Protection of your privacy and your personal data is of capital importance to PARKWIND.
What constitutes “processing of your data” and who is responsible for it?
We only collect and use personal data that is necessary within the scope of our activities.
PARKWIND NV, whose head office is located at Sint-Maartenstraat 5, 3000 Leuven in Belgium, is the controller (as defined in the privacy legislation) of the personal data that it processes.
For some services, we call upon specialized third-party operators which, in some cases, work as processors. In such cases, they are duty bound to follow our directives. In other cases, these third parties and PARKWIND are jointly responsible for processing and they must therefore respect the legal obligations connected to this position as well.
What data is covered by our policy?
The data covered by our policy is personal data of natural persons. This is data that can directly or indirectly enable identification of a data subject.
As part of your relations and interactions with PARKWIND, we may be led to collect different types of personal data such as:
- Identification and contact data (for example: your title, name, address, date and place of birth, national registration number, account number, telephone number, e-mail address, IP address, profession, certificates).
- Family circumstances (examples: civil status, number of children).
- Medical data (in order to secure your safety at our sites (offshore)
- Bank, financial and transaction details (examples: bank details, account numbers, data related to transfers including communication and, more generally, any data recorded during your bank transfers).
- Usage data (examples: the time and means of signing in to our platforms, changes made to the data, … This also entails the data usage reporting and processing thereof.
- Data from your interactions on our specific pages on social network sites or our websites.
We never process data concerning your racial or ethnic origins, political opinions, religion, philosophical beliefs, trade union membership, genetic data, sex life or sexual preferences, unless obliged to do so by the law.
When is your personal data collected?
The data that we use can be collected directly from you or obtained from the following sources with the aim of verifying or enhancing our databases:
- Publications/databases made accessible by the official authorities (example: the Belgian official gazette).
- Our corporate customers or service providers.
- Databases made public by third parties.
In particular, certain data can also be collected by PARKWIND:
- When you become supplier or execute works for us;
- When you apply for a job at PARKWIND;
- When you fill in forms and contracts that we submit to you;
- When you register to use our (online) applications (each time you log in or use the service);
- When you subscribe to our newsletters or when you follow us through social media;
- When you are filmed by our CCTV cameras situated in and around our premises/assets.
The images are solely recorded to maintain the security of goods and persons as well as to prevent abuse, fraud and other offences made against our personnel. Information signs mentioning our contact details signal the presence of such cameras.
On what basis and why do we use your personal data?
We process your personal data for a number of determined purposes. For each processing action, only the data relevant for the desired purpose are processed.
In general, we use your personal data:
- When we have obtained your consent.
- Within the scope of performing a contract or taking pre-contractual measures.
- To comply with legal and regulatory provisions that we have to respect.
- To carry out a task in the exercise of official authority vested in the controller;
- For reasons of legitimate interest for the company. When we conduct this type of processing, we ensure that we maintain a balance between such interest and respecting your privacy.
The personal data is processed by PARKWIND for purposes that include, but are not restricted to, the following:
- To ensure the proper performance of agreements made;
- To ensure PARKWIND’s financial and accounts management;
- To ensure good material and supplier management;
- To meet legal obligations, including responding to official demands made by the duly authorised public or legal authorities;
- To detect and prevent abuse and fraud;
- To monitor our activities (measurement of visits to our websites or other IT- and communication systems, such as SharePoint);
- To ensure the security of our premises and infrastructures, as well as the people in these places;
- To ensure your safety if you have access to our assets.
- Who has access to your data and to who are they transferred?
Only authorized users have access to your personal data to carry out the tasks mentioned above. An authorized user is somebody who, as part of carrying out their work for PARKWIND, is authorized to process personal data within the framework of PARKWIND’s directives.
To accomplish the aforementioned tasks, PARKWIND can disclose your personal data to:
- Shareholders of entities in the PARKWIND-group;
- An external auditor;
- An approved commissioner;
- A legal advisor;
- A financial consultant;
- Another professional and/or service provider/consultant;
- A social bureau, banking organizations, insurers, funds;
- Our contractors;
- IT-companies or service providers for software and electronic data storage (servers, etc.);
- Legal, administrative or police authorities;
- Supervisory authorities.
How long do we keep your data?
We store your personal data for the longest duration necessary in accordance with enforceable legal and regulatory provisions or another duration in consideration of operation constraints such as good book-keeping, efficient management of our assets and responses, claim management and legal or regulatory demands.
Certain data is archived for longer durations to meet our legal obligations and for evidence purposes to safeguard your rights and the rights of our company. This archived data is only accessible for needs as evidence in legal proceedings, for inspection by authorized authorities (such as the tax authorities), or to provide documents to the legal, administrative or police authorities.
Security and confidentiality
PARKWIND undertakes to adopt the required and appropriate technical, physical and organizational measures to protect personal data against unauthorized access, unlawful and unauthorized processing, loss or accidental damage and unauthorized destruction. These measures are regularly assessed and updated if necessary in order provide maximum protection for the personal data of the data subjects concerned.
In case of a data breach or computer flaw, as described below, PARKWIND takes the required and appropriate measures to assess the extent and consequences, to put an end to such occurrences as quickly as possible and, where necessary, limit its impact for the data subjects concerned.
What are your rights and how can you exercise them?
Rights of data subjects
In compliance with enforceable regulations, you have various rights:
- The right to request access to personal data (A)
- The right to rectify such data (A)
- The right to delete such data (A)
- The right to oppose processing of such data (B)
- The right to request limitations on processing (B)
- The right to withdraw your consent (B)
- The right to data portability (C)
Right to access, rectification and deletion
Any data subject has the right to make a request to access their data. If a data subject exercises this right, PARKWIND is required to provide the information regarding this matter, including:
- Giving a description and copy of the personal data.
- Informing the data subject why PARKWIND processes such data.
If the data is inaccurate or incomplete, the data subject can request their rectification.
In certain circumstances, the data subject may, in compliance with data protection regulations, request the deletion of personal data concerning him, if, amongst other reasons, the personal data is no longer required for the purposes for which it was collected or processed. However, PARKWIND can refuse to delete such data, for example due to the establishment, implementation or to proof of a right in legal proceedings.
To ensure your data is kept fully up-to-date, we ask that you inform us of any changes (for example, change in civil status, address, etc.).
PARKWIND can only base itself on the personal data that were shared with PARKWIND by the data subject itself and does not accept any responsibility in case this data should not be correct.
Right to oppose and limit processing of your data and the right to withdraw your consent
You have the right to oppose certain processing of your personal data that we wish to perform. This right is only valid if you have serious and legitimate reasons based on your specific situation to oppose the processing of your personal data. If this reason is justified, your data will not be further processed.
You may also request that processing of your data be restricted under certain conditions:
- If you contest the accuracy of your personal data, during the period that PARKWIND needs to check your personal data;
- If the processing is unlawful and you oppose the erasure of the personal data
- If PARKWIND no longer needs your personal data, but you need them for the establishment, exercise or defense of legal claims.
If you have given your consent for processing of your personal data, you have the right to withdraw this consent at any moment.
The right to data portability
When necessary and insofar as it is possible, the data subject may request to receive the personal data he supplied to PARKWIND within the scope of managing and conducting his activities and to transfer such data to another data controller. In cases where it is technically possible, the data subject may request that PARKWIND directly transfers such data to another data controller.
Who should you contact?
If the data subject wishes to exercise his or her rights concerning his or her personal data, he or she should contact:
- The Data Protection Officer (DPO)
- By e-mail: email@example.com
- By post: PARKWIND NV – For the attention of the Data Protection Officer – Sint-Maartenstraat 5, 3000 Leuven, Belgium
The request you send to us must be dated and signed. PARKWIND reserves the right to request a scan or copy of the front side of your identity papers.
In compliance with regulations, you have the right to submit a claim to the mandated supervisory authority in Belgium via https://www.gegevensbeschermingsautoriteit.be/verzoek-klacht-indienen, or via the mandated supervisory authority of your choice.
Transfer of data outside the EEA
In the case of international transfers from the EEA to a third-party country that the European Commission officially recognizes as having a level of personal data protection that is equivalent to the level stipulated by legislation within the EEA, your personal data shall be transferred on this basis.
For transfers to countries outside the EEA that the European Commission does not officially recognize to have sufficient data protection, we base our action on a dispensation applicable to the situation (for example, in the case of international payments, such a transfer is necessary for performance of the contract).
Violation of personal data
- Notification of personal data violations
PARKWIND has taken the appropriate procedures, directives and technical and organizational measures to protect your personal data. These procedures and measures are regularly evaluated and adjusted if necessary.
Authorized users must ensure that, while performing their duties, they avoid (voluntary or involuntary) incidents that may harm the data subjects’ privacy.
In case of personal data violations, appropriate measures will be taken as quickly as possible to minimize the risks of damages for the data subjects as well as for PARKWIND (damage to reputation, sanctions imposed, etc.).
In any event, all authorized users, as well as other persons who consult, use or manage PARKWIND’s information must immediately report any security breach and information security related incidents to the GDPR-responsible to enable an immediate analysis and to allow the implementation of necessary measures and to know whether the violation must be reported to the Data Protection Authorities and/or the data subjects.
When such a notification is made by e-mail, it is important that it is sent to the GDPR-responsible (see section 9.2) and that it is expressly mentioned in the subject of the e-mail that it is a highly urgent message about a possible violation of personal data.
The information must contain a complete and detailed description of the incident, including the identity of the person reporting the incident (name, first name, address, e-mail address – if applicable – and telephone number), the type of incident concerned and how many people are affected.
- Inquiry and risk assessment
In principle, within a period of 24 hours after the incident or violation is observed by PARKWIND or reported by a processor, an authorized user, a recipient, a data subject or a third party, an inquiry shall be launched by PARKWIND.
The inquiry will determine the nature of the incident, the type of data concerned and specifically whether personal data is affected (if such is the case, who are the data subjects affected and what is the amount of personal data impacted). The inquiry will determine whether a personal data violation has occurred or not.
If it is indeed a personal data breach, a risk assessment will be conducted to discern what might be the possible consequences of the violation and in particular the possible impact for the data subjects.
PARKWIND will then decide, based on the character of the violation, whether or not it is necessary to notify the Data Protection Authority, and/or the data subject(s) involved.
- Documenting violations
All violations shall be documented in a register. This register specifies amongst others the main cause of the incident and contributing factors and recommendations and lessons learned to identify any improvements. The recommended changes to systems and procedures will be implemented as soon as possible.
How can you familiarize yourself with this policy and its modifications?
We therefore invite you to familiarize yourself with the latest version of this document on our website and we will try to inform you of any substantial modifications via our website or our normal methods of communication.
How to contact us
If you have any question concerning the use of your personal data by PARKWIND or this policy, you can contact our Data Protection Officer by mail at the following address – PARKWIND Data Protection Officer – Sint-Maartenstraat 5, 3000 Leuven, Belgium – or by e-mail at firstname.lastname@example.org.