1. GENERAL
1.1. The website www.hestia-it.be (hereinafter: “website”) is managed by Hestia NV, with registered seat at 2650 Edegem, Prins Boudewijnlaan 41 and company number 0895.216.166 (hereinafter: “Hestia” “we”, “us” of “our”). Hestia is a part of Uptime Group on one hand and De Cronos Groep on the other hand, Belgian companies with different subsidiaries in Belgium.
1.2. Our privacy policy has been drafted with a view to providing you with information in relation to the processing of your personal data in the context of this website and to provide you with information in relation to the personal data we process when you use our services. We shall be considered as controller for the processing of your personal data in relation to your use of the website and our services.
1.3. Hestia attaches great importance to your privacy. This Privacy Policy was developed to provide you with information in relation to the collection, disclosure, transfer and use (“processing”) of the personal data you share with us in relation to your use of our website or our services and to provide you with information about your rights. This Privacy Policy provides more information in relation to:
- How we use and collect your personal data;
- Which categories of personal data we collect;
- How long we retain your personal data;
- What your rights as an individual are;
- Who has access to your personal data:
- How the transfer of your personal data is arranged.
1.4. We therefore request you to read through this Privacy Policy.
If you have any questions, concerns or complaints regarding this Privacy Policy or our processing of your personal data or you wish to submit a request to exercise your rights as set out in article 4, please contact us using one of the following ways:
(a) Per e-mail to DPO@hestia-it.be;
(b) Per post to Hestia NV, attn. Data Protection Officer, Prins Boudewijnlaan 41, 2650 Edegem.
1.5. We reserve the right to modify this Privacy Policy. The most recent version of our Privacy Policy is always available on the website. This Privacy Policy was last updated on 11 July 2018.
2. HOW WE USE AND COLLECT YOUR PERSONAL DATA
2.1. Personal data is defined as any information relating to an identified or identifiable natural person. Identifiable refers to identifiers (such as name, identification number, location data, etc.), that can be used to directly or indirectly identify a natural person.
2.2. The personal data we process, are processed for the following purposes:
(a) Answering questions – If you make use of our webchat, the contact form on our website, the form “How can we improve your experiences with our services?” on our website, our phone number, our e-mailaddress or address, then we use your personal data to be able to reply to your request, via the webchat or via e-mail or phone. Your e-mailaddress will also be included in our database with the purpose of sending you our newsletter and for providing information relating to events, seminars etc
.
(b) Providing our serivces – We use your personal data in the context of our services or to provide you with the requested information. We also use your personal data that we receive during the provision of our services for client and supplier administration, to improve the quality of our services, to develop new services, to be able to invoice our services and to follow up on outstanding invoices and to be able to subsequently collect them.
(c) Recruitment and selection – Our website contains a list of open jobs. When you provide us with personal data via the form “Would you like to join our team?” on our website, then we process your personal data to be able to invite you for a job interview and with a view to a potential recruitment.
(d) Supporting our website – We process your personal data with the purpose of supporting our website and improving your user experience. This purpose also includes monitoring the safety, usability, performance, capacity and health of our website.
(e) Exercising our rights – We also process your personal data to be able to enforce our rights on the basis of the applicable legislation or to comply with the applicable legislation (e.g. the institution of a claim) if necessary. We can use your personal data to comply with our obligations on the basis of the applicable laws.
2.3. We collect the following categories of personal data:
(a) Contact details – We collect contact details about you. This is information that we receive when you directly provide us with our information by, for example, filling this in the contact form, in our webchat and the forms “How can we improve your experience with our services?” and “Would you like to join our team?”. You could provide us with your name and e-mailaddress and any personal data that you fill in in any blank space called ‘Message’. Please do not fill in any sensitive information, such as health information, information relating to criminal convictions or bank account numbers.
(b) Identification – As professional client, or as supplier, we process the information of your contact persons and directors, i.e. name, e-mailaddress, phone number, cell phone number, VAT-number, company number, title and description of the function.
(c) Financial information – When you make use of our services, we process identification and bank account nummers, as well as credit- or debetcard numbers. We also process the amounts that have been paid or are still payable. We also process information relating to your solvency.
(d) Usage information – We process personal data relating to your use of our website: IP-address, device ID and type, reference source, language settings, browser type, operating system, geographical location, length of the visit, visited page, or information relating to the timing, frequency or pattern of your visit. This information can be aggregated and can help us to collect useful information relating to the use of the website. In the event such usage information is anonymized (and cannot identify you as a natural person), dan such information falls outside of the scope of this Privacy Policy. This information is collected by virtue of your use of the website.
(e) Device information – It is possible that we collect information that relates to your specific device, e.g. serial number, hardware type, version, etc.
2.4. We use the personal data that we receive via our contact form and the forms on our website and the usage information that we aggregate on the basis of your use of the website on the basis of the “legitimate interest” legal ground. We have a legitimate interest to answer to your questions or to respond to your comments. The usage information is used to make the user experience as pleasant and as safe as possible. We always strive for a balance between the interest and respecting your privacy.
2.5. In the performance of the services and in relation to our supplies, we use the identification and financial information on the basis of the legal ground “necessary for the execution of the agreement”. We need your identification in order to be able to provide you with (electronic) invoices or to insert the invoices in our accounting systems and for the purpose of client and supplier administration.
2.6. In the event the legal basis fort he processing is your consent, then you have the right to withdraw your consent at all time. This will not affect the lawfulness of any processing that has taken place prior to your withdrawing your consent.
2.7. In the event the legal basis is our legitimate interest, then you will have the right to object to such processing as further set out in this Privacy Policy.
3. HOW LONG IS YOUR PERSONAL DATA RETAINED BY HESTIA?
3.1. Hestia will not retain your personal data longer than is necessary to achieve the intended purpose. In the event you opt to no longer share your personal data with us, then we will no longer use your personal data. However, your personal data will be retained for a period of two years for the handling of complaints and/or legal conflicts. In such case, your personal data will be archived and access will be limited.
3.2. In the event we process your personal data on the basis of the legal ground “consent” and you withdraw your consent or you object to the processing of your personal data and such objection is valid, then we will delete your personal data. We will however retain the personal data necessary to respect your wishes for the future.
4. YOUR RIGHTS AS INDIVIDUAL
4.1. This article lists your principal rights under the applicable data protections laws. We have tried to summarize these rights for you in a clear and legible way.
4.2. To exercise any of your rights, please send us a written request in accordance with article 1 of this Privacy Policy. We will respond to your request without undue delay, but in any event within one month of the receipt of the request. In the event of an extension of the term to respond or in the event we do not take action on your request, we will notify you.
(a) Right to access – In the event we process your personal data, you have the right to access your personal data and to certain additional information as set out in this Privacy Policy. In het geval dat wij uw persoonsgegevens verwerken, heeft u recht op toegang tot uw persoonsgegevens, alsook tot bepaalde aanvullende informatie zoals omschreven in ons Privacybeleid. You have the right to receive from us a copy of your personal data we have in our possession, provided that this does not adversely affect the rights and freedoms of others. The first copy will be provided free of charge, but we reserve the right to charge a reasonable fee if you request further copies.
(b) Right to rectification – If the personal data we hold about you is inaccurate or incomplete, you have the right to have this information rectified or, taking into account the purposes of the processing, completed.
(c) Right to erasure (right to be forgotten) – In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include:
(a) The personal data are no longer needed in relation to the purposes for which they were collected or otherwise processed;
(b) You withdraw your consent, and no other lawful ground exists;
(c) The processing is for direct marketing purposes;
(d) The personal data have been unlawfully processed; or,
(e) Erasure is necessary for compliance with EU law or Belgian law.
There are certain exclusions to the right to erasure. Those exclusions include where processing is necessary,
(a) for exercising the right of freedom of expression and information;
(b) for compliance with a legal obligation; or,
(c) for the establishment, exercise or defense of legal claims.
(d) Right to the restriction of processing – You have the right to restrict the processing of your personal data (meaning that the personal data may only be stored by us and may only be used for limited purposes), if:
(a) You contest the accuracy of the personal data (and only for as long as it takes to verify that accuracy);
(b) The processing is unlawful and you request restriction (as opposed to exercising the right to erasure);
(c) We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; or,
(d) You have objected to processing, pending the verification of that objection.
In addition to our right to store your personal data, we may still otherwise process it but only:
(a) with your consent;
(b) for the establishment, exercise or defense of legal claims;
(c) for the protection of the rights of another natural or legal person; or,
(d) for reasons of important public interest.
We will inform you before we lift the restriction of processing.
(e) Right to data portability – To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others. You also have the right to have your personal data transferred directly to another company, if this is technically possible, and/or to store your personal data for further personal use on a private device.
(f) Right to object – You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for:
(a) The performance of a task carried out in the public interest or in the exercise of any official authority vested in us;
(b) The purposes of the legitimate interests pursued by us or by a third party.
If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
When your personal data is being processed for direct marketing purposes, regardless of whether it pertains to an intitial or a further processing activity, you will at all times have the right to object to this processing free of charge, including in the event of profiling for direct marketing purposes. In the event you make such objection, we will cease the processing of personal data for this purpose.
(g) Right to file a complaint with a supervisory authority – If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. In Belgium, you can submit a complaint to the Authority for the protection of personal data (Gegevensbeschermingsautoriteit), Drukpersstraat 35, 1000 Brussel (contact@adp-gba.be), https://www.gegevensbeschermingsautoriteit.be/contact.
5. WHO HAS ACCESS TO YOUR PERSONAL DATA
We can provide your personal data to the following categories of recipients:
(a) Service providers/suppliers – We provide your personal data to the servive providers we use to process and/or store your personal data, for example: Microsoft, Dropbox, AWS. In the event you make use of the services of Hestia, it could be that we provide your personal data to suppliers that we have contracted with to perform the relevant services.
(b) Affiliated companies – In the event you make use of our services, it is possible that your personal data is provided to affiliated companies of Hestia. For certain services, we make use of the central services of our affiliated companies, a.o. the collection of outstanding invoices.
(c) Social media providers – Our website makes use of social media plug ins that make it possible to link you to our social media accounts or that enable you to share content on your social media channgels. These social media channels are Facebook, LinkedIn and Twitter. If you click on such a link, it could that the aforementioned social media providers collect personal data, such as personal data relating to your profile. We are not responsible for the use these social media partners make of your personal data. In such case, the social media providers will act as controllers. For your information, we provide you with the relevant links (which could change from time to time).
Facebook: http://facebook.com/about/privacy;
LinkedIn: http://linkedin.com/legal/privacy-policy;
Twitter: http://twitter.com/privacy;
(d) Governments and authorities – It could be that access to your personal data is required for legal purposes. In such cases, we will be required to comply. We are allowed to share you personal data if this is necessary to protect the vital interests of other natural persons.
6. TRANSFER OF PERSONAL DATA
There will be no transfer of personal data outside of the European Economic Area. In the event a transfer is required in exceptional cases, we will ensure that such transfer takes place with the necessary safeguards. You agree to transfer of personal data to a third country.
