Privacy Policy
Introduction
ThermoVault considers your privacy very important. You have the right to know which personal data we process about you and how we do this. In this privacy policy you will receive an answer to the following questions:
-
Who is responsible for the processing of personal data?
-
What is the scope of application of this privacy policy?
-
When do we collect which personal data from you, what do we do with it and why are we allowed to do this and for how long do we keep it?
-
How do we protect your personal data?
-
Who has access to your personal data?
-
What are your rights as a data subject?
-
Whom do you contact in case of questions regarding this privacy policy?
-
Changes to the privacy policy
Who is responsible for your personal data
The data controller for the processing of your personal data is ThermoVault BV, with registered office Hoefstadstraat 86, 3600 Genk. Our contact details are by phone at +32 456 22 61 37 or by email at contact@ThermoVault.com. For questions regarding the processing of your personal data, it is best to contact our DPO who can be reached at the following email address: privacy@ThermoVault.com
What is the scope of this privacy policy
This Privacy Policy is only applicable when ThermoVault is in charge of the processing of your personal data. This means that ThermoVault acts as a data controller and determines why and how your data is being processed.
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly.
Which specific data this may concern, will be explained in detail below.
‘Processing’ means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
​
This Privacy Policy applies to the processing of personal data by ThermoVault from the categories of persons (data subjects) mentioned hereunder. The categories include persons who belonged to these categories in the past (e.g. former customers), and persons who may belong to these categories in the future (e.g. potential clients).
-
visitors to our public website
-
our customers or business partners
-
our suppliers, that assist us in operating our activities
-
staff candidates
​
If one of the persons referred to above is a legal person, we still process data from our contact persons at these entities and the GDPR applies.
​
Our website uses cookies. For more detailed information about the processing of your data by the use of cookies on a website, please refer to our Cookie Policy, which forms an integral part of this Privacy Policy.
What personal data do we process?
Below we clarify what personal data we may process from you. Depending on the specific situation, your preferences and how you contact us, we may not process all of the data below.
General
From all our contacts we may process the data below:
Type of data | Examples (non-exhaustive) |
---|---|
Contact details and history | Name, first name, address, email address, phone number, communications sent and received (e.g., email messages, messages sent via the contact form on our website, letters, etc.). |
Identification data | A copy of your identity card (solely to verify your identity if you wish to exercise any of your rights as a data subject under the GDPR). |
Electronic identification and usage data (related to our website) | IP address, browser type, location data, by which route you arrived at our website, the type of device you use to visit our website, the web pages visited, and the way you navigate on the web pages visited. This data is processed mainly through the use of cookies. For more details on this, please refer to our separate Cookie Policy. |
Customers and business partners or suppliers
From (contact persons of) our customers and business partners or suppliers we may additionally process the following data:
Type of data | Examples (non-exhaustive) |
---|---|
Feedback | Any feedback you may have, as a customer or business partner or supplier, on our co-operation. |
Payment and billing information | Payment card details, and bank account number, if you make payments to us or receive payments from us. |
Contact details and history | Name, first name, address, email address, phone number, communications sent and received (e.g., email messages, messages sent via the contact form on our website, letters, etc.). |
Staff Candidates
Of staff candidates, we may additionally process the following data. Of course, this will largely depend on what data you wish to provide us with in connection with your job application.
Type of data | Examples |
---|---|
Audiovisual data | Pictures and video recordings that you would provide to us in the context of your application. |
Personality Profile | Motivation letter, hobbies, social activities, personality, interview notes. |
Work-related data | Curriculum vitae, education, certificates and credit lists, language skills, professional career, publications, portfolio. |
Personal details | Age, gender, date of birth, nationality. |
Contact details and history | Name, first name, address, email address, phone number, communications sent and received (e.g., email messages, messages sent via the contact form on our website, letters, etc.). |
Special categories of personal data
Special categories of personal data are personal data relating to health, racial or ethnic origin, political opinion, religious beliefs, trade union membership, genetic or biometric data, sexual orientation/life, and criminal conviction. In principle, we will not process special categories of data unless you provide it to us with your explicit consent.
How long do we store your personal data?
We do not store your data for longer than is necessary to achieve the purpose for which the data has been collected or processed, as specified above.
Since the period for which the data can be stored depends on the purposes for which the data has been collected, the storage period will vary according to the individual situation. Sometimes specific legislation will require that we store certain data for a certain period. Our retention periods for personal data are based on legal requirements and balancing your rights and expectations against what is useful and necessary to provide our services or allow you to provide your services to us.
When it is no longer necessary to process your data, we will delete or anonymize your data. If this is not (technically) possible, for example, because your data is stored in backup archives, then we will retain your data, but we will not further process it and will remove it when this becomes possible.
From whom do we obtain your personal data?
As a customer, business partner, supplier, or staff candidate, we mainly obtain your personal data directly from you, as a result of the contact we have with each other with a view to the (possible) provision of services or support or possible collaboration. However, we cannot rule out obtaining certain of your personal data indirectly in specific circumstances, from public sources or from third parties. We may also consult the profile of staff candidates on professional social media platforms, or receive your details from a recruitment agency should you apply with us this way.
In the event we obtain your data indirectly, we will inform you about the processing of your data no later than at the time of our first contact with you.
How do we protect your personal data?
Your privacy is our top priority, which is why we do everything we can to protect your personal data. We have taken all appropriate technical and organizational measures to protect your data against a possible data breach.
Who has access to your personal data?
Internal
Within our organization, only authorized staff members and the persons we designate have access to your personal data. These are only those persons who require access for the correct performance of their function or for the needs of the service.
​
External
Personal data will never be passed on by us to third parties/processors, unless:
-
There are legal obligations.
-
For certain processing within the implementation of our agreement, such as IT support, we call on other parties. We have concluded a processor agreement (DPA) (EU processors) or standard contractual clauses (SCC) (third country processors) with these parties to ensure that your personal data is also processed by them in a safe and confidential manner. The DPA / SCC guarantees appropriate technological and organizational protective measures. Your personal data is therefore in good hands with these processors.
Controllers/processors who may receive personal data from ThermoVault:
-
Court and/or police services in the context (possible) fraud investigation, …
-
Processors (see above) who support us in our administrative obligations such as IT hardware and software support.
-
Third parties in connection with the handling of complaints in which you are involved
-
Lawyers, bailiffs, government inspection services and similar third parties in the context of investigations or legal proceedings.
International
No personal data will be passed on to third parties/processors in third countries (e.g. certain countries outside the EU such as the United States), unless necessary. Where we transfer personal data outside of the European Economic Area to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses or your explicit consent that will be requested before transferring your personal data outside of the EEA.
In any case, we and such third parties have taken the necessary technical and organizational measures intending to protect your data against loss or any form of unlawful processing.
Which are your rights as a data subject?
You have several rights concerning the personal data we process about you. If you wish to exercise any of the rights set out below, please contact us using the contact details provided in the first heading of this Privacy Policy.
​
Right of access and copy
You have the right to access your data and obtain a copy thereof. This right also includes the possibility of requesting further information on the processing of your data, including the categories of data processed about you and for what purposes.
​
Right to rectification
You have the right to have your data amended if you believe we have incorrect data.
​
Right to erasure (right to be forgotten)
You have the right to request that we delete your data without unreasonable delay. However, we will not always be able to comply with such a request, including when we still need the data in function of a current contractual relationship, or when the retention of certain data for a certain period is required by law.
​
Right to restriction of processing
You have the right to restrict the processing of your data. In this way, the processing is temporarily stopped until, for example, there is certainty about its accuracy.
​
Right to withdraw your consent
Where the processing is based on your consent, you have the right to withdraw this consent at any time by contacting us. For marketing messages you receive from us via email based on your consent, you can easily withdraw this consent by clicking ‘Unsubscribe’ at the bottom of each such message.
​
Right to object
You have the right to object to the processing of your data based on our legitimate interests. This should be based on reasons specific to your situation. In this case, we must stop processing unless we provide compelling legitimate grounds to continue processing. However, you can always object to the use of your data for direct marketing purposes, after which we are obliged to stop the processing for these purposes.
​
Right to data portability
You have the right to obtain your data, which you have provided to us yourself, in electronic form. In this way, they can be easily transferred to another organization. You also have the right to request us to transfer your data directly to another organization, if this is technically possible.
​
Right to complain to your supervisory authority
If you believe that we are improperly processing your data, you always have the right to lodge a complaint with your data protection supervisory authority. You can do this with the supervisory authority of the EEA member state where you usually reside, where you have your place of work or where the alleged infringement has taken place. Since we manage and coordinate the project activities primarily from Belgium, please refer below to the contact details of the Belgian Data Protection Authority.
​
Belgian Data Protection Authority (GBA)
Drukpersstraat 35
1000 Brussels
+32 (0)2 274 48 00
contact@apd-gba.be
Website GBA – filing a complaint
​
For further information and the contact details of the supervisory authority of each EEA member state, please refer to this website page of the European Data Protection Board with all relevant contact details. In addition, you may always apply to the competent civil court to claim compensation.
How can you exercise your rights?
You can exercise the aforementioned rights simply by contacting us using the contact information outlined at the beginning of this Privacy Policy.
When you request to exercise your rights, if we have any doubts about your identity, we will ask you to verify it. In this case, we will request the transmission of documents that enable your identification beyond a reasonable doubt, such as a copy of the front of your identity card. We do this to prevent your data from falling into the wrong hands. It is sufficient for such a copy to show your name and date of birth clearly. You preferably delete all the other data.
The exercise of your rights is in principle free of charge. However, where your request is manifestly unfounded or excessive, we may charge you a reasonable fee in light of the administrative costs incurred by us. In the same case, however, we may choose not to act on your request. You will be informed of the reasons if we do so.
In any event, we will always inform you of the action taken on your request at the latest within 1 month of receipt. In the case of complex or frequent requests, this period may be extended to 3 months. In the latter case, you will be informed of the extension of the response period.
Whom do you contact in case of questions regarding this policy?
If you have any questions regarding this privacy policy or the exercise of your rights in this regard, please contact our DPO through the following e-mail address: privacy@ThermoVault.com
Changes in this privacy policy
ThermoVault reserves the right to update this privacy policy. If this Privacy Policy changes, we advise you to review this Privacy Policy regularly when you visit our website.
ThermoVault service privacy policy
We maintain a separate privacy policy about the processing activities of our services and solutions, which can be requested via e-mail at privacy@ThermoVault.com. We will send you the Privacy policy without undue delay. We will not use your e-mail address for other purposes than sending you the Privacy Policy Document, so you will not receive any marketing emails.