Privacy policy of Theuma Group

Theuma does everything to respect your privacy. Below you can read how we handle your data exactly. This document was last updated on 18 May 2018 This privacy policy applies to the websites and services of <strong>Theuma</strong> (read: Theuma NV [enterprise number 0440 316 949], Theuma DoorSystems NV [enterprise number 0422 748 071], Thura Machinefinanciering B.V. [CoC number 28098694], Theuma Metal Industries B.V. [CoC number 31037795] and Theuma DoorSystems B.V. (hereinafter referred to as “we”, “us”). We attach great importance to the privacy of our customers, suppliers, relations and visitors to our website. For this reason, we will only process your data in a manner that complies with the General Data Protection Regulation (GDPR). Data that we collect: Contact details: Name, e-mail, telephone number, and possibly address details Professional data: CV, covering letter, etc. We also register information about the company in which our customers, partners and/or prospects work (for example: VAT number, activity sector, etc.).

For what purpose do we use this personal data?

The personal data that you provide us may be used to manage our relationship with you, or to rectify or improve the website or the services relating to you. We also process your data in order to correctly handle your purchases. We may also use your personal information for marketing purposes, for sending you promotional materials or notifications concerning services that we supply, which we think would be of interest to you. You may request us at any time to stop sending communications, e-mails or other correspondence. This can be done free of charge and without assigning any reasons, by making contact via the information under the point “contact details” An overview of our processing activities:

• Correct compliance with the agreement
• Offering customer service
• Handling complaints
• Improving the service (satisfaction survey)
• Purchase, production, administration and sales
• Conducting an HR policy

How long do we retain your personal data?

We do not retain your personal data for longer than is strictly necessary to achieve the objectives that are laid down in this privacy policy.

Transfer of data to third parties

Your data will not be sold, but will sometimes be forwarded to third parties who process data in connection with the activities mentioned above. The data that you provide us in connection with your job application otherwise than in connection with professional activities shall never be transferred to third parties.

Security of your personal data

We make every effort to protect the security and confidentiality of your personal data. We use suitable technical and organisational measures in such a manner that the processing complies with the requirements of national and European legislation

Your rights

Access to the data and copies

Through an e-mail or a dated and signed request addressed to the controller at the address mentioned under the point “contact details” of the present policy, the data subject may, after his identity has been verified (by attaching a copy of the identity card), receive the written communication or a copy of the personal data that has been acquired, free of charge. For each additional copy that is requested by the data subject, the controller may demand payment from the data subject of all the reasonable costs based on the administrative costs. As soon as the data subject submits this request through electronic means, the information shall also be provided in a standard electronic manner, unless the data subject wishes otherwise. The copy of his data shall be communicated to the data subject no later than one month after receiving his request.

Right to improvement

Through an e-mail or a written, dated and signed request addressed to the controller at the address mentioned under “contact details” of the present policy, the data subject may at any time and for reasons relating to his personal situation and after his identity has been verified (by attaching a copy of the identity card), within a reasonable period of time and expressly within the period of one month, request the rectification of his personal data free of charge, if the same contains errors, is incomplete or irrelevant, and may also request that this data should be supplemented if the same appear to be incomplete.

The right to object to processing

Through an e-mail or a written, dated and signed request addressed to the controller at the address mentioned under the point “contact details” of the present policy, the data subject may, at any time, and for reasons relating to his personal situation and after his identity has been verified (by attaching a copy of the identity card), object to the processing of his personal data, free of charge:

• If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• If processing is necessary for the performance of a task carried out in the general interest or for a task in the exercise of the official authority;
• If processing is necessary for the purposes of the legitimate interests pursued by a controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

  The controller may refuse to comply with the objection of the data subject, if it finds that there are compelling and legitimate reasons that justify such processing and that take precedence over the interests or rights and the freedoms of the data subject, or where the same are used for the establishment, exercise or defence of legal claims In case of a dispute, the data subject may appeal in accordance with the provisions contained in point “objections and complaints” of the present policy. Through an e-mail or a written, dated and signed request addressed to the controller at the address mentioned under the point “contact details” of the present policy, the data subject may, at any time, and after his identity has been verified (by attaching a copy of the identity card), object without providing any justification and free of charge, against the processing of his personal data if this data was collected for direct marketing purposes (including profiling). If the personal data is used in connection with scientific or historical research or for statistical purposes in accordance with the General Data Protection Regulation, the data subject shall have the right to object to the processing of his personal data, for reasons relating to his personal situation, unless the processing may be necessary for a task in the exercise of the official authority. The controller is bound to respond to the request of the data subject within a reasonable period of time but no later than within one month, and shall substantiate his answer if he intends to decline the request of the data subject.

The right to restriction on processing

Through an e-mail or a written, dated and signed request addressed to the controller at the address mentioned under the point “contact details” of the present policy, the data subject may, after his identity has been verified (by attaching a copy of the identity card), obtain restriction on the processing of his personal data, in the following cases:

• If the data subject disputes the accuracy of an item of data, and only for the period that the controller requires for the processing in order to scrutinise this;
• If the use is unauthorised or if the data subject prefers the restricted processing of the data over the deletion of the same;
• If the data subject requires this restriction in connection with the establishment, exercise or defence of legal claims, although this is not necessary for the continuation of purposes of the processing;
• During the period required to investigate the validity of an objection request, in other words, the period that the controller requires to weigh the legitimate interests of the controller against those of the data subject.

  The controller shall notify the data subject as soon as the restriction on processing is removed.

The right to deletion (right to be forgotten)

Through an e-mail or a written, dated and signed request addressed to the controller at the address mentioned under the point “contact details” of the present policy, the data subject may, after his identity has been verified (by attaching a copy of the identity card), procure the deletion of the personal data relating to him if one of the grounds described below applies:

• The data is no longer required for the purposes of the processing;
• The data subject has withdrawn his consent to the processing of his data and there is no legal ground for further processing;
• The data subject objects to the processing and there is no compelling legitimate reason for further processing and/or the data subject exercises his special right to object to direct marketing purposes (including profiling)
• Unauthorised use has been made of the personal data;
• The personal data of a personal nature must be deleted in order to comply with a statutory obligation (under the law of the European Union or the law of a Member State) to which the controller is subject;
• The personal data was collected in relation to the offer of information society services to children. The deletion of the data is however not applicable in the 5 following cases:
• As soon as processing is necessary for the exercise of the right to freedom of expression and the right to information;
• As soon as processing is necessary to enable compliance with a provision of the law that requires processing as provided by the law of the European Union or by the law of one of the Member States to which the controller is subject, or if the processing is required in order to fulfil a task of general interest or a task performed in the exercise of the official authority;
• As soon as processing is necessary for reasons of general interest in the area of public health;
• As soon as processing is necessary for archiving purposes of general interest, for scientific or historical research or for statistical purposes, and subject to the condition that the right to exchange can render impossible or seriously jeopardise the achievement of the objectives of the processing;
• As soon as processing is necessary for the establishment, exercise or defence of legal claims.

  The controller is bound to reply to the request of the data subject for deletion within a reasonable period of time but in no case later than within a month, and shall provide justification for his answer if he intends to deny the request of the data subject. The data subject shall also have the right to obtain, free of charge, subject to the same conditions, the abolition or the prohibition to use all personal data relating to him and which, taking into account the purpose of the processing, are incomplete or irrelevant, or where the registration, communication or storage of such data is prohibited or where the data have been retained for a longer period than is necessary and permissible.

Right to data portability

Through an e-mail or a written, dated and signed request addressed to the controller at the address mentioned under the point “contact details” of the present policy, the data subject may, after his identity has been verified (by attaching a copy of the identity card), request to receive his personal data free of charge in a structured and generally conventional format, readable by machines,  with a view to the transfer of the same to another controller:

• If the data is processed with the help of automated processes; and
• If the processing is based on the consent of the data subject or on an agreement that was concluded between the latter and the controller.

Subject to the same conditions and modalities, the data subject shall also have the right to require the data controller to directly transfer his personal data to another controller, insofar as this is technically possible. The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Objections and complaints:

The data subject has the right to object to the processing of his personal data with the Belgian Commission for the Protection of Privacy (CBPL) at the following address: Commission for the Protection of Privacy, Drukpersstraat 35, 1000 Brussels, telephone: +32 274 48 00 e-mail: commission@privacycommission.be. The data subject may also lodge a complaint with the court of first instance at the place of his residence. For more information relating to complaints and options for recourse, the data subject is invited to consult the following link: https://www.privacycommission.be/nl/klacht-en-beroep

Changes

This privacy policy is tailored to the use and to the options available on this website. We reserve the right to change or update this privacy policy at any time. Whenever we make changes to this policy, we shall change the date of the “last update” of the policy. In case of significant changes, we shall notify this on our homepage. Nevertheless, we recommend that you periodically read our privacy policy.