Privacy Policy

Privacy Policy

Article 1. Purpose

The purpose of the Privacy Policy is to provide the Customers with all information relating to the personal data concerning them that are collected and processed by the DEF Belgium.
The Privacy Policy applies only to the processing of personal data for which the DEF Belgium acts as processing manager. In this context, the processing of personal data can be directly implemented by the DEF Belgium or through a subcontractor specifically designated by him.

Article 2. Legal basis of the processing implemented

In accordance with applicable laws on the protection of personal data, the processing of personal data implemented by DEF Belgium relies on a legal basis.

DEF Belgium caries out the processing of the Customer’s personal data provided that the latter:
– (i) has entered into a contract for the provision of services and / or the acquisition of products;
– (ii) completed an electronic collection form in order to participate in an event organized by DEF Belgium;
– (iii) has registered or subscribed for services posted by DEF Belgium (for instance, website, social networks, YouTube channel); and or
– (iv) that the Customer’s formal consent has been secured (e.g. the posting of cookies on the Customer’s browsing terminal when he visits a website published by DEF Belgium).

Article 3. Types of Personal data that is collected

DEF Belgium collects and processes personal data that the Client voluntarily discloses to it either by means of a collection form, or when entering into a service contract and / or acquisition of products.
Customers are informed on each personal data collection form of the mandatory or optional nature of the responses by the presence of an asterisk.
Where answers are required, DEF Belgium explains to the Customers the consequences of a lack of response.

The personal data collected in this context are as follows:

NON-TECHNICAL DATA (depending on the use case):
– (i) Identification: name, surname, title, position, pseudonym, pseudo social networks;
– (ii) Contact information: phone, e-mail address, postal address, fax, …;
– (iii) Photo: when you grant us this right (usually taken during an event or interview at our events);
– (iv) Professional life: occupation, degrees, professional background, …;
– (v) Banking data as necessary;
– (vi) Personal life and lifestyle (e.g., shopping habits, purchase plans).

DEF Belgium collects and processes the Customer’s personal data relating to his browsing and behaviour on a website published by the DEF Belgium.

The personal data collected in this context are as follows:
TECHNICAL DATA (depending on the use case)
– (i) Identification Data (IP)
– (ii) Connection data (logs in particular)
– (iii) Data on consent (click) mainly for access to our services (Sentinel etc.)

DEF Belgium does not deal with sensitive data in the meaning of Article 9 of the GDPR (personal data that show racial or ethnic origin, philosophical, political, trade union, religious opinions, sexual or health life).

Article 4. Purposes of the processing

This paragraph is intended to inform the Customer about the use by the DEF Belgium of data collected directly or indirectly.
The processing of the personal data of the Customer by the DEF Belgium is necessary to enable it to accomplish the following purposes:

– (i) file processing;
– (ii) customer relationship management;
– (iii) management of events organized by the DEF Belgium (lectures, breakfasts, etc.);
– (iv) sending newsletters or news feeds;
– (v) improved site browsing
– (vi) answers to questions asked (by telephone or online);
– (vii) responses to public or private tenders;
– (viii) personalized business monitoring;
– (ix) improvement of its services;
– (x) responses to our administrative duties;
– (xi) management of requests for the exercising of the rights persons concerned such as listed in Article 8 below.

Article 5. Recipients of personal data

All the personal data collected and processed by DEF Belgium are strictly confidential.
DEF Belgium agrees not to pass on the personal data of its Customers to a third party that may use them for its own purposes, without their formal consent.
DEF Belgium ensures that the data are accessible only to authorized internal or external recipients.

In-house recipients:
(i) All employees of DEF Belgium. The in-house recipients of the DEF Belgium are trained and authorized to process personal data.

External recipients:
(i) Providers or support services (subcontractors, various service providers, etc.)
(ii) Lawyers, experts, agents, bailiffs, etc.
(iii) Courts
(iv) Administration

When the recipient concerned is located outside the European Union, or in a country that does not have an adequate regulation in the meaning of the GDPR, DEF Belgium manages its contractual relationship with this third party by adopting an appropriate contractual mechanism.
It should be noted that DEF Belgium may be required to pass on the personal data of its Customers to respond to an injunction by the legal authorities.

Article 6. Retention Time

The personal data of the Customer are kept for a period of three (3) years from their collection.
Audience measurement statistics are not retained for more than thirteen (13) months.
However, at the end of the aforementioned periods, including as and when necessary from the Customer’s request for deletion, his / her personal data may be the subject of interim filing so that DEF Belgium can meet to its legal retention duties:

(i) a contract entered into in the course of a business relationship will be retained for five (5) years after the date of its execution;
(ii) a contract entered into electronically in an amount greater than or equal to 120 euros will be kept for two (2) years after the date of its execution;
(iii) banking records will be kept for five (5) years as from their release;
(iv) records relating to the management of orders will be kept for ten (10) years;
(v) billing management documents will be retained for ten (10) years.

Some data may be filed beyond the standard durations (i) in the event of litigation in order to make it possible to establish the reality of the disputed facts; and / or (ii) for the purposes of the investigation, detection and prosecution of criminal offenses for the sole purpose of enabling, as needed, the provision of such data to the judicial authority.
Filing requires that these data be anonymous and can no longer be viewed online but that they may be extracted and stored on an autonomous and secure medium.

After the deadlines set in the said policy, the data are deleted.

Article 7. Rights of persons concerned

Customers have a right of access, modification, opposition, limitation, portability, rectification, to define directives concerning the fate of their data after their death and the deletion of their personal data, the latter being subject to compliance with the following rules:
(i) the request originates from the person himself and is accompanied by a copy of an identity document, up to date;
(ii) the request should be made in writing and sent to the following address: rgpd@reseau-def.com

Upon receipt of the right to portability of the data, Customers have the right to request a copy of their personal data being processed.
The requested information will be provided in electronic form, unless otherwise requested. Customers are informed that these rights can never cover to confidential information or data or for data which the law does not authorize the communication. These rights cannot under any circumstances allow access to Defence Secret classified documents.
The right to the deletion of the personal data of the Customers will not be applicable in the cases where the treatment is implemented to meet a legal requirement.
The Customer may, at any time, file a complaint before the relevant supervisory authority.

Article 8. Use of Subcontracting

DEF Belgium informs its Customers that it may involve any subcontractor at its option in the framework of the processing of their personal data. Subcontractor means any natural or legal person that processes personal data on behalf of DEF Belgium.
In this case, DEF Belgium ensures that the subcontractor complies with its duties under the GDPR.
DEF Belgium agrees to sign a written contract with all its subcontractors and imposes on subcontractors the same data protection duties as its own. In addition, DEF Belgium reserves the right to conduct an audit of its subcontractors to ensure compliance with the provisions of the GDPR.

Article 9. Security

It is the responsibility of DEF Belgium to determine and implement technical security or physical measures, that it sees fit, to fight against the destruction, loss, alteration or unauthorized disclosure of data in an accidental or unlawful manner.
Such measures include but are not limited to:
(i) the use of security measures for access to the premises (closing of offices, badges, etc.);
(ii) secured access to our computers and smartphones (passwords changed regularly);
(iii) setting up logins and passwords for all our business applications;
(iv) the management of authorizations for access to data (specificity for our financial and accounting and communication services);
(v) use of VPN for remote connections;
(vi) use of the complex passwords for our Wi-Fi network, changed each month.

In any case, DEF Belgium undertakes, in the event of a change in the means to ensure the security and confidentiality of personal data, to replace them by means of superior performance. No evolution can lead to a decrease in the security level.

Article 10. Processing register

DEF Belgium holds a register of personal data processing which is at the disposal of the National Information Technology and Privacy Commission.

Article 11. Amendments

This policy may be amended or modified at any time in the event of legal or jurisprudential developments, and of changes in decisions and recommendations of the European Commission.
Any new version of this policy will be brought to the attention of the Customers by any means chosen by DEF Belgium including by electronic means (circulation by email or online for instance).

Article 12. Information

For any further information please contact our GDPR committee at the following electronic address: rgpd@reseau-def.com