Information Regarding Personal Data and How it is Processed
Data Processing and Responsibility
By ‘processing’, we mean every operation we carry out on data, such as collecting, saving, storing, consulting, using, sending, deleting, archiving, and destroying data.
D’Ieteren N.V., headquartered at Rue du Mail, 50, 1050 Brussels, is the entity responsible for processing your personal data. Any questions you may have on this matter can be sent to us by mail at the above address or by e-mail at the following address: email@example.com.
What personal data do we process?
By ‘personal data’, we mean any information regarding any identified or identifiable person.
We process the personal data that you send us – such as user data (e.g. first and last name, sex, language, address, e-mail address, bank account number and similar information, copies of ID cards, hobbies), how often you visit our websites.
We do not process ‘sensitive’ data concerning things including, but not limited to, race or ethnicity, political opinions, religious or philosophical convictions, your life and/or sexual orientation, or your health. If it were necessary to process such data, we would only do so after having received your express permission, and only for specific purposes that we would explain to you in advance, or if it were necessary to process it for the purposes of labour law, social security, preventive medicine, or workplace medicine.
For what purposes and on what basis do we use the data that you send us?
We use the personal data that you send to us for a variety of purposes, such as:
- Administering our contractual relationship and the associated services (e.g. telephone number to inform you of the completion of the requested works, or for requesting feedback during satisfaction surveys);
- For purposes that you have specifically agreed to (e.g. using your e-mail address if you have opted to receive newsletters on our products via e-mail);
- To perform statistical analyses (e.g. using anonymous data to determine how often customers come to our workshops);
- To comply with mandatory legal or regulatory obligations we are required to meet;
- When we have a legitimate interest in doing so, such as in preventing and fighting fraud. In this case, we balance this interest alongside our efforts to respect your privacy;
- Rendering the data pseudo-anonymous, with no relation to your personal data, for commercial purposes.
We may sometimes need to transfer your data to other companies within our corporate group (sister companies, subsidiaries like D’Ieteren Lease or Volkswagen D’Ieteren Finance) for the abovementioned purposes.
We will not transfer your data to third parties, except:
- When we are legally required to do so (e.g. the Credit Register of the National Bank of Belgium, when issuing a loan);
- When we are legally authorised to do so (e.g. if we transfer our rights and obligations to a loan)
- To subcontractors, when this is needed to perform our services (e.g. electronically archiving of invoices)
- To keep it up to date (sending it to BPost when mail is returned following a change of address)
- When you provide prior consent
If processing the data via a subcontractor requires it to be transferred outside of the European Union, we will ensure that your data is protected in accordance with applicable European Union law.
We ensure that any third party to whom we transfer your data, processes it the same way as we do, with the highest standard of security, taking every measure necessary to safeguard it.
How do we protect your data, and how long do we store it?
We take every technical and organisational measure needed to protect your personal data.
Your data is stored for the time needed to process it for the purposes for which it was collected, which varies according to the purpose of its collection. For example:
- 7 years for accounting/tax documents;
- 8 years after the end of the contractual relationship to conserve proof for disputes or claims;
- 8 years after a marketing campaign with no result.
This time period can sometimes be longer, to comply with legal requirements or in the event of a dispute or claim.
At the end of these storage periods, personal data is deleted or rendered anonymous or unusable.
What are your rights?
You have the following rights with regard to the personal data that we collect/that you send us:
- The Right to Access and Transfer Data:
You have the right to access all personal data concerning you. You have the right to receive confirmation as to whether your personal data is or is not being processed, and to be informed of the purposes for which we process it, the type of data that is processed, the persons and entities who receive the data, and how long your data is stored. You also have the right to receive a copy of the personal data that you have provided, and to send it (or ask us to send it) to another entity responsible for processing personal data.
- The Right to Correct/Delete Data – The Right to Be ForgottenYou have the right to ask for data concerning you to be corrected if you note that it is inaccurate or incomplete. You also have the right to ask for your personal data to be deleted if it is no longer necessary for the purposes for which it was collected. If you gave us permission to process your personal data, you have the right to withdraw this permission at any time.
- The Right to Object to the Processing of Data for Marketing Purposes
You have the right to refuse for your data to be processed for direct marketing or prospecting purposes. No reason need be provided if you decide to refuse.
- The Right to Limit Data Processing
You have the right to require us to limit the processing of your data: (i) when you contest the accuracy of the data; (ii) when you object to the data being deleted and demand instead that it be used in a limited fashion; or (iii) when we no longer need to process your data, but you still require it for the purposes of establishing, exercising, or defending legal claims.
- The Right to File a Complaint with the Oversight Authority
You may, if you choose, file a complaint concerning the processing of your data with the Data Protection Authority (formerly the Privacy Commission) at the following address: Autorité de la Protection des Données, Rue de la Presse, 35, 1000 Bruxelles – firstname.lastname@example.org
You can exercise the first four rights by contacting us at the addresses mentioned in the section ‘Data Processing and Responsibility’.
How to Contact Our Data Protection Officer
To ensure that the way in which we process personal data complies with applicable legislation, we have appointed a Data Protection Officer (D.P.O. – e-mail: DPO@dieteren.be – Address: rue du Mail, 50, 1050 Bruxelles).