Privacy statement AQUACONSULT, a division of GROUPCONSULT bv

Aquaconsult is a division and registered trademark of GroupConsult bv, a company incorporated under Belgian law with its registered office at 2970 Schilde, Vogelsanck 2A (KBO 715653231).

Within the scope of its activities, GroupConsult processes personal data of its customers, website visitors, partners and employees. GroupConsult is responsible for the processing of personal data.

In principle, GroupConsult does not process sensitive (racial, political or religious beliefs, etc.) data. The data it processes are necessary for offering its products and services and offering new products or new services, for the performance of its contracts, for the accounting and banking processing of the data related to the contract, and in order to comply with legal and contractual obligations regarding liability and warranty. Data are not kept longer than necessary (warranty period) and data no longer needed are purged (minimization).

In principle, the data are not transferred or made available to third parties. Certain data are transferred to third parties for the performance of the contract (place of performance, name and telephone number of the client, etc.), for administrative support (transfer to accounting firm) or to support the activities of the company (external data storage, website and newsletter management, etc.).

The collection and processing of personal data is done in accordance with the Data Protection Regulation 2016/679. This Regulation is generally referred to as "GDPR" (General Data Protection Regulation). Executive decisions and regulations are also taken into account.

Principles

GroupConsult is guided by the following principles when processing personal data:

Legality

For all processing of personal data for which GroupConsult is responsible, the lawfulness is managed and checked, this in accordance with the. conditions set out in the GDPR.

Proper and transparent

GroupConsult applies the "fair use" principle when processing personal data. GroupConsult will communicate clearly, honestly and transparently about the processing of personal data.

Justifiable purpose

The processing of personal data follows well-defined and explicitly defined purposes, which are recorded in a register of processing activities. GroupConsult ensures that these purposes are always justified. When personal data are further processed for other purposes, GroupConsult ensures that these purposes are compatible with the original purposes.

Minimal data processing

When processing personal data, GroupConsult shall ensure that the personal data it processes are adequate, relevant and necessary within the intended purpose. In all processing, GroupConsult will verify that the principles of minimization are pursued.

The accuracy

GroupConsult is committed to the careful maintenance and processing of personal data.

The storage limitation

GroupConsult will not retain personal data longer than necessary.

The integrity and confidentiality

GroupConsult takes the appropriate technical and organizational measures with a view to ensuring appropriate security of personal data.

Accountability

GroupConsult, as a data controller, will always be accountable for any processing it performs. GroupConsult will provide the Data Protection Authority with all accountability documents when requested.

Obligations of GroupConsult as data controller.

To achieve the policy objectives, a number of tasks have been defined. These tasks are in line with all legal obligations that GroupConsult is required to fulfill (processing principles) and of which GroupConsult can demonstrate compliance (accountability - accountability).

Appointing a data protection officer (DPO)

GroupConsult is not bound to appoint a DPO. Nevertheless, GroupConsult has entrusted an assignment to a certified DPO, with duties similar to the rights and duties of a DPO appointed pursuant to the criteria established by law.

Taking measures to secure processing

GroupConsult has taken appropriate technical and organizational measures to ensure the availability, integrity and confidentiality of personal data processed.

Maintaining a record of processing activities

GroupConsult manages a register of all activities involving the processing of personal data. Management includes the establishment, permanent updating and control measures applicable to it. This register serves as a tool in the context of accountability to the GBA (Data Protection Authority), but is not intended for data subjects or the public.

Conducting data protection impact assessment

GroupConsult does not process personal data which, given its nature, scope, context and purposes, is likely to present a high risk to the rights and freedoms of data subjects. Therefore, no data protection impact assessment (DPIA) has been carried out.

Compliance with the rights of the data subject

GroupConsult provides the necessary business processes to ensure that the data subject is informed about the processing and that the data subject's rights are implemented (the right to access, copy of data, data erasure, portability, rectification, restriction of processing, notification, portability).

Setting up an incident reporting system

GroupConsult provides an incident reporting system for the internal recording of breaches involving the processing of personal data.

Working with processor agreements

Where processing is carried out on behalf of GroupConsult, GroupConsult shall only use processors that provide adequate guarantees with respect to the application of appropriate technical and organizational measures.

Supervision of the execution of tasks under the responsibility of GroupConsult

GroupConsult provides clear instructions and guidelines in accordance with the responsibilities GroupConsult employees have in the context of processing operations. Where processing is carried out on behalf of GroupConsult by an employee, GroupConsult shall only use employees who provide adequate guarantees with regard to the application of appropriate technical and organizational measures.

Exercise by data subject of his rights

The person concerned (client, prospect) has a legal right to inspect, check and possibly correct and delete his personal data. Subject to proof of identity (copy of identity card - strike out national registration number), the person concerned may obtain written notification of his/her personal data free of charge by sending a written, dated and signed request to GroupConsult bv (AquaConsult), Vogelsanck 2 A at 2970 SCHILDE or info@aquaconsult.be . If necessary, you can also ask to correct the data that are incorrect, incomplete or not pertinent, as well as to delete them insofar as they are no longer necessary for the execution of the agreement that GroupConsult would have with you.