The limited company RMS8, with registered office at Rue des Waides 8, 4890 THIMISTER-CLERMONT, identified at Banque Carrefour des Entreprises under no. 0891.617.862, as Data Controller (hereafter “RMS8”), attaches great importance to the protection of your data and respect of your privacy.
This Personal Data Protection Policy seeks to explain how RMS8 collects, uses and stores personal data (hereafter “personal data”) relating to its customers, natural persons, and any natural person coming into contact with them, including potential customers, representatives or guarantors of our natural person or legal entity (for example, company directors, agents, legal representatives or other contacts), our suppliers, our partners, etc. (hereafter also referred to as “You”).
RMS8 uses the term “Personal Data” to refer to all information that is potentially liable, either directly or indirectly, to identify You as a natural person.
“Data processing” refers to all operations or sets of operations applied to your personal data. The notion of “processing” covers, amongst other things, all aspects associated with the collection, recording, organisation, storage, adaptation or change, extraction, consultation, use, disclosure by dissemination or other method of provision, approach or interconnection, as well as the archiving, deletion or destruction of the said personal data.
As data controller, RMS8 determines the purpose for which your personal data will be processed, the means deployed and all characteristics of the processing operation, as explained in this policy. RMS8 is your interlocutor and will be responsible for compliance with the regulation in respect of your data, vis-à-vis the supervisory authorities.
If You entertain contact with RMS8 through a legal entity, please be aware that RMS8 will supply a copy of this policy to that legal entity, asking that all persons concerned by personal data-processing performed by RMS8 be made aware of it.
RMS8 processes your data transparently and in compliance with all applicable laws relating to privacy and data- protection, including the “GDPR” (Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data).
2. What personal data do we process ?
RMS8 collects personal data when You contact us by e-mail, or by using the contact form available from our website, at a meeting with our team to sign a contract, within the scope of the provision of services agreed by contract or when calling our support teams.RMS8 collects and uses only those personal data that are essential to our business, and which allow us to offer You customised quality products and services. We collect and process various categories of personal data, notably :
- identifying data: e.g. forename and family name, date of birth;
- contact details: e.g. postal address, e-mail address, telephone number;
- accounting and financial data: e.g. bank-account number, VAT number.
In no circumstances will we collect or process sensitive data.
Some personal data we collect from You are essential to the fulfilment of the contractual commitments we make to You. In some cases, the law requires us to collect certain information. Depending on the type of personal data and the reasons why we process these, it is possible, if You should refuse to supply us with these, that we will be unable to fulfil our contractual obligations or, in extreme cases, even to continue business relations with You.
3. Why and on what basis do we use your personal data ?
We process your personal data for various purposes and on the following legal basis :
a. To enable us to process your request (consent).
We use your personal data when You contact us, asking us questions (e.g. via the contact form available on our website) about our products, or services or in order to obtain information, namely to :
- supply You with information on our services and products ;
- put You in contact with the relevant service ;
- assist You and answer your queries and questions ;
- assess the conditions in which we can offer You our services and products.
b. To fulfil a contract stipulated with You or to carry out (pre-) contractual measures.
We use your personal data to stipulate and fulfil our contracts, including to :
- contact You to finalise your order;
- supply our services and products;
- assist You and answer your queries and questions;
- manage contractual relations;
- issue, collect on and check invoices.
c. To comply with our legal and regulatory obligations.
We use and store (archive) your personal data to fulfil our legal and regulatory obligations, including our tax and accountancy obligations.
d. To serve our legitimate interests.
We use your personal data to develop and finalise our products and services, optimise our risk-management and protect our interests in courts of law, including to :
- maintain the security of our website and ensure that it is protected against fraud;
- assess customer satisfaction in order to understand better their needs and expectations, and, thus to improve our products and services;
- produce statistics;
- manage customers, suppliers and partners (gaining customer loyalty, meetings with customers, suppliers and partners);
- handle any disputes;
- entertain contacts (have an address book, manage a network of contacts);
- contact a person at the request of another person (sponsorship).
4. With whom do we share your personal data ?
a. Your personal data may be processed on our behalf by trusted service-providers.
In order to go about certain tasks, we use specialised partners who act as subcontractors. We supply them only with the information they require in order to provide the service, and we ask them not to use your personal data for any other purposes. We always seek to ensure that any third parties with whom we work respect the confidentiality and security of your data. We may, for example, make your personal data accessible to third parties assisting us and helping us supply IT and storage services (suppliers of platforms, storage services, maintenance services and technical support).
b. We may also disclose your personal data to other third parties.
- if we are forced to disclose or share your personal data in accordance with a legal obligation, or to enforce compliance with our general conditions or any other conditions You may have accepted;
- or to protect the rights, property or security of RMS8, their customers or employees;
- if we have your consent;
- or if the law authorises us to do so.
5. Where do we store your personal data ?
VYour data are stored at a data-centre within the European Union in compliance with the General Data Protection Regulation.
6. For how long to we store your personal data ?
We cannot retain your personal data for any longer than required for the processing tasks for which they were collected. In practical terms, we distinguish between a retention period and an archiving period.
- The retention period is the maximum length of time for which your data are used for specific processing. When this expires (i.e. the purpose pursued has been achieved or ceases to apply, or your right to object has been exercised), your data are deleted from our database. Thus, data relating to prospects are retained for up to 5 years.
- The archiving period meets our legal obligation (for example to fulfil our accounting and tax obligations, we are required to keep your invoicing data for up to 7 years) or the legal need to store your data for longer than the retention period for the purpose of providing evidence. The data archived are accessible only in the event of a need for a check by an authorised body (e.g. the tax office), for evidence in a court of law, for internal audits, etc. The duration of the archiving period varies as applicable.
7. How do we protect your personal data ?
RMS8 attaches great importance to the protection of your personal data and takes all reasonable precautions to prevent any loss, unlawful use, disclosure, unauthorised access or alteration of such data.
Suitable measures are taken both in technical terms (encryption, anti-virus, firewalls, access control, etc.) and organisational terms (careful selection of collaborators, suppliers, etc.) in order to ensure a sufficient level of security. Moreover, these security measures are regularly reviewed and adapted in order to ensure an adequate level of protection.
8. Link to social networks
Our website contains links to the social networks we use (Facebook, LinkedIn, Twitter). Please note that these websites have their own personal data- protection policies; we decline all liability for any use made by these websites of the information collected when You click on those links. We would kindly ask You to read their policy before sending your personal data.
9. What are your rights, and how do You exercise them ?
- Right of access.
You have a right of access to personal data we hold about You (subject to certain restrictions). You have a right to know the purposes of processing, the categories of personal data concerned, the categories of recipient to whom personal data are disclosed, the criteria used to determine the data storage period, and the rights You can exercise in relation to your data. We may charge a reasonable fee to cover the administrative costs incurred in supplying you with information. Any manifestly unfounded, excessive or repeated requests may not be answered.
- Right to rectification.
You are entitled to demand that your personal data be corrected if they are inaccurate or out-of-date, and/or to be completed if incomplete.
- Right to deletion (or “right to be forgotten”).
In some cases, You have the right to demand the removal or deletion of your personal data. This is not an absolute right, to the extent that we may be required to retain your personal data for legal or other legitimate reasons.
- Right to restriction of processing.
You have the right to demand that processing of your personal data be restricted. This means we can continue only to retain your data, but we can no longer use it. This right applies in specific circumstances envisaged by the GDPR, namely:
- if you dispute the accuracy of the personal data about You, which we process. In this case, our processing of your personal data will be restricted to the period of verification of the accuracy of those data;
- if You object to our processing of your personal data for the purpose of our legitimate interests. You may ask for those data to be limited while we check our reasons for processing your personal data;
- if your data have been unlawfully processed by us, but You prefer us to limit their processing rather than deleting them;
- if we no longer need to process your personal data but You still need it for the establishment, exercising or defence of legal claims.
- Right to object.
You may object to the processing of your personal data on grounds relating to your particular situation. RMS8 will cease processing your data unless it can be shown that there are compelling legitimate grounds for the processing that override your right to object. You have an absolute right to object to the processing of your personal data for direct-marketing purposes.
- Right to data portability.
You have the right to receive the personal data You have supplied in a structured, commonly used and machine-readable format and, where technically possible, to transmit such data to a third party. This right applies only to data You have supplied, when the processing is based upon your consent or a contract, and it is carried out using automated methods.
- Right to withdraw your consent.
If you have consented to the processing of your personal data, You may withdraw that consent at any time.
- How can You exercise your rights ?
To exercise your rights, send us a written request and proof of identity, by post, to SA RMS8, Rue des Waides 8, 4890 THIMISTER-CLERMONT, or by e-mail to [email protected]
We will reply as quickly as possible and no later than 1 month from receipt of your request (subject to any legally-permitted extensions).
In a world in constant technological change, this Personal Data Protection Policy may be subject to change. We would ask You to read the latest version of this document available from our website and to find out about any substantial changes that may be made through our website or other regular communication channels.
11. Questions and complaints
If You have any questions about the use of your personal data as provided for under this Personal Data Protection Policy, please contact us by post at SA RMS8, Rue des Waides 8, 4890 THIMISTER-CLERMONT, or by e-mailing [email protected]
In addition, if You are not satisfied with the processing of your personal data by RMS8, You can make a complaint to the Data Protection Authority www.autoriteprotectiondonnees.be.