CAP Conseil- analyse audit en developpement durable

Privacy policy

 1.            Who are we?

  • Name: CAP Conseil (‘we’, ‘us/our’)
  • Head office: : Chemin du Stocquoy 3.- 1300 Wavre
  • Enterprise number: : BE0860226187
  • Website: : capconseil.be (the « website»)
  • Contact details of our contact person for questions related to data protection: ac.trinon@capconseil.be

 2.            Who does this policy apply to?

1. We process personal data related to :

  • our clients' representatives
  • our clients
  • representatives of our suppliers
  • candidates who applied to work with us
  • visitors to our Website and workplaces
  • to other parties involved (‘parties involved’, ‘you’, ‘your’).

2. This privacy policy (the ‘Policy’) applies to any processing of your personal data by us.

 3.            What is our commitment to protect your data?

1. We undertake to use our best efforts to ensure that our personal data processing activities comply with applicable data protection legislation, including (EU) Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or ‘GDPR’) and the Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, as amended, supplemented or replaced from time to time (the ‘applicable data protection legislation’).

 4.            For what purposes do we process your personal data?

1. If you are the representative of one of our clients, we process:

  • your personal identification data, professional identification data and contact data for the activation, management and maintenance of our business relationship with our clients
  • your personal identification data and professional identification data to enable us to invoice our clients
  • where applicable, your bank details to verify the payment of invoices related to our services
  • where applicable, your personal identification data, professional identification data and contact data for sending communications for marketing purposes

2. If you are a client, we process:

  • your email address for sending mailings.

3. If you are the representative of one of our suppliers, we process your personal identification data, professional identification data and contact data for the management of our business relationship with our suppliers.

4. If you applied for a job with us, we process your personal identification data, professional identification data, contact data, data relating to your professional life (skills, qualifications, experience etc.) and personal data contained in your curriculum vitae to assess your profile in relation to our recruitment needs.

5.  If you visit our Website, we may process electronic identification data about you in an aggregated manner to measure the visits to our Website, improve the browsing experience, and to detect and prevent fraud and computer security breaches.

6. If our workplaces are equipped with surveillance cameras, we can only request access to images about you when such access is necessary for the pursuit of our legitimate interests and to detect offences or incivility to the extent permitted by applicable law.

7. We may also process some of your personal data for the following purposes:

  • restructuring our activities
  • internal and external audits
  • disputes with involved parties and when the processing is necessary for the establishment, execution or defence of legal claims.

8. We do not subject involved parties to decisions based exclusively on automated data processing and that have a legal impact on them or similarly significantly affect them.

 5.            In what capacity do we process your personal data?

1. We process your personal data as a controller. In this context, we determine the purposes and means for processing your personal data.

 6.            On what basis do we process your personal data?

1. The provision of your personal data may be necessary:

  • to execute a contract with the involved party or take pre-contractual measures at your request (e.g. in the event of a job application)
  • to comply with a legal obligation applicable to us (e.g. accounting, tax etc.)
  • in pursuit of our legitimate interests (or those of a data recipient) provided that those interests override your fundamental rights and freedoms

2. We ask for your free, prior and informed consent before proceeding to process your personal data (e.g. whenever the data processing involves a transfer of your image rights).

3. The provision of some of your personal data (e.g. your personal identification data etc.) determines our ability to provide you with our service or perform our activities.

4.  Possible consequences of not providing your personal data could be failure to provide our service or business to you or a possible breach of one or more obligations under applicable laws (e.g. accounting and tax laws).

 7.            Where does your personal data come from?

1. The personal data we process comes from the following sources:

  • directly from you, for example during the first contact we make with you
  • from publicly available (online) information, for example when we check the profile of candidates who apply to work with us.

 8.            Who has access to your personal data?

1. The following recipients may receive or have access to some of your personal data (only if this is necessary for the performance of their tasks):

  • our staff in charge of commercial and administrative follow-up have access to the personal identification data, professional identification data and contact data of our users, clients and representatives of our clients
  • members of our supplier monitoring team have access to the personal identification data, professional identification data and contact data of our suppliers' representatives
  • our legal advisors and lawyers have access to certain personal data of involved parties in connection with restructuring operations of our activities or with litigation processes

2. We entrust the processing of some personal data to processors only to the extent necessary to perform their tasks and in accordance with our written instructions and applicable data protection legislation.

3. In the case of a restructuration (e.g. financing), we may disclose certain personal data relating to a limited number of involved parties to a third party involved in the transaction (e.g. a bank) in accordance with applicable data protection legislation.

 9.            How do we manage subcontractors?

1. We take adequate measures to ensure that our subcontractors process your personal data in accordance with applicable data protection legislation.

2. We ensure that our subcontractors process personal data only according to our instructions, not to engage other processors without our prior consent, to take appropriate technical and organisational measures to guarantee the security of personal data, to ensure that persons authorised to access personal data are subject to adequate confidentiality obligations, to return and/or destroy the personal data they process at the end of their services, to comply with audits and to provide us with assistance in following up on requests from involved parties to exercise their rights in relation to their personal data.

10.            Where do we process your personal data?

Some recipients of personal data may be organisations headquartered in a country outside the European Economic Area (EEA) or process certain personal data in a country outside the EEA.

If your personal data is transferred to countries outside the EEA, we will ensure that we take the following safeguards:

  • the country to which the personal data is transferred has been judged adequate by the European Commission pursuant to Article 45 of the GDPR and the transfer falls within the scope of that adequacy decision
  • we have concluded a contract with the recipient of the personal data containing the standard contractual clauses for the protection of personal data adopted by the European Commission pursuant to Article 47 of the GDPR
  • in the event of a transfer to the USA, the recipient of the personal data is certified under the EU-US Privacy Shield programme established pursuant to Article 45 of the GDPR and the transfer falls within the scope of the EU-US Privacy Shield programme

11.            What retention periods apply?

We ensure that your personal data is only stored for a period needed for the purposes for which they are processed.

We retain invoices and other accounting documents (that may include some of your personal data) for a period of seven (7) years from the date of their issuance, in accordance with accounting law. These accounting documents may contain certain personal identification data, certain professional identification data and certain contact data.

We also use the following criteria to determine the retention period of personal data depending on the context and purposes of each processing:

  • the date of our last contact
  • security reasons (e.g. the security of our information systems)
  • any ongoing or potential dispute or litigation with an involved party
  • any legal obligation to retain or erase personal data (e.g. a retention obligation imposed by accounting or tax law)

12.            What are your rights?

Subject to applicable data protection legislation, you have a right to information, a right to access, rectify and erase your personal data, the right to object to or restrict the processing of your personal data, a right to portability of personal data and the right to withdraw your consent.

Below is a table describing each of your rights in more detail:

 

RightThe right to information
The right to informationYou have the right to obtain clear, transparent and understandable information about how we process your personal data and how you can exercise your rights. This information is contained in this Policy. If the information is not sufficiently clear, we invite you to contact us (via the contact details in this Policy).
The right to accessYou have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, in case it is, to access your personal data. You have the right to obtain a copy of your personal data, unless exercising this right would adversely affect the rights and freedoms of others.
The right to rectificationYou have the right to obtain the rectification of personal data concerning you if it is found to be inaccurate. You also have the right to have your personal data completed if it proves to be incomplete.
The right to erasure (the ‘right to be forgotten’)You have the right to obtain the erasure of your personal data. However, the right to erasure (or the ‘right to be forgotten’) is not absolute and is subject to special conditions. We may retain some of your personal data to the extent permitted by applicable law, and in particular when its processing remains necessary for compliance with legal obligations to which we are subject or for the establishment, execution or defence of legal claims.
Right to object to processingYou have the right to object to certain types of processing (where the processing is based on our legitimate interests and, taking into account your particular situation, your interests or fundamental rights and freedoms prevail).
Right to object to processing for direct marketing purposesYou have the right to object at any time to the processing of your personal data when we process this data for direct marketing purposes.
The right to restriction
of processing
You have the right to obtain the restriction of processing in certain circumstances (e.g. when we no longer need your personal data but it is still necessary for the establishment, execution or defence of legal claims).
The right to portability
of personal data
You have the right, under certain circumstances, to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller.
The right to withdraw
your consent
If you have given us your consent to process your personal data, you have the right to withdraw it at any time.

 

Please address any request regarding your rights in relation to your personal data that we process (in our capacity as data controller) to our contact person for data protection questions. You find the contact details in this Policy. We undertake to respond to your request as soon as practicable and always within the deadlines provided for by the applicable data protection legislation. Please note that we may retain your personal data for certain purposes where required or permitted by law. Finally, please note that we may, in case of doubt as to your identity, ask you for proof of identity to prevent unauthorised access to your personal data

13.            What level of security do we provide?

We take appropriate technical and organisationnal measures to ensure a level of security appropriate to the risks associated with the processing of your personal data.

We follow industry best practices to ensure that personal data is not accidentally or unlawfully destroyed, lost, altered, disclosed or accessed in an unauthorised manner.

14.            Do you have any questions or complaints?

If you have any questions or complaints about how we process your personal data, please direct them to our contact person for data protection questions. You can find the contact details in this Policy.

You have the right to lodge a complaint with the competent supervisory authority. The competent authority for Belgium is: Data Protection Authority, Drukpersstraat 35 , 1000 Brussel, +32 (0)2 274 48 00, contact@apd-gba.be.

15.            Anything else?

We reserve the right to update this Policy from time to time. We will inform you of any changes we may make to this Policy.

In the event of any conflict or inconsistency between any provision of this Policy and a provision of another policy or document relating to the processing of personal data, the provision of this Policy shall prevail.