Date : 21 November 2018.
We have prepared this document to show you the circumstances in which we process your personal data and how we protect it. From time to time, we may amend our Privacy notice. We publish any amendment made to this document on our web site to keep you informed permanently of what information we gather, the way in which we can use it, and the cases in which we can disclose this information to third parties. Therefore, you are requested to consult this document regularly.
This external Privacy notice concerns mainly the processing of the personal data of our current clients and in certain cases our former clients, our suppliers, and our prospective clients, as well as their members of staff and persons appointed by them, persons who have shown an interest in our activities, and persons with whom we come into contact in the context of the execution of our activities.
In accordance with the legislation relating to the protection of personal data, we wish to inform you of the following elements:
1) This Privacy notice concerns the data processing carried out by the following companies of the SERIS Belgium group:
SERIS Security sa, (including the division SERIS Monitoring), Telecomlaan 8, B - 1831 Diegem, BE 0404.770.607, authorisation from the Federal Public Service for Home Affairs 16.1065.10;
SERIS Technology sa, Kleine Mechelsebaan 52a, B - 3200 Aarschot, BE 0475.583.377, authorisation from the Federal Public Service for Home Affairs 20.1196.09;
SERIS Logistics sa, Telecomlaan 8, B - 1831 Diegem, BE 0436.369.742;
SERIS Academy/SBD sa, Telecomlaan 8b, B - 1831 Diegem, BE 0890.333.504 (SBD sa);
Hereinafter referred to jointly as ‘SERIS’.
2) The e-mail address for contacting the SERIS Data Protection Officers is as follows: email@example.com.
3) We can process the following personal data:
- Identification data: surname, forename, language, title, position, national register number, etc.
- Contact data: postal address, landline and/or mobile telephone number, e-mail address etc.
- Financial data: bank account number.
- Judicial data relating to convictions and sanctions: extract from the criminal record.
- Other personal data required by the legislation regulating private security.
- Data regarding the registration of images: surveillance images.
- Data from a company enabling the identification of a private individual: for example, a private limited company (SPRLU): company number.
- Audio registration data: telephone conversations via landlines.
4) If you have a contractual relation with SERIS, that contract is therefore the basis for personal data processing. The purpose of personal data processing is to allow SERIS to guarantee the execution of services specified in a contract and for the general management of clients and suppliers, including the accounts, the management of disputes and legal proceedings, the recovery or the transfer of debt, and the protection of our rights.
We base the processing of your personal data on our legitimate interests in the following cases: a) to present you with promotional offers with respect to products and services similar to those to which you have already utilised, b) as well as for the purpose of keeping you informed of our activities and those of our sector, c) to protect our activities, property and premises by registering visitors, d) to deal with a notification under the "whistleblowing procedure" if the report concerns you.
We base the processing of your personal data on your consent if you register to receive our newsletter, if you send a request for information, if you telephone us (in that case you are informed in advance if the conversation can be recorded), or when you’re entering our premises where camera surveillance is indicated by a pictogram. You can cancel your registration for the newsletter at any time.
Latterly, the processing of your personal data can be justified in order to meet our legal obligations. In this context we are subject to taxation and accounting obligations which compel us to store and transfer some personal data to accounting and taxation offices. Moreover, we are subject to some legal obligations related to our line of business, which is strictly regulated and which compel us to communicate certain information to our supervising authority at their explicit request or on our own initiative.
5) SERIS retains your personal data until your relation with SERIS comes to an end (for example, if you are no longer related to SERIS by means of a contract or when you cancel your registration for the SERIS newsletter). There are some exceptions to this principle in the following cases: a) if there is a legal retention period ; b) in order to respect any limitation period ; c) in order to protect or validate your or our rights in the event of disputes or litigation for as long as this has not been settled; (d) in the context of the handling of reports on the "whistleblowing procedure".
6) Your personal data will be accessible for appointed persons with respect for the ‘need-to-know’ principle for the purposes stated above.
A company from the SERIS group can transfer your personal data to another company from the group listed under point 1) above if that is necessary to meet a legal or contractual obligation.
SERIS will not transfer your personal data to a third party without prior notification except when this transfer is required by reason of legal or contractual obligations or in the event of judicial or police measures.
If SERIS calls upon the services of subcontractors, those subcontractors are always contractually bound to process your personal data solely within the context of the implementation of the contract according to the prevailing regulations and not to use your personal data for any other purposes than those set out in our common subcontracting contract. For example, if a client opts for this service, SERIS Security can grant access to this client upon its request to a software solution enabling the implementation of an audit and a report on the security activities carried out by SERIS Security at the client’s request. This platform is housed with an external subcontractor of SERIS (Risk Matrix Resultants S.A., Avenue Monterey 29, L-2163 Luxembourg, Groothertogdom Luxemburg), to which the client’s personal data is therefore transferred. This transfer is limited to information which is reasonably necessary to allow this external subcontractor to carry out the work which is entrusted to it under contract.
7) Pursuant to the General Data Protection Regulation, any person has the following rights under certain conditions: 1) the right to access and rectify his or her personal data; 2) the right to erase his or her personal data in cases set out by law; 3) in the event of a dispute relating to the processing of personal data, the right to restrict the processing of his or her personal data until the dispute has been resolved; 4) the right to data portability for his or her personal data; 5) the right at any time and without the need for justification to oppose the processing of his or her personal data for direct marketing purposes or an individual automated decision.
If the processing of your personal data is based on your consent, you are entitled to withdraw your consent at any time.
Any person wishing to exercise these rights is requested to send an e-mail to the following address: firstname.lastname@example.org. Any person also has a right of recourse to the Belgian Data Protection Authority via email@example.com.
8) SERIS continually monitors the security of personal data within the company. In this respect, SERIS agrees to take all reasonable technical and organisational measures to prevent unauthorised persons from having access to personal data with which it has been entrusted and to prevent any unauthorised loss, destruction, or disclosure of data. SERIS uses systems which are updated regularly to enable the encryption of data, if necessary, and firewalls are conform to industrial standards.
Solely in the case of registration for statutory training alongside the SERIS Academy, and in accordance with the requirements of the legislation regulating private security.
For example, and in accordance with the law: for registration for some training courses alongside the SERIS Academy, any security agent must supply a certificate of a psycho-technical examination, or proof that he or she has been well utilised by a security company, or that he or she is in possession of a valid weapon licence or a certificate of competence.
For example, SERIS Academy is bound by law to retain for ten years all data which relates to registration of participation in a training course legally organised under the legislation regulating private security, the dates on which the participant took the course, the results of the participant’s examinations, and a paper copy of the certificates and diplomas which are awarded by the training organism.
Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 regarding the protection of private individuals with regard to the processing of their personal data (…), O.J., 4 May 2016, L. 119/1.