1. WHAT DO WE DO WITH YOUR PERSONAL DATA?
1.1 MISSION-SYSTOLE SPRL, a company with limited liability organised under Belgian law, with statutory seat located at Rue du bourdon 100, 1180 Uccle (Belgium) and registered with the Crossroads Bank for Enterprises under company number 0807.999.707 (“MS”, “we”, “our”, “us”) processes personal data related to its former and past customers or customers’ representatives, its prospects, its suppliers’ representatives, the visitors to its websites and other data subjects (the “data subject”, “you”, “your”).
2.1 We use our best efforts to bring our data processing activities into compliance with applicable data protection legislation, including Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.
3. CATEGORIES OF PERSONAL DATA
3.1 We process the following categories of personal data, in particular for the purposes described hereafter:
Your email address for allowing us to contact you for direct marketing purposes, to send you our newsletters and to invite you to commercial events;
Your personal identification data (surname, first name, title), professional identification data (job title), email address, postal address and telephone number for managing our supplier relationships and preparing our supplier contracts;
Data related to your professional life (work aptitudes, experience, information on your CV, etc.) for recruitment purposes;
Your electronic identification data (IP address, dates and hour of access to the website, pages consulted, etc.), only processed, on an aggregated basis, for measuring our website audience and for generally improving your user experience on our website;
Your personal identification data and email address when you make a request for information through our website;
Video footage of you, only processed in the context of the surveillance of our premises through CCTV and only to the extent permitted by applicable law.
3.2 We may also process certain other categories of personal data where their processing is necessary for the establishment, exercise or defence of a legal claim.
3.3 When performing market analysis online, we may process any personal data that is being made publicly available (e.g. information that is available on the Internet) or that we have otherwise obtained in accordance with Applicable Data Protection Law.
3.4 We may also process your personal data: To carry out corporate restructuring operations; For the management of disputes with customers, suppliers and other data subjects.
3.5 We may be processing your personal data in a capacity of data processor on behalf of our customers. In that case, we are acting under the documented instructions of our customers. We invite you to read their privacy statements to understand how your personal data is being processed and how to exercise your data protection rights. Unless otherwise agreed with our customers, we will forward to our customers any requests from you to exercise your data protection rights.
3.6 The provision of your personal data may be necessary for:
Compliance with a legal obligation applicable to us (e.g. with regard to invoicing, surveillance of our premises, taxation, etc.);
The legitimate interests pursued by us (or by a data recipient) provided that these interests prevail over your fundamental rights and freedoms.
3.7 In some cases, we will ask for your free, prior and informed consent before processing some of your personal data (e.g. your email address for direct marketing purposes if you are not yet a customer with us, etc.).
3.8 We do not subject you to decisions based exclusively on automated processing that produce legal effects concerning you or affect you significantly
3.9 The provision of some of your personal data (e.g. your name, etc.) is a condition to the conclusion of a services contract with MS.
3.10 The possible consequences of not providing your personal data could include our inability to meet our obligations under the services contract or a breach by us of one or more obligations under applicable laws (e.g. accounting or tax laws).
3.11 Please note that we may process personal data contained in the electronic communications you have with us or that you voluntarily provide in the context of a request for information.
4. SOURCE OF THE DATA
4.1 We may collect your personal data as follows:
From publicly accessible information (on the Internet).
5. RECIPIENTS OF YOUR PERSONAL DATA
5.1 We may disclose your personal data to the following recipients:
The customer support team;
The directors of MS;
Our legal counsels and/or lawyers in the context of corporate restructuring operations and litigation proceedings;
Third party service providers related to the operation and maintenance of the information systems processing your personal data (these providers only have access to the personal data necessary to carry out their missions);
Government entities authorised to access and/or obtain your personal data in accordance with applicable law;
The courts and tribunals of the judicial order in the event of a dispute involving you;
Law enforcement authorities in the event of a finding or a suspicion of the occurrence of an offence involving you in accordance with or as required by applicable law.
5.2 In the event of corporate restructuring operations (e.g. mergers or acquisitions), we may transfer your personal data to a third party involved in the transaction (for example, a buyer) in accordance with Applicable Data Protection Law.
6. THIRD PARTIES
6.1 We take appropriate measures to ensure that our third party vendors process your personal data in accordance with Applicable Data Protection Law
6.2 We also ensure that our processors undertake to, among other things, process your personal data only on our instructions, not hire subprocessors without our consent, take appropriate technical and organisational measures to ensure an adequate level of security of your personal data, ensure that persons authorised to access your personal data are subject to obligations of confidentiality, return and/or destroy your personal data at the end of their services, comply with audits and assist us in following up on your requests regarding the exercise of your data protection rights.
7. TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA
7.1 We transfer your personal data to countries located outside of the European Economic Area (“EEA”), such as the United States.
7.2 In case your personal data is transferred to countries located outside of the EEA, we will ensure that appropriate safeguards are taken, such as:
Standard data protection contractual clauses as approved by the European Commission pursuant to Article 47 of the GDPR have been established; or
In case of a transfer of personal data to the United States, the transfer complies with the conditions imposed by the EU-US Privacy Shield under Article 45 of the GDPR.
7.3 For further information about transfers of personal data outside of the EEA, please consult the following link: https://edps.europa.eu/data-protection/data-protection/reference-library/international-transfers_en.
7.4 If you would like to obtain more information about the appropriate safeguards taken by MS for the transfer of personal data outside of the EEA, please contact our Data Protection Correspondent by email at GDPR@mission-systole.be.
8.1 We ensure that your personal data are kept for no longer than is necessary for the purposes for which they are processed.
8.2 We use the following criteria to determine the retention periods of personal data according to the context and purposes of each processing operation:
The date of your last contact with MS;
The date of your last visit on the website of MS;
The sensitivity of personal data;
Security reasons (for example, the security of our premises or of our information systems);
Any current or potential dispute involving you;
Any legal or regulatory obligation to retain or delete personal data (for example, a retention obligation imposed by accounting.
or tax laws).
9. YOUR RIGHTS
9.1 Subject to Applicable Data Protection Law, you have the rights to be informed, to access, rectify and erase your personal data, the rights to object to or restrict the processing of your personal data, the right to data portability and the right to withdraw consent.
What does it mean ?
The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this Policy.
The right of access
You have the right to obtain access to your personal data.
This is so you are aware and can check that we are using your personal data in accordance with Applicable Data Protection Law.
The right to rectification
You are entitled to have your personal data rectified if they are inaccurate or incomplete.
The right to erasure (the “right to be forgotten”)
You have the right to have your personal data erased. However, the right to erasure (or the “right to be forgotten”) is not absolute and is subject to special conditions. We may retain your personal data to the extent permitted by applicable law, and in particular when their processing remains necessary to comply with a legal obligation to which MS is subject or for the establishment, exercise or defence of a legal claim.
The right to restrict processing
You have rights to restrict further use of your personal data (e.g. when MS does not need your personal data anymore but your personal data are still necessary for the establishment, exercise or defence of a legal claim).
The right to object to processing
You have the right to object to certain types of processing (e.g. when the processing is based on the legitimate interests of MS and, taking into account your particular situation, your interests or fundamental rights and freedoms prevail).
The right to data portability
You have the right, under certain circumstances, to receive the personal data concerning you and that you have provided to MS in a structured and commonly used machine-readable format and to transmit them to another data controller.
The right to withdraw consent
If you have given your consent to the processing by MS of your personal data, you have the right to withdraw your consent at any time.
10. RIGHT TO OBJECT TO MARKETING
10.1 If you are a customer of MS, we process your email address for direct marketing purposes.
10.2 You have the right to object at any time to the processing of your personal data for direct marketing purposes by unsubscribing from our mailing list or by sending an email to our Data Protection Correspondent at GDPR@mission-systole.be.
11.1 We implement adequate technical and organisational measures to ensure a level of security of your personal data that is appropriate to the risks.
11.2 We take appropriate measures to ensure that we report security incidents leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
12. QUESTIONS AND COMPLAINTS
12.1 If you have any questions or complaints about the way we process your personal data, please send them to our Data Protection Correspondent by email at GDPR@mission-systole.be or by post at Mission-Systole SPRL, Rue du bourdon 100, 1180 Uccle (Belgium).
12.2 You have the right to lodge a complaint at the competent supervisory authority. The competent supervisory authority for Belgium can be contacted at :
35 Rue de la Presse / Drukpersstraat, 1000 Brussels
+32 (0)2 274 48 00
13.1 We reserve the right to modify this Policy at any time, so please review it frequently. We will inform you of changes we make to this Policy so that you are at any time aware of the way we process your personal data.
13.2 In the event of a conflict or inconsistency between a provision of this Policy and a provision of another policy or another document of MS relating to the processing of personal data, the provision of this Policy shall prevail.
13.3 This Policy is governed by Belgian law and any litigation arising out of, or in connection with, the formation, execution, interpretation and termination of this Policy will be submitted to the courts of Brussels.