Privacy Policy
Version: September 2023
This Privacy Policy applies to the processing of personal data on our websites and in the context of the services offered by Enersynt BV, with registered office in Belgium at Rue de la Râperie 14, B-4280, Hannut, with company number 0722.827.370, RPR. Liège Department.
We assure you the confidential processing of your personal data in accordance with the General Data Protection Regulation, in short ‘AVG’ or ‘GDPR’. This Privacy Policy may be amended or updated on a regular basis. We therefore kindly request you to regularly consult this Privacy Policy on our websites so that you always have the most recent version.
Questions about applicable law and this privacy policy can be directed to our Data Protection Officer (“DPO”) at info@enersynt.com.
Enersynt BV and affiliated companies, abbreviated as “Enersynt” with headquarters located at Geldenaaksevest 2, B-3000, Leuven, (hereinafter “we” or “us” or referred to as “Enersynt”). Enersynt BV may also share personal data with another member of Enersynt or affiliates. We act as Data Controller with regard to data that we process for our own purposes, for example in the fields of marketing, HR, legal affairs, statistics, administration and compliance (see below).
This Privacy Policy should be read in conjunction with our Social Media Policy as well as our Cookie Policy.
When we offer our business solutions (“Services”) to our customers, we process personal data as a Processor on behalf of our customers.
As Data Controller, Enersynt processes personal data for the following purposes, based on the mentioned legal basis:
Maintaining an adequate level of security (security). We consider the security of our services and in general our information security as our legal obligation under Art. 6 (1) (c) of the GDPR and our legitimate interests pursuant to Art. 6 (1) (f) of the GDPR. In doing so, we monitor the use of our systems internally to detect violations of internal policies, unauthorized operations in our systems, or malicious bots, code or behavior. This goal includes taking adequate security measures, their periodic assessment and review.
Direct marketing communication & online marketing. We consider the processing of personal data for direct marketing to be our legitimate interests in accordance with Art. 6 (1) (f) of the GDPR. Where required by ePrivacy or other legal regulations, we rely on the consent of the data subject in accordance with Art. 6 (1) (a) of the GDPR. This purpose relates to direct marketing communications from Enersynt, for example through our own marketing campaigns, newsletters, events, blogs and through our social media channels, interacting with users online, maintaining our websites and publishing team or event photos where permitted.
Exercising or defending legal claims. Like any business, we must file our legal claims from time to time, seek compensation or settlement and retain legal evidence, seek legal advice from outside counsel, ensure regulatory compliance, be represented by legal counsel in judicial, criminal, administrative or other proceedings or reporting to law enforcement authorities. We do this on the basis of our legitimate interests pursuant to Art. 6 (1) (f) of the GDPR or on the basis of the fulfillment of the contract according to Art. 6 (1) (b) of the GDPR.
Tax, invoicing and accounting. In order to comply with tax, billing and accounting regulations, we need to process a certain limited scope of personal data. We do this because we are obliged to do so under Art. 6 (1) (c) of the GDPR.
Contract execution. We conclude contracts with individuals (in the case of employment) as well as other companies whereby we process, among other things, personal data about personnel or contacts in a B2B context for the conclusion, execution and management of the contract (legal basis = contractual execution art. 6 (1) (b) of the GDPR. This purpose also includes any pre-contractual negotiation or processing of data via a contact form on our website or other channels.
Quality & service improvement. We process your personal data to perform statistical analyzes with the aim to improve our websites, products and services or develop new products and services.
When you apply for a vacancy via our website or in another way, we process the data of the candidates with the aim to recruit and conclude a contract. We ask permission to keep personal data of not withheld candidates in order to contact them for future job offers.
In order to provide the Services, we process personal data as a Processor on behalf of our customers. The purpose and legal basis of such processing is determined individually by each customer and not by Enersynt.
We only process personal data that is necessary, both in terms of type and for the purposes of processing explained above. For most purposes, we only process basic identifiers and contact details, including typical communication data and content.
When you fill in a contact form on our websites or contact us by e-mail, telephone, fax or other channel, we may collect the following: name, e-mail address, postal address, telephone number, as well as the log data of your message (date, time).
For the conclusion of contractual agreements with customers, in addition to contact and identification data, we also process public data, namely data that are located in public databases such as the crossroads bank of companies, data that you have made public on a website, data that is generally are known or have appeared in the press.
In the context of recruitment, we process personal data of candidates such as a CV. We do not use automated data processing or profiling. We process email address and contact details in the context of direct marketing, if you have given your consent for this.
Enersynt does not share your personal data with third parties, except to third parties in the context of the execution of its services, and only if this is necessary for technical support or when it is obliged to do so on the basis of a legal provision or a court decision. These third parties may only process your personal data on our behalf and with our explicit written consent and in accordance with the purposes outlined above. We guarantee that all third parties acting as processors or sub-processors are carefully selected and are required to maintain the security, confidentiality and integrity of your personal data.
When you are looking for a job, we may partner with third parties to perform tasks on our behalf, such as checking references, conducting psychometric evaluations and testing skills.
Within Enersynt, your data will only be shared with authorized personnel (internal recipients) or a verified / authorized third party. Our employees or internal contractors may have access to your personal information on a strictly necessary basis, which is generally determined and limited by the position, role and department of the relevant employee.
We use subcontractors to support us in providing services that may process personal data for us. We ensure that the selection of our subcontractors and any processing of personal data by them is in accordance with the GDPR. Enersynt uses the following categories of subcontractors for the provision of services: hosting services, data center services, suppliers of standard software solutions (such as Microsoft); marketing and analytics software providers and operators, and other software services. Those parties are bound by adequate data processing agreements.
We aim to have all cloud services and servers in the EU. However, some of our subcontractors or the above recipients of personal data may be located outside the EU or their servers may be located outside the EU. Any transfer of personal data outside the EU is done by us only under strict compliance with the GDPR. We ensure that the third-party recipients in non-eligible countries have entered into the EU Standard Contractual Clauses (EU SCC) with us or ensure equivalent safeguards.
Enersynt guarantees a qualitative and high level of data and data security, and this by taking all necessary & reasonable contractual, technical and organizational measures. We strive to evaluate these measures at regular intervals and adjust them if necessary.
Enersynt stores your personal data for a period that is necessary for the execution of the agreement and in function of the purposes of the processing, as described above. Due to this legal obligation, but also due to technical and financial aspects of data storage, we actively delete data where it is no longer needed. Retention periods are either provided for in the respective laws, data processing agreements, instructions of the controllers, resp. customers or are set out by us in our internal policies. Where the processing of your personal data is based on consent and you decide to withdraw your consent, we will not further process your personal data for the specific purpose.
All retention periods with regard to the personal data that we process on behalf or our customers are determined by our customers. We may only retain such personal data for the duration of our data processing agreement, after which we must return or delete all personal data about customer data subjects. However, we may delete personal data even earlier if the customer instructs us to do so, for example if the customer no longer finds the storage of such data necessary for the stated purpose.
When processing your personal data, you can exercise various rights vis-à-vis us. When we ask for consent for processing, you can withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
If you would like to exercise any of these rights below, you can always contact us at info@enersynt.com.
You have the right: to request information and to access your personal data, to correct incorrect data (and supplement incomplete data), to erasure of personal data (right to be forgotten); on restriction of processing based on legitimate interest, on an unmotivated and free objection to direct marketing, on data portability, not to be subject to individual decision-making.
In order to be able to handle your request quickly and correctly, we ask that you be as specific as possible when addressing your request. If there is any doubt about the requester’s identity, additional information will be requested to establish identification and authentication.
Enersynt has the right to refuse your requests if the requests are “manifestly unfounded or excessive” (in particular because of their repetitive nature) or to charge a reasonable fee of 100 euros excl. VAT per request.
If you have any questions or complaints about the way in which we process your personal data, you can always contact us at the following email address: info@enersynt.com.
In addition, you always have the option to submit a complaint to the Data Protection Authority: Drukpersstraat 35, 1000 Brussels, e-mail: contact@apd-gba.be.