Our Privacy Policy

1 Introduction

Sarens Bestuur NV, and all sister and/or subsidiary companies affiliated to it, divisions of the Sarens NV Group, both individually and jointly (hereinafter referred to as 'Sarens'), with its registered office at Autoweg 10, 1861 Wolvertem, registered in the Crossroads Bank for Enterprises under the number BE 0451.416.125 respects your privacy and safeguards and processes your Personal Data in accordance with Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (or General Data Protection Regulation ('GDPR'), and the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data (Belgian Framework Act).

With this Privacy Statement, Sarens aims to inform you about the processing of personal data and the rights of data subjects. This Privacy Statement describes, inter alia, the privacy protection measures taken by Sarens in the context of its services, including the use of its website.

Customers and Data Subjects (as defined below) are therefore requested to read this Privacy Statement carefully, with the understanding that it may be amended from time to time based on feedback or amendments to services, terms and conditions or legal or regulatory provisions.

This Privacy Statement will be reviewed regularly and any updates to it will be published on this webpage. Although this document was prepared in good faith to be as complete and accurate as possible, Sarens does not accept any liability for any omissions or inaccuracies. This Privacy Statement was last updated in April 2023.

2 General

Your personal data is processed by Sarens.

You can contact us by e-mail at gdpr@sarens.com.

We reserve the right to amend the Privacy Statement from time to time to ensure it remains consistent with applicable laws. You will be notified of such amendments through our website. If you do not agree with these amendments, you should notify us by sending an e-mail to gdpr@sarens.com. If we do not receive such e-mail notification within three working days of announcing the amendments to the Privacy Statement on our websites, it will be assumed that you unequivocally accept the changes.

3 When and why we process your personal data

3.1 You are a website user

When you visit the Sarens website, we collect a limited amount of personal data for the purpose of managing and properly operating that website.

The list below describes the categories of data we process for these purposes, where your data originates from, the basis for this processing activity and with whom we may share the data.

Categories of data processed: identification data: IP address by means of cookies

Retention period: see our Cookie Statement

Data source: Directly from you when you visit the website

Lawful basis for processing: It is in the legitimate interest of Sarens as a company to be able to manage the website and apps it offers, given that in this context we always ensure that your interests are also safeguarded.

Data recipients: IT service providers

Sarens intends to make your experience on the website as informative and relevant as possible. We use cookies to achieve this, whereby we strive to both protect your privacy and provide you with a user-friendly online environment. If you would like to learn more about how we use cookies, please review our Cookie Statement.

3.2 Contact us

When you fill in a contact form on our website or contact us by e-mail, phone, fax or social media, we collect:

Categories of data processed: identification and contact details: name, company, e-mail address, address, phone number

Data source: Directly from you when you fill in the form or contact us by other means

Lawful basis for processing: It is in the legitimate interest of Sarens as a company to process the personal data you have selected to submit to us for the purpose of adequately responding to your enquiry.

Data recipients: IT service providers

3.3 You as a candidate, seeking to apply for a job with us

If you apply for one of our vacancies, we process certain personal data to assess or evaluate your suitability for the position you are applying for.

The list below describes the categories of data we process for these purposes, where your data originates from, the basis for this processing activity and with whom we may share the data, if applicable.

Categories of data processed: address, e-mail address, surname/given name, telephone number, gender, CV, work experience, education and training, certificates and licences, hobbies and interests, letter of motivation

Lawful basis for processing: By applying for a vacancy at Sarens, you consent to the processing of personal data by Sarens for the purpose of candidate selection.

Data recipients: IT service providers, selection and assessment agencies (if there is cooperation in the context of a specific recruitment)

Retention period: 2 years after completion of the relevant recruitment process

Your data will be stored in our recruitment database for 2 years after completion of the relevant recruitment process and will be automatically deleted after this period.

30 days before the expiry of this 2-year period, you will be informed of this upcoming deletion.

If you wish to shorten this period, you can indicate this in your candidate profile created after application or by sending an e-mail to gdpr@sarens.com.

You can create a candidate profile at any time by logging in with the same email address you used to apply.

If you would like to extend this period, you can log in to your candidate profile. Every time you log in, the 2-year term starts counting backwards from zero.

If your application leads to a job at Sarens, your data will be stored as described in your employment contract.

3.4 You are or represent a customer or supplier of Sarens

If you are or represent a customer or supplier of Sarens, we collect the personal data as part of our customer or supplier relationship with you.

The list below describes the categories of data we process for these purposes, where your data originates from, the basis for this processing activity and with whom we may share the data.

Categories of data processed: name, company, company address, position, telephone number, professional e-mail address, account number

Data source: Directly from you

Lawful basis for processing:

  • In furtherance of our legitimate interest to establish and maintain a customer or supplier relationship, for which purpose we process your personal data in our customer relationship management system (CRM);
  • To fulfil our legal obligations, including with regard to fiscal legislation.

Data recipients: IT service providers

3.5 You visit our branch

If you visit our head office, we collect a limited amount of personal data from you.

The list below describes the categories of data we process for these purposes, where your data originates from, the basis for this processing activity and with whom we may share the data.

Categories of data processed: name, company, number plate

Data source: Directly from you

Lawful basis for processing: We collect this personal data because it is necessary in pursuit of our legitimate interest to adequately secure our premises and to monitor who is present in our premises at all times.

Data recipients: N/A

4 General purposes for which we use your personal data

In addition to the above-mentioned purposes for which we process your personal data, there are also some general purposes for which we process your personal data. These general purposes relate to all categories of personal data described in Article 2.

We process your personal data to comply with our legal obligations or to respond to any reasonable enquiries from competent law enforcement agencies or representatives, the courts and government institutions or organisations, including competent Data Protection Authority.

Lawful basis for processing: We process your personal data in pursuit of our legitimate interest to prepare and conduct our defence in disputes and judicial or alternative dispute resolution proceedings. We process your personal data in order to safeguard our legitimate interests and the legitimate interests of our partners or third parties if and when your registration through or use of our website or other communication channels may be considered to infringe any applicable terms and conditions of use, intellectual property rights or any other rights of a third party or jeopardise the security or integrity of our website or other communication channels or jeopardise the website, other communication channels or underlying systems of our subcontractors as a result of viruses, Trojan horses, spyware, malware or any other form of malicious code, etc.

Data recipients: Your personal data may be handed over as evidence to the police or the courts on our initiative or if there are well-founded suspicions of any unlawful act or crime committed by you in the context of your registration through or use of our website or any other communication with us.

5 Recipients

Your personal data is shared with

  • Yourself
  • The organisation you are acting on behalf of
  • Competent law enforcement agencies or representatives, the judiciary and government institutions or organisations, including competent Data Protection Authority
  • Specialists Sarens engage, such as counsellors and accountants
  • Social media companies when you interact with us through social media

We also use third parties to provide our websites, products and services and to achieve the purposes described in Articles 2 and 3. These third parties process your personal data in our name and on our behalf. In this context, we cooperate with reliable (IT) service providers to host and maintain our website, conduct research and provide e-mail services, with CRM system providers, etc.

6 Location and transfer

Your data will generally be held within the European Economic Area ("EEA") for the purposes described in this Privacy Statement and will only be transferred outside the EEA to a country or countries recognised by the European Commission as providing an adequate level of data protection. In the event that your data should nevertheless be transferred to or stored in a country outside the EEA that is not recognised to provide an adequate level of protection, Sarens will take appropriate security measures to ensure that the transfer complies with the requirements of the General Data Protection Regulation.

7 Quality guarantees

We make every effort to process only the personal data necessary to fulfil the purposes described in Articles 2 and 3 of this Privacy Statement.

We endeavour to take appropriate technical and organisational measures to safeguard your personal data from unauthorised access, inappropriate use, unauthorised disclosure, unauthorised modification and theft, as well as unintentional loss, manipulation or destruction. Only employees or third-party processors who need to have access to your personal data can actually access it. Moreover, they are bound by strict rules on confidentiality. You should understand, however, that although we make every effort to safeguard your data, its safety and security can never be absolutely guaranteed.

8 Your rights

Once you have provided us with your Personal Data, the General Data Protection Regulation grants you several rights. Barring legal exceptions, you can in principle exercise this free of charge. These rights may be limited, for example if complying with a request that would disclose Personal Data of another person, or if you ask us to delete information that we are legally obliged to retain or that we retain based on our legitimate interests.

To exercise your rights, please submit a request by e-mail to gdpr@sarens.com.

Should you still have unanswered concerns, you always have the right to submit a complaint to the Data Protection Authority. We obviously encourage you to come to us in the first instance, but to the extent that this right applies to you, you are entitled to address the Data Protection Authority directly. The Data Protection Authority can be reached by e-mail at contact@apd-gba.be or at the address Drukpersstraat 35, 1000 Brussels.

RIGHT TO WITHDRAW CONSENT

Wherever we rely on your consent, you have the right to withdraw that consent at any time and on your own initiative by contacting us with a request to that effect. Withdrawing your consent will not affect the lawfulness of processing based on your consent prior to such withdrawal.

RIGHT OF ACCESS AND CORRECTION OF YOUR DATA

You have the right to access, review and correct your Personal Data. You are entitled to ask us for a copy of your information in order to evaluate and/or improve it. If you wish to correct information such as your name, e-mail address, address and/or any other details or preferences, you can do so by contacting us. You may also ask us for a copy of the Personal Data we process, as described in this Privacy Statement.

RIGHT TO DATA REMOVAL

In accordance with General Data Protection Regulation, you have the right to request the deletion of your Personal Data processed by us as described in this Privacy Statement, in case it is no longer necessary for the purposes for which it was initially collected or processed, or in case you have withdrawn your consent or objected to any processing described in this Privacy Statement and no other basis for processing is present. If you wish your Personal Data to be removed, a request to this end can be made by contacting us.

RIGHT TO RESTRICTION OF PROCESSING

Under certain circumstances, as outlined in the General Data Protection Regulation, you may request us to restrict the processing of your Personal Data. This is the case, for example, when you dispute the accuracy of your Personal Data. In such case, we will restrict processing until we are able to verify the accuracy of your data.

RIGHT TO OBJECT TO PROCESSING

Under certain circumstances, as outlined in the General Data Protection Regulation, you may object to the processing of your Personal Data, including when your Personal Data is processed for direct marketing purposes.

RIGHT OF DATA PORTABILITY

Where the processing of your Personal Data is carried out through automated processes and is based on your consent or on the performance of a contract between you and us, you have the right to receive the Personal Data processed about you in a structured, common and machine-readable form and to transfer it to another service provider.

9 Personal data security

Sarens guarantees that the personal data of Customers and/or Data Subjects is protected and secured to the best of its ability to ensure its confidentiality and to prevent it from being distorted, damaged, destroyed or disclosed to unauthorised third parties. We endeavour to ensure that access to your personal data is limited only to those who need to access it. Those who have access to the data are obliged to maintain the confidentiality of such information.

If you access parts of our websites or use our services, you remain responsible for keeping your username and password confidential. Keep in mind that transferring data over the internet is not completely secure. While we do our best to guarantee the security of your personal data, we cannot guarantee the security of your data transmitted to our site. Any transfer is done at your own risk.

In the event of a breach and related violation of the availability, integrity or confidentiality of personal data, Sarens will follow the existing guidelines of the Data Protection Authority and, if necessary, report the personal data breach to the Data Protection Authority within 72 hours of becoming aware of it.

Sarens will also disclose the personal data breach to affected Customers and/or Data Subjects if the breach is likely to result in an elevated risk to the rights and freedoms of the Customers or Data Subjects.

10 Personal data retention period

Sarens aims to categorise all retained personal data and specify the appropriate retention period for each category of data. Such retention periods are based on the requirements in applicable data protection laws and on the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practices and Sarens business purposes. After this period, personal data will be deleted or anonymised.

11 Disputes and applicable law

This Privacy Statement is governed by and interpreted in accordance with Belgian law. Any disputes relating to the interpretation and implementation of this Privacy Statement, and any disputes relating to the protection of personal data, shall fall within the exclusive jurisdiction of the courts of the district of Brussels, unless otherwise provided by mandatory law. Before any legal action is brought before the court, all parties involved shall take all possible steps to resolve their dispute amicably.

12 Contact

For any additional information related to this Privacy Statement or for any request for correction, access or restriction of processing, please contact Sarens at gdpr@sarens.com.

You will receive confirmation of your request within thirty (30) days, free of charge, on the understanding that this period may be extended by a further thirty (30) days if Sarens considers the request in question to be complex.