to read our Privacy Policy from time to time to stay updated on any changes.