At EDPO, we’re committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information about people, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.
We are not required to have a data protection officer, so any enquiries about our use of your personal data should be sent by e-mail to firstname.lastname@example.org or by writing to Avenue Huart Hamoir 71, 1030 Brussels, Belgium.
Who we are
We’re European Data Protection Office (EDPO), a limited liability company incorporated under the laws of Belgium, with registered office at 1030 Brussels, Avenue Huart Hamoir 71, registered with the Register of the Legal Entities of Brussels under number 0689.629.220.
Our website is https://edpo.com.
EDPO is the controller for the personal info that we process, unless otherwise stated.
The type of information that we collect
The personal information that we may collect from you includes your first name, last name, job title, company name, e-mail address, postal address, telephone number, country, device-specific information and log information (as described below) and other personal information that you may communicate to us or that is otherwise collected from you as described below (“Personal Data”).
How we collect information from you
Information that you provide to us
We collect Personal Data that you provide directly to us. For example, we collect information when you send us a request or an inquiry, register as a client, apply for a job, subscribe to our e-newsletter, fill out a form or survey or submit an on-line meeting request, download information or documents that we publish, interact with our live chat, request customer support, use our services or otherwise interact or communicate with us in any other way.
Information that we process on behalf of our clients
Our clients may also provide us with certain Personal Data. We will in such case act as a data processor or sub-processor and only process such Personal Data on our clients’ behalf and in accordance with their instructions (as defined in the Mandate Agreement that we entered into with our clients). We will use such Personal Data to handle data subject requests or for any other purpose provided for in the Mandate Agreement or in accordance with or as may be required by law.
In such cases, it is the client (or, as the case may be, other third parties) who remain responsible for the handling of the Personal Data and with compliance with any applicable data privacy laws.
Information that we collect from other sources
We may also obtain information from other sources and combine that with the information that we collect as described above. For example, we may collect information about you from third parties, including but not limited to social media platforms, data enrichment providers, lead generation service providers and publicly available sources, but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your Personal Data to us.
Information that we automatically collect
We may automatically collect information about you, including:
Website usage: we log information, including the type of browser you use, access times, pages viewed, your IP address, your general location and the page you visited before navigating to our website.
Device information: we collect information about the computer or mobile device you use to access our website, including the hardware model, operating system and unique device identifiers.
Information collected by cookies and other tracking technologies: EDPO and our service providers use various technologies to collect information, including cookies. Cookies are small data files stored on your hard drive or in device memory that help us improve our services and your experience, see which areas and features of our services are popular, and count visits. See our the list of cookies below:
Why we collect information from you
We collect information from you to:
Provide, operate, optimize and maintain our website, system administration and security
Handle inquiries and requests and provide you with information and access to our services or resources
Process the registration form that you submitted via our website
Schedule a meeting
Negotiate and execute contractual documents
Carry out our obligations arising from contracts entered into between us and our clients
Perform our role as Data Protection Representative pursuant to Article 27 of the General Data Protection Regulation
Perform administrative duties
Seek your views or comments on the services we provide
Compile aggregated statistics about the usage of our website and better understand the preferences of our clients and contacts
Carry out research and development to improve our services
Notify you of changes to our services
Provide you with our e-newsletter
Send information for marketing purposes
Carry out other legitimate business purposes, as well as other lawful purposes about which we will notify contacts, visitors and clients.
Legal basis for processing
Our legal basis for processing the Personal Data described above will depend on the Personal Data concerned and on the specific context in which we process it. We primarily rely on four legal bases to process your Personal Data:
- Where you have given us valid consent to use your Personal Data in certain ways, we will rely on your consent. This includes situations where we will obtain your consent prior to sending your information to our clients for the purposes of handling your requests regarding the use of your Personal Data by our clients.
- We process Personal Data when it is necessary for us to do so in order to provide our services to our clients, pursuant to their instructions and in accordance with a Mandate Agreement that we have entered into with them.
- In certain cases, we may process your Personal Data where it is necessary in our legitimate interests, where those legitimate interests are not overridden by your rights and freedoms. This includes direct marketing, usage statistics and analytics to better understand how to use our website so that we can improve our services.
- In some cases, we may also have a legal obligation to process your Personal Data. If we ask you to provide Personal Data to comply with a legal requirement, we will make this clear at the relevant time and inform you on whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
How long we keep your information
We review our retention periods for Personal Data on a regular basis. We will hold your Personal Data in our systems only for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract, after which time it will be destroyed, unless we are legally required to hold some types of information to fulfil our statutory obligations.
Who has access to your information
We will not share your Personal Data with any third parties for the purposes of direct marketing or otherwise sell or rent your Personal Data to third parties.
With your consent or pursuant to your instructions
To consultants, subcontractors and other service providers who need access to such information to carry out work on our behalf or to assist us in the provision of our website and other business-related functions such as website analytics
As part of a duty to disclose or share your Personal Data in order to comply with a legal obligation, for example, by a court order, or for the purposes of prevention of fraud or other crime, or to enforce or apply our Terms and Conditions or to protect the rights, property or safety of our clients.
When we use third party service providers, we only disclose the Personal Data that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and to keep it for no longer than necessary for the purposes of completing the tasks and providing the services to you on our behalf.
Your rights in relation to your Personal Data
You have the following rights:
Right to withdraw your consent
If we have asked for your consent to process your Personal Data, you may withdraw that consent at any time.
Right of access
You can ask us what information we hold about you, and you can ask for copies of your Personal Data.
Right to Rectification
You can ask us to correct your Personal Data if it is inaccurate or to complete if it is incomplete.
Right of erasure
You have the right to ask us to delete your Personal Data in certain circumstances (for example, if we no longer need your Personal Data, if you initially consented to the use of your Personal Data but have now withdrawn your consent, if you have objected to the use of your Personal Data and your interests outweigh our interests)
Right to restrict the processing
In certain circumstances, you have the right to ask us to stop using your Personal Data for a period of time (for example, if you believe we are not doing so lawfully).
Right to object to the processing
You have a right to object to the processing of your Personal Data where we rely on our legitimate interests to process your Personal Data.
Right to data portability
You have the right to ask that we transfer the Personal Data that you shared with us to another provider or that we give you a copy in a machine-readable format so that you can transfer it to another provider.
How you can access and update your information
The accuracy of your information is important to us. If you change your e-mail address, or if any of the other information we hold is inaccurate or out of date, please send us an e-mail at email@example.com or write to us at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.
Security precautions in place to protect the loss, misuse or alteration of your information
When you provide us with Personal Data, we take steps to ensure that it’s treated securely.
Non-sensitive details (such as, for example, your e-mail address, etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Transferring your information outside of the European Economic Area
As part of our services, the information that you provide us with may be transferred to countries outside of the European Economic Area (EEA), which includes all EU countries and non-EU countries Iceland, Liechtenstein and Norway. By way of example, this may happen for purposes related to your requests to exercise your rights under the GDPR with respect to one of our clients. These countries may not have equivalent data protection laws to the EU or benefit from an adequacy decision by the EU Commission. By submitting your Personal Data, you’re agreeing to this transfer and processing. If we transfer your information outside of the EEA in this way, we will take necessary steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
EDPO’s services are not directed at children under the age of 16. We do not knowingly solicit or collect personal information from children under the age of 16.
If you have any questions or complaints
We respect your data protection and privacy rights. If you have any questions or if you are not satisfied with the way we handle your Personal Data, don’t hesitate to send us an e-mail at firstname.lastname@example.org or to write to us at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.
If you have any complaints about the way EDPO processes your Personal Data, you can file a complaint with the Belgian Data Protection Authority: www.dataprotectionauthority.be.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated on 28 February 2019.