NOVE’s commitments to privacy and data protection
At NOVE, we take privacy and the protection of personal data seriously and make transparency our priority.
We are therefore committed to protecting the fundamental right to privacy and data protection in every step of our actions and to manage personal data in a responsible and transparent way.
Who controls the processing of personal data?
NOVE S.A., a public limited company incorporated under the laws of Belgium under number 0502.966.180, with registered offices in 1000 Brussels (Belgium), Rue Paul Emile Janson 6 is responsible for the processing of personal data. It generally acts as (co-)controller under the GDPR which means that NOVE determines the purposes (why?) and/or the means (how?) of the processing of your personal data, as the case may be, jointly with another controller. As a data controller, NOVE is responsible for ensuring that the processing of personal data complies with applicable data protection law, especially the GDPR.
On certain occasions, we may also act as processor of other controllers, mostly our clients.
NOVE may appoint processors who will be responsible for processing personal data on its behalf. We commit to appoint and use only processors capable of guaranteeing a sufficient level of protection of your personal data.
What personal data do we collect and process?
The range of personal data that we collect depends on the purposes of our processing activities.
Generally, we may collect and process the following categories of personal data:
We may also collect and further process personal data indirectly, i.e. not directly collected from data subjects, but from third parties or otherwise publicly available.
For what purposes do we collect personal data?
We collect and process your personal data for varying purposes. We may collect and further process personal data for the following purposes, in particular:
On what grounds do we process personal data?
The legal basis NOVE relies on to process personal data varies according to the purposes for which it is processed and the categories of data concerned.
For instance, we process the personal data of our clients to perform the services they entrusted us with because it is necessary for the performance of the contract we entered into with them. This is also the case in respect of NOVE’s employees’ personal data.
On other occasions, processing activities with a view to performing the services contracted with our clients will rely on NOVE’s legitimate interests to operate its business. The personal data we may process on those occasions includes, notably, contact details, e-mail addresses, etc. Other instances of processing activities carried out to pursue NOVE’s legitimate interests entail, notably, the performance of market research and further development of our products and services. We always make sure data subjects’ interests and/or fundamental rights and freedoms are not overridden by NOVE’s legitimate interests.
On limited occasions, certain processing activities may be required by law. In this case, NOVE processes personal data to comply with its legal obligations.
Where processing activities are based on consent, data subjects are always entitled to withdraw such consent. Withdrawing consent shall not affect the lawfulness of processing activities prior to such withdrawal.
Who and where do we transfer personal data to?
When we share or otherwise disclose personal data, we make sure we only do so with organisations capable of guaranteeing an equivalent level of protection to the one we apply to our processing activities.
We may share personal data with our agents, partners, clients, contractors, professional advisors or government or regulatory bodies for the following purposes: (a) to provide our services to clients or otherwise receive assistance in processing transactions and performing our contracts; (b) to fulfil requests for information, receiving and sending communications, updating marketing lists, analysing data; (c) to provide of IT and other support services; (d) to facilitate the operation and effective management of our businesses; (e) to comply with a legal obligation or in connection with a legal claim or dispute or to otherwise protect our legal rights; (f) to assist in other ancillary to the operation of tasks, from time to time
NOVE may process personal data outside the European Economic Area (EEA). In this case, NOVE endeavours to transfer personal data concerning data subjects only to third countries demonstrating an adequate level of protection with appropriate safeguards as to data protection and privacy.
For instance, personal data processed by NOVE as data controller or, as the case may be, as data processor are stored on a server located in Switzerland, i.e. outside the EEA. This international transfer of personal data is legitimate in light of European Commission Decision 2000/518/EC of 26 July 2000 on the adequate protection of personal data in Switzerland.
Where NOVE transfers personal data outside the EEA to third countries which cannot benefit from an adequacy decision of the European Commission, such transfers will only occur on the basis of standard contractual clauses adopted by the European Commission under Decisions 2010/87/EC of 5 February 2010 or 2004/915/EC of 27 December 2004, or on the basis of other mechanisms as provided in Chapter 5 of the GDPR.
There are different categories of cookies:
NOVE does not use or otherwise place marketing cookies onto terminals of data subjects without their consent. Other types of cookies may however be placed onto data subjects’ terminals. Cookies are developed in a manner that they will only be placed on terminals after a positive action from data subjects consenting on their placement, except as essential/necessary cookies are concerned. This is because without these cookies, the website cannot run smoothly.
How long do we store personal data?
When a minimal storage period is imposed by law, we obviously make sure not to store personal data beyond this period. This is notably the case as far as so-called ‘social documents’, such as employment contracts, and ‘fiscal documents’, like 281.10 forms as well as billing information. The law imposes that the former must be retained for 5 years while the latter must be retained for 7 years. Beyond that time and where the law does not set a minimal storage period, we endeavour not to store personal data for a period longer than what is necessary for the purposes for which personal data were initially processed.
We may process and store personal data for longer periods, in particular for statistical purposes. Where such processing activities occur, NOVE ensures that appropriate organisational and technical measures are in place to safeguard your rights.
Automated decision-making and profiling
NOVE does not process personal data using automated decision-making processing means, i.e. without human intervention, which produce legal effects concerning data subjects or which significantly affect data subjects.
If, for some reasons, we decide to make use of such methods, we endeavour to inform data subjects of the implementation of such methods of processing, enabling them to object to the processing of their personal data in such a way.
How do we protect personal data?
NOVE understands that the security of personal data is paramount. We make our best efforts to protect personal data from misuse, interference, loss, unauthorised access, modification or disclosure. We have implemented various technical and organisational measures to best ensure the security and integrity of personal data, such as multi-levels access control, firewalls, anti-virus or encryption of data. When contracting with suppliers, NOVE makes sure that these suppliers provide at least an equivalent level of security of personal data as the one it applies to its processing activities.
What are data subject’s rights regarding NOVE’s processing activities of personal data?
Subjects whose personal data NOVE processes are entitled to certain rights guaranteed by the GDPR.
If data subjects wish to exercise any of these rights, they are invited to send a motivated request to firstname.lastname@example.org. NOVE endeavours to react to a request to exercise any of the rights listed hereunder without undue delay and in any event within one month from the receipt of such request.
Right of access
Data subjects have the right to obtain the confirmation from us that personal data concerning them are being processed and to access those data together with basic information relating to the processing of this data, such as the purposes of the processing, the categories of data concerned, the recipients or categories of recipient to whom the data have been or will be disclosed, the envisaged retention period of the data, the right to lodge a complaint with the competent supervisory authority, etc.
Right to rectification
Data subjects have the right to request from NOVE the correction and rectification of any inaccurate personal data.
Right to erasure
Where applicable, data subjects have the right to request the erasure of their personal data, when:
Right to restriction
Where applicable, data subjects also have the right to restrict NOVE’s processing of personal data, when:
Right to data portability
Personal data is portable. Data subjects can request to receive from us their personal data in a structured, commonly used and machine-readable format so you can transmit it to another controller. Data subjects can only exercise this right where the processing:
Right to object
Where applicable, data subjects may be entitled to object to the processing of their personal data at any time.
The right to lodge a complaint with a supervisory authority
Data subjects have the right to lodge a complaint directly with the supervisory authority in case of doubt as to NOVE’s processing activities.
The Belgian Data Protection Authority (Autorité de Protection des Données / Gegevensbeschermingsautoriteit) is the competent supervisory authority to monitor NOVE’s data processing activities. It can be contacted via e-mail: email@example.com.
Would you like to contact NOVE?