Gantrex Privacy Policy
1 Document owner and version history
Rev: 1
Date 18/01/2024
Author: Angelique Lecomte
Validated by: Axel Boitel
Comment: First version
Rev: 2
Data: 27 Nov 2024
Author: Angelique Lecomte
Validates by : Axel Boitel
Comment: Adding MyGantrex and EasyCheck
2 Who are we?
2.1 Gantrex as data controller
With this statement (hereafter referred to as the ‘Statement’) we wish to inform you why and how your
personal data are collected and processed by Gantrex, with registered office at Rue du Commerce,
19, 1400 Nivelles (Belgium) (hereafter collectively referred to as ‘We’ or ‘Gantrex’).
Our contact details can be found in point 11 of this Statement.
We are responsible for processing the personal data that We request and use. As the data controller,
We take the measures that ensure that you:
Continue to be informed about our processing of your personal data and your rights;
Retain control of the personal data that We process;
Are able to exercise your rights relating to your personal data. More information on your rights can be found in point 9 of this Statement
3 What information do we collect about you?
3.1 Personal data
Personal data’ means all information relating to a given living natural person. The type of personal
data We collect depend on the services you request and include, where applicable, data about you
and/or your representatives, personnel, self-employed staff and/or directors (hereafter jointly also
referred to as ‘You’ or ‘Your’).
If We receive your personal data from your representatives, personnel, self-employed staff and/or
directors, you must inform them of the existence and content of this Statement, including our duties,
their rights and the way in which they can exercise these rights.
In particular, we collect administrative data and contact details. This makes it possible for us to
identify you or contact you, or We can do business with you if you are a customer, a supplier or a
business partner. These personal data may be contact details such as your name, address, telephone
number, email address, or your bank account number.
We collect and process none of the so-called sensitive data, namely:
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical
beliefs, or trade union membership;
Genetic or biometric data (e.g. facial images and fingerprints);Health-related information;
Data relating to sexual behaviour or sexual orientation.
If such sensitive personal data were to be provided to us, we would not use them and we would delete
them
3.2 Minors
4 Why do we need your data?
4.1 Because it is necessary to be able to function as a company
What does this purpose entail?
This objective amounts to what is called a ‘legitimate interest’. We do indeed still have a number of
legitimate interests on which the processing of personal data is based. We may use your personal
data to be able to create your account as a contact in the scope of our usual business.
For example, personal data are processed in various situations:
Personal data used to support our business activities and transactions;
Personal data can serve as proof (archives);
Personal data may be used to establish, exercise, defend and indemnify our rights or
those of the persons who my represent us, for example, in the event of disputes;
Personal data can be used for the administration, (risk) management and monitoring of
our organisation, including for matters relating to compliance (e.g. money laundering,
fraud prevention and investigations and privacy), risk management, risk functions and
inspection, complaint management and internal and external audits;
Which personal data do we process to this end?
We collect and process your name, email address, phone number, employer/company details, job
position.
This happens only after we have made the assessment that in any case the balance between our
legitimate interests and the potential impact on your privacy will not be disturbed.
If you nevertheless have objections to this processing, you can exercise your rights to object as mentioned in point 10.3 of this statement.
4.2 Provision of additional services
What does this purpose entail?
We may use your personal data to be able to create your account to carry out additional and optional
services provided by our company:
Downloading technical documentation from our website www.gantrex.com;
“Contact us” form in our website;
Portal “My Gantrex” to selected customers;
Application “Gantrex EasyCheck” to selected customers;
Customer Satisfaction Survey;
We request your express consent for above additional services.
Which personal data do we process to this end?
We collect and process your name, email address, phone number, employer/company details, job
position.
If you nevertheless have objections to this processing, you can exercise your rights to object as
mentioned in point 10.3 of this statement
4.3 Marketing communication
Your personal data are not used for direct marketing such as advertising campaign.
4.4 Profiling
Your personal data are not used for profiling purposes
4.5 Cookies
Our website www.gantrex.com uses cookies, which are small text files stored on your device, and
similar technologies. You can find more information about the use of cookies in our Cookie Policy.
5 Do we request your consent for processing?
-Your personal data may only be lawfully used and processed by us if one of the following conditions
is met:
The use of your personal data is necessary to operate as a company of our legitimate interests,
for the implementation of an agreement that you have concluded with us or, at your request, to
take the necessary steps to conclude an agreement with us.
This forms the basis of the processing purposes stated in point 4.1 of this statement.
We have your express and free consent to use your personal data for a particular purpose.
For example, we will request your permission to provide additional and optional services, as
mentioned under point 4.2 of this statement.
We may be required by law to process certain data and, in particular, to pass them on to the
relevant authorities.
6 With which other persons do we share your personal data?
Only our employees who effectively need access to perform their duties have access to your data.
These persons act under our supervision and responsibility.
We also call on external suppliers that carry out certain processing operations for us so that we can
offer you our products and activities, such as, among other things, IT services, financial, accounting
and similar other services. Since such third parties have access to personal data within the scope of
the services we have requested. We have taken technical, organisational and contractual measures
to ensure that your personal data are only processed and used for the purposes stated in point 4 of
this Statement.
Only if We are legally obliged to do so can your personal data be provided to supervisory institutions,
tax authorities and investigation services.
7 Where are the data stored and processed?
If you nevertheless have objections to this processing, you can exercise your rights to object as
mentioned in point 10.3 of this statement.
Your personal data are not used for direct marketing such as advertising campaign.
Your personal data are not used for profiling purposes.
Our website www.gantrex.com uses cookies, which are small text files stored on your device, and
similar technologies. You can find more information about the use of cookies in our Cookie Policy.
Your personal data may only be lawfully used and processed by us if one of the following conditions
is met:
The use of your personal data is necessary to operate as a company of our legitimate interests,
for the implementation of an agreement that you have concluded with us or, at your request, to
take the necessary steps to conclude an agreement with us.
This forms the basis of the processing purposes stated in point 4.1 of this statement.
We have your express and free consent to use your personal data for a particular purpose.
For example, we will request your permission to provide additional and optional services, as
mentioned under point 4.2 of this statement.
We may be required by law to process certain data and, in particular, to pass them on to the
relevant authorities.
Only our employees who effectively need access to perform their duties have access to your data.
These persons act under our supervision and responsibility.
We also call on external suppliers that carry out certain processing operations for us so that we can
offer you our products and activities, such as, among other things, IT services, financial, accounting
and similar other services. Since such third parties have access to personal data within the scope of
the services we have requested. We have taken technical, organisational and contractual measures
to ensure that your personal data are only processed and used for the purposes stated in point 4 of
this Statement.
Only if We are legally obliged to do so can your personal data be provided to supervisory institutions,
tax authorities and investigation services.
Your data will not be transported outside the EU and, in any case, we will ensure that the minimJIJ!II
legal requirements and secur_ity standards a_re respected _at all times. If _we suspect th_at your data .E _l
8 How long do we retain your personal data?
We only store your data for as long as this is necessary for the purposes for which the data are to be
used as stated in point 3 of this Statement. Any deviations or clarifications of this principle are
explicitly stated under the various purposes mentioned in item 4 of this Statement.
Since the need to retain data may vary by the type of data and by the purpose of the processing, the
actual retention periods may vary considerably.
We can hereby inform you that We take the following criteria, among others, into account when
determining the retention periods:
- How long are the personal data needed for the requested service to be provided?
- Have we established and announced a specific retention period?
- Have we been given permission for a longer retention period?
- Do we have a legal, contractual or similar obligation to retain the data?
As soon as your data are no longer required and we do not have a legal obligation to retain them, we
will permanently erase them or, if this is not possible, anonymise them in our systems.
Your personal data will be retained and used for as long as necessary to comply with our legal
obligations, to settle disputes or to enforce our agreements.
9 How do we protect your personal information?
be stored and processed outside the EU, we will explicitly inform you of this and ensure that the same
level of protection is used as is applicable within the EU.
Apart from these cases, your personal data will never be transferred to or made available to third
parties and will only be used for our purposes. Other companies can therefore not use your data, e.g.
to send you advertising.
We only store your data for as long as this is necessary for the purposes for which the data are to be
used as stated in point 3 of this Statement. Any deviations or clarifications of this principle are
explicitly stated under the various purposes mentioned in item 4 of this Statement.
Since the need to retain data may vary by the type of data and by the purpose of the processing, the
actual retention periods may vary considerably.
We can hereby inform you that We take the following criteria, among others, into account when
determining the retention periods:
How long are the personal data needed for the requested service to be provided?
Have we established and announced a specific retention period?
Have we been given permission for a longer retention period?
Do we have a legal, contractual or similar obligation to retain the data?
As soon as your data are no longer required and we do not have a legal obligation to retain them, we
will permanently erase them or, if this is not possible, anonymise them in our systems.
Your personal data will be retained and used for as long as necessary to comply with our legal
obligations, to settle disputes or to enforce our agreements.
Your personal data are considered to be strictly confidential. We take the appropriate technical and
organisational measures to protect the provided and collected personal data from destruction, loss,
unintended alteration, damage, accidental or unlawful access or any other unauthorised processing.
10 What are your rights?
10.1 The rights of access, rectification, erasure and transferability of data and of
objection
The right to access your personal data
You have the right at all times to access and inspect your personal data processed by us. We will
provide you with a copy of your personal data in this connection free of charge if you so request.
To exercise your rights, please refer to point 10.2 of this Statement.
The right to rectify your personal data
You have the right at any time to have incorrect, incomplete, inappropriate or outdated personal data
erased or rectified.
To exercise your rights, please refer to point 10.2 of this Statement.
The right to withdraw your consent
If the processing is based on your consent as set out in point 5.1., then you have the right to withdraw
this consent at any time.
To exercise your rights, please refer to point 10.2 of this Statement.
The right to object to certain processing
If your personal data are processed for statistical purposes, then you have the right to object to the
processing of your personal data for reasons relating to your specific situation.
To exercise your rights, please refer to point 10.2 of this Statement.
The right to have Your personal data erased
You are entitled to have your personal data deleted. Based on this, if you no longer wish to have a
relationship with us you can ask us to stop using your personal data. However, we may keep personal
data that are required for purposes of proof.
Under this right of erasure, you also have the right to ask us at any time to stop using your personal
data that are processed on the basis of your consent or our legitimate interest. Due to legitimate
interests, we may still continue to process your personal data after weighing your interests against
ours, unless you decide to terminate your relationship with us.
To exercise your rights, please refer to point 10.2 of this Statement.
The right to transfer personal data
With respect to the processing of your personal data based on your consent or because it is necessary
in order to provide the requested products or services, you may ask us to forward your personal data
to you – in a structured, commonly used and digital form – so that you can keep your data for personal
(re)use, or to forward your data directly to another data controller, to the extent that this is technically
feasible for us.
To exercise your rights, please refer to point 10.2 of this Statement.
10.2 How you can exercise your rights
To exercise the rights mentioned above you may send us a written request:
By email: privacy@gantrex.com
When exercising your right, we request that you clearly state the right to which you wish to appeal and
any processing operation(s) you oppose or which consent you wish to withdraw.
10.3 Issues to consider when exercising rights
The right to limit certain processing operations
You may request that we limit the processing of your personal data in any of the following cases:
if you dispute the accuracy of your personal data, you may request a limitation of its
processing for a period that enables us to verify the accuracy of your personal data;
if the processing is unlawful and you object to the erasure of the personal data and you
request us instead to limit their use;
if we no longer need your personal data for the processing purposes referred to in point
3, but you still need your data for the establishment, exercise or substantiation of a legal
claim;
if you objected to a processing operation, we will continue processing pending an answer
to the question as to whether our legitimate grounds more heavily outweigh yours.
If you have obtained the right to have the processing of your data limited, we will no longer perform
any operations with the personal data concerned, other than the storage of these data.
To exercise the rights mentioned above you may send us a written request:
By email: privacy@gantrex.com
When exercising your right, we request that you clearly state the right to which you wish to appeal and
any processing operation(s) you oppose or which consent you wish to withdraw.
We wish to inform you that the objection to certain processing operation(s) or the withdrawal of your
consent for certain processing operations involving your personal data may result in you no longer
being informed of, or being able to use, activities or services that we offer.
11 How can you submit questions or complaints?
If you have a question or complaint about our processing of personal data please contact us through
the following channels:
By email: privacy@gantrex.com
If at any time you believe that GANTREX is infringing on your privacy, you have the right to lodge a
complaint with the Belgian Data Protection Authority: Data Protection Authority, Rue de la Presse 35,
1000 Brussels, tel. +32 (0)2 274 48 00, e-mail: contact@apd-gba.be.
12 Amendments to this Statement
If you have a question or complaint about our processing of personal data please contact us through
the following channels:
By email: privacy@gantrex.com
If at any time you believe that GANTREX is infringing on your privacy, you have the right to lodge a
complaint with the Belgian Data Protection Authority: Data Protection Authority, Rue de la Presse 35,
1000 Brussels, tel. +32 (0)2 274 48 00, e-mail: contact@apd-gba.be.
We may amend or supplement this Statement as we deem necessary.
If significant changes are made to this Statement the date of amendment of the Statement will be
provided and we will also notify you accordingly and provide you with a copy of the amended
Statement.
We also encourage you to review this Statement periodically to find out how we process and protect
your personal data.