Privacy Policy

Version of March 2022
Version history

We understand that your trust in us is DEO’s (hereinafter referred to as “DEO“, “we” or “us“) most important asset. As such, your privacy is essential to us.  

This privacy policy (hereinafter referred to as “Privacy Policy“) is applicable, inter alia, to (i) our website https://deo.care/ (hereinafter referred to as the “Website”) and (ii) all (commercial) relations between DEO and its customers, prospects and business partners.  

This Privacy Policy includes information about the personal data collected by DEO, as well as the manner in which DEO uses and processes this personal data. 

DEO wishes to emphasize that it always attempts to act in accordance with (i) the Belgian Privacy Law of 30 July 2018 regarding the protection of natural persons in relation to the processing of personal data, (ii) the EU Regulation of 2016 concerning the protection of individuals with regards to the processing of personal data, regarding the free movement of such data and repealing Directive 95/46/EC, and (iii) other applicable data protection legislation. 

Visiting the Website, subscribing to the newsletter, making use of the products and/or services of DEO and/or any other communication with DEO implies your explicit approval (through disclosure of your personal information or opt-in) of the Privacy Policy and consequently with how we collect, use and process your personal data. 

Please read this Privacy Policy in conjunction with DEO’s legal disclaimer and Cookie Policy.

 

I. The data controller 

The data controller of the processing activities is DEO NV, with its registered office at 3600 Genk, C-Mine 12, and with company number 0652.646.484, VAT BE 0652.646.484. The contact details of DEO can be found under Article X of this Privacy Policy. 

 

II. The processing activities of DEO

A. General

DEO may use your personal data for the following purposes: 

  • Performance of the agreement with DEO (incl. the follow-up thereof) 
  • Drawing up a quote and/or issuing invoices 
  • Providing support/assistance 
  • Responding to questions (whether or not submitted via a contact form) 
  • Optimizing the quality, management, and content of the Website 
  • Sending newsletters, webinars, and event invitations 
  • Creating statistics
  • Optimizing the customer experience on the Website 
  • Use of cookies, pixel tags, and other technologies, as set out in the Cookie Policy on the Website  
  • As part of any other (commercial) relationship entered into with DEO 

All personal data, collected by DEO, are thus expressly and voluntarily provided by you.  

Providing certain personal data is (sometimes) a requirement to be able to enjoy certain services (e.g. to gain access to certain parts of the Website, to subscribe to newsletters, to participate in certain activities and events, delivery of your online quote). In this respect, it shall be indicated which data must be provided mandatory and which data is optional. 

In case the legal ground for processing of personal data by DEO is legitimate interest, DEO will always (i) assess the necessity of the processing activity in relation to the purpose of the processing (proportionality test), and (ii) assess whether you, the data subject, could reasonably expect the specific processing activity to take place, in order to evaluate the possible effects of the processing activity on your fundamental rights and freedoms. 

DEO thus always strives to minimize the impact on your fundamental rights and freedoms as much as possible. We warrant that we will process your personal data on the basis of a legitimate interest only if we are absolutely sure that a balance can be found between your rights and freedoms and our interests. If a balance cannot be guaranteed, DEO: (i) will no longer process your personal data in that specific situation (for that specific purpose); or (ii) will rely on another legal ground to process your personal data (e.g. consent). 

 

B. Processing activities for use of the Website

Method of collectionPersonal dataPurposeLegal groundRetention period
Scheduling an introduction call via Calendly or getting in touch via e-mail Identification and contact details: First name, e-mail address. Answering questions and inquiries.Legitimate interest.Duration necessary to answer the question or schedule and follow-up on an introduction meeting.
CookiesElectronic identification data: IP address, information collected via cookies (read our Cookie Policy).Optimizing and personalizing your browsing experience. Legitimate interest for necessary cookies.

Explicit consent for non-essential cookies (consent can be withdrawn at any time).
Dependent on type of cookie and the cookie consent.
Subscribing to the newsletter Identification and contact details: First name, e-mail address, company name.

Opt-in / opt-out for electronic mailings.
Informing you of news about our operations or events.Legitimate interest for existing customers, and explicit consent for others. Immediately after the person concerned has unsubscribed.
Job applicationsIdentification and contact details: name, first name, company name, phone number, e-mail address.

Information provided in resume and/or cover letter, such as: education and training, family composition, financial details, occupation and employment, image and other information that is relevant for possible recruitment.

Use of social media (e.g. LinkedIn, Indeed).

Notes taken by the interviewer during the interview process.
Assessing the suitability of candidates in the context of a selection procedure.Legitimate interests and legal grounds.Recruitment reserve, maximum 1 year. This period may be longer in the case of a specialised profile that is more difficult to find (maximum 2 years).
Online purchasesBilling details: first name, last name, email address, company name.Purchase via the Website.Performance of a contract.For the duration of the customer relationship + 6 months administrative period.

CRM management: 10 years (average customer relationship).

DEO also collects certain user and device data when using the Website. This information is anonymous when it does not reveal your identity and may not constitute processing of personal data. Examples of this type of user and device data include information collected through cookies, pixel tags, and other technologies. More information about the collection of data via cookies can be found in DEO’s Cookie Policy 

 

C. Other processing activities per category

Method of collectionPersonal dataPurposeLegal groundRetention period
FinanceIdentification and contact details: name, first name, company name, address, e-mail address, phone number, VAT number.

Financial details: identification and bank account numbers.
Invoicing, payment reminders, credit management.Performance of agreement.7 years (legal minimum retention period).
OperationsIdentification and contact details: Name, first name, company name, e-mail address, mobile number, address, bank details and other project-specific data. Operations, such as quotation procedure, customer acquisition, customer conversion, performance of customer contract, interaction with suppliers & partners, handling of rights of those involved, quality controls, ...Performance of the agreement.

Other:
legitimate interest.
Execution of contract: The duration of the customer relationship + 6 months administrative period.

Legitimate interest:
Until the processing purposes are achieved.
Sales & MarketingIdentification and contact details: Name, first name, profession, function, company name, company address, e-mail addresses, direct marketing preferences, customer number.

Electronic identification data: IP address, click behaviour, other project-specific data, information collected via cookies (read our Cookie Policy).
Sales & marketing activities, such as customer acquisition, customer management, customer inbox/customer portal, event mailings, CRM management, customer satisfaction.Performance of the agreement: customer management.

Electronic direct marketing: opt-in consent or legitimate interest for existing customers.

Other marketing purposes (contacting prospects and potential clients, handling inquiries, promoting the business in general (online and offline): legitimate interest.
For the duration of the customer relationship + 6 months administrative period.

CRM management: 10 years (average customer relationship).

 

III. With whom is your personal data shared?

DEO shall not disclose your personal data to third parties, unless it is necessary in the context of performing the agreement and optimization thereof. In this respect, your personal data may be disclosed to software providers, cloud partners, and service providers (e.g. Active Campaign (CRM & e-mail marketing), Breezy (job applications), Calendly (appointment scheduling), WooCommerce (e-commerce)). 

If it is necessary that DEO discloses your personal data to third parties, the third party concerned is required to use your personal data in accordance with the provisions of this Privacy Policy.  

Notwithstanding the foregoing, it is however possible that DEO discloses your personal data: 

  • To the competent authorities (i) if DEO is obliged to do so under the law or under legal or future legal proceedings and (ii) to safeguard and defend our rights 
  • If DEO, or the majority of its assets, are taken over by a third party, in which case your personal data – which DEO has collected – shall be one of the transferred assets. 

In all other cases, DEO will not sell, hire out or pass on your personal data to third parties, except when it (i) has obtained your permission to this end and (ii) has completed a data processing agreement with the third party in question, which contains the necessary guarantees regarding confidentiality and privacy compliance of your personal data. 

 

IV. Cross-border processing of personal data 

Any transfer of personal data outside the European Economic Area (EEA) to a recipient whose domicile or registered office is in a country that does not fall under the adequacy decision enacted by the European Commission, shall be governed by the provisions of a data transfer/processing agreement, which shall contain (i) the standard contractual clauses, as referred to in the ‘European Commission decision of 4 June 2021 (Decision 2021/915)’, or (ii) any other mechanism pursuant to privacy legislation, or any other regulations pertaining to the processing of personal data. 

 

V. How long will your personal data be stored? 

Unless a longer storage period is required or justified (i) by law or (ii) through compliance with another legal obligation, DEO shall only store your personal data for the period necessary to achieve and fulfill the purpose in question, as specified in the Privacy Policy under ‘Use of personal data’. 

 

VI. What are your privacy rights?

In light of the processing of your personal data, you enjoy the following privacy rights: 

  • Right of access to your personal data.
    • The data subject shall at all times have the right to access and inspect the personal data processed by the company. The company will provide a copy of this personal data, if the data subject so requests. 
  • Right to rectification, completion, or update of your personal data.
    • The data subject shall always have the right to have inaccurate, incomplete, inappropriate, or outdated personal data deleted or corrected. 
  • Right to delete your personal data (‘right to be forgotten’).
    • DEO wishes to point out that in this context certain services will no longer be accessible and/or can no longer be provided if you delete resp. request deletion of certain required personal data. 
  • Right to limit the processing of your personal data.
    • The data subject has the right to limit data processing if: 
      • He disputes the accuracy of the data for a period of time that allows the company to verify the accuracy.
      • The processing is unlawful and he opposes the erasure of the personal data and instead requests restriction of their use.
      • The company no longer needs the personal data of the individual for the processing purposes, but the data subject still needs them for the establishment, exercise, or substantiation of a legal claim.
      • He has objected to a processing operation, pending the answer to the question of whether his objection is well-founded. 
  • Right to transferability of your personal data.
    • The data subject has the right to receive the personal data processed by the company in a structured, accessible, and digital format in order to save it for personal use or reuse or to transfer this personal data directly to another data controller. This right applies as far as this is technically possible for the data controller. 
  • Right to object/oppose to the processing of your personal data.
    • The data subject always has the right to object to the processing for reasons relating to his specific situation. 
    • The data controller will immediately cease processing the personal data, unless he demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subjects or which are connected with the establishment, exercise of substantiation.

If you wish to invoke your privacy rights, please contact dataprotection@deo.care

In principle, you can exercise these rights free of charge.   

If you no longer wish to receive newsletters or information about the products of DEO, you can unsubscribe at any time by clicking the “unsubscribe” button underneath each of DEO’s emails. 

 

VII. Security of personal data

DEO undertakes to take reasonable, physical, technological, and organizational precautions in order to avoid (i) unauthorized access to your personal information, and (ii) loss, abuse, or alteration of your personal data. 

Notwithstanding DEO’s security policy, the checks it carries out, and the actions it proposes in this context, an infallible level of security cannot be guaranteed. Since no method of transmission or forwarding over the internet, or any method of electronic storage is 100% secure, DEO is, in this context, not in a position to guarantee absolute security. 

 

VIII. Update Privacy Policy

DEO is entitled to update this Privacy Policy by posting a new version on the Website. As such, it is strongly recommended to regularly consult the Website and the page displaying the Privacy Policy, to make sure that you are aware of any changes.  

Each update can be consulted in detail in the version history of the Privacy Policy.  

 

IX. References to other websites

The Website may potentially contain hyperlinks to other websites. When you click on one of these links, you may be redirected to another website or internet source that could collect information about you through cookies or other technologies. DEO does not bear any responsibility, liability, or control authority over these other websites or internet resources, nor about their collection, use, and disclosure of your personal data. You must check the privacy statements of these other websites and internet sources in order to be able to judge whether they act in accordance with the Privacy Legislation. 

 

X. Contact DEO

If you have questions and/or remarks about this Privacy Policy or the manner in which DEO collects, uses and/or processes your personal data, please contact us: 

Via mail: C-Mine 12, 3600 Genk, Belgium  

Via e-mail: dataprotection@deo.care 

 If you are dissatisfied with how DEO deals with these questions or comments, or if you have concerns about how DEO collects, uses, or processes your data, you may lodge a complaint with the competent supervisory authority. This may be the supervisory authority of (i) your usual place of residence, (ii) your place of work, or (iii) the location of the alleged breach of the Privacy Legislation.  

Contact details of the Belgian Data Protection Authority:
Data Protection Authority (Gegevensbeschermingsautoriteit)
Drukpersstraat 35, 1000 Brussel
Tel: +32 (0)2 274 48 00
E-mail: contact@apd-gba.be