1. PREAMBLE AND GUIDING PRINCIPLES
The purpose of this Personal Data Protection Charter is to inform you of how the Corman Group collects, processes and uses your personal data, in general, when you use its website or communicate data to it in any other way.
B. NOTION OF PERSONAL DATA
The term ‘personal data’ is used here to refer to any information relating to an identified or identifiable natural person (‘data subject’).
C. NOTION OF PROCESSING
The term ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, alignment or combination, restriction, erasure or destruction of data.
D. COMPLIANCE WITH THE GDPR
The processing of personal data is carried out in accordance with the obligations implemented by the General Data Protection Regulations (the GDPR) and all applicable national regulations relating to the protection of privacy and personal data.
We could summarise this charter in 6 points
- Lawful data processing: The Corman Group processes personal data in a lawful manner in the context of its activities;
- Identified Purposes and Purpose Limitation: The Corman Group collects and processes personal data for the lawful purposes identified below;
- Minimisation of data processing: The Corman Group limits the processing of personal data to that which is necessary in the course of its business;
- Accuracy of personal data: The Corman Group takes all reasonable steps to ensure that personal data is accurate and is promptly corrected and/or deleted if it no longer appears to be accurate;
- Limitation of processing and storage: the Corman Group does not process or store personal data for longer than necessary for the performance of its activities;
- Security measures: the Corman Group takes the necessary and adequate technical and/or organisational measures to secure the personal data it processes.
2. DATA CONTROLLER
The information contained in this Charter is provided to you so that you are aware of the commitments in terms of personal data protection made by Corman SA, located at rue de La Gileppe, 4, 4834 Limbourg – Belgium (hereinafter ‘Corman’ or ‘We’ or Us), acting as data controller for the processing of personal data described in the articles of this Charter.
3. PERSONAL DATA COLLECTED AND PROCESSED
The information Corman collects about you, if any, is :
- identification data: such as your surname, first name, date of birth, place of birth, gender, age … ;
- contact data: postal address, email address, telephone number… ;
- data concerning complaints, questions, remarks;
- data provided in the curriculum vitae attached to a job application
Corman does not collect or process special categories of data unless We receive your express consent to do so or are obliged to do so.
Corman collects and uses your data for specific, explicit, legitimate purposes, and will not use this data for subsequent purposes that are not compatible with the original purposes.
4. LEGAL GROUNDS FOR THE PROCESSING
We only carry out data processing if at least one of the following conditions is met:
- your consent to the processing has been obtained;
- the existence of our legitimate interest, or that of a third party, justifies that We carry out the processing of personal data concerned;
- the performance of a contract between Us and you requires Us to process the personal data concerned;
- We are bound by legal and regulatory obligations that require Us to process the personal data concerned.
5. PURPOSES OF THE TREATMENT
Corman’s treatments are carried out for the following purposes:
- Management of Website content ;
- Monitoring customer relations and customer complaints;
- Promotion of products and services provided by Corman
- Monitoring of the relationship with candidates for a vacancy in Corman’s workforce ;
- Management requests from the contact form;
- Statistics and reporting
In general, Corman collects and uses the Personal Information that you provide or that We collect when you browse our Sites for advertising purposes, to provide you with our products and services, to contact you for advertising or marketing purposes (newsletter), to answer your questions about our products, to help you participate in our offers and promotions, and to analyze and improve the quality of our products or services.
Through some of our sites, you may also provide Us with information in order to apply for vacancies in Corman’s workforce.
The processing of your Personal Data is strictly limited to that which is necessary to achieve the purposes mentioned above.
Access to and use of our websites are subject to the Legal Notice specified on the websites in question.
6. HOW LONG WILL YOUR DATA BE KEPT?
We do not keep your personal data longer than is necessary for the purposes for which it is kept. We use the purpose as one of the criteria to define the period for which data should be kept. Other criteria may be: our legal obligations to retain data or information, or the period during which We have a business relationship with you or during which We provide services to you.
Customer data is retained for the life of the contract and for a period of ten years in principle after the end of the contractual relationship.
Data relating to potential customers (prospects) are thus kept for a maximum of one year, depending on the life cycle of the project for which they were collected and when the person has expressed an interest.
The data related to a job application is kept for a maximum duration of one year.
Certain data is archived for longer periods in order to meet our legal obligations and for evidentiary purposes, in particular to safeguard your rights and the rights of our company. This archived data is only accessible for the purposes of proof in court, for control by an authorised authority (e.g. the tax authority), for reasons of document production before judicial, administrative or police authorities.
At the end of the defined retention period, We undertake to erase, destroy or anonymise the data in a secure manner.
7. EXERCISING YOUR RIGHTS
A. TERMS AND CONDITIONS OF EXERCISE
Corman wants to be transparent. Not only about how We handle your data, but also about the rights you have over your data and how you can exercise them. In the following sections, We want to remind you of these rights.
Corman undertakes to respond to you without delay and no later than one month from receipt of your request concerning the rights described below. We consider the time of receipt to be when your request is complete, which includes receipt of proof of your identity or certainty from us regarding your identity. Where your application is complex or where You make numerous requests to Us, this one-month period may be extended by up to 2 months. We will inform you of such an extension as soon as possible.
How can you prove your identity?
You can prove your identity by any means, for example by sending a copy of your driving licence or passport. You can also send Us a copy of the back of your identity card. Because emails are not the most secure means of transmission, we advise you to hide your ID card number and photo and to clearly state that this copy is for Corman’s exclusive use. Corman will destroy these copies after use.
As a matter of principle, you can exercise all your rights free of charge. However, with regard to the right of access, you may be asked to pay a reasonable fee based on administrative costs for any copy of the data you request.
The rights mentioned below are not absolute and are subject to different conditions under :
- applicable local personal data protection or privacy law;
- and the laws and regulations that apply to you.
Finally, Corman would like to inform you that failure to provide or modify your data may have consequences in the processing of certain requests in the context of the execution of contractual relations and that your request for the exercise of your rights will be kept for follow-up purposes for 6 years regarding the exercise of the right to object and 1 year regarding the exercise of other rights.
B. RIGHT TO INFORMATION
You acknowledge that the present notice informs you as the purposes, applicable legal framework and interest of collection of your personal date, and as to the recipients or categories of recipients with whom your personal data are shared, as well as to the possibility of a data transfer towards a third country or international organisation.
In addition to this information and in order to ensure fair and transparent processing of your data, you dconfirm that you have received additional information concerning :
- how long your personal data will be kept;
- the rights of which you dispose and how to exercise them.
If We decide to process your data for another purpose than those initially indicated, we will provide you with full information on that other purpose.
C. RIGHT OF ACCESS AND RECTIFICATION
By exercising this right, you may obtain confirmation that your personal data are or are not subject to processing and if they are so subject,, you may have access to them as well as to information concerning :
- the purposes of the processing ;
- the categories of personal data concerned;
- the recipients or categories of recipients, in particular recipients established in third countries;
- where possible, the intended period of retention of the personal data or, if not possible, the criteria used to determine this period;
- the existence of the right to request from the Data Controller rectifcation or erasure of your personal data, or restriction of processing of your personal data, or to object to such processing ;
- the right to lodge a complaint with a supervisory authority ;
- when your personal data are not collected from you directly, any available information as to their source;
You may request that your personal data be rectified or completed, if they are inexact, incomplete, equivocal or out of date.
D. RIGHT TO RESTRICTION OF PROCESSING
You may request restriction of the processing of your personal data in accordance with the applicable legal and regulatory provisions.
E. RIGHT TO OBJECT
You have the right to object to processing of your personal data unless such processing is justified by compelling legitimate grounds on the part of the Data Controller.
If we contact you directly, this right may be exercised by any means including, in particular, clicking on the unsubscribe link at the bottom of the message sent.
F. RIGHT TO PORTABILITY
You have the right to the portability of your personal data.
The right is applicable to the following data
- Uniquely your personal data, i.e. excluding anonymised data or data not concerning you;
- Personal data declared or associated with your use of goods and services;
- Personal data not prejudicial to the rights and freedoms of third parties (such as data protected by business secrecy).
The right is limited to processing based on your consent or on a contract and to personal data you have personally generated. It does not extend to derived or inferred data which are personal data created by the Data Controller.
G. RIGHT TO ERASURE
You may request erasure of your personal data when one of the following reasons applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw your consent previously given;
- you object to the processing and there are no overriding legitimate grounds for such processing;
- the personal data have been processed in breach of the applicable legal and regulatory requirements;
- your personal data were collected when you were a minor.
Exercise of this right is nevertheless not possible if the conservation of your personal data reflects a legal or regulatory requirement or is necessary for the establishment, exercise or defense of legal claims.
H. RIGHT TO WITHDRAW YOUR CONSENT
Where processing is based on your consent, you may withdraw your consent at any time, in which case we will no longer process your personal data but any earlier processing to which you agreed will not be affected.
You have the right to lodge a complaint with a supervisory authority without prejudice to your other rights of administrative or legal recourse.
In Belgium the supervisory authority is the Data Protection Authority, rue de la presse, 35, 1000 Brussels. You can also consult its website at https://www.autoriteprotectiondonnees.be/contact
8. POINT OF CONTACT
You can exercise your rights by e-mail at the following address: firstname.lastname@example.org
or by post to the following address
Rue de la Gileppe, 4
The Data Protection Officer can be contacted at the following address: email@example.com
9. TRANSFER OF YOUR DATA AND SUBCONTRACTING
The personal data that We collect, as well as those collected subsequently, are intended for Us in our capacity as Data Controller.
We ensure that only authorised persons may have access to these data. Our sub-contractors / service providers may receive these data for performance of the services We confer on them.
Your personal data may be compared or shared between all the Data Controller’s parent or associated companies and subsidiaries.
They may be communicated to those entities for the purposes described in the present notice, in accordance with the applicable regulatory requirements and in such a manner as to ensure protection of your data and civil liberties.
Your personal data may be shared with third parties within the framework of certain services that We have set up, or for the sending of information concerning products and services.
We transfer your personal data to partners located in the United States (in the context of Google Analytics cookies). Each of these transfers is governed by legal instruments in accordance with the applicable legal framework.
We guarantee that these suppliers only have access to your data to the extent necessary to perform their tasks. We also guarantee that they are bound by an obligation of confidentiality and that they may only process data in accordance with the instructions We have given them.
10. ACCESS TO YOUR DATA
Only authorised users have access to your personal data in order to fulfil the above-mentioned purposes. Authorised users are persons who, in the course of their duties at Corman, are authorised to process personal data on the basis of Corman’s guidelines.
We take steps to ensure that persons who need to access your personal data can do so only for the purposes listed in this Charter.
In addition, all our processors contractually guarantee the confidentiality, security and integrity of your data.
11. SECURITY OF YOUR DATA
We ensure that your personal data are protected by appropriate physical, technical, organisational and/or administrative security measures and procedures against accidental or unlawful loss, destruction, alteration, unauthorised use, disclosure or access.
In addition to the commitment of our employees to maintain the confidentiality of this data and the implementation of a rigorous selection and monitoring procedure for our service providers, we therefore ensure that our operating environment is adequately secured in proportion to the sensitivity of the personal data processed.
These measures are regularly evaluated and if necessary updated in order to guarantee maximum protection of the personal data processed by us.
12. EVOLUTION OF OUR CHARTER
In a world of constant technological change, We will regularly update this Charter.
We therefore invite you to read the latest version of this document on our sites and we will inform you of any substantial modifications through our site or through our usual means of communication.
This Personal Data Protection Charter is applicable as of 25 May 2018 and was last updated on 10 february 2022.