Last update: May 18th, 2021

1. Introduction and scope

This Privacy Policy applies to the website www.itineris.net (including any modules available on the website) (the “Website”), owned, operated and/or used by:

Itineris NV
Westrem Building
Kortrijksesteenweg 1144 A
9051 Sint-Denijs-Westrem (Ghent)
Belgium
Enterprise number: 0474.964.260

hereinafter “Itineris”, “we” or “us

Itineris deems the protection of privacy of the utmost importance. Itineris wishes to inform you about the Processing of Personal Data that takes place via the Website, in accordance with the applicable data protection legislation and more specifically with the General Data Protection Regulation (the “GDPR”) and its relevant national implementing legislation. All capitalized terms that are not defined in this Privacy Policy shall have the meanings as ascribed to them in the GDPR.

This Privacy Policy describes your rights for you to make informed decisions when using the Website and to exercise your rights when necessary. Please read this Privacy Policy very carefully. This Privacy Policy must be read together with our cookie policy, which can be found here.

By using our Website, disclosing your Personal Data, or accepting this Privacy Policy, you expressly consent to the manner in which Itineris collects and Processes your Personal Data as described in this Privacy Policy.

Itineris may amend this Privacy Policy from time to time. The date of the most recent version is shown above. Any significant changes to this Privacy Policy will be clearly indicated on the Website. Please review this Privacy Policy periodically to stay informed of changes that may affect you.

2. Who Processes your Personal Data and how can you contact us?

Itineris is responsible for the Processing of your Personal Data that you can provide through the Website and shall act as a Controller.

Itineris has appointed a Data Protection Officer, whom you can always contact for questions about your privacy and the Processing of your Personal Data. The Data Protection Officer can be reached via privacy@itineris.net.

3. What Personal Data are collected and Processed, for which Purposes, and for how long?

Itineris Processes different types of Personal Data for different purposes via its Website, depending on the services you use, the actions you perform on our Website, and the type of relationship you have with Itineris (e.g. visitor, (prospective) client, contractor, or employee, etc.).

Purpose To send sector-related blog posts, information about webinars, promotions, products, offers, etc. when you subscribe to the newsletter. 
Personal Data First name, last name, and email address.
Retention Period Maximum two (2) years after you unsubscribe to the newsletter.
Legal Basis Consent

The consent you provide is always free, and you have the right to withdraw this consent at any time. Withdrawal of consent does not affect the Processing of Personal Data prior to such withdrawal.

Purpose To answer requests submitted through the contact form on the Website. 
Personal Data First name, last name, email address, region, market in which you are operating, and the possible personal data that you provide in the message/comment box.
Retention Period One (1) year after receipt of your message or request.
Legal Basis Consent

The consent you provide is always free, and you have the right to withdraw this consent at any time. Withdrawal of consent does not affect the Processing of Personal Data prior to such withdrawal.

Purpose To carry out recruitment and selection activities (including (without limitation) the creation of a talent pool and assessment of eligibility when you applied for a job position at Itineris through the Website).  
Personal Data First name, last name, email address, phone number, the information in respect of your profession and education as provided through your Curriculum Vitae (“CV”), your motivation letter, the personal data available on your social media profiles – only if you voluntarily insert your social media profile in your CV) including any content and personal data that you provide through the foregoing.
Retention Period Ten (10) years after the job application.
Legal Basis Consent

The consent you provide is always free, and you have the right to withdraw this consent at any time. Withdrawal of consent does not affect the Processing of Personal Data prior to such withdrawal.

Purpose To ensure the proper functioning and improvement of the Website, (including (without limitation) to tailor our Website to your use, for statistical and diagnostical purposes, for availability and accessibility of the Website, to monitor the effectiveness of the Website, etc.).
Personal Data Cookies

For more information, consult our cookie policy.

Where Personal Data of a third party are disclosed via the Website or with a view to visit the Website, the person communicating the Personal Data guarantees that he or she has informed that third party and that he or she has received all necessary consents to communicate the third party’s Personal Data via the Website to Itineris.

4. Who do we share your Personal Data with?

To be able to follow through on your request or action on the Website, Itineris may sometimes need to share Personal Data with third parties.

Your Personal Data may be shared or transferred to the following entities:

Entity Type of Personal Data Reason
Bullhorn First name, last name, email, phone number (if provided), CV, and movitation letter (if provided) To manage the recruitment process (for more infor-mation, see privacy policy: https://www.bullhorn.com/privacy/)
WordPress First name, last name, email, region, market, the possible personal data that you provide in the message/comment box To implement the contact form on the Website (for more information, see privacy policy: https://automattic.com/privacy/)

This listing may evolve and shall be updated from time to time.

Your Personal Data may also be shared within the Itineris group. You therefore provide your express consent to share your Personal Data as described in this Privacy Policy.

Processors and Subprocessors of Itineris always act under the responsibility of Itineris. If Itineris engages Processors or Subprocessors, this will always be done in accordance with a data processing agreement that meets the requirements of the GDPR and that protects your Personal Data as well as possible.

If you are directed to another application, platform, or website through the Website, other terms and conditions, and other privacy and cookie policies may apply. You should take into account any such terms and conditions and privacy and cookie policies of such applications, platforms and websites. We encourage you to read these terms and conditions and privacy and cookie policies of the other applications, platforms, and website you visit.

5. Transfer of Personal Data outside the European Economic Area (EEA)

Itineris may transfer your Personal Data to countries outside the EEA (e.g. to the USA), including through its Processors or Subprocessors.

In that case, Itineris shall transfer your Personal Data in accordance with applicable law (such as chapter V of the GDPR) (e.g. adequacy decisions, model contract clauses, binding corporate rules, codes of conduct, etc.).

6. Direct marketing

Itineris will use your Personal Data for direct marketing purposes. It is possible that your Personal Data will be subject to profiling for marketing purposes. This enables Itineris to keep you informed about its products, updates, events, etc. You give your explicit consent for this, but you may at any time withdraw this consent and object to the Processing of your Personal Data for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing (free of charge).

You shall have the right at any time to object to the Processing of your Personal Data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, free of charge, by sending an email to privacy@itineris.net.

7. How are my Personal Data safeguarded?

Itineris has developed appropriate technical and organizational measures, safeguards and assurances to Process your Personal Data in accordance with applicable Belgian and European regulations, in particular to protect your Personal Data against loss, misuse or unauthorized alteration.

Itineris maintains a team of technicians, automated systems and advanced technologies following the industry best practices and other security measures in accordance with the best security practices to ensure that only authorized people can access the Personal Data.

Itineris makes all reasonable and appropriate efforts to protect the confidentiality of your Personal Data. Within Itineris, access to your Personal Data will only be granted on a need-to-know basis.

Despite the above measures taken by Itineris, you should be aware that there are always risks associated with sending Personal Data over the internet. The security and protection of your Personal Data can never be fully guaranteed.

8. What rights do I enjoy?

If and to the extent provided by the applicable Belgian and European regulations, you have the right:

a) to receive confirmation as to whether Itineris Processes your Personal Data and, where this is the case, to access the Personal Data that Itineris Processes;
b) to have inaccurate or incomplete Personal Data corrected by Itineris, without undue delay;
c) to have your Personal Data deleted by Itineris;
d) to obtain your Personal Data and to transfer them to another Controller or Processor;
e) to obtain a limitation of the Processing of your Personal Data from Itineris, to the extent possible subject to applicable Belgian and European regulations;
f) to receive your Personal Data in a structured, common and machine-readable format; and
g) to prevent the Processing of your Personal Data and the use of your Personal Data for direct marketing purposes.

You may exercise these rights by contacting the Data Protection Officer by sending an email to privacy@itineris.net. Itineris reserves the right to request a copy of the front side of your identity card (e.g. no identification number may be visible) if Itineris is unable to identify you or if Itineris has reason to doubt your identity. Moreover, you may blackline any information which is not necessary for identification or verification purposes.

If and to the extent provided for in the applicable Belgian and European regulations, you have the right to file a complaint with the competent supervisory authority should the Processing of your Personal Data violate the applicable regulations. In Belgium, this is the Data Protection Authority (“Gegevensbeschermingsautoriteit”):

Drukpersstraat 35
1000 Brussel
+32 (0)2 274 48 00 / +32 (0)2 274 48 35
contact@apd-gba.be
https://www.dataprotectionauthority.be

9. Consent for disclosure

You acknowledge, confirm, and expressly consent that we may disclose your Personal Data if this is required by law, or if Itineris determines in good faith that such disclosure is required in order:

a) to comply with any pending judicial inquiry, judicial order or litigation pertaining to the Website;
b) to respond to claims against Itineris regarding Personal Data that violate any rights of third parties;
c) to safeguard the rights, property and safety of Itineris, its employees, users, and the general public.

Itineris may disclose your Personal Data to competent police or judicial authorities or other official government authorities if Itineris deems this useful or necessary, in its sole discretion, for the investigation of fraud, intellectual property infringement or any other harmful activity, or if Itineris reasonably suspects that such activity may expose Itineris or you to any liability.

10. Liability

If Itineris has legitimately transmitted your Personal Data to a third party (not being a Processor or Subprocessor), Itineris shall not be liable for any unlawful Processing or unlawful use by that third party.

Under no circumstances does Itineris accept responsibility for any direct or indirect damage resulting from faulty or unlawful use of the Personal Data by a third party (not being a Processor or Subprocessor).

Itineris is also not liable when third parties Process or use your Personal Data illegitimately and Itineris has taken the appropriate technical and organizational measures to go against such illegitimate Processing or use.

Itineris is in any case only liable for the damage caused by Processing of Personal Data if it did not comply with its specific obligations of GDPR. Itineris shall in no event be liable for any special, incidental, indirect or consequential losses or damages.

11. Applicable law and competence clause

This Privacy Policy shall be governed, interpreted, and implemented in accordance with Belgian law, which applies exclusively in the event of any dispute.

The Belgian Courts and more specifically, the Ghent division within the jurisdiction of Ghent are exclusively competent to decide on any dispute that may arise from the interpretation or implementation of this Privacy Policy, without prejudice to the consumer’s right to present a dispute before the competent court on the basis of a mandatory statutory provision.

In certain circumstances, exceptions to this policy may be allowed based on demonstrated business need. Exceptions must be formally documented and approved by the Chief Information Security Officer and the Data Protection Officer and will be reviewed on a periodic basis for appropriateness.