VMA, composed of the entities
VMA NV, with registered office at Kortrijksesteenweg 14 b 9830 Sint-Martens-Latem and registered with the Crossroads Bank for Enterprises with company number BE0406.419.112,
VMA Sud SA with registered office at 19 rue d’Edimbourg 6040 Jumet and registered with the Crossroads Bank for Enterprises with company number BE0427.983.202
VMA be.Maintenance SA met maatschappelijke zetel te Humaniteitslaan 114 1070 Brussel en ingeschreven in de Kruispuntbank van Ondernemingen met ondernemingsnummer BE0419.201.534
(hereinafter the “Company”), attaches great importance to the secure, transparent and confidential collection and processing of your personal data. In particular, we want to protect the data of our customers, subcontractors and suppliers, among others, against loss, leaks, errors, unjustified access or unlawful processing.
We would like to inform you about the collection and processing of your personal data by means of this Data Protection Notice.
We ask that you read this Data Protection Notice carefully, as it contains essential information about how your personal data is processed and for what purpose.
By communicating your personal data, you expressly declare that you have taken note of this Data Protection Notice and that you also expressly agree to it, as well as to the processing itself.
This Data Protection Notice covers all services provided by us and generally all activities we carry out.
The Company is the controller of your personal data.
When collecting and processing your personal data, we comply with the Belgian regulations on the protection of personal data, as well as the General Data Protection Regulation (GDPR) as of its entry into force on 25 May 2018.
Depending on your activities and your relationship with our company, you provide us with the following personal data: your identity and contact details (name, title, address, e-mail address, telephone and mobile phone number). For certain specific legal obligations (electronic attendance registration, 30bis declaration of works), you may provide us with additional data to register your attendance (such as E-ID data, Limosa number).
We would like to point out that you are responsible for all data you provide to us and that we rely on its accuracy. If your data is no longer up-to-date, we ask you to report this to us immediately.
You are not obliged to provide us with your personal data, but you understand that the provision of certain services or cooperation will become impossible if you do not consent to their collection and processing.
In the context of our services and our activities, we collect and process the identity and contact details of our customers and clients, their staff, employees, appointees and other useful contacts. The purposes for this processing are the execution of the agreements with our customers, customer management, accounting and direct marketing activities such as the sending of commercial information. The legal grounds are the execution of the agreement, the fulfilment of legal and regulatory obligations (such as the 30bis declaration of works) and/or our legitimate interest.
We collect and process the identity and contact details of our suppliers and subcontractors, as well as their subcontractors, subcontractors, subcontractors, if any, their staff, employees, appointees and other useful contact persons. The purposes of this processing are the execution of this agreement, the management of the suppliers/subcontractors, accounting and direct marketing activities such as the sending of commercial information. The legal bases are the performance of the agreement, the fulfilment of legal and regulatory obligations (such as the mandatory electronic attendance registration, the 30bis declaration of works, the attendance list or other obligations in public contracts, etc.) and/or our legitimate interest (such as for direct marketing). For electronic attendance registration, the E-ID data or the Limosa number are also processed, where applicable. For direct marketing activities by e-mail (such as a newsletter or invitation to events), consent will always be requested and can also be withdrawn at any time.
We process the personal data of our employees and service providers in the context of our personnel management and payroll administration. Given its specific nature, this processing is regulated in more detail in a Data Protection Policy for staff.
In addition to the data of customers, suppliers/subcontractors and staff, we also process personal data of other third parties, such as potential new customers/prospects, useful contacts within our sector, network contacts, contacts of experts, etc. The purposes of this processing are in the interest of our activities, direct marketing and public relations. The legal basis is our legitimate interest or, in some cases, the performance of a contract.
The personal data is stored and processed by us for a period that is necessary in function of the purposes of the processing and in function of the (contractual or otherwise) relationship we have with you.
Customer data and data from suppliers or subcontractors will in any case be deleted from our systems after a period of ten years after the termination of the agreement or project, except for this personal data that we are required to keep for a longer period of time on the basis of specific legislation or in the event of an ongoing dispute for which the personal data is still necessary.
In accordance with and under the conditions of the Belgian privacy legislation and the provisions of the General Data Protection Regulation, we inform you that you have the following rights:
Right of access and inspection: you have the right to inspect the data we have about you free of charge and to check what it is used for.
Right to rectification: you have the right to obtain rectification (correction) of your inaccurate personal data, as well as to complete incomplete personal data.
Right to erasure or restriction: You have the right to request that we erase your personal data or restrict its processing in the circumstances and under the conditions set out in the General Data Protection Regulation. We may refuse the deletion or restriction of any personal data that is necessary for us to carry out a legal obligation, the performance of the agreement or our legitimate interest, and this for as long as this data is necessary for the purposes for which it was collected.
Right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You have the right to transfer this data to another controller.
Right to object: you have the right to object to the processing of your personal data for serious and legitimate reasons. However, please note that you cannot object to the processing of personal data that is necessary for us to carry out a legal obligation, the performance of the agreement or our legitimate interest, and this as long as this data is necessary for the purposes for which it was collected.
Right to withdraw consent: If the processing of personal data is based on prior consent, you have the right to withdraw this consent. This personal data will then only be processed if we have another legal basis for doing so.
Automatic decisions and profiling: we confirm that the processing of the personal data does not involve profiling and that you are not subject to fully automated decisions.
You can exercise the aforementioned rights by sending a request to the company either by letter to the attention of Mr. Eric De Ribaucourt, or by email to the following email address: ericderibaucourt@vma.be.
We make every effort to handle your personal data in a careful and legitimate manner in accordance with applicable regulations.
Certain personal data collected by us will be transmitted to and possibly processed by third-party service providers, such as our IT supplier, accountant, auditor, as well as by the public authorities (for example, in the case of the 30bis declaration of works, electronic attendance registration or the bidding for public contracts).
It is possible that one or more of the above third parties are located outside the European Economic Area (“EEA”). However, only personal data will be transferred to third countries with an adequate level of protection.
The employees, managers and/or representatives of the service providers or institutions mentioned above and the specialised service providers appointed by them must respect the confidential nature of your personal data and can only use this data for the purposes for which it was provided.
If necessary, your personal data may be passed on to other third parties. This may be the case, for example, if the Company were to be fully or partially reorganised, its activities were to be transferred or if it were to be declared bankrupt. It is also possible that personal data must be transferred pursuant to a court order or to comply with a certain legal obligation. We will use reasonable efforts to inform you in advance of this communication to other third parties. However, you will understand that in certain circumstances this is not always technically or commercially feasible or that legal restrictions may apply.
For the sole purpose of promoting links and synergies between the entities of the CFE group, we may transmit the data of our customers, suppliers and/or subcontractors to our affiliated companies.
Finally, when a potential customer requests us to provide references from similar projects in response to a request for a quote, we may provide the personal data of the contact person of customers for whom we have provided similar services. However, we will always make every effort to inform you of this in advance.
Under no circumstances will we sell or make commercially available your personal data to direct marketing agencies or similar service providers, unless with your prior consent.
We take the necessary technical and organisational measures to process your personal data with an adequate level of security and to protect it against destruction, loss, falsification, alteration, unauthorised access or accidental disclosure to third parties, as well as any other unauthorised processing of this data.
Under no circumstances can the Company be held liable for any direct or indirect damage resulting from an incorrect or unlawful use of the personal data by a third party.
For the purpose of processing your personal data, we grant access to your personal data to our employees, collaborators and appointees. We guarantee a similar level of protection by making contractual obligations similar to this Data Protection Notice enforceable against these employees, collaborators and appointees.