Information on personal data and data processing
1. Data processing and responsibility
We understand “processing” as meaning every operation that takes place in relation to personal data, such as collection, recording, storage, consultation, use, disclosure by transmission, erasure, archiving and destruction.
The SA (Public Limited Company) D’Ieteren N.V., rue du Mail, 50, 1050 Bruxelles is the data controller for your personal data. All questions about this can be sent to us by post at the address above or by electronic mail to the following address: email@example.com.
To ensure that the way we process personal data is compliant with current regulations, we have appointed a DPO (Data Protection Officer), who can be contacted at the following address: DPO@dieteren.be )
2. What personal data do we process?
"Personal data" is defined as all information relating to an identified or identifiable physical person.
We process the personal data that you give us such as user data (e.g. your surname, first name, sex, address, telephone number, e-mail address, age, bank account number and similar details), technical data about your vehicle (e.g. the chassis number), localisation data if applicable (e.g. if your vehicle is equipped with a geolocalisation service and if you have given consent for this), and usage data (e.g. the data we receive when you use our services).
We only make decisions on the basis of data processed by automatic means when necessary to conclude or implement an agreement (e.g. when providing a loan) or if you have given your consent for this.
We do not process data classified as “sensitive”, i.e. data that may relate to your racial or ethnic origin, political opinion, religion or beliefs, sexuality or sexual orientation, or your health. If we do need to process such data at any time, we will only do so after obtaining express consent from you and only for specified purposes, which would be explained to you beforehand, or if it is necessary to process the data for the purposes of employment law, social security, preventive medicine or occupational medicine.
3. For what purposes and on what basis (bases) do we use the data you give us?
We use the personal data you give us for various purposes such as:
- Administration of our contractual relationship and the services resulting from it;
- To provide functionality in a mobile application;
- For the purposes for which you have given your consent;
- To improve our products and services or create new services;
- For statistical analysis;
- To meet legal or regulatory requirements when this is required of us;
- When we have a legitimate interest in doing so, particularly in the context of preventing and combating fraud, while respecting the balance between such interests and respect for your privacy;
- In a pseudonymised way for commercial purposes, so that the data cannot be linked to you personally.
We will not transfer your data to a third party except:
- Within our group (sister companies, subsidiaries) or to the network of official distribution concession holders for the brands that we represent;
- When we are legally required to do so (e.g. when providing a loan);
- When we are legally authorised to do so (e.g. when transferring our rights and obligations in the course of a debt transfer)
- To keep the data up to date
- With your prior consent
If the processing of data, particularly when disclosed via a subcontractor, involves transferring data outside the European Union, we will ensure protection of your data in accordance with the current relevant European legislation.
4. How do we protect your data and for how long do we keep the data?
We do everything that is necessary, both technically and organisationally, to protect your personal data.
Your data will be archived for as long as needed for the process for which the data were collected, which may vary depending on the purpose of the data, for example:
- seven years for documents relating to accounting and taxation;
- eight years after the end of the contractual relationship to preserve evidence in the context of a legal dispute;
- eight years after a commercial campaign without follow-up;
- two years for localisation and route data.
The period may be longer, however, particularly when this is necessary to meet our legal obligations.
At the end of the archiving period, personal data are rendered anonymous, erased or made unusable.
5. What are your rights?
You have the following rights in relation to the personal data that we collect/that you give us:
- Right to access your data and data portability:
You have the right to access your personal data. You have the right to receive confirmation that your data have or have not been processed, the purposes for which we process your data, the type of data processed, the recipient of data disclosures and the length of the data archiving period. You also have the right to receive a copy of the personal data you have given us and to send the data to another data processing officer.
- Right to rectify/erase – right to be forgotten
You have the right to request rectification of your data when you observe your data to be incorrect or incomplete. You also have the right to ask for your personal data to be erased when no longer needed for the purposes for which the data were collected. If you have given your consent for your data to be processed, you can withdraw it at any time.
- Right to object to data being processed for marketing purposes
You have the right to object to your data being processed for direct marketing or prospecting purposes and you do not have to give a reason.
- Right to file a complaint with the supervisory authority
If you wish, you can file a complaint about the processing of your data with the Belgian Privacy Commission at the following address: Commission de la protection de la vie privée, Rue de la Presse, 35, 1000 Bruxelles – firstname.lastname@example.org
You can exercise the first three rights by contacting us at the addresses shown in the section “Data processing and responsibility”.*strong>