Table of Contents
- Purpose. 1
- Background. 1
- Definitions. 1
- User rights. 2
- Type of data collected. 2
- Collection method. 3
- The legal basis for processing is as follows: 3
- Purpose of processing. 3
- Data retention. 3
- Transfer to third parties 3
The purpose of this policy statement is to describe how CERTISYS collects, uses and discloses personal information obtained from users of its website.
CERTISYS has always been keen to protect the personal data that it processes. To this end, CERTISYS undertakes to fully comply with the applicable regulations for the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applicable from 25 May 2018.
- User: Natural person logging on to the CERTISYS website
- Personal data: all information relating to an identified or identifiable natural person.
- Processing: the series of actions carried out on personal data.
- Data controller: natural or legal person, institution, department or any other body which, alone or with others, defines the purpose and means of processing personal data. In this case, it is CERTISYS, whose registered office is located at Square de Meeùs, 35, 1000 Brussels, duly represented by Franck Brasseur, Managing Director.
Users have the following rights:
- Right of access;
- Right to rectification in case of errors;
- Right to restrict processing;
- Right to data portability;
- Right to object.
To exercise these rights, users should address their requests to the GDPR contact person appointed by the Data Controller, through the email address firstname.lastname@example.org or by post to the following address: rue Joseph Bouché, 57/3, 5310 Bolinne, Belgium.
Certain personal data may be exempt from the rights of access, rectification, deletion, restriction, objection or portability under the GDPR or Belgian Privacy Laws.
If a user is not satisfied with the way that CERTISYS processes their personal data and feels that contacting CERTISYS will not solve the problem, applicable privacy laws recognise the right of users to lodge a complaint with the competent supervisory authority: https://www.autoriteprotectiondonnees.be/
CERTISYS ensures that it only collects and processes the data necessary for the purpose for which it is processed.
The personal data that CERTISYS may collect in its relations with web users:
- Gender: Ms / Mr / X
- Last name
- First name
- Contact address (email and/or postal)
- Contact telephone number
- User IP address
- Any personal data voluntarily provided by the user himself/herself
The personal data of the users of the website is collected through the online contact form. The user’s IP address is collected and anonymised by Google Analytics.
- The consent of the data subject who has the right to withdraw his or her consent at any time (without compromising the lawfulness of the processing based on the consent given prior to such withdrawal);
- The legitimate interest of the data controller.
CERTISYS collects the personal data of its web users in order to:
- respond to their requests and resolve their complaints;
- send them information about its activities;
- make decisions about providing them with services;
- manage user rights;
- comply with applicable laws and regulatory obligations (including laws outside the user’s country of residence).
If CERTISYS were to collect other data or process personal data for purposes other than those mentioned above, CERTISYS would inform users via a pop-up window that would appear at the first login instance to the site after the amendment.
The personal data of web users is kept for 3 years from the last contact with CERTISYS and then destroyed.
CERTISYS may transfer the user’s personal data to a third party located in or outside the European Union. In this case, CERTISYS undertakes to transfer data only for the purposes mentioned above.