The protection of your privacy and your personal data is of paramount importance to SF Company SRL.
2: What is the scope of this policy?
What does “processing your data” mean and who is responsible?
We collect and use only the personal data that is necessary for our activities and that enables us to offer you quality products and services.
SF Company SRL, whose registered office is at 175 rue Bara, 1170 Brussels, is responsible for processing the personal data that it is required to process.
The concept of “processing” is broad and covers, inter alia, the collection, recording, organisation, storage, updating, modification, request, consultation, use, dissemination or otherwise making available, reconciliation, combination, archiving, erasure or final disposal of such data
We are therefore your partner as well as the partner of the supervisory authorities (e.g. the “Data Protection Authority”) for any questions regarding the use of your data by our company.
We ensure that these subcontractors only receive the data strictly necessary to perform their part of the contract.
We may also act as a subcontractor for other entities related or not to SF Company SRL. In this case, it is these entities that are responsible for the processing of personal data. We then follow their instructions.
Through the services of SF Company SRL, in particular via its website (which may contain links to the websites of other parties), you may therefore also use the services of third parties (e.g. the chat, other websites (e.g., third-party websites, forums, Facebook, Twitter, Instagram, newsgroups and/or applications) are subject to their own privacy policies, which you should check carefully. SF Company SRL has no control over, and assumes no responsibility for, the information you place there and the manner in which the data is handled by these third parties.
3: What data is covered by our policy?
The data covered by this policy are the personal data of natural persons, i.e. data which directly or indirectly allow a person to be identified.
In the course of your relationship and interaction with SF Company SRL, we may collect various personal data, such as
We never process data relating to your racial or ethnic origin, political opinions, religion, philosophical beliefs or trade union membership, genetic data, sex life or sexual orientation unless we are required to do so by law or as a result of your performance of our products and services (e.g. you mention such information).
4: Guidelines for processing personal data
SF Company SRL will respect, among others, the following principles when processing personal data in the context of the management and execution of its commitments:
5: When is your personal data collected?
The data we use may be collected directly from you or obtained from the following sources for the purpose of verifying or enhancing our databases:
Some of your data may also be collected by SF COMPANY SRL:
6: On what basis and why do we use your personal data?
We process your personal data for various purposes. For each processing operation, only data relevant to the intended purpose are processed.
In general, we use your personal data:
Personal data are processed by SF COMPANY SRL for purposes that include, but are not limited to
SF COMPANY SRL does not make automated decisions – whether based on profiling or not – that may have legal consequences for you or that significantly affect you, except :
or if we have obtained your express permission to do so.
In these situations, you will be informed in advance of the automated decision, of your right to demand human intervention and of how you can challenge the decision.
7: Who has access to your data and to whom is it transferred?
Only authorised users have access to your personal data for the above purposes. Authorised users are those persons who, within the scope of their function within SF COMPANY SRL, are authorised to process personal data on the basis of the directives of SF COMPANY SRL.
In order to fulfil the above purposes, SF COMPANY SRL may disclose your personal data to
More generally, we do not sell any of your personal data to third parties.. We will only transfer them to third parties if :
We ensure that they handle your Data, as we do, in a safe, respectful and responsible manner and we provide adequate contractual safeguards for this.
We will only pass on your personal data if your interests or fundamental rights and freedoms do not prevail and you will always be informed in a transparent manner (except in the case of legal exceptions). For example, your personal data may be passed on to partners, collection agencies and legal service providers, as well as to partners with whom we collaborate in the context of a specific action.
If SF COMPANY SRL provides personal data to third parties in other situations, this is always done by means of an explicit notification, giving an explanation about the third party, the purposes of the communication and the processing. If required by law, we ask for your explicit permission.
8: How long do we keep your data?
We retain your personal data for the longest period of time necessary to comply with applicable legal and regulatory requirements or for such other period of time as is necessary for operational purposes such as proper bookkeeping, effective customer relationship management and responding to legal or regulatory requests.
Customer data is stored for the life of the contractual relationship and for a period of up to ten years after the contractual relationship has ended.
Data on potential customers is thus kept for a maximum of three years, depending on the life cycle of the project for which it was collected and when the person has expressed an interest.
Some data is archived for longer periods in order to meet our legal obligations and for evidential purposes, in particular to safeguard your rights and the rights of our company. These archived data are only accessible for purposes of evidence in court, control by an authorised authority (e.g. by the tax authority), for reasons of document production before judicial, administrative or police authorities.
9: Security and privacy
SF COMPANY SRL undertakes to adopt the necessary and adequate technical, physical and organisational measures to protect personal data against unauthorised access, unlawful and unauthorised processing, accidental loss or damage, and unauthorised destruction, namely: password protection, hard disk encryption software, firewalls, anti-virus software, intrusion and anomaly detection and access controls for our employees. In the event of a data breach with adverse consequences for your personal data, SF COMPANY SRL shall take the necessary/appropriate measures to ascertain the extent and consequences of the breach, to put an end to it as soon as possible and, if necessary, to limit its impact on the persons concerned, as specified in point 12 below. You are personally notified as a customer in the circumstances prescribed by law.
Data management and storage software is continuously updated.
These measures shall be regularly evaluated and, if necessary, updated in order to ensure maximum protection of the personal data of the data subjects.
Your Personal Data is stored on computer servers located at our headquarters.
10: What are your rights and how can you exercise them?
10.1 : Rights of data subjects
In accordance with the applicable regulations, you have various rights:
Any data subject has the right to make a request for access to his/her personal data. If a data subject exercises this right, SF COMPANY SRL is obliged to provide him or her with information about it, including
If data are inaccurate or incomplete, the data subject may request that they be rectified.
In certain circumstances, the data subject may, in accordance with data protection regulations, request the erasure of personal data concerning him or her, inter alia :
Please note that we may not always be able to delete all the personal data requested, for example if processing is necessary for the establishment, exercise or defence of legal claims or because we are legally obliged to do so. We will provide you with more information on this in our response to your request.
In order to keep your data up to date, we ask you to inform us of any changes (e.g. change of marital status, change of address).
You have the right to object to certain processing of your personal data by us. In particular, you have the right to object, without justification, to the use of your data for prospecting purposes. You can also request that the processing of your data be restricted.
You can therefore determine the privacy settings of your personal data by contacting us or, if applicable, via your personal user account available on our site.
If you do not wish/no longer wish to receive any form of commercial communication, you have the right to object at any time, without any reason, in whole or in part, to the use of your personal data by SF COMPANY SRL for direct marketing purposes. To do so, please contact us:
However, this right can only be exercised under certain conditions:
However, you may not object to processing that is necessary for the execution of orders and purchases concluded with you or for the execution of pre-contractual measures taken at your request; nor may you object to compliance with any legal or regulatory provision to which we are subject.
If you have given your consent to the processing of your personal data, you have the right to withdraw that consent at any time.
Where necessary and to the extent applicable, the data subject may request to receive certain personal data that he or she has provided to SF COMPANY SRL in the course of the management and performance of its activities, and to transfer such data to another Controller, for example in order to be able to change the service provider more easily. Where technically possible, the data subject may request SF COMPANY SRL to transfer the data directly to another Controller.
This is therefore only possible for personal data that you yourself have provided to SF COMPANY SRL, on the basis of an authorisation or service entrusted to SF COMPANY SRL. In all other cases, therefore, you cannot benefit from this right (for example, where the processing of your data occurs on the basis of a legal obligation).
10.2 : Who should you contact?
You can send us an e-mail to email@example.com
In order to exercise your right of access and to avoid any unlawful publication of your personal data, we must verify your identity. If in doubt or unclear, we will first ask you for additional information (preferably a copy of the front of your identity card).
You may exercise your privacy rights free of charge, unless your request is manifestly unfounded or exaggerated, in particular because of its repetitive nature. In this case, we have the right and the choice – in accordance with privacy legislation – to (i) charge you a reasonable fee (taking into account the administrative costs of providing the requested information or communication and the costs of taking the requested action), or (ii) to refuse your request.
If you submit your application electronically, the information is sent electronically if possible, unless your application states otherwise. In any case, we provide you with a concise, transparent, understandable and easily accessible answer.
We will respond to your request as soon as possible, and in any case within one month of receiving your request. Depending on the complexity and number of applications, this period may be extended by two months. If the deadline is extended, we will inform you within one month of receiving the request.
We will always inform you in our reply about the possibility of lodging a complaint with the supervisory authority and appealing to the judge.
11: Transfer of data outside the EEA.
In the case of international transfers from the EEA to a third country for which the European Commission has issued an adequacy decision recognising that country as having a level of protection of personal data equivalent to that provided by EEA law, your personal data will be transferred on that basis.
For transfers to countries outside the EEA for which the European Commission has not issued an adequacy decision, we rely either on an exemption applicable to the situation (e.g. in the case of international payments, the transfer is necessary for the performance of the contract) or on the fact that the recipient of the data has agreed to process the personal data in accordance with the “Standard Contractual Clauses” drawn up by the European Commission for Data Controllers or Processors.
To obtain a copy of these texts or to find out how to access them, you can send a written request in the manner indicated in Section 10.2.
More generally, to the extent that and if personal data is processed outside the European Union, we ensure by contractual or other measures that such data is afforded an appropriate level of protection there, comparable to the protection it would enjoy in the European Union in accordance with European regulations.
12: Violation of personal data
12.1: Reporting of personal data breaches
Authorised users must take care in the performance of their duties to avoid incidents (intentional or unintentional) that may infringe on the privacy of the persons concerned.
In the event of a personal data breach, appropriate measures are taken as quickly as possible to minimise the risk of damage to the data subjects as well as to SF COMPANY SRL (damage to reputation, sanctions imposed, …).
In any case, all authorized users, as well as all other persons who consult, use or manage information of SF COMPANY SRL must immediately report any security breaches and incidents related to the security of the information so that an analysis can immediately be made, the necessary measures taken and whether the breach should be reported to the Data Protection Authority and/or to the persons concerned..
When the notification is made by e-mail, it is important that it is sent to the address mentioned in section 10.2 and that it is expressly stated in the subject line of the e-mail that it is a message with a high degree of urgency about a possible breach related to personal data.
The information should contain a full and detailed description of the incident, including the identity of the person making the report (surname, first name, address, e-mail (if applicable) and telephone number), what type of incident it is, and how many people are involved.
12.2: Survey and risk analysis
In principle, within 24 hours after the incident or violation has been noticed by SF COMPANY SRL or reported by a subcontractor, authorized user, recipient, data subject or third party, an investigation will be initiated by SF COMPANY SRL.
The investigation will indicate the nature of the incident, the type of data involved and whether any personal data specifically are affected (and if so, who are the data subjects and how much personal data are affected). The investigation will determine whether or not there has been a breach of personal data.
In the case of a breach, a risk analysis will be carried out to find out what the (possible) consequences of the breach are, and in particular the (possible) impacts on the persons concerned.
SF COMPANY SRL will then decide, based on the nature of the breach, whether or not there is an obligation to make a notification to the Data Protection Authority and/or the data subject.
12.3 : Documentation des violations
All violations will be documented in a register. The log will detail the main cause of the incident and contributing factors, the chronology of events, response actions, recommendations and lessons learned to identify areas for improvement. Recommended changes to systems and procedures will be documented and implemented as soon as possible.
13: How can I find out about this policy and its changes?
We invite you to consult the latest version of this document on our website and we will inform you of any substantial changes through our website or through our usual communication channels.
14 : How to contact us?
If you have any questions about the use of your personal data under this policy, you can contact us by e-mail at firstname.lastname@example.org
15: Supervisory Authority
For complaints about the processing of your personal data, you can contact the Data Protection Authority, rue de la Presse 35, 1000 Brussels / +32 (0)2 274 48 00 / email@example.com / www.autoriteprotectiondonnees.be
SF Company SRL