This website is the property of Peripass NV.
Gaston Crommenlaan 4 bus 9
By accessing and using the website you acknowledge your express agreement with the following general terms and conditions.
Applicable law and competent courts
Belgian law is applicable to this website. In the event of a dispute the courts of the legal district of Ghent shall have sole jurisdiction.
1. Who are we?
1.1. Peripass as controller
By means of this statement (hereinafter referred to as the “Statement”) we want to tell you why and in what way your personal data are collected and processed by Peripass Belgium, consisting of the Belgian Peripass entities (hereinafter referred to as “we” or “Peripass”). Your personal data are collected and kept centrally within Peripass. The Belgian Peripass entities, which in respect of each other are not regarded as third parties, all process your personal data in line with this Statement.
Our contact details are to be found under point 10 of this Statement.
We are responsible for the processing of the personal data requested and used by us. As controller we take the measures guaranteeing that you:
- are kept informed of our processing of your personal data and of your rights;
- retain control over the personal data we process;
- are able to exercise your rights concerning your personal data. Further information on your rights can be found under point 9 of this Statement.
In the context of the provision of its services to its customers, Peripass is also the processor of its customers’ personal data. This is dealt with in the data processing agreement entered into between Peripass and its customers, and does not form part of this Statement.
1.2. Data Protection Officer
We don’t have a data protection officer appointed, as we’re not processing data on substantial scale. We do have a Privacy Officer appointed, to safeguard and respect the correct processing of your personal data. You can contact this person through the channels referred to in point 10 of this Statement.
2. What data do we collect about you?
2.1. Personal data
“Personal data” is understood as meaning all information referring to a particular living natural person. Where applicable, it encompasses data pertaining to you and/or your representatives, staff, self-employed workers and/or directors (hereinafter also referred to collectively as “you” or “your”).
If we receive personal data from you about your representatives, staff, self-employed workers and/or directors, you should inform them of the existence and content of this Statement, including our duties, their rights and the way in which they can exercise these rights. In particular we collect:
from our existing customers: identification and contact details (surname, first name, sex, e-mail address, telephone number, copy of identity card, etc.), stated areas of interest, and certain financial data (bank account number, etc.);
from prospective customers: identification and contact details (surname, first name, sex, e-mail address, telephone number, etc.), stated areas of interest, etc.
We need and use these data for the purposes stated in point 3 of this Statement.
“Cookies” are also used on our websites. These are very small data files or parts of files that are stored by the browser on your computer and enable us to record certain information about the users of our website (e.g. choice of language, length of your visit on the site, etc.). They help to gear the website more effectively to your needs and preferences and thus make it more user-friendly for you. You can find more information on this subject in our Statement on Cookies.
As data controller we do not collect or process any personal data relating to minors or any so-called sensitive data, namely:
personal data giving an indication of race or ethnic origin, political views, religious or ideological convictions, or trade union membership;
genetic or biometric data (e.g. facial images and fingerprints);
data on health;
data relating to sexual behaviour or sexual orientation.
Should sensitive personal data of this nature be passed on to us, we will not use them and will delete them.
3. Why do we need your data?
3.1. To be able to accept you as a customer and to be able to perform the contract correctly.
We need personal data in order:
- to be able to register and manage you as a customer (or prospective customer) in our customer management system (CRM);
- to be able to accept you as a customer in our client acceptance procedure;
- to be able to contact you as a customer and be able to coordinate with you as regards performance of the services you have requested;
- to be able to invoice our services or draw up settlement statements with regard to the services rendered.
3.2. To be able to engage in direct marketing
We want to be able to let you know about our services, events or relevant news items. This can occur at your specific request, or if we suspect that a service might be of interest or helpful to you.
This information can find its way to you in all kinds of ways: via the Peripass offices, on the Internet and by means of apps, by e-mail or post, over the phone or at events. Moreover, new technologies are emerging all the time and we want to make use of these if it helps to convey information clearly in a way that causes you as little disturbance or inconvenience as possible.
You will receive our direct marketing communication if you have given explicit consent to that end. We will in particular ask you for explicit consent if you are not a Peripass customer.
But even if you have not given consent you can still receive offers or advertising from Peripass, particularly if you already have an existing customer relationship with Peripass. For this we base ourselves on our legitimate interest.
If you do not want to receive any advertising at all, you should make use of your right to object to direct marketing, as mentioned in point 9.2 of this Statement.
3.3. Because it is necessary to be able to operate as a company
This purpose boils down to what is referred to as a “legitimate interest”. We do indeed also have a number of legitimate interests that form the basis for the processing of personal data. This occurs only after we have carried out an evaluation to ensure that in any case the balance between our legitimate interests and the possible impact thereof on your privacy is not upset.
If you nonetheless have objections to these processing activities, you can exercise your right of objection, as mentioned in point 9.3 of this Statement.
Personal data are thus processed in different situations:
- Personal data can serve as proof (archiving);
- Personal data can be used to register your participation in and/or presence at our events;
- Personal data can be used to enable you to be provided with information you have requested;
- Personal data can be used to establish, exercise, defend and safeguard the rights of Peripass or the people who might be representing it, for example in disputes;
- Personal data can be used for the administration, (risk) management and control of our organisation, such as compliance (i.e. money laundering and fraud prevention and investigation, and privacy), risk management, risk functions and inspection, complaints management, and internal and external audit;
- Personal data that the Belgian Peripass entities have at their disposal may be brought together and used for centralised or efficient customer management, for the making of segments or sectors (for example Public Sector, Real Estate & Construction, Life Sciences, Retail, etc.) and for the making of more detailed customer or prospective customer profiles so as to enable us to address you in a more targeted fashion;
- Personal data can be used to support and simplify the purchase, use and termination of services by the customer, among other things to avoid you again having to fill out information you have already given previously, or to avoid you having to go through an entire identification process again if and when you want to become a customer of another Peripass entity. In this way identification details can be passed on to Peripass entities so that identification in those other entities can be dealt with more quickly and simply.
4. What is the legal ground for the processing of your personal data?
Your personal data can only be lawfully used and processed by us if one of the following conditions is met:
- The use of your personal data is necessary for the performance of a contract you have entered into with us or in order, at your request, for the necessary steps to be taken to enable a contract with us to be brought into being.
- The purposes of the processing mentioned in point 3.1 of this Statement are based on this basis.
- We have your explicit and freely given consent for us to use your personal data for a specific purpose.
- We will therefore ask you for your consent for us to write to you for the purposes of direct marketing, as mentioned in point 3.2 of this Statement, if you still have a customer relationship with us.
- The use of your personal data is necessary to promote our legitimate interests, to the extent that this counterbalances your interests and rights.
- We base the processing activities needed for us to be able to operate as a company, on our legitimate interest, as mentioned under point 3.3 of this Statement, and in order to be able to write to our existing customers for direct marketing reasons, as mentioned under point 3.2 of this Statement.
- We may be obliged by law to process certain personal data, and in particular to forward these to the authorities concerned.
- In the framework of certain services (supervisory director mandates, tax returns, accounting, etc.) Peripass is indeed bound by obligations to report to authorities, or, moreover, we have to be able to react correctly if you exercise your rights under the privacy legislation, and are also obliged to answer questions from the Data Protection Authority, for example in the event of complaints.
5. Who else do we share your personal data with?
Only those of our employees and self-employed workers who actually need access in order to perform their duties gain access to your data. These people act under our supervision and our responsibility.
In addition, we also enlist the services of external suppliers who process certain data for us so that we can offer you our products and activities, such as IT services (e.g. legal, financial and accounting services and other services of a similar ilk). Seeing as these third parties have access to personal data in the context of the services requested by us, we have taken technical, organisational and contractual measures to guarantee that your personal data are only processed and used for the purposes stated under point 3 of this Statement.
Only if and when we are obliged by law to this end can your personal data be passed on to supervisory bodies, tax authorities and investigative services.
6. Where are the data kept and processed?
Your data will not be transferred outside the EU and in any case we make sure that the legal minimum requirements and security standards are complied with at all times. If we anticipate your data being stored and processed outside the EU, we will explicitly mention this and ensure that the same level of protection is employed as that applicable within the EU.
Except for these cases your personal data will never be transferred or made available to third parties and will only be used for our benefit. This means that other companies cannot use your data in order to send you advertising, for example.
7. How long do we keep your personal data?
We keep your data only for as long as is necessary with a view to the purposes for which the data are used, as mentioned under point 3 of this Statement (e.g. performance of a contract, sending of information you have requested, etc.). Any departures from or clarifications of this principle are expressly stated under the various purposes mentioned in point 3 of this Statement.
Seeing as the need to keep data can vary according to the type of data and the purpose(s) for which they are processed, the actual periods during which data are kept can vary considerably.
We can hereby inform you that we take inter alia the following criteria into consideration when determining how long data are kept for:
- How long are the personal data needed in order to be able to provide the requested service?
- Have we established and announced a particular specific period during which the data are to be kept?
- Have we obtained consent for the data to be kept for a longer period?
- Do we have a legal, contractual or comparable obligation to keep the data?
- The moment your data are no longer needed and we do not have any legal obligation, legitimate interest or contractual obligation to keep them either, we will delete them permanently or, if this is not possible, anonymise them in our systems.
Your personal data will be kept and used, however, as long as this is necessary for the purposes of meeting our legal obligations, settling disputes or enforcing our contracts.
8. How do we protect your personal data?
Your personal data are deemed to be strictly confidential. We take the appropriate technical and organisational measures with a view to protecting personal data that have been supplied to and collected by us against destruction, loss, inadvertent alteration, damage, accidental or unlawful access or any other unauthorised processing of personal data.
9. What are your rights?
9.1. Right of inspection, rectification, erasure, data portability and right to object
9.1.1. Right to inspect your personal data
You are entitled at all times to access and inspect the personal data of yours that are processed by us. In this eventuality we will provide you with a copy of these personal data, free of charge.
9.1.2. Right to rectify your personal data
You are entitled at all times to have incorrect, incomplete, inappropriate or out-of-date personal data deleted or corrected.
9.1.3. Right to withdraw your consent
When processing is based on your explicit consent, you have the right to withdraw this consent at any time.
We would like to point out to you that the withdrawal of your consent for certain processing activities concerning your personal data can result in you no longer being informed of or being able to make use of activities or services offered by us.
9.1.4. Right to object to certain processing activities
You have the right to object to processing activities based on legitimate interest, as stated under point 3.3.
9.1.5. Right to erasure of your personal data
You have a right to erasure of your personal data. On the basis of this, when you no longer wish to maintain a relationship with Peripass, you can ask us to stop using your personal data.
However, we may keep personal data that are required for probative purposes. Under this right of removal, you also have the right to ask us at any time to stop using personal data of yours that are processed on the basis of your consent or our legitimate interest. On account of the company’s legitimate interests we may continue to process your personal data after having weighed up your interests against ours, unless you decide to bring the relationship with us to an end.
9.1.6. Right to transfer of personal data
You have the right to ask for personal data that you yourself have provided us with to be forwarded to you in a structured, easily accessible and digital form so that you can store these for personal (re-)use or to be forwarded directly to another data controller, insofar as this is technically possible for us.
However, the privacy legislation does make provision for a number of restrictions to this right, with the result that it does not apply to all data.
9.1.7. Right to restriction of certain processing activities
You can ask us to restrict the processing of your personal data in each of the following cases:
- if you dispute the accuracy of the personal data, you can request a restriction of the processing for a period enabling us to check the accuracy of this data;
- if the processing is unlawful and you oppose the erasure of the personal data and, instead of this, ask us for their use to be restricted;
- if we no longer need your personal data for the purposes of the processing mentioned under point 3, but you do still need them for the establishment, exercise or defence of a legal claim;
- if you have objected to a processing activity, we will discontinue this processing activity pending the answer to the question as to whether Peripass’ legitimate grounds override yours.
When you have obtained the right to restriction of the processing, we will not perform any more operations with the personal data in question, other than data storage.
9.2. Right to object to direct marketing
As mentioned under point 3.2 of this Statement we use your personal data to send you commercial information, advertising or personal proposals (by means of direct marketing campaigns or electronic newsletters). You have the right to object to your personal data being processed for direct marketing purposes if you do not (or no longer) wish to receive such communications from us, and can do so by making use of the options provided to this end in every e-mail we send you. In this case we will stop processing your data for direct marketing purposes. Your request will be put into effect as quickly as possible.
If you have exercised your right to make an objection you may, if you so wish, authorise direct marketing activities again via the same channels.
We would draw your attention to the fact that your exercising of the right to object does not preclude us contacting you, should the need arise, for any other purpose, including performance of the contract, in accordance with this Statement.
9.3. How do you exercise your rights?
To exercise the above-mentioned rights, you can send us a written request in either of the following ways:
- by e-mail: email@example.com
- in writing to the following postal address: Peripass, FAO the Data Protection Team, Gaston Crommenlaan 4/9, 9050 Gent, Belgium.
When exercising your right, we would ask you to clearly indicate the right you wish to invoke and the processing activity (or activities) you are objecting to, as the case may be, or the consent you wish to withdraw. Always be as specific as possible when you want to exercise your rights.
10. How can you submit questions or lodge complaints?
If you have a question or complaint about our processing of personal data, the exercising of your rights, or about this Statement, you can contact us through the following channels:
- By e-mail: firstname.lastname@example.org
- In writing to the following postal address: Peripass, FAO the Data Protection Team, Gaston Crommenlaan 4/9, 9050 Gent, Belgium
- By phone: +32 9 396 06 58
If you are not satisfied with our answer, would like to make any comments about the exercising of your rights, or are of the view that our processing of your personal data is not in line with the legislation, you can file a complaint on the matter with the Belgian Data Protection Authority, previously known as the Privacy Commission. All information in this respect can be found at: https://www.privacycommission.be
11. Adaptations to this Statement
This Statement may be adapted or supplemented by us if we deem this to be necessary.
If major modifications are made to this Statement, its date of updating will be adapted and we will also inform you of this and provide you with a copy of the updated statement.
Furthermore, we would also encourage you to go through this Statement at regular intervals to find out how we process and protect your personal data.