Privacy policy

1. General

1.1 Introduction

This privacy policy tells you what you can expect from us with regard to your personal
data data when you contact us or use one of our services.
In what below we will tell you why we can process your data and for what purpose we use it process, why you need to provide them to us and how long we store them.
We also mention whether there are,
or we intend to transfer, other recipients of your personal data
country transfer and whether we make automated decisions or use profiling.
When collecting and using this data, the organization is subject to
a variety of legislation controlling how such activities can be carried out
and what safeguards need to be put in place to protect them.
The purpose of this policy is to set out the relevant legislation and describe the steps that
VRM Solutions snc takes steps to ensure compliance with this legislation.
This control applies to all systems, people and processes that control the information systems
of the organization, including board members, directors, employees, suppliers and
other third parties who have access to VRM Solutions snc their systems.

1.2 Identity

VRM Solutions snc BV, with registered office at 1857 Route de Monflanquin, 47290 Cancon,
France registered in the Register of Legal Entities, with VAT number FR19 948 471 693, hereby
legally valid

represented by Kristien Van Regenmortel and Trevor Moore.

1.3 General Data Protection Regulation

The General Data Protection Regulation (GDPR) is one of the most important legislative texts on the way in which VRM Solutions snc carries out processing activities. Significant fines may be imposed if there is a breach in the context of GDPR, which is intended to protect the personal data of citizens of the European Union. This policy of VRM Solutions snc ensures our compliance with GDPR and other relevant legislation is clear and demonstrable at all times.

1.4 Definitions and principles

1.4.1 Personal data

Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is considered to be a person who can, directly or indirectly be identified, in particular by means of an identification number, a identification number, location data, an online identification number or one or more specific ones elements characterizing the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

1.4.2 Processing

Any operation or set of operations performed on personal data or series of data personal data, whether or not carried out using automated means, such as collecting, recording, organizing, structuring, storing, updating, modifying, retrieving, consulting, use, provide by transmission, dissemination or in any other way to make available, to bring together, to connect with each other, to connect with each other, restrict, erase or destroy data;

1.4.3 Controller

The natural or legal person, public authority, agency or other body that, alone or together with others, the purposes and means of the processing of personal data determines; if the purposes and means of such processing are determined by law of the Union or of the Member States, may be provided for in the law of the Union or of the Member States controller or in the specific criteria for the appointment of the controller are provided; ;

1.4.4 Fundamental principles

Personal data must:

a) processed in a manner that is lawful, fair and proper in relation to the data subject is transparent (‘lawfulness, propriety and transparency’);

b) collected for specified, explicit and legitimate purposes and may not subsequently be further processed in a manner incompatible with those purposes; the further processing for the purpose of archiving in the public interest, scientific or historical research or statistical purposes shall not be considered incompatible in accordance with Article 89(1). with the original purposes in mind (‘purpose limitation’);

(c) be adequate, relevant and limited to what is necessary for the purposes for which they are intended are processed (‘minimal data processing’);

d) are correct and updated if necessary; all reasonable measures must be taken to process personal data that are incorrect, taking into account the purposes for which they are processed, to be erased or rectified without delay (‘accuracy’);

e) kept in a form that allows data subjects to be identified for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods to the extent that the personal data solely for the purpose of archiving in the general interest, scientific or historical research or statistical purposes are processed in accordance with Article 89(1), provided that the appropriate technical and organizational measures required by this Regulation implemented to protect the rights and freedoms of the data subject (“storage limitation”);

f) by taking appropriate technical or organizational measures in such a manner are processed in a manner that ensures appropriate security, and that, among other things, are protected against unauthorized or unlawful processing and against accidental loss, destruction or damage (‘integrity and confidentiality’). The controller is responsible for and can demonstrate compliance with paragraph 1 (‘accountability’).

1.5 Statement

VRM Solutions snc will ensure that it complies with all these principles, both at the current processing as well as the introduction of new processing methods, such as new IT systems.

2 Data Transparency

2.1 The purpose and legal basis of the processing

There are six legal grounds on which the lawfulness of the processing of personal data in the can be implemented within the framework of GDPR. It is the policy of VRM Solutions snc to provide the appropriate basis to identify and document the processing, in accordance with the Regulation.

2.2 What data is processed?

The following table will show the following data:

  • Which processing activity?
  • For what purpose are these data processed?
  • Which category of personal data is processed?
  • What is the legal basis for the processing?
  • Who are the recipients of the processing?
  • What is the retention period for the processing?
welkegegevens

2.3 Recipients

We will not share your data with third parties for the purpose of direct marketing. We share your information to fulfill the above purposes. All employees involved in the processing of personal data understand their responsibility for adhering to good data protection practices. We use processors, who are third parties, who provide elements of services for us. We have processing agreements with our processors. This means that they cannot do anything with your personal data unless we have instructed them to do so. They will not share your personal information with organizations other than VRM Solutions snc. They will keep and store this data securely for the period we instruct them to do. In some cases we are legally obliged to share information. For example, on the basis of a court order or when we cooperate with other European supervisory authorities in handling complaints or investigations. We may also share information with other regulatory authorities to further their or our objectives. In each case, we will ensure that we have a legal basis for sharing the information and documenting our decision-making and that we have a legal basis for sharing the information.

2.4 Security and Confidentiality

VRM Solutions snc guarantees that the processing of your personal data is done in an adequate, correct and secure manner. Appropriate technical and organizational measures have been taken to prevent any loss, falsification or unlawful modification of, as well as unlawful access, to the personal data.

2.5 How long do we store your personal data?

The personal data collected are stored solely for their purpose. This varies depending on the respective activity. Questions via the contact form are actively tracked until they have been satisfactorily dealt with, after which they are passively stored for the purposes of statistics and customer satisfaction measurement. Cookies have a differentiated retention period, depending on the type of cookie and the provider.

3 Data Management

3.1 Rights of the data subjects

  1. The data subject also has rights under GDPR. These consist of:
  • the right to information
  • the right of access
  • het recht op correctie
  • the right to erasure 
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • rights in connection with automated decision-making and profiling.

Each of these rights is supported by appropriate procedures within the customer’s company that allow the necessary measures to be taken within the time limits set in the GDPR.

These timetables are shown below.

verzoekbetrokkene

Each legal basis for lawful processing creates relevant rights for the data subject, as set out below:

3.2 Right of access, correction, erasure and portability

By law, you can ask us what information we hold about you and you can ask us to correct this information if it is incorrect. If we have asked for your consent to process your personal data, you can withdraw that consent at any time.

If we process your personal data for reasons of consent or to perform a contract, you can ask us to provide you with a copy of the information in a machine-readable form so that you can transmit it to another provider.

If we process your personal data for reasons of consent or legitimate interest, you can request the erasure of your data.

3.3 Right to restriction or objection

The data subject has the right to object to processing based on the following legal grounds:

  • For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • In the context of the legitimate interests of the controller

After an objection has been made, VRM Solutions snc must justify the grounds on which the processing is based and suspend the processing until this has been done. When the personal data is used for direct marketing, we have no choice but to no longer process the data.

3.4 Consent

.The data subject has the right to withdraw consent where the legal basis for the processing of his personal data is that of consent (i.e. the processing is not based on another justification permitted by the GDPR, such as contractual or legal obligation) .

Before excluding the data subject’s personal data from processing, it must be confirmed that consent is indeed the basis of the processing. If not, the request may be rejected on the grounds that the processing does not require the consent of the data subject. Otherwise, the request must be granted.

In many cases, giving and withdrawing consent will be available electronically, i.e. online, and this procedure is not required.

When the consent concerns a child (defined in Belgium by the age of -13 years) the giving or withdrawal of consent must be approved by the person with parental responsibility for the child.

3.5 Automatic decision-making and profiling

The data subject has the right not to be subject to automated decision-making where the decision significantly affects him or her and may insist on human intervention where necessary. The data subject also has the right to express his or her point of view and to contest decisions. There are exceptions to this right, namely when it concerns a decision:

-necessary for an agreement
-legally allowed
-based on the explicit consent of the data subject.

When assessing these types of requests, it must be assessed whether the above exceptions apply in the specific case in question.

3.6 Request

To make a request regarding your personal data by email, please use the following email address [email protected]

4 Data Governance

4.1 Complaints

If you have a complaint about the use of your data, you have the right to file a complaint with the Belgian Authority, the GBA (Data Protection Authority).

You can contact them at: Drukpersstraat 35, 1000 Brussels +32 (0)2 274 48 00 [email protected]

4.2 Compliance

The following actions are taken to ensure that Bizartien complies with the accountability principle of the GDPR at all times:

  • The legal basis for the processing of personal data is clear and unambiguous.
  • A data protection officer is appointed with specific responsibility for data protection in the organization (if necessary)
  • All employees involved in the processing of personal data understand them responsibility for following good data protection practices.
  • All employees have received data protection training.
  • Consent rules are followed.
  • Data subjects wishing to exercise their rights in relation to personal data can use the available procedures and such requests for information are dealt with effectively.
  • The procedures regarding personal data are regularly reviewed.
  • Privacy by design is adopted for all new or changed systems and processes.
  • The following documentation of the processing activities is recorded:
    • -Name of the organization and relevant data
    • -Purpose of processing personal data
    • -Categories of persons and personal data processed
    • -Categories of recipients of personal data
    • -Agreements and mechanisms for the transfer of personal data to non -EU countries, including details of existing controls.
    • -Personal data retention schedules
    • -Relevant technical and organizational controls are in place.

These actions are regularly evaluated.

5 Validity and document management

This document drawn up on 01/02/2024. 

The owner of this policy is VRM Solutions snc. VRM Solutions snc will check this policy at least once a year and update it if necessary. This is as our services and the use of personal data evolve.  

If we wish to use your personal information in a way that we have not previously identified, we will contact you. This is to provide information about this and, if necessary, to request your permission for this