Privacy statement AQUACONSULT, a division of GROUPCONSULT bv

Aquaconsult is a division and registered trademark of GroupConsult bv, a company incorporated under Belgian law with its registered office at 2970 Schilde, Vogelsanck 2A (KBO 715653231).

Within the scope of its activities, GroupConsult processes personal data of its customers, website visitors, partners and employees. GroupConsult is responsible for the processing of personal data.

In principle, GroupConsult does not process sensitive (racial, political or religious beliefs, etc.) data. The data it processes are necessary for offering its products and services and offering new products or new services, for the performance of its contracts, for accounting and banking processing of contract-related data and to comply with legal and contractual obligations regarding liability and warranty. Data are not kept longer than necessary (warranty period) and data that are no longer needed are purged (minimisation).

In principle, the data are not transferred or made available to third parties. Certain data are transferred to third parties for the performance of the agreement (place of performance, name and telephone number of the client, etc.), for administrative support (forwarding to accounting firm) or to support the company's activities (external data storage, website and newsletter management, etc.).

The collection and processing of personal data is done in accordance with the Data Protection Regulation 2016/679. This Regulation is generally referred to as "GDPR" (General Data Protection Regulation). Executive decisions and regulations are also taken into account.

Principles

GroupConsult is guided by the following principles when processing personal data:

Legality

Legality is managed and checked for all processing of personal data for which GroupConsult is responsible, in accordance with the. conditions set out in the GDPR.

Proper and transparent

GroupConsult applies the 'fair use' principle when processing personal data. GroupConsult will communicate clearly, honestly and transparently about the processing of personal data.

Justifiable purpose

Personal data are processed according to well-defined and explicitly defined purposes, which are recorded in a register of processing activities. GroupConsult ensures that these purposes are always justified. When personal data are further processed for other purposes, GroupConsult ensures that these purposes are compatible with the original purposes.

Minimal data processing

When processing personal data, GroupConsult shall ensure that the personal data it processes are adequate, relevant and necessary within the intended purpose. In all processing operations, GroupConsult will verify that the principles of minimisation are pursued.

The accuracy

GroupConsult is committed to maintaining and processing personal data with care.

The storage restriction

GroupConsult will not retain personal data for longer than necessary.

The integrity and confidentiality

GroupConsult takes the appropriate technical and organisational measures to ensure appropriate security of personal data.

Accountability

GroupConsult, as a data controller, will always be accountable for any processing it carries out. GroupConsult will provide the Data Protection Authority with all accountability documents when requested.

Obligations of GroupConsult as data controller

To achieve the policy objectives, a number of tasks have been defined. These tasks are in line with all legal obligations that GroupConsult is required to fulfil (processing principles) and of which GroupConsult can demonstrate compliance (accountability - accountability).

Appointing a data protection officer (DPO)

GroupConsult is not bound to appoint a DPO. Nevertheless, GroupConsult has entrusted an assignment to a certified DPO, with duties similar to the rights and duties of a DPO appointed pursuant to the criteria laid down by law.

Taking measures to secure processing

GroupConsult has taken appropriate technical and organisational measures to ensure the availability, integrity and confidentiality of personal data processed.

Maintaining a register of processing activities

GroupConsult manages a register of all activities involving the processing of personal data. Management includes the creation, permanent updating and control measures applicable to it. This register serves as a tool in the context of accountability to the GBA (Data Protection Authority), but is not intended for data subjects or the public.

Conducting data protection impact assessment

GroupConsult does not process personal data which, given its nature, scope, context and purposes, is likely to present a high risk to the rights and freedoms of data subjects. Therefore, no data protection impact assessment (DPIA) has been carried out.

Compliance with data subject's rights

GroupConsult provides the necessary business processes to ensure that the data subject is informed about the processing and that the data subject's rights (the right to access, copy of data, data erasure, portability, rectification, restriction of processing, notification, portability) are given effect.

Setting up an incident reporting system

GroupConsult provides an incident reporting system for the internal recording of breaches relating to the processing of personal data.

Working with processor agreements

Where processing is carried out on behalf of GroupConsult, GroupConsult will only use processors who provide adequate guarantees regarding the application of appropriate technical and organisational measures.

Supervision of the execution of tasks under the responsibility of GroupConsult

GroupConsult provides clear instructions and guidelines in line with the responsibilities GroupConsult employees have in the context of processing operations. Where processing is carried out on behalf of GroupConsult by an employee, GroupConsult will only use employees who provide adequate guarantees regarding the application of appropriate technical and organisational measures.

Exercise by data subject of his rights

The person concerned (client, prospect) has a legal right to inspect, check and possibly correct and delete his personal data. Subject to proof of identity (copy of identity card - strike out national registration number), the person concerned may obtain written notification of his/her personal data free of charge by sending a written, dated and signed request to GroupConsult bv (AquaConsult), Vogelsanck 2 A at 2970 SCHILDE or info@aquaconsult.be . If necessary, you can also ask to correct the data that are allegedly incorrect, incomplete or irrelevant, as well as to delete them insofar as they are no longer necessary for the performance of the agreement that GroupConsult would have with you.