Privacy Policy
Version: November 2021
This Privacy Policy applies to the processing of personal data on our websites and in the context of the services offered by e-Bo Enterprises NV, with registered office in Belgium at Stoppelweg, 44, B-8978, Poperinge, with company number 0470.174.242 , RPR. Ghent – Ypres Department.
We assure you the confidential processing of your personal data in accordance with the General Data Protection Regulation, in short ‘AVG’ or ‘GDPR’. This Privacy Policy may be amended or updated on a regular basis. We therefore kindly request you to regularly consult this Privacy Policy on our websites so that you always have the most recent version.
Questions about applicable law and this privacy policy can be directed to our Data Protection Officer (“DPO”) at privacy@ebo-enterprises.com.
OUR POSITION
e-Bo Enterprises NV and affiliated companies together form “e-BO Enterprises Group of companies”, abbreviated as “e-BO Group” with headquarters located at 8900 Ieper, Ter Waarde 60, (hereinafter “we” or “us” or referred to as “e-BO Group”). e-BO Enterprises NV may also share personal data with another member of the e-BO Group or affiliates. We act as Data Controller with regard to data that we process for our own purposes, for example in the fields of marketing, HR, legal affairs, statistics, administration and compliance (see below).
This Privacy Policy should be read in conjunction with our Social Media Policy as well as our Cookie Policy.
When we offer our business solutions (“Services”) to our customers, we process personal data as a Processor on behalf of our customers.
PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA?
As Data Controller, e-BO Group processes personal data for the following purposes , based on the mentioned legal basis:
- Maintaining an adequate level of security (security). We consider the security of our services and in general our information security as our legal obligation under Art. 6 (1) (c) of the GDPR and our legitimate interests pursuant to Art. 6 (1) (f) of the GDPR. In doing so, we monitor the use of our systems internally to detect violations of internal policies, unauthorized operations in our systems, or malicious bots, code or behavior. This goal includes taking adequate security measures, their periodic assessment and review.
- Direct marketing communication & online marketing. We consider the processing of personal data for direct marketing to be our legitimate interests in accordance with Art. 6 (1) (f) of the GDPR. Where required by ePrivacy or other legal regulations, we rely on the consent of the data subject in accordance with Art. 6 (1) (a) of the GDPR. This purpose relates to direct marketing communications from E-BO Groep, for example through our own marketing campaigns, newsletters, events, blogs and through our social media channels, interacting with users online, maintaining our websites and publishing team or event photos where permitted .
- Exercising or defending legal claims. Like any business, we must file our legal claims from time to time, seek compensation or settlement and retain legal evidence, seek legal advice from outside counsel, ensure regulatory compliance, be represented by legal counsel in judicial, criminal, administrative or other proceedings or reporting to law enforcement authorities. We do this on the basis of our legitimate interests pursuant to Art. 6 (1) (f) of the GDPR or on the basis of the fulfillment of the contract according to Art. 6 (1) (b) of the GDPR.
- Tax, invoicing and accounting. In order to comply with tax, billing and accounting regulations, we need to process a certain limited scope of personal data. We do this because we are obliged to do so under Art. 6 (1) (c) of the GDPR.
- Contract execution. We conclude contracts with individuals (in the case of employment) as well as other companies whereby we process, among other things, personal data about personnel, personnel or contacts in a B2B context, for the conclusion, execution and management of the contract (legal basis = contractual execution art. 6 (1) (b) of the GDPR This purpose also includes any pre-contractual negotiation or processing of data via a contact form on our website or other channels.
- Quality & service improvement. We process your personal data to perform statistical analyzes with the aim to improve our websites, products and services or develop new products and services.
- When you apply for a vacancy via our website or in another way, we process the data of the candidates with the aim to recruit and conclude a contract. We ask permission to keep personal data of not withheld candidates in order to contact them for future job offers.
In order to provide the Services, we process personal data as a Processor on behalf of our customers. The purpose and legal basis of such processing is determined individually by each customer and not by E-BO Group.
WHAT PERSONAL DATA DO WE PROCESS?
We only process personal data that is necessary, both in terms of type and for the purposes of processing explained above. For most purposes, we only process basic identifiers and contact details, including typical communication data and content.
- When you use our websites, we collect cookies. With regard to analytics & marketing cookies, we process data typically collected using business functions of social media and website analytics software solutions, such as data processed by the cookies, website browsers, as indicated in the specific Cookie Policy.
- When you fill in a contact form on our websites or contact us by e-mail, telephone, fax or other channel, we may collect the following: name, e-mail address, postal address, telephone number, as well as the log data of your message (date, time)
- For the conclusion of contractual agreements with customers, in addition to contact and identification data, we also process public data, namely data that are located in public databases such as the crossroads bank of companies, data that you have made public on a website, data that is generally are known or have appeared in the press.
- In the context of recruitment, we process personal data of candidates such as CV
- We do not use automated data processing or profiling.
- We process email address and contact details in the context of direct marketing, if you have given your consent for this.
WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA?
E-BO Group does not share your personal data with third parties, except to third parties in the context of the execution of its services, and only if this is necessary for technical support or when it is obliged to do so on the basis of a legal provision or a court decision. These third parties may only process your personal data on our behalf and with our explicit written consent and in accordance with the purposes outlined above. We guarantee that all third parties acting as processors or sub-processors are carefully selected and are required to maintain the security, confidentiality and integrity of your personal data.
When you are looking for a job, we may partner with third parties to perform tasks on our behalf, such as checking references, conducting psychometric evaluations and testing skills.
Within E-BO Group, your data will only be shared with authorized personnel (internal recipients) or a verified / authorized third party. Our employees or internal contractors may have access to your personal information on a strictly necessary basis, which is generally determined and limited by the position, role and department of the relevant employee.
We use subcontractors to support us in providing services that may process personal data for us. We ensure that the selection of our subcontractors and any processing of personal data by them is in accordance with the GDPR. E-BO GROUP uses the following categories of subcontractors for the provision of services: hosting services, data center services, suppliers of standard software solutions (such as Microsoft, Google); marketing and analytics software providers and operators, and other software services. Those parties are bound by adequate data processing agreements.
We aim to have all cloud services and servers in the EU. However, some of our subcontractors or the above recipients of personal data may be located outside the EU or their servers may be located outside the EU. Any transfer of personal data outside the EU is done by us only under strict compliance with the GDPR. We ensure that the third-party recipients in non-eligible countries have entered into the EU Standard Contractual Clauses (EU SCC) with us or ensure equivalent safeguards.
SECURITY OF YOUR PERSONAL DATA
E-BO Group guarantees a qualitative and high level of data and data security, and this by taking all necessary & reasonable contractual, technical and organizational measures. We strive to evaluate these measures at regular intervals and adjust them if necessary. E-BO Group is ISO 27001 certified.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
E-BO Group stores your personal data for a period that is necessary for the execution of the agreement and in function of the purposes of the processing, as described above. Due to this legal obligation, but also due to technical and financial aspects of data storage, we actively delete data where it is no longer needed. Retention periods are either provided for in the respective laws, data processing agreements, instructions of the controllers, resp. customers or are set out by us in our internal policies. Where the processing of your personal data is based on consent and you decide to withdraw your consent, we will not further process your personal data for the specific purpose.
All retention periods with regard to the personal data that we process on behalf or our customers are determined by our customers. We may only retain such personal data for the duration of our data processing agreement, after which we must return or delete all personal data about customer data subjects. However, we may delete personal data even earlier if the customer instructs us to do so, for example if the customer no longer finds the storage of such data necessary for the stated purpose.
YOUR RIGHTS
When processing your personal data, you can exercise various rights vis-à-vis us. When we ask for consent for processing, you can withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
If you would like to exercise any of these rights below, you can always contact us at privacy@ebo-enterprises.com.
You have the right:
- to request information and to access your personal data
- to correct incorrect data (and supplement incomplete data)
- to erasure of personal data (right to be forgotten);
- on restriction of processing based on legitimate interest
- on an unmotivated and free objection to direct marketing
- on data portability
- not to be subject to individual decision-making
In order to be able to handle your request quickly and correctly, we ask that you be as specific as possible when addressing your request. If there is any doubt about the requester’s identity, additional information will be requested to establish identification and authentication.
E-BO Group has the right to refuse your requests if the requests are “manifestly unfounded or excessive” (in particular because of their repetitive nature) or to charge a reasonable fee of 60 euros excl. VAT per request.
QUESTIONS OR CLOMPLAINTS
If you have any questions or complaints about the way in which we process your personal data, you can always contact us at the following email address: privacy@ebo-enterprises.com.
In addition, you always have the option to submit a complaint to the Data Protection Authority: Drukpersstraat 35, 1000 BRUSSELS, e-mail: contact@apd-gba.be;