If you have any questions about this notice, please contact the data protection officer (DPO) (firstname.lastname@example.org)
- PURPOSES OF DATA COLLECTION
- LEGAL GROUNDS FOR PROCESSING
- DATA TRANSFER
- RIGHTS OF DATA SUBJECTS
- DATA ACCURACY
- DATA STORAGE AND SECURITY
- DATA PROTECTION BREACH
For the purpose of conducting their professional activities, Smart Packaging Solutions NV (hereinafter called “SPS”), as Data Controller, needs to Process Personal and professional Data regarding staff, applicants, Customers and suppliers. SPS shall take all adequate measures to make sure these Processing activities adhere to the European General Data Protection Regulation (“GDPR”) and other legislations regarding the Processing of Data.
Consent: a legally binding expression of will, given voluntarily, in which the Data Subject declares his/her agreement to the Processing of data.
Customers: all companies who place orders for products or services with SPS.
Data Controller(s): The Data Controller is the person or organisation that determines when, why and how to Process Personal Data. The Data Controller is responsible for establishing practices and policies in line with the GDPR.
Data Subject: a natural person, meaning an identified or identifiable individual about whom SPS holds Personal Data. This does not include companies or other legal entities.
Personal Data: any information identifying a Data Subject or information relating to a Data Subject by means of which the Data Subject can be identified (directly or indirectly) based on that data alone or in combination with other identifiers SPS possesses or can reasonably access. Personal Data includes Sensitive Personal Data but excludes anonymous data or data that has had the identity of a Data Subject permanently removed. Personal data can be factual (for example a name, email address, location or date of birth) or an opinion about that person's actions or behaviour. Personal Data specifically includes, but is not limited to, Data Subject’s contact details, educational background, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title, and curriculum vitae (CV).
Processing of data/To Process data: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
SPS adheres to the general principles relating to Processing of Personal Data set out in the GDPR which require Personal Data to be:
- Processed lawfully, fairly and in a transparent manner
- Collected only for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed
- Accurate, complete, where necessary kept up to date and relevant for the purpose of collection
- Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed
- Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing, accidental loss, destruction or damage
- Not transferred without appropriate safeguards being in place
- Made available to Data Subjects, who are allowed to exercise certain rights in relation to their Personal Data
The Personal Data collected usually concern the following items: name, nationality, job title, address, telephone number, e-mail address, financial and pay details, educational background, marital status and curriculum vitae (CV).
SPS Processes Personal Data solely for the purpose of conducting its professional activities. In this regard, SPS primarily collects Personal Data for the following business purposes (without limitation):
- Personnel and Payroll
- Compliance with legal, regulatory and corporate governance obligations and good practice
- Implementation of agreements
- Execution of shared services (ICT, finance,…)
- Administrative purposes
- Financial purposes
- Recruitment and selection
- Disciplinary matters
- Monitoring of staff (access to systems/facilities, absence, compliance with policies,…)
- Investigation of complaints
- Research and development
- Health and safety purposes
- Disciplinary and grievance issues
- Quality control
- Improving services
The Personal Data obtained via the contact form on this website will only be used to provide you with the information you have requested. This website also automatically keeps log files concerning the use by visitors to generate statistics for an anonymous analysis of this use.
SPS applies all reasonable means to ensure that Personal Data is collected as prescribed by the GDPR. This applies to all Personal Data, irrespective of the means of collection: collected in person, electronically or by submitting through the SPS website.
For most of the Processing activities mentioned in section 4, SPS can rely on one of the following legal Processing grounds as foreseen by the GDPR: contractual necessity or legal obligation. If these legal grounds do not apply, SPS will request the Data Subject’s Consent to Process the Personal Data. Consent will be requested if the Personal Data being Processed relate to, among other things, the taking and use of pictures, sending of newsletters, research and development and marketing.
The Personal Data of external parties, such as Customers and suppliers, to be Processed will generally concern name, e-mail address and phone number of employees or representatives of these Customers and suppliers. The legal ground based on which the Processing activity takes place is contractual necessity. The GDPR confirms that, in order to enter in a contract or perform a contract, it is needed and agreed that Personal Data Processing happens within this contractual scope.
Any information which falls under the definition of Personal Data will remain confidential and will only be disclosed to third parties with appropriate Consent of the Data Subject, unless SPS can rely on a Processing ground as foreseen by the GDPR and mentioned in section 5.
A brief overview of the categories of recipients: partner entities, distributors, service providers, financial partners, insurance companies, payroll processors, IT services providers and other companies that SPS may use for support. SPS shall not share Personal Data to non-business related third parties, except in case required by law or as permitted under the GDPR.
Data Subjects have multiple rights when it comes to their Personal Data. First of all, Data Subjects have the right to access their Personal Data held by SPS. Secondly, Data Subjects can ask what Personal Data is held about them and why, ask questions about how the Personal Data is gathered, how it is kept up-to-date and file a request not to use their Personal Data for direct marketing purposes.
SPS also ensures Data Subjects’ right to be forgotten. This means that Data Subjects can make a request to have their Personal Data removed from any files or databases held by SPS.
For any of these questions or requests, an e-mail can be sent to email@example.com. All e-mails will be answered as soon as reasonably possible.
SPS, on the one hand, undertakes to keep Data Subjects’ Personal Data as up-to-date and accurate as possible. Data Subjects, on the other hand, are requested to notify SPS of any relevant changes in Personal Data held about them by SPS.
SPS shall apply all reasonable means not to hold Personal Data of Data Subjects longer than necessary in relation to the purpose for which it is held.
Personal Data is secured by appropriate technical and organisational measures against unauthorised or unlawful Processing and against accidental loss, destruction or damage.
SPS’s ICT-departments have developed and implemented safeguards appropriate to size, scope and business, available resources, the amount of Personal Data and identified risks. Those safeguards are evaluated and tested regularly to ensure security of Personal Data.
Data Subject’s Personal Data can only be accessed by authorized personnel. SPS’s staff are aware of the internal Privacy & Data Protection Policy, the internal IT policy and this privacy notice and the obligations that come with it.
Any breach of this privacy notice or of the GDPR by SPS can be reported by sending an e-mail to the following e-mail address: firstname.lastname@example.org. All e-mails will be answered as soon as reasonably possible.
A distinction must be made between persistent cookies and session cookies. Persistent cookies: these cookies remain on the user's device for the duration specified in the cookie. They are activated each time the user visits the website that placed the cookie (e.g. cookies placed by social media such as Twitter, Facebook, Google Analytics, etc.). Most non-functional cookies are persistent cookies with a certain retention time that is longer than the browser session. Session cookies: these cookies allow the user's actions to be simplified and linked during a browser session. A browser session starts when a user opens the browser screen and ends when the user closes the browser screen. Session cookies are placed temporarily. Once the user closes his browser, all session cookies are deleted.
When visiting this website, the user will be asked to accept cookies. This can be done in two different ways: by clicking on the 'Accept' button or by simply continuing to browse the website. The user can disable cookies by activating the browser setting that allows him to refuse the placing of cookies. However, if the user uses his browser settings to disable cookies, it is possible that the user will not have access to (certain parts of) the website. If the user wishes to withdraw his consent, he must delete the cookies according to his browser settings.
This privacy notice will be updated as frequently as necessary to reflect best practices in data management, security and control and to ensure compliance with any legal changes.
SPS will publish the latest version on its website as soon as reasonably possible.
Last reviewed on: 15/10/2018