A. Who we are
Laco NV (referred to below as “we” or “us”) takes your privacy very seriously and considers it important for your personal data to be treated with the necessary care and confidentiality at all times. We understand that you want to know why we need your personal data and that you might be curious about what we do with it. In this privacy statement (hereafter “privacy statement”) we provide an answer. If there would remain any questions after reading this privacy statement, please do not hesitate to contact us, we are happy to help.
This privacy statement explains why we require your personal data and what we do with it. If you have any questions after reading this privacy statement, you are always welcome to contact us.
This statement only applies for the personal data that Laco NV, with registered office at Woluwelaan 135 Box A, 1831 Diegem, Belgium and with registration number 0430.100.473 in the crossroads bank for enterprises, processes as data controller. This means that we determine, as explained in this privacy statement, the purpose and resources (or the “why” and “how” questions) for processing your personal data.
B. What is ‘processing of personal data’?
‘Processing of personal data’ is any kind of processing of data that could identify you as a natural person. Which specific data this concerns will be explained below in this privacy statement. The concept of ‘processing’ is broad and includes the collection, storage, use or distribution of this data.
C. On who and when is this privacy statement applicable?
It applies to the processing of the personal data of our clients and job applicants who use our services and products. It also applies e.g. to prospects and service providers, even if they have not solicited through our website. The personal data of former clients, applicants, prospects and service providers will also be processed with the utmost security and care, in accordance with this privacy statement.
This privacy statement is applicable on our website www.laco.be (hereafter the “website”) and on our activities related with it. It is also applicable on (commercial) relations that comes forth from it or are sustained with it. For example: contacting us via the contact form, questions or expressed interest in our services, an application, a registration for our events, networking event, a subscription for one of our trainings, …
The data subjects (hereafter “you” or “your”) to whom this privacy statement applies can be (for example): a mere visitor of the website, applicants, prospects, clients, suppliers or any other individual that got connected to us for any reason
2. What we do with your personal data
A. When do we collect your personal data as data controller?
We may process your data if:-
- you contact us, or have contacted us:
- e.g.: visiting our website;
e.g.: filling in our contact form on our website;
e.g.: applying for a job;
- we are providing or have provided you with one of our services;
- we may provide you with services in the future;
- you provided services or products to us:
- you are our contact for one of our clients prospects or suppliers
B. Which data can we collect?
We may process the following data from you. However, depending on the situation, we will not necessarily possess all the data below:
- Your contact information: including your name, address and other contact details (e.g., e-mail address and telephone number)… ;
- Your contact history: messages sent and received (e.g. e-mails)… ;
- Your employment related details: CV, education, diplomas, language skills, employer, (incl. background), professional activities, professional skills, publications, salary, assessment & development reports, interview report, reference checks, social media profiles…;
- Your identification data: identity card data, copy of your ID …;
- Your personal details: gender, date of birth, place of birth, civil status, nationality.
C. Special categories of data
In principle, we will not process special categories of data (data about racial or ethnic grounds, medical data, political views, religious or philosophical beliefs, trade union membership, genetical data, biometrical data to identify a natural person, health data, sex life data or data about the sexual interest of a natural person) unless you provide it to us with your explicit consent.
It may be necessary to execute the agreement for us to request to view a certificate of good moral conduct or other personal data concerning criminal convictions or offences
D. What are the legal grounds that we apply for processing your data?
We only process your data for legitimate purposes, and it will always be processed according to the grounds for processing as listed in the General Data Protection Regulation (GDPR).
In general, we process data because
- Processing is essential for the execution or completion of the contract with our clients and applicants and to be able to provide you with our services.
- The processing is necessary to comply with legal obligations.
- We may process your data based on our legitimate interests which, in specific cases, may outweigh any potential harm to your rights. This could include, for example, our use of public and other external sources, in which limited amounts of data on you may be available. Due to the nature of the available data and the fact that some of this information is publicly available, we consider that any potential harm to your rights will be minimal, while the information is important for us to be able to offer you our services. If we apply these legal grounds for processing data, we will limit the effects that this may have on your privacy by minimising our use and establishing appropriate access and security safeguards in order to prevent unauthorised use. In the above example, if we would need to process the data for purposes other than those for which they were obtained, we will, for example, contact you and offer you our services and/or request your consent, so that you will be informed of the processing of your data. If this contact is made by telephone, we will send you an e-mail stating that we will process your data in accordance with this statement.
- Finally, we may process your personal data, such as special categories of personal data, based on your consent. If you have granted us verbal consent to process your personal data, we will always send you an e-mail confirming your consent. You may withdraw your consent at any time by contacting us. We request that you always confirm a withdrawal of consent made by telephone in writing or notify us of your withdrawal of consent by e-mail or letter.
E. For what purpose do we collect this data?
We use your personal data for the purposes described in this chapter or for the purposes for which you gave explicit consent. We will make sure that we only collect and process data that is necessary for the purposes for which they are processed.
We collect your data for various purposes:
- operational purposes, for example: optimisation of our website, statistical purposes and market research, to keep our services user-friendly, answering your contact request, considering your application;
- business purposes, for example: to communicate with you about our services and deliver this to you and making sure you can use our services, to inform you about our policy and conditions of use, to manage the relations with our clients, applicants and prospects, and to deliver our services;
- commercial purposes, for example: sending marketing communication by e-mail or mail, registering your subscription on an event or training;
- juridical or statutory purposes, for example: we can use your data and keep it for legal reasons and procedures, to comply to laws and government orders or to comply with our internal and external audit requests, information security or to protect or execute our (or that of other persons) rights, privacy, security or property
If we wish to process your personal data for any purpose other than the one for which the data was obtained, we will contact you before proceeding with further processing.
F. How long do we store your data?
We do not store your personal data for longer than is necessary in order to achieve the purpose for which the data has been collected or processed.
Considering the period for which the data can be stored, depends on the purposes for which the data has been collected, the storage period will vary accordingly with each individual situation. Sometimes specific legislation will require that we store certain data for a certain period. Our storage periods for personal data are based on legal requirements and a consideration of your rights and expectations considering what may be useful and necessary to enable us to provide our services.
When it is no longer necessary to process your personal data, we will delete your personal data or anonymize it. If this is not (technically) possible, for example because your data is stored in backup archives (temporarily) or we still need it because it is linked to administration concerning your interests (to acknowledge a forget me demand or opt-out demand and you do not want that we contact you any longer), then we will retain your data as limited as possible.
G. From whom do we receive your data?
We may obtain your personal data directly from you, from public sources, or from third parties.
If we further process data from external sources for other purposes than those for which they were collected, we will contact you and offer you our services and/or request your consent for the processing of your data, so that you will be aware of the processing of your data. If this contract is made by telephone, we will send you an e-mail stating that we will process your data in accordance with this statement.
H. How do we secure your personal data?
We think data security is essential and so we have taken the necessary physical and appropriate technical and organisational (precautionary) measures in order to secure your personal data against loss or any form of unlawful processing. We restrict access to personal data to individuals and third parties who need access to this data for legitimate, relevant business purposes.
In case of a data breach related to your personal data we will comply with all applicable notification obligations linked to the specific kind of data breach occurred.
I. With who do we share your data?
We will not share your personal data with third parties, unless:
- we are obliged by law,
- you give consent
- or when it is necessary to obtain one of our aforementioned purposes.
Where needed we will make use of external service providers, so called “processors”, to support our operational purposes, payroll, governing our CRM or IT systems, or executing any kind of (internal) business processes. These external service providers execute certain processes of personal data on our behalf. We will only share your personal data with these external service providers when it is needed for that purpose. The data cannot be used for other purposes. Besides, these service providers are contractually bound to guarantee the confidentiality in a so called “data processor agreement”.
Some of these external parties are located outside of the EEA. If, for example, you apply for a job outside of the EEA, in certain cases we may provide your data to the employer who is located outside of the EEA. If we provide data to external parties outside of the EEA, we will ensure that the transfer of personal data takes place in accordance with the relevant legislation and that there is an appropriate degree of protection. Transfer of data outside of the EEA to other countries of whom the European Commission declares that they have a similar level of data protection (see: http://ec.europa.eu) will take place based upon agreements with standard contractual clauses approved by the European Commission or other legal guarantees compliant with the applicable legislation.
3. What are your rights?
You have various rights concerning the personal data collected of you. If you would like to exercise one of the rights described below, please contact us via the contact details provided above (by e-mail, telephone or post).
You have the following rights:
- Rights to access and copy: if you wish you can have access to your personal data and receive a copy of it
- Right to amendment or rectification; if your personal data is wrong, please let us know and we will do everything to change it.
- Right to have data deleted (right to be forgotten); If you wish you can ask us to delete your personal data. It is possible that it is still necessary to process these data limitedly for other purposes. For example: not contacting you again for marketing purposes.
- Right to limit the processing; if you think that we process your data wrong or unrightfully then you can exercise your right to limit the processing.
- Right to object; you can also object against the processing of your data. If it is marketing related, then we will stop the processing as fast as possible.
- Right to transfer: If you would like to transfer your personal data, please do contact us.
However, exercising the above rights is subject to certain exceptions to protect the public interest, our interests and the interests of other individuals.
When you submit a request to exercise your rights, we will first verify your identity by requesting a copy of your identity card. We do this in order to prevent your data from falling into the wrong hands.
Exercising your rights is in principle free of charge. If your request appears to be unfounded or frivolous, we may charge you a reasonable fee to cover our own administrative costs. In such cases, however, we may also simply opt to decline your request. You will then be notified of the reasons for this.
In any case, we will always notify you within a period of four weeks (for simple requests) or 3 months (for complex or multiple requests) of the response to your request.
4. Changes to the privacy statement
We may unilaterally decide to make changes to this privacy statement. However, the most recent version will always be made available on our website.
5. What are your options for filing a complaint as subject of the data?
Despite all our efforts to protect your privacy and to comply with the relevant legislation, it is possible that you may not agree with the way in which we collect, use and/or process your personal data.
Naturally, in that case you may always contact us, but you also have other possibilities for filing a complaint.
To start with, you can submit a complaint to us.
- via the website: http://www.laco.be/about-laco/contact/
- via e-mail: email@example.com
- by letter: Laco NV
F.A.Q. complaints – privacy department
Woluwelaan 135 box a
Furthermore, you can also file a complaint with the supervisory authority, which you can contact via the data details below:
- by telephone: +32 (0)2 274 48 00
- by fax: +32 (0)2 274 48 35
- by e-mail: firstname.lastname@example.org
- by letter: Data protection authority
Rue de la Presse 35
Subsequently, if you have incurred damages, you can also file a claim with the competent court.
For more information concerning complaints and legal recourse, we invite you to consult the website of the data protection authority: https://www.dataprotectionauthority.be/.