NOVE’s commitments as to privacy and data protection
At NOVE, we take the privacy and the protection of the personal data very seriously.
We are therefore committed to protecting the fundamental right to privacy and data protection in every step of our actions. At NOVE, transparency is our priority. We aim to protect any personal data we hold and to manage personal data in a responsible and transparent way.
Who controls the processing of personal data?
NOVE S.A., a public limited company incorporated under the laws of Belgium under number 0502.966.180, with registered offices in 1000 Brussels (Belgium), Rue Paul Emile Janson 6 is responsible for the processing of personal data. It generally acts as (co-)controller under the GDPR which means that NOVE determines the purposes (why?) and/or the means (how?) of the processing of your personal data, as the case may be, jointly with another controller. As a data controller, NOVE is responsible for ensuring that the processing of personal data complies with applicable data protection law, especially the GDPR.
On certain occasions, we may also act as processor of other controllers, mostly our clients.
NOVE may appoint processors who will be responsible for processing personal data on its behalf. We commit to appoint and use only processors capable of guaranteeing a sufficient level of protection of your personal data.
What personal data do we collect and process?
The range of personal data that we collect depends on the purposes of our processing activities.
Generally speaking, we may collect and process the following categories of personal data:
We may also collect and further process personal data indirectly, i.e. personal data not directly collected from data subjects. We may collect and process personal data from third parties or otherwise publicly available data.
For what purposes do we collect personal data?
We collect and process your personal data for varying purposes. We may collect and further process personal data for the following purposes, in particular:
On what grounds do we process personal data?
The legal basis relied on by NOVE to process personal data varies according to the purposes for which it is processed and the categories of data concerned.
For instance, we process the personal data of our clients in order to perform the services they entrusted us with because it is necessary for the performance of the contract we entered into with them. This is also the case in respect of NOVE’s employee personal data.
On other occasions, processing activities with a view to performing the services contracted with our clients will rely on NOVE’s legitimate interests to operate its business. The personal data we may process on those occasions includes, notably, contact details, e-mail addresses, etc. Other instances of processing activities carried out to pursue NOVE’s legitimate interests entail, notably, the performance of market research, the further development of our products and services. We always make sure data subjects’ interests and/or fundamental rights and freedoms are not overridden by NOVE’s legitimate interests.
On limited occasions, certain processing activities may be required by law. In this case, NOVE processes your personal data in order to comply with its legal obligations.
Where processing activities are based on consent, data subjects are always entitled to withdraw such consent. Withdrawing consent shall not affect the lawfulness processing activities which occurred before your withdrawal.
Who and where do we transfer personal data to?
When we share or otherwise disclose personal data, we make sure we only do so with organisations capable of guaranteeing an equivalent level of protection to the one we apply to our processing activities.
We may share personal data with our agents, partners, clients, contractors, professional advisors or government or regulatory bodies for the following purposes: (a) provide our services to clients or otherwise receive assistance in processing transactions and performing our contracts; (b) fulfilment of requests for information, receiving and sending communications, updating marketing lists, analysing data; (c) provision of IT and other support services; (d) to facilitate the operation and effective management of our group of businesses; (e) comply with a legal obligation or in connection with a legal claim or dispute or to otherwise protect our legal rights; (f) assistance in other ancillary to the operation of tasks, from time to time
NOVE may process personal data outside the European Economic Area (EEA). In this case, NOVE endeavours to transfer personal data concerning data subjects only to third countries demonstrating an adequate level of protection with appropriate safeguards as to data protection and privacy.
For instance, personal data processed by NOVE as data controller or, as the case may be, as data processor are stored on a server located in Switzerland, i.e. outside the EEA. This international transfer of personal data is legitimate in light of European Commission Decision 2000/518/EC of 26 July 2000 on the adequate protection of personal data in Switzerland.
Where NOVE transfers personal data outside the EEA to third countries which cannot benefit from an adequacy decision of the European Commission, such transfers will only occur on the basis of standard contractual clauses adopted by the European Commission under Decisions 2010/87/EC of 5 February 2010 or 2004/915/EC of 27 December 2004, or on the basis of other mechanisms as provided in Chapter 5 of the GDPR.
There are different categories of cookies:
NOVE does not use or otherwise place marketing cookies onto terminals of data subjects without their consent. Other types of cookies may however be placed onto data subjects’ terminals. Cookies are developed in a manner that they will only be placed on terminals after a positive action from data subjects consenting on their placement, except as essential/necessary cookies are concerned. This is because without these cookies, our website cannot run smoothly.
How long do we store personal data?
When a minimal storage period is imposed by law, we have no other choice but to store personal data for this period. This is notably the case as far as so-called ‘social documents’, like employment contracts, and ‘fiscal documents’, like 281.10 forms as well as billing information. The law imposes that the former must be retained for 5 years while the latter must be retained for 7 years. Beyond that time and where the law does not set a minimal storage period, we endeavour not to store personal data for a period longer than what is necessary for the purposes for which personal data were initially processed.
In determining the storage period of personal data we notably take into account both the interests of data subjects as well as ours on the understanding that your interests will always prevail over ours, the nature of the data concerned and the purposes of the processing. In any event, NOVE shall always store your personal data only for the time reasonably necessary to enable the purposes for which they are processed to be fulfilled.
We may process and store personal data for longer periods, in particular for statistical purposes. Where such processing activities occur, NOVE makes sure that appropriate organisational and technical measures are in place to safeguard your rights.
Automated decision-making and profiling
NOVE does not process personal data using automated decision-making processing means, i.e. situations where decisions are taken automatically without human intervention, which produce legal effects concerning data subjects or which significantly affect data subjects.
If, for some reasons, we decide to make use of such methods, we endeavour to inform data subjects of the implementation of such methods of processing. They will be able to object to the processing of their personal data via such means.
How do we protect personal data?
NOVE understands that the security of personal data is paramount. We make our best efforts to protect personal data from misuse, interference, loss, unauthorised access, modification or disclosure. We have implemented various technical and organisational measures to best ensure the security and integrity of personal data, such as multi-levels access control, firewalls, anti-virus or encryption of data. When contracting with suppliers, NOVE makes sure that these suppliers provide at least an equivalent level of security of personal data as the one it applies to its processing activities.
What are data subject’s rights regarding NOVE’s processing activities of personal data?
Where NOVE processes personal data, data subjects whose data are being processed are entitled to exercise certain rights the GDPR empowers them with.
If data subjects wish to exercise any of these rights, they are invited to send a motivated request to info@NOVE.eu. NOVE endeavours to react to a request to exercise any of the rights listed hereunder without undue delay and in any event within one month from receipt of said request.
Right of access
Data subjects have the right to obtain the confirmation from us that personal data concerning them are being processed and to access those data together with basic information relating to the processing of this data, such as the purposes of the processing, the categories of data concerned, the recipients or categories of recipient to whom the data have been or will be disclosed, the envisaged retention period of the data, the right to lodge a complaint with the competent supervisory authority, etc.
Right to rectification
Data subjects have the right to request from NOVE the correction and rectification of any inaccurate personal data.
Right to erasure
Where applicable, data subjects have the right to request the erasure of your personal data, when:
Right to restriction
Where applicable, data subjects also have the right to restrict NOVE’s processing of your personal data, when:
Right to data portability
Personal data is portable. Data subjects can request to receive from us your personal data in a structured, commonly used and machine-readable format so you can transmit it to another controller. They can only exercise this right where the processing:
Right to object
Where applicable, data subjects may be entitled to object to the processing of their personal data at any time.
The right to lodge a complaint with a supervisory authority
Data subjects have the right to lodge a complaint directly with the supervisory authority in case of doubt as to NOVE’s processing activities.
The Belgian Data Protection Authority (Autorité de Protection des Données or Gegevensbeschermingsautoriteit) is the competent supervisory authority to monitor Gimber’s data processing activities. It can be contacted via e-mail: email@example.com.
Would you like to contact NOVE?
In case of queries and comments regarding NOVE’s privacy and data protection policies, please send an e-mail to info@NOVE.eu.