Privacy policy
1. Introduction
This Privacy Policy concerns the processing of personal data carried out by the SRL CTI CONSULTING, with the company registration number BE 0684.508.610, and its registered office located at 4100 SERAING, Avenue de Macar 12, in connection with its website www.cticonsulting.be. Its purpose is to inform the data subject about the purposes and legal bases applicable to the processing of their personal data.
2. Definitions
Supervisory Authority : An independent public authority which is established by a Member State pursuant to Article 51. In Belgium, this is the Data Protection Authority.
Client: The natural or legal person for whom the data controller provides a service or product.
Personal data (or data): Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Sensitive data: Personal data related to sensitive aspects such as racial or ethnic origin, political opinions, religion or other beliefs, health or any pathological condition, criminal background, trade union membership, or sexual orientation. Sensitive data can be processed with the consent of the data subject. If the data subject communicates sensitive data, they consent to the processing of this data by the data controller.
Supplier: A natural or legal person who regularly provides certain products and services to the data controller.
Internet user: The natural person who visits the website and, for example, uses the contact form, registration form.
Notification: Information to the supervisory authority by the data controller, in accordance with Article 33 of the GDPR, in the event of a personal data breach.
Privacy Policy: This policy concerning the protection of personal data.
Prospect: A person who could potentially become a new client, i.e., a person whom the data controller seeks to reach to generate sales.
Data controller: The natural or legal person, public authority, agency, or other body that determines the purposes and means of the processing; in this case, it is SPRL CTI Consulting, with the company registration number 0684.508.610 and registered office located at 4100 SERAING, Avenue de Macar 12.
Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data breach: A security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
3. What data is collected and why does the data controller retain it?
In accordance with the GDPR, data is processed for specific purposes and based on the legal grounds provided in Article 6 of the GDPR.
If the data controller decides to use the data for a purpose other than what is stated in the policy, they will inform the data subject about this new purpose.
Data necessary for the execution of a contract or the processing of a request submitted by the Internet user is processed via our website for the following purposes:
- Registration for an event or training: name, first name, email address, phone number, signature, employer, position.
- Processing requests submitted via the contact form or by email: name, first name, email address, phone number, attached documents, message, IP address, browser version.
- Processing job applications at CTI CONSULTING: name, first name, email address, phone number, cover letter, CV.
Other data may be processed via the website based on the internet user’s consent:
- Collection of browsing statistics to improve the website: see our Cookie Policy for more details on this processing.
4. how long is data retained?
The data controller retains data for the time necessary to achieve the purpose of the processing.
Retention periods are determined based on several criteria such as the type of processing, its purpose, the location where data is stored, the type of data subject, or the type of data collected. The retention period for a particular data processing can be communicated to the data subject upon request.
In any case, the data controller retains data in accordance with legal retention periods.
5. Who collects the data?
Data is collected solely by the data controller.
6. How is data collected?
Data is primarily collected via a secure (encrypted) channel through the website.
7. why do we collect your data?
Data is primarily collected for the proper execution of the contract.
Data may also be used for the management of clients and contracts related to their services.
It may also be used to:
- Respond to information requests and ensure their follow-up.
- Inform of any changes in the services offered and/or applicable texts (such as general conditions or the Privacy Policy).
Data is also collected to comply with legal obligations, including accounting, complying with a court decision, responding to public authority requests, protecting the interests of the data controller, as well as those of its partners and clients, protecting its services, enforcing general conditions, the Privacy Policy, and any applicable text, lodging a potential appeal, or limiting any damage that the data controller might suffer.
Data may finally be collected in the legitimate interest of the data controller or a third party, including for prospecting purposes or to ensure the security of the data controller’s website or networks and information.
8. with whom will the data be shared?
Certain data may be accessible to third parties directly related to the data controller when necessary, including the entities listed below:
- Service providers chosen by the data controller, responsible for hosting websites, providing infrastructures, IT services, email services, audit services, and any other similar service to enable them to provide said services;
- Service providers chosen by the data controller, responsible for supplying equipment, transport, delivery, or any other similar service to enable them to provide said services;
- To a potential buyer, in the event of a transfer (total or partial) of the data controller’s activities (merger, sale, asset transfer, judicial reorganization, etc.).
- In case of litigation, data may be transmitted to a third party responsible for managing disputes (law firm, debt collection company, etc.), which will also ensure compliance with the applicable legislation regarding this information.
- Accountant, public authority, etc., to comply with the data controller’s legal obligations (communication of data to its accountant, responding to public authority requests, complying with a court decision, etc.).
9. How do we secure your data?
Measures have been implemented to ensure a level of security appropriate to the risks, including:
- Separation of access to areas hosting transmitted data and secure authentication;
- Logging of access made by staff and processors;
- Encryption of personal data, including those transmitted via the website forms;
- Encrypted backups;
- Internal staff trained and certified in personal data protection and information security;
- Internal policies on personal data protection and information security;
- Contracts holding processors responsible for personal data protection.
10. what rights do you have?
Depending on the type of processing carried out on personal data, the data subject may assert several of the following rights:
Right to Information
Any data subject has the right to be informed about the data collected. The data controller seeks to fulfill this information through this Privacy Policy.
A data subject who wishes to obtain more information on the collected personal data may have their request denied in the following cases:
- The data subject already has this information;
- If the request requires disproportionate or impossible efforts;
- If providing this information could seriously compromise the purpose of the processing.
Right of Access
Every data subject has the right to access their personal data.
To do so, the data subject must request it from the data controller, who will detail the specific data they hold about them, subject to the rights and freedoms of others that cannot be compromised.
A response must be provided within one month of the data subject’s request. However, this period may be extended by an additional month depending on the complexity and number of requests. In this case, the data subject will be informed within one month of their access request.
The data controller is entitled to require payment of “reasonable fees” based on the administrative costs incurred to issue these documents if the request is excessively repetitive, unfounded, or clearly intended to abuse the right of access.
Right to Rectification
Every data subject has the right to obtain from the data controller, without undue delay, the rectification of inaccurate personal data concerning them.
The data subject may also request that incomplete data be completed, including by providing a supplementary statement.
The data controller will notify the data subject of the completion of this action.
Right to Erasure
The data subject may claim the right to erasure of their data as soon as one of the following reasons arises:
- The data is no longer necessary concerning the purposes for which it was collected or processed by the data controller;
- The data subject wishes to withdraw their consent and there is no other legal ground for the processing;
- The data subject objects to the processing necessary for the purposes of the legitimate interests pursued by the data controller or a third party;
- The data subject has a right to object which they exercise;
- The data have been unlawfully processed;
- The data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
In such a request, the data controller will take reasonable measures to erase this data within one month of the request.
The data controller will notify the data subject of the completion of this action.
If the data controller does not wish to grant this request, the refusal will be justified.
The right to erasure does not apply to the extent that the processing of this data is necessary:
- To exercise the right to freedom of expression and information;
- To comply with a legal obligation that requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- To establish, exercise, or defend legal claims;
- For archiving or statistical purposes as provided for in Article 89 of the GDPR.
Right to Restrict Processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data;
- The processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead;
- The data controller no longer needs the personal data for processing purposes, but they are required by the data subject for the establishment, exercise, or defense of legal claims;
- The data subject has objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject.
This restriction request implies that personal data may only be processed, with the exception of storage, with the consent of the data subject, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
The data controller will notify the data subject of the completion of this action.
Right to Data Portability
When the processing of the data subject’s personal data is based on the consent given by the data subject, or on a contract, and that processing is carried out by automated means, provided that the data has not been anonymized, the data subject may request to receive these data in a structured, commonly used, and machine-readable format.
The data subject may transmit this data to another data controller without hindrance from the data controller.
Right to Object
The data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them based on the public interest or the legitimate interests of the data controller, including profiling based on those interests.
The data subject may also object to processing based on their consent or on a contract, provided that the data was collected for direct marketing purposes or for archiving or statistical purposes.
The data controller will no longer process the data unless they can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
11. how can you exercise your rights?
Any request can be sent via email to: privacy@cticonsulting.be
If you are not satisfied with the follow-up to your complaint, you can always exercise one of the rights provided above or file a complaint with the data Protection Authority.
You can contact them as follows:
- By phone: (+32) (0)2 274 48 00;
- Email: contact@apd-gba.be;
- Online contact form: https://www.autoriteprotectiondonnees.be/contact;
- By mail: Data Protection Authority, Rue de la Presse 35, 1000 Brussels, Belgium;
- Fax: (+32) (0)2 274 48 35.