GDPR
The European Regulation on Data Protection, known as GDPR, is a cross-cutting issue that affects all businesses. This European regulation came into effect on 25 May 2018.
We place great importance on the confidentiality of your personal data. Within FINBRAIN-ITC sprl, the personal data we collect from all counterparties (Clients, Partnerships, Service Providers) is therefore used in compliance with security and confidentiality. This document 'Rules regarding the protection of privacy' describes what personal data concerning you we process, on what basis we process it, and for what purpose. Finally, we inform you about the security measures we take to protect your personal data.
1. Who to contact in case of questions?
FINBRAIN-ITC sprl, with its registered office at 1420 Braine-l’Alleud – 102 rue Longchamp and registered with the Crossroads Bank for Enterprises under the number BE 0878.047.562, is the Data Controller of your personal data. FINBRAIN-ITC sprl declares, as the Data Controller, that it complies with Belgian legislation on the protection of privacy, as well as the provisions of the General Data Protection Regulation from its entry into force.
2. What is meant by personal data?
The General Data Protection Regulation defines the concept of personal data as follows:
Any information relating to an identified or identifiable natural person; an "identifiable natural person" is one who can be identified, directly or indirectly, particularly by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements related to their physical, physiological, genetic, mental, economic, cultural or social identity.
When this document refers to personal data, it refers to this definition from the Regulation.
It does not address specific categories of personal data. By processing specific categories of personal data, it means:
The processing of personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning the sexual life or sexual orientation of a natural person.
3. What personal data is being processed?
We collect and process various personal data concerning our counterparts. These include the following data:
● Curriculum vitae and its content, cover letters, notes taken during the recruitment interview
● Useful information for our clients: your address, your length of service, your phone number, your email address
● Information you may have shared: marital status, household composition, gender, date of birth, language
● Your salary and other benefits received from your employer, status,
● Personal data relating to our professional counterparts, such as our service providers, communicated occasionally,
● Personal data relating to our suppliers, communicated occasionally,
4. For what purpose is this personal data processed and what is the legal basis for the processing?
Your curriculum vitae and cover letter, notes taken during telephone or face-to-face interviews, personal information and details regarding the salary package are processed to ensure the (potential) match between your experience and personality on one hand and the requirements or wishes of our clients on the other, the legal basis being our legitimate interest.
5. Duration of processing
Your curriculum vitae and cover letter, notes taken during telephone or face-to-face interviews, personal information and details regarding the salary package are processed to ensure the (potential) match between your experience and personality on one hand and the requirements or wishes of our clients on the other, the legal basis being our legitimate interest.
6. What are your rights as a counterparty?
a. Right of access and inspection
You have the right to access, at any time and free of charge, your personal data, and to know how we use it in accordance with the applicable provisions in the services sector.
b. Right to rectification, erasure and restriction
You are free to provide us with your personal data or not. Furthermore, you always have the right to request that we rectify, complete or erase your personal data.
However, you may request to restrict the processing of your personal data.
c. Right to object
You also have the right to object to the processing of your personal data for serious and legitimate reasons.
d. Right to data portability
You have the right to receive your personal data that we process, in a structured, commonly used and machine-readable format, and/or to transmit this data to other data controllers, in accordance with the applicable provisions in the sector.
e. Right to withdraw consent
As long as the processing is based on your prior consent, you have the right to withdraw that consent.
f. Automated decisions and profiling
The processing of your personal data does not involve profiling, and we will not subject you to decisions based on automated processing.
In certain cases, at the request of the client, automated tests may be requested. You have the right to object to this.
g. Exercising your rights
You can exercise your rights by contacting Mr Jean-Claude Jossart.
h. Complaints
You have the right to lodge a complaint with the Belgian supervisory authority: Commission for the Protection of Privacy, Rue de la Presse 35, 1000 Brussels, Tel. +32 (0)2 274 48 00, Fax +32 (0)2 274 48 35, email: commission@privacycommission.be.
This right can be exercised without prejudice to a remedy before a civil court.
If you suffer damage due to the processing of your personal data, you may bring a claim for damages.
7. Transfer to Third Parties
The personal data we process is transferred to third parties, our clients.
We enter into collaboration contracts with them and do everything possible to ensure they can guarantee the
security of your personal data.
Your personal data will not be sold, rented, distributed, or made available to third parties for commercial purposes, except as described above or with your prior consent.
In rare cases, we may be required to disclose your personal data as a result of a court order or to comply with binding legislation or regulations, but only in the context of these mentioned cases.
8. Security and Confidentiality
We have implemented security measures that are appropriate from a technical and organisational standpoint to prevent the destruction, loss, falsification, modification, unauthorised access, or inadvertent communication to third parties of the collected personal data, as well as any other unauthorised processing of this data.
- Typology of Technical Measures
- Use of antivirus and firewalls
- Regularly changed passwords
- Securing access to data
- Data encryption on laptops
2. Typology of Organisational Measures
- Certain designated individuals have access
- Instructions for workers and collaborators
- Confidentiality clauses