External policy for the Protection of Personal Data
0. Companies
This privacy policy applies either for ALTEN Belgium (Chaussée de Charleroi 112 ; 1060 Bruxelles) for Belgian-located visitors, clients, candidates and suppliers ; OR ALTEN Luxemburg (20 Rue Eugène Ruppert, 2453 Cessange Luxembourg) for Luxemburg- located visitors, clients, candidates and suppliers.
1. Introduction
In the course of its business activity, the ALTEN Belgium / ALTEN Luxembourg companies (hereinafter “ALTEN”) need to process Personal Data (as defined hereinafter) concerning the company’s Employees, Service Providers, Suppliers and current and prospective Customers.
Firmly resolved to comply with all legal and regulatory obligations and recommendations regarding the protection of privacy and personal data, ALTEN has laid down, in the present Policy for the Protection of Personal Data (hereinafter the “Privacy Policy”), the principles and guidelines that govern all processing of Personal Data carried out directly or indirectly by ALTEN and the company’s subcontractors.
ALTEN is bound by all applicable regulations when it comes to the protection of Personal Data and undertakes to comply with the applicable rules in this area, most notably the (EU) regulation 2016/679 of the European Parliament and Council of 27 April, 2016 (hereinafter the “GDPR”).
2. Definitions
Personal Data ” pertains to any information that relates to a natural person, identified or identifiable, directly or indirectly, most notably through reference to an identifier such as an identification number, localisation data, an online identifier, or to one or more specific elements pertaining to his or her physical, physiological, genetic, psychic, economic, cultural or social identity.
” Sensitive Data ” pertains to Personal Data which, directly or indirectly, indicates racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, along with the processing of genetic data, biometric data for the purposes of identifying a natural person in a unique way, data pertaining to health or data relating to the sex life or sexual orientation of a natural person.
” Data subject(s) ” pertain(s) to a natural person whose Personal Data is collected or processed by ALTEN or by an ALTEN subcontractor.
” Employee(s) ” pertain(s) to any internal member of ALTEN, whether an employee, intern, student apprentice, temporary employee or any other.
” Service provider(s) ” pertain(s) to any person outside ALTEN but who carries out activities for ALTEN.
3. Collection and Processing of Personal Data
ALTEN ensures that all current and future Employees and Service Providers are informed of the content of this Policy and receive regular and appropriate training on the topics addressed herein.
This Policy is published on the ALTEN website.
4. Collection for specific, explicit and legitimate purposes
European rules applying to the protection of Personal Data require that said Personal Data be collected for specified, explicit and legitimate purposes.
ALTEN Employees and Service Providers must therefore make sure that the purpose for which Personal Data is collected is:
- regulated and sufficiently specific;
- relevant to ALTEN’s business;
- communicated to those concerned in a clear manner;
- Legally authorised.
Likewise, if Personal Data is collected for a specific purpose, it cannot be used in any way that is incompatible with this initial specific purpose.
The purposes for which ALTEN collects and processes Personal Data are primarily the following:
- recruitment management;
- general accounting ;
- management of current and prospective customers;
- management of service providers;
5. Existence of a legal basis for the processing of Personal Data
Please note that the processing of personal data is based on the legitimate interest of ALTEN Belgium and the consent following the purposes.
6. Minimisation of collected Personal Data
Processing is confined only to the Personal Data that meet the following conditions:
- appropriate;
- relevant;
- confined to what is necessary with regard to the purpose(s) of processing.
Moreover, said Employees and Service Providers must keep this Personal Data updated to ensure that it is as accurate and as comprehensive as possible.
7. Retention of Personal Data
ALTEN Employees and Service Providers must make sure that Personal Data are not retained for longer than necessary with regard to the purpose for which they were collected and the nature thereof. Accordingly, they must set a period of retention over a limited period of time, taking full account of these instructions.
- For candidates in recruitment process, data is retained for 2 years.
- For customers, data is retained for 3 years.
- For suppliers, up to 10 years after the end of relationship.
8. Collection of Sensitive Data
Generally speaking, the collection and processing of Sensitive Data at ALTEN is prohibited. ALTEN does not collect nor treat sensitive data as data controller (for recruitment, for Business contacts).
9. Information for persons concerned
Thanks to this information notice, we trust we provided you with clear and comprehensive information about how we treat your personal data.
10. Respect for the rights that persons concerned may exercise
In compliance with applicable regulations, a data subject whose Personal Data is collected or processed by ALTEN must be able to exercise his or her right to portability for Personal Data, together with rights of access, correction, erasure, limitation and opposition for legitimate reasons.
The person concerned also has the right to issue instructions relating to the fate of his or her Personal Data in the event of death.
You may exercise those rights by contacting our DPC: DPC@alten.be or DPC@alten.lu. Furthermore, you have the right to file a complaint with the national authority on the authority’s website ( https://www.dataprotectionauthority.be or https://cnpd.public.lu/)
11. Automated decisions having a negative effect on the person concerned
No automated decision is made for the purpose of recruitment or management of business contacts.
12. Security and Privacy of Personal Data
ALTEN has introduced appropriate technical and organisational measures to ensure the security and privacy of the Personal Data it collects and uses.
As a consequence, when Personal Data is processed, ALTEN Employees and Service Providers must implement appropriate security measures in order to prevent:
- the accidental or unauthorised destruction of Personal Data;
- the impairment of Personal Data;
- accidental access to or unauthorised disclosure of Personal Data;
- illicit processing of Personal Data.
These appropriate measures will be taken with full consideration given to the nature of Personal Data and to the risks incurred by the processing thereof.
When ALTEN wishes to assign the processing of Personal Data to a subcontractor, Employees or Service Providers must ensure that a written contract has been established in which:
- the subcontractor undertakes to process the Personal Data assigned to him only when instructed to do so by ALTEN; and
- the subcontractor undertakes to implement the appropriate technical and organisational security measures in order to protect the security and privacy of the Personal Data entrusted to them.
13. Transfer of Personal Data to countries outside the European Union
In cases where the processing of Personal Data carried out by ALTEN may involve a transfer of said data to a third country (located outside the European Union or not having an appropriate level of protection within the meaning of the European regulation), or to an international organisation, ALTEN undertakes to provide the appropriate guarantees as required by the GDPR, and to ensure said guarantees are respected by Employees and Service Providers.
For recruitment candidates and business contacts, all data is either processed in Europe or in countries with appropriate level of protection.
14. Changes to this Privacy Policy
ALTEN reserves the right to modify this Privacy Policy.