1. Introduction and scope
This Privacy Statement (the “Statement”) applies to the website www.itineris.net (including any modules available on the website) (the “Website”), owned, operated and/or used by:
Xavier De Cocklaan 24
Enterprise number: 0474.964.260
hereinafter “Itineris”, “we” or “us”
Itineris deems the protection of privacy of the utmost importance and wishes to enable you – as visitor of its Website – to maintain full control over what happens to your Personal Data and your privacy and to inform and protect you accordingly.
All capitalized terms that are not defined in this Statement shall have the meanings as ascribed to them in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”).
Your Personal Data and your privacy are protected by Itineris in accordance with Belgian and European regulations on the protection of privacy. Please read this Statement very carefully. The following describes not only your rights, but also the way in which you can exercise these rights.
By using our Website, disclosing your Personal Data, or accepting this Statement, you expressly consent to the manner in which Itineris collects and Processes your Personal Data as described in this Statement.
2. Who Processes your Personal Data and how can you contact us?
Itineris is responsible for the Processing of your Personal Data that you can provide through the Website.
Itineris has appointed a Data Protection Officer, whom you can always contact for questions about your privacy and the Processing of your Personal Data. The Data Protection Officer can be reached at:
attn. Data Protection Officer
Xavier De Cocklaan 24
Data Protection Officer
Name: Hendrik De Smedt
Telephone: +32 9 386 01 02
3. What Personal Data is collected and Processed?
Itineris Processes different types of Personal Data depending on the services you use or the actions you perform on our Website and as relevant:
- Personal information
Personal Data such as name, e-mail address, phone number, job title, company name, professional history, education and any other information on your CV, etc.
- Technical information
Personal Data such as IP address, browser type, operating system, external website through which you gained access to the Website, pages you visit on the Website, etc.
- History and logs
Personal Data such as date and time when you visited a page on the Website, etc.
4. What are the purposes and principles of the Processing of your Personal Data?
The purpose and principles of the Processing of your Personal Data mainly depend on the category of Personal Data concerned. Below you will find an overview of the purpose and principles of the various Personal Data that we Process.
- Purpose: This Personal Data is used to respond to questions that have been submitted on the Website, to provide you with any files you have requested and for any other communication purposes, to keep you informed about Itineris and its products and services, to send newsletters and for any other direct marketing purposes, for hiring and recruiting purposes, etc.
- Lawfulness of Processing: Performance of the agreement and legitimate interest (as applicable)
- Purpose: This Personal Data is used to ensure the proper functioning of the Website, for statistical and diagnostical purposes, for availability and accessibility of the Website, to monitor the effectiveness of the Website, etc.
- Lawfulness of Processing: Legitimate interest
History and logs
- Purpose: This Personal Data is used to tailor our Website to your use, to ensure the proper functioning of the Website, for future improvements of our Website, for statistical purposes, etc.
- Lawfulness of Processing: Legitimate interest
The legitimate interest as a legal basis for the lawfulness of Processing is justified with regard to the Personal Data to improve your user experience, the Website and Itineris’ product and services. The fact that Itineris Processes this Personal Data also benefits you as a user of the Website. Moreover, such Processing of Personal Data shall not create a risk to the fundamental rights and freedoms of you as a user of the Website or any other users of the Website.
The Processing of certain of the above-mentioned Personal Data by Itineris and other information you might disclose, is necessary for the performance of the agreement. In the event you refuse to provide these Personal Data, Itineris will not be able to comply with certain of its obligations (e.g. responding to your questions).
The consent you provide is always free, and you have the right to withdraw this consent at any time. Withdrawal of consent does not affect the Processing of Personal Data (i) prior to such withdrawal, (ii) based on a legitimate ground for Processing Personal Data, and (iii) in case of a legitimate interest of the Processing.
The above reasons may not be exhaustive, and Itineris may at any time Process your Personal Data for any other legitimate reason. In such cases, Itineris will notify you as soon as possible of the reason. Updates of this Statement may constitute such a notification.
5. Receiving and sharing Personal Data
Itineris receives your Personal Data in cases as and when:
a) you complete the contact form on the Website;
b) you apply for recruiting purpose on the Website;
c) you download content from our Website;
d) certain information is forwarded via cookies or your browser;
e) you subscribe to our newsletter or other communications or direct marketing;
f) you visit certain pages on our Website;
g) certain information is forwarded via cookies or your browser;
Itineris will always share your Personal Data in a minimal way.
Itineris may share your Personal Data with third parties for storing and Processing your Personal Data in accordance with this Statement. Your Personal Data may also be shared within the Itineris group. You therefore provide your express consent to share your Personal Data as described in this Statement.
Processors and Subprocessors of Itineris always act under the responsibility of Itineris. If Itineris engages Processors or Subprocessors, this will always be done in accordance with a processor agreement that meets the requirements of the GDPR and that protects your Personal Data as good as possible.
Itineris will never sell your Personal Data to commercial enterprises.
If you are directed to another application, platform or website through the Website, other terms and conditions and other privacy and cookie policies may apply. You should take into account any such terms and conditions and privacy and cookie policies of such applications, platforms and websites. We encourage you to read these terms and conditions and privacy and cookie policies of the other applications, platforms and website you visit.
6. Direct marketing
Itineris will use your Personal Data for direct marketing purposes. It is possible that your Personal Data will be subject to profiling for marketing purposes. This enables Itineris to keep you informed about its products, updates, events, etc. You give your explicit consent for this, but you may at any time withdraw this consent and object to the Processing of your Personal Data for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing (free of charge).
You shall have the right at any time to object to the Processing of your Personal Data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, free of charge, by sending an email to email@example.com.
7. How will my Personal Data be retained?
Itineris applies the following retention periods for your Personal Data:
- Personal information
Maximum 10 years after submission of your personal information on our Website, or a longer retention period (i) if and as longs as necessary for the performance of the agreement or (ii) if and as long as Itineris’ has a legitimate interest.
- Technical information
Technical information is deleted on a monthly basis, but can be retained up to maximum 12 months after collecting such information or any other longer retention period if and as long as Itineris has a legitimate interest.
- History and logs
History and logs are deleted on a monthly basis, but can be retained up to maximum 12 months after collecting such information or any other longer retention period if and as long as Itineris has a legitimate interest.
Itineris retains your Personal Data in its own databases and/or in the databases of its Processors or Subprocessors. You may ask Itineris to provide a copy of the list of these Processors and Subprocessors at any time.
8. How are my Personal Data safeguarded?
Itineris has developed appropriate technical and organizational measures, safeguards and assurances to Process your Personal Data in accordance with applicable Belgian and European regulations, in particular to protect your Personal Data against loss, misuse or unauthorized alteration.
Itineris maintains a team of technicians, automated systems and advances technologies following the industry best practices and other security measures in accordance with the best security practices to ensure that only authorized people can access the Personal Data.
Itineris makes all reasonable and appropriate efforts to protect the confidentiality of your Personal Data.
Despite the above measures taken by Itineris, you should be aware that there are always risks associated with sending Personal Data over the internet. The security and protection of your Personal Data can never be fully guaranteed.
9. Processing of Personal Data in countries outside the European Economic Area (EEA)
Itineris may transfer your Personal Data to countries outside the EEA (e.g. to the USA). Should a less strict protection for Personal Data apply in a specific country than within the EEA, Itineris shall take appropriate safeguards to ensure that the same level of protection for your Personal Data is achieved as the level of protection granted by the GDPR (e.g. by concluding an international data transfer agreement with the Processor or Subprocessor located in a country outside the EEA or any other appropriate safeguards).
10. What rights do I enjoy?
If and to the extent provided by the applicable Belgian and European regulations, you have the right:
- to receive confirmation as to whether Itineris Processes your Personal Data and, where this is the case, to access the Personal Data that Itineris Processes;
- to have inaccurate or incomplete Personal Data corrected by Itineris, without undue delay;
- to have your Personal Data deleted by Itineris;
- to obtain your Personal Data and to transfer them to another Controller or Processor;
- to obtain a limitation of the Processing of your Personal Data from Itineris, to the extent possible subject to applicable Belgian and European regulations;
- to receive your Personal Data in a structured, common and machine-readable format; and
- to prevent the Processing of your Personal Data and the use of your Personal Data for direct marketing purposes.
You may exercise these rights by contacting the Data Protection Officer and providing him or her with a copy of the front side of your identity card (e.g. no identification number may be visible).
If and to the extent provided for in the applicable Belgian and European regulations, you have the right to file a complaint with the competent supervisory authority should the Processing of your Personal Data violate the applicable regulations. In Belgium, this is the Data Protection Authority (“Gegevensbeschermingsautoriteit”) https://www.dataprotectionauthority.be.
11. Amendments to this Statement
Itineris may amend this Statement from time to time. Amendments are uploaded on the Website and shall take effect as from the next time you register on our Website when visiting Itineris. If required, the amendments will be submitted for approval.
12.Consent for disclosure
You acknowledge, confirm, and expressly consent that we may disclose your Personal Data if this is required by law, or if Itineris determines in good faith that such disclosure is required in order:
- to comply with any pending judicial inquiry, judicial order or litigation pertaining to the Website;
- to compel observance of the general terms and conditions of Itineris;
- to respond to claims against Itineris regarding Personal Data that violate any rights of third parties;
- to safeguard the rights, property and safety of Itineris, its employees, users, and the general public.
Itineris may disclose your Personal Data to competent police or judicial authorities or other official government authorities if Itineris deems this useful or necessary, in its sole discretion, for the investigation of fraud, intellectual property infringement or any other harmful activity, or if Itineris reasonably suspects that such activity may expose Itineris or you to any liability.
If Itineris has legitimately transmitted your Personal Data to a third party (not being a Processor or Subprocessor), Itineris shall not be liable for any unlawful Processing or unlawful use by that third party.
Under no circumstances does Itineris accept responsibility for any direct or indirect damage resulting from faulty or unlawful use of the Personal Data by a third party (not being a Processor or Subprocessor).
Itineris is in any case only liable for the damage caused by Processing of Personal Data if it did not comply with its specific obligations of GDPR. Itineris shall in no event be liable for any special, incidental, indirect or consequential losses or damages.
14. Applicable law and competence clause
This Statement shall be governed, interpreted, and implemented in accordance with Belgian law, which applies exclusively in the event of any dispute.
The Belgian Courts and the Ghent division within the jurisdiction of Ghent are exclusively competent to decide on any dispute that may arise from the interpretation or implementation of this Statement, without prejudice to the consumer’s right to present a dispute before the competent court on the basis of a mandatory statutory provision.