We understand that your trust in us constitutes the most important asset of PROTECTION UNIT SA (hereinafter referred to as “PROTECTION UNIT SA” “we” or “our Company”).
As such, your privacy is of paramount importance to us. This data protection charter (hereinafter referred to as the “Charter”) applies, among other things, to (i) our https://www.protectionunit.com website or websites (hereinafter referred to as the “Website”) and (ii) all relations (commercial or otherwise) between PROTECTION UNIT SA and its customers, prospects and business partners, and any persons with whom we may have relations.
This Charter applies to all personal data processed by PROTECTION UNIT SA acting as data controller and covers all data processing for which PROTECTION UNIT SA is responsible.
This Charter contains, among other things, information on the personal data that PROTECTION UNIT SA collects, as well as on how PROTECTION UNIT SA processes such personal data.
PROTECTION UNIT SA wishes to emphasise that it endeavours at all times to act in accordance with (i) European Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation that came into force on 25 May 2018 – the “GDPR”) and (ii) Belgian legislation (current and future) relating to the implementation of the aforementioned Regulation. This Charter contains, among other things, information on the personal data that PROTECTION UNIT SA collects, as well as on how PROTECTION UNIT SA uses and processes such personal data.
Visiting the website, as well as creating an account on the latter, subscribing to our services and training courses and communicating in general with PROTECTION UNIT SA implies your express approval (by means of the provision of your personal data or opt-in) of this Charter and therefore of the way in which we collect, use and process your personal data.
TYPE OF PERSONAL DATA
PROTECTION UNIT SA may collect and process the following personal data:
- First name
- Date of birth
- Place of birth
- National registry number
- Bank account number
- Home address
- Email address
- Telephone number (landline/mobile)
- Customer number
- Training attendance data
- All personal data voluntarily provided to PROTECTION UNIT SA (during correspondence, for example)
PROTECTION UNIT SA also automatically collects anonymous information about your use of the Website through cookies.
COLLECTION METHOD FOR PERSONAL DATA
These personal data are collected in the event of or within the framework of:
- a visit to the PROTECTION UNIT SA Website;
- the creation of an account on the PROTECTION UNIT SA Website;
- a request for a quotation;
- registration for training courses;
- requesting and conducting audits;
- use of a service (whether through the Website or not);
- the exchanging of business cards;
- collaboration with PROTECTION UNIT SA;
- verification of your identity (for example during customer identification);
- correspondence exchanged with PROTECTION UNIT SA.
The personal data collected by PROTECTION UNIT SA are therefore expressly and voluntarily provided by you.
The provision of certain personal data is a condition for being able to benefit from certain services (for example, to access your online account). You are told which data are mandatory and which are optional.
USE OF PERSONAL DATA
PROTECTION UNIT SA may use your personal data for the purposes set out in Appendix 1 of this Charter.
In general, we shall only use your personal data if you have consented to this or where such use is based on one of the relevant legal grounds:
- safeguarding our legitimate interests;
- the conclusion, negotiation and performance of a contract between us and you;
- compliance with a legal obligation;
- safeguarding the public interest.
Disclosure of personal data to third parties
PROTECTION UNIT SA shall not disclose your personal data to third parties, except where this is necessary in connection with the provision of products and/or services and in particular, but not limited to:
- the organisation and monitoring of training courses;
- security audits carried out;
- audience analytics for our Website;
- IT storage;
- compliance with the legal obligations imposed on PROTECTION UNIT SA (for example, by FPS Home Affairs).
In this context, your personal data may be made available to webmasters, payment partners, software providers, cloud partners, our insurer and various service providers that PROTECTION UNIT SA may use in connection with the provision of its services.
If it is necessary in this context for PROTECTION UNIT SA to disclose your personal data to third parties, the third party concerned shall be required to use your personal data in accordance with the provisions of this Charter.
Notwithstanding the above, it is however possible that PROTECTION UNIT SA may disclose your personal data:
to the competent authorities (i) when PROTECTION UNIT SA is required to do so by law or in the context of legal proceedings or future legal proceedings and (ii) to safeguard and defend our rights;
when PROTECTION UNIT SA or almost all of its assets are taken over by a third party, in which case your personal data – which PROTECTION UNIT SA has collected – shall constitute one of the transferred assets;
where you have expressly consented to this, if applicable.
Cross-border processing of personal data
In principle, we shall not transmit your personal data outside the European Economic Area (EEA). However, as part of the administrative management of the services offered, PROTECTION UNIT SA may transfer your personal data to its Tunisian subsidiary, Positive Solutions, a commercial company in the form of a private limited liability company under Tunisian law having its registered office at Capitole du Lac, Rue des Lacs de Mazurie, 2nd floor, 1053 Les Berges du Lac, Tunis, VAT 1318089V/A/M/000 represented for these purposes by Mr Yves Bastin.
Any transfer of personal data outside the EEA to a recipient who has its domicile or registered office in a country that does not fall under a similar decision, promulgated by the European Commission, is and shall be subject to the provisions of a data transfer agreement, which shall contain (i) the standard contractual clauses as defined in European Commission Decision of 5 February 2010 (Decision 2010/87/EC), or (ii) any other mechanism based on privacy legislation or any other regulations relating to the processing of personal data.
STORAGE OF PERSONAL DATA
Unless a longer retention period is required or justified (i) by law or (ii) by compliance with another legal obligation, PROTECTION UNIT SA shall only retain your personal data for the period that is necessary to achieve and fulfil the objectives as described in the Charter, under the point “use of personal data”.
PROTECTION UNIT SA shall retain all the personal data it has collected, in its hard copy files stored internally within the company as well as on its internal IT servers, the external IT platform “Master”, and on a cloud server located in Belgium and France.
APPENDIX 2: RETENTION PERIODS BY TREATMENT CATEGORY
Your rights relating to the protection of your privacy
Within the framework of the processing of your personal data, you have the following rights:
- right to access your personal data;
- right to rectify, complete or update your personal data;
- in certain cases, the right to delete your personal data (‘right to be forgotten’) (in this context, PROTECTION UNIT SA states that certain services shall no longer be accessible or that it shall no longer be able to provide them if you delete certain personal data or have them deleted);
- right to limit the processing of your personal data;
- right to the portability of your personal data;
- right to oppose/object to the processing of your personal data.
- If you wish to exercise your privacy rights, please send an email to firstname.lastname@example.org
You can exercise these rights free of charge using the aforementioned form. In addition, you can always update, modify and/or check, through your account, your personal data which you had to provide when creating your account.
You can find more information about your rights on the website of the Data Protection Authority (hereinafter the “DPA”) via the following link “https://www.autoriteprotectiondonnees.be/”.
PROTECTION OF PERSONAL DATA
PROTECTION UNIT SA undertakes to take reasonable precautionary measures of a physical, technological and/or organisational nature to avoid (i) unauthorised access to your personal data, as well as (ii) the loss, improper use or modification of your personal data.
Notwithstanding PROTECTION UNIT SA’s security policy, the verifications it carries out and the actions it performs in this context, an infallible level of security cannot be guaranteed. No method of transfer or transmission via the internet, nor any method of electronic storage, is 100% secure, such that PROTECTION UNIT SA cannot, in this context, guarantee absolute security.
Finally, the security of your account also depends on the confidentiality of your password granting access to the platform. PROTECTION UNIT SA shall never ask you for your password, meaning you are under the obligation not to provide it to anyone. If you have nevertheless given your password to a third party, the latter shall receive access, through your password, to your account and your personal data. In this case, you shall be responsible for the actions taken further to the use of your account. PROTECTION UNIT SA therefore strongly advises you, if you notice that someone has gained access to your account, to immediately change your password and contact us.
UPDATING OF THE CHARTER
PROTECTION UNIT SA is authorised to update this Charter by posting a new version on the Website. In this connection, it is in particular advisable to regularly consult the Website and the relevant page on which the Charter is posted in order to ensure that you are aware of any changes.
It shall always be possible to view the latest version via this link.
Contact PROTECTION UNIT SA
If you have any questions about the Charter or how PROTECTION UNIT SA collects, uses or processes your personal data, please contact us:
By e-mail: email@example.com
By post: PROTECTION UNIT SA, rue Campagne du Moulin 53/12 – 4470 Saint-Georges-Sur-Meuse (Belgium)
If you are not satisfied with the way in which PROTECTION UNIT SA has handled the questions or comments that you submitted to it, or if you have complaints concerning the way in which PROTECTION UNIT SA collects, uses and/or processes your personal data, you may submit a complaint to the Data Protection Authority (the “DPA”).
What do we expect from you?
For your part, we expect you to ensure that the information you provide to us is relevant and up-to-date. You must also inform us immediately of any significant change in your situation. If you need to provide us with information about a third party, we ask you to ensure that the latter has given its consent for you to do so.
This Charter is subject to change and the latest applicable version can be consulted at the following address: https://www.protectionunit.com/protection-de-la-vie-privee.
APPENDIX 1 – PURPOSES OF THE USE OF PERSONAL DATA
PROTECTION UNIT SA may use your personal data for the following purposes:
- Receiving and processing questions submitted via the contact form or by any other means:
An online contact form is available on our Website. You can also contact us by telephone as well as via one of our sales representatives. In order to honour your requests (for information, for quotes, etc.) we are required to process some of your personal data.
This processing is based on our legitimate interest.
- Managing your personal or business account on the PROTECTION UNIT SA website:
As a customer, professional or operator, you can create a personal account in your name on the Website. Through this account, we use your data to enable you to monitor the status of your situation with PROTECTION UNIT SA. This processing is based on our legitimate interest.
- Preparing a quote or offer: In order to draw up and send you a quote or an offer, at your request, we are required to process some of your personal data. In this context, we shall process some of your personal data. This processing is based on our legitimate interest.
- Training management: Among our services we offer training courses. In order to honour your request we draw up a personalised quote, and in this connection we are required to send some of your personal data to professionals in the sector who provide training services. This processing is based on our legitimate interest.
- Audit management: We offer audits carried out by professionals in the sector. In order to organise these audits, we are required to provide some of your personal data to professionals in the aforementioned sector. This processing is based on our legitimate interest.
- Drawing up an agreement: As a customer, professional or operator, you are or shall be required to enter into an agreement with PROTECTION UNIT SA so that we can begin the collaboration for which you have requested our services. In this context, we shall collect some of your personal data. This processing is based on our legitimate interest or on a legal obligation.
- Performing services, processing your operations and executing your instructions: We use your data to perform the services for which you called upon PROTECTION UNIT SA. This use implies that PROTECTION UNIT SA is in possession of your personal data for as long as necessary for the provision of the service or services which you have requested. This processing is based on the performance of any contract entered into with you and/or any commitment made by you or by PROTECTION UNIT SA.
- Sending invoices and receiving payments: As part of the services offered by PROTECTION UNIT SA and the agreements that you have entered into with us, we use some of your personal data to draw up invoices and, following receipt of payments, process them in the accounting department for the purposes of properly managing invoicing files. This processing is based on our legitimate interest or on a legal obligation.
- Applying for a vacant position and providing a CV: When responding to one of our job offers published on the Website or by other means, you are asked to send us your CV. Your data are then processed in order to be able to analyse your profile and respond appropriately to your application. This processing is based on our legitimate interest or on your consent.
- Preparing mailing lists: As part of the various services we offer, we create a contact database. In this context, some of your personal data may be collected in a database. The legal basis for processing your data for this purpose is our legitimate interest or your consent.
- Complying with laws and regulations: We ensure compliance with any legislation or regulations in force. In this context, and if necessary, we are required to process some of your personal data. This processing is based on compliance with a legal obligation.
- Protecting our rights: We may use your data to protect our rights, in particular in connection with the defence or protection of legal rights and interests, legal proceedings, the management of claims or disputes, in the event of company restructuring or other merger or acquisition operations. We use your data based on our legitimate interests.
APPENDIX 2: RETENTION PERIOD BY PURPOSE CATEGORY
|Purposes of processing personal data||Basis||Maximum retention period (unless otherwise indicated)|
|Receiving and processing questions submitted||Legitimate interest||5 years after the last contact for a customer / 3 years after the last contact for a prospect|
|Preparing a quote or offer||Legitimate interest||5 years after the last contact for a customer / 3 years after the last contact for a prospect|
|Training management||Performance of the contract||3 years after the last contact with the customer|
|Audit management||Performance of the contract||5 years after the last contact with the customer|
|Drawing up an agreement||Legitimate interest
|To be determined by Fact Group. Example: 7 years after the last contact with the customer|
|Performing services, processing your operations and executing your instructions||Performance of the contract||5 years after the last contact with the customer|
|Invoices and payments||Performance of the contract
|7 years from 1 January of the year following the taxable period.|
|Optimising the quality, management and content of the Website||Legitimate interest||3 years after the user’s last visit to the Website.|
|Applying for a vacant position and providing a CV||Legitimate interest
|– Immediate deletion if the CV does not match the profile sought
– Retention in a recruitment database for 1 year if the CV potentially matches company needs but no position is available
– Immediate processing if the CV matches company needs and a position is available. In this case: retained in the employee’s file for 5 years from the day following that on which the performance of the contract ended.
|Establishing mailing lists||Legitimate interest
|5 years after the last contact for a customer / 3 years after the last contact for a prospect|
|Complying with laws and regulations||Legal obligation||– Employment documents: 5 years from the day following that on which the performance of the contract ended;
– Tax documents: 7 years from 1 January of the year following the taxable period
|Protecting our rights||Legitimate interests||As long as the legal proceedings/complaint procedure lasts|