Personal data protection
Intraco Consulting and its related companies undertake to protect your personal data. In order to comply with this undertaking, Intraco Consulting respects the laws in force in Belgium, the Grand-Duchy of Luxembourg and in Europe regarding data protection when collecting and processing your data in relation to its Internet portals. They are protected in accordance with the European General Data Protection Regulation 2016/679, known as “GDPR”. In order to comply with this new regulation, our “Privacy and data protection” statement has been updated.
Intraco Consulting as data controller
As data controller, Intraco Consulting is subject to the GDPR. Intraco Consulting contributes to defining the purposes and means of processing personal data, stipulating the conservation periods and controlling access to the personal data.
Purpose of the processing
Intraco Consulting and its customer agree that Intraco Consulting advises and assists companies in their projects and their certifications. In this respect, processing the personal data of the customer and the recipients is therefore necessary for performing the terms of the contract with the customer. Intraco Consulting collects, processes and uses personal data, exclusively as necessary for entering into, maintaining and terminating a contractual relationship with a view to providing services. For running and providing access to the Internet portals, Intraco Consulting also collects, processes and uses the customer’s personal data to establish and manage the user/service provider relationship and to enable the use of the services.
Furthermore, Intraco Consulting collects, processes and uses personal data for internal purposes, in particular with a view to improving the service and for direct marketing purposes. In this respect, Intraco Consulting always considers the interests and basic rights of the data subjects.
According to the GDPR, personal data refers to any information related to an identified or identifiable private individual. Intraco Consulting processes personal data of its customers. These personal data are provided by the customer. Intraco Consulting processes the following personal data of its customers: name, address, home address, email address, telephone number and job title. Furthermore, Intraco Consulting processes additional personal data during assignments, subject to consent between the parties. Intraco Consulting also processes personal data within special categories as stipulated in the GDPR. These data are sufficiently protected (encrypted) and particular attention is paid to them.
Conservation and protection
Intraco Consulting keeps the data on extremely secure servers within Intraco Consulting and any third parties, with which a processing agreement has been signed. Access to these servers is reserved for a very limited number of specially-authorised persons, in charge of the technical or redactional maintenance of the servers. A non-disclosure agreement is also signed with each staff member within Intraco Consulting and any third parties such as IT managers or subcontractors, in order to ensure the protection of the personal data. Your data are carefully protected from loss, destruction, falsification, manipulation and unauthorised access or illegal publication. The communication with the Internet portals is also protected by special security measures in the form of transfers of encrypted data. Considering the state of the art, the execution costs and the purposes of the processing along with the probability and seriousness of a breach, Intraco Consulting always takes appropriate technical and organisational measures to guarantee a level of protection in line with the risk.
Intraco Consulting keeps the personal data required for providing the service for 7 years after the end of the contractual relations, unless a longer conservation period is required on the basis of a legal obligation or for special liability reasons (e.g., in relation to a (possible) dispute). Furthermore, the personal data are removed from the processing procedure by deletion or anonymisation.
Communication of personal data
Intraco Consulting will never provide customers’ personal data to third parties (who are not part of Intraco Consulting) without informing the data subjects beforehand. An exception is made for subcontractors whose services are used by Intraco Consulting on the basis of a subcontracting agreement or in the event of a legal obligation, e.g., request from the police. The personal data provided will be used exclusively for the purposes stipulated. With a view to performing the services, Intraco Consulting therefore provides personal data to the partners within Intraco Consulting, or to other subcontractors.
The personal data are processed within the European Economic Area, unless the service takes place outside of this Area at the sender’s request. In this case, the personal data are transferred to the destination country at the request of the customer and this transfer is necessary for performing the agreement with the customer. If Intraco Consulting also uses a subcontractor, e.g., a service centre located outside the European Economic Area, Intraco Consulting will ensure the strict application of the GDPR rules, i.e., by using a standard contract for the transfer of personal data to subcontractors established in third-party countries, as approved by the European Commission. At this stage, Intraco Consulting has not signed such a contract.
Intraco Consulting will inform its customers of news and information on the products of Intraco Consulting. These personal data, including the email address, will be used for publicity and marketing purposes. This consent (opt-in) may be revoked (opt-out) at any time, in particular by contacting: email@example.com . As regards regular customers/senders, an exception is made for the service letters, which are necessary for the correct performance of our services and which are not considered as direct marketing.
Access to personal data
Do you want to have access to your personal data? You can contact us by email.
As we want to be certain that we are sending the personal data to the right person, we will ask that you provide us with a copy of a valid passport, driving licence or identity document with a crossed-out photo. Please indicate that it is a copy, date the document and cross out the national register number or only send a copy of the front of the ID card (without the national register number).
You may not, of course, request access to the personal data of another person.
If you have any other questions or claims regarding privacy and data protection, please send a letter or an email to the addresses indicated above.
Rectification, erasure, limitation or transfer of data and objection
Similarly, if the personal data are incorrect, if you wish that personal data are erased, that their processing is limited, if you wish to transfer the data or issue reservations, you may send your request to the addresses above, if it is not possible to manage the data yourself. We will always endeavour to reply as soon as possible to your request.
Data protection authority (formerly Privacy protection Commission (CPVP))
If, despite this, you are not satisfied and would like to file a complaint, you may do so with the Authority:
For Belgium: Autorité de protection des données, rue de la Presse 25, B-1000 Brussels, Tel. +32 (0)2 274 48 00, e-mail: firstname.lastname@example.org Website: privacycommission.be
For Luxembourg: Commission nationale pour la protection des données, 1, avenue du Rock’n’Roll, L-4361 Esch-sur-Alzette. Tel (+352) 26 10 60 1. Website: https://cnpd.public.lu/fr.html.
Amendment to the Privacy and Data protection Statement
The rapid technological evolution of the internet and the resulting legal obligations require the regular adaptation of this Privacy and Data protection Statement to meet with the new technical and legal requirements. We will keep you informed of any new developments. We recommend that you consult this Statement from time to time, in order to keep informed of the amendments. In this respect, Intraco Consulting reserves the right to adapt its policy at any time. Where applicable, you will be asked, when you log in, to accept the new version of this Statement, beforehand; it will then be available for consultation on the Intraco Consulting website.