Privacy Policy

Personal data is data that can be used to directly or indirectly identify natural person. We may collect and process personal data in various ways, e.g. when:

• you contact or have contacted us (e.g. via the contact form on the Website, via the chatbot, when you book a meeting via our Website, etc.);
• we provide or have provided any of our services to you;
• you wish to apply for a job at Disso;
• when you create an account via our Website/Platform;
• when you subscribe to our newsletter;
• etc.

Usually, you give us your personal data yourself. Sometimes we receive your contact details through third parties, e.g:

• via the contact form on our Website, e.g. a colleague of yours can invite you as a 'guest' to get acquainted by providing us with your e-mail address.

We may also find, update, supplement and improve your data through public sources (e.g. Crossroads Bank for Enterprises, etc.) and social networks (e.g. LinkedIn, etc.).

In principle, we use your personal data only for providing the services you request. If we use external service providers to provide these services, these service providers also have access to your personal data exclusively within the scope of their services. We have implemented necessary technical and organizational measures to ensure compliance with data protection regulations and also require external service providers to adhere to these provisions. We have entered into data processing agreements with relevant third parties, which include necessary safeguards regarding the confidentiality and privacy compliance of your personal data.

Notwithstanding the foregoing, it is possible that Disso may disclose your personal data to competent authorities (i) if Disso is required to do so by law or legal process and/or (ii) to protect and defend our rights.

In principle, we aim to store your personal data on IT systems in the European Economic Area ("EEA").

If personal data are transferred to countries or organisations outside the EEA, appropriate safeguards will always be provided. Any transfer of personal data outside the EEA to a recipient in a country not covered by a decision of the European Commission to provide an adequate level of protection, will be subject to the provisions of a data transfer agreement, which will include (i) the standard contractual clauses issued by the European Commission, or (ii) any other mechanism in accordance with the GDPR, or any other regulation relating to the processing of personal data such as the EU-U.S. Data Privacy Framework for transfers to the U.S. If you have any questions regarding these safeguards or their accessibility, please contact us by e-mail or post using the details below (under title 2.5).

You have several rights:

• You have a right to access your personal data. This allows you to check what personal data we process about you;
• You have a right to correct your personal data. This allows you to correct or supplement any incorrect or incomplete personal data we process about you;
• You have a right to erasure of your personal data. This allows you to permanently erase personal data that we process about you. We are not always obliged to erase your personal data at your request – this right only applies in the cases and to the extent provided by law;
• You have a right to restrict the processing of your personal data. This allows you to freeze our use of your personal data without erasing it. We are not always obliged to restrict your personal data at your request – this right applies only in the cases and to the extent provided for by law;
• You have the right to object to the processing of your personal data. This allows you to object to the further processing of your personal data. We are not always obliged to honor your objection – this right only applies when we process your personal data based on our legitimate interests;
• You always have the right to withdraw your consent when the processing of your personal data is based on your consent;
• You always have the right to object the processing of your personal data for direct marketing purposes;
• You have the right to data portability. This allows you to transfer, copy or forward personal data smoothly from one controller to another. This right can only be exercised if the processing is based on your consent or on an agreement with you.

If you wish to exercise any of the rights listed above, please contact us by e-mail or post using the details below (under title 2.5).

When you make a request to exercise your rights, we will first verify your identity through the appropriate and least privacy-intrusive means. We do this to prevent your data from falling into the wrong hands.

The exercise of your rights is in principle free of charge. If your request is manifestly unfounded or excessive, we may charge you a reasonable fee in light of the administrative costs incurred by us. In such cases, however, we may also choose not to comply with your request. You will be notified of the reasons for this, if applicable.

In any case, we will always inform you of the outcome of your request no later than within one month. For complex or multiple requests, this period may be extended by two months, but we will also inform you of this necessary extension within the initial month.

For the exercise of your rights, for any questions or complaints related to the processing of personal data, you can always contact us:

• via email: [email protected]
• via letter:
  Disso Security BV
  FAO: the data protection manager
  Kakelstraat 36
  9800 Deinze
  Belgium

You can also file a complaint with the supervisory authority in the location where you reside. For Belgium, this is the Data Protection Authority:

• via the website: gegevensbeschermingsautoriteit.be
• via e-mail: [email protected]
• by phone: +32 2 247 48 00
• via letter:
  Gegevensbeschermingsautoriteit
  Drukpersstraat 35
  1000 Brussels

For more information regarding complaints and remedies, we invite you to consult the Data Protection Authority's website: gegevensbeschermingsautoriteit.be/burger/acties/klacht-indienen.

Disso may collect and process one or more of the following personal data:

• contact information: name, title, function, telephone and mobile number, e-mail address, office address and other contact and/or company information;
• correspondence and other forms of communication: letters, e-mails and other (forms of) communication; and
• information on the delivery of the product/service and any information on our engagement with the supplier/subcontractor: bank account numbers and any other information on payments.

However, we will never collect more personal data from you than is strictly necessary to achieve the purposes for which we have collected your personal data.

Disso processes the above personal data for the following purpose:

1. to buy goods or services.

Disso processes the personal data listed above on the following legal basis:

• the processing is necessary for the performance of an agreement to which the supplier/subcontractor is a party or to take steps at the request of the supplier/subcontractor prior to the conclusion of a contract (purpose I above).

We keep your personal data for 3 year after completion of the service, unless Disso is required by law to keep the data longer.

In pursuit of this purpose, we may disclose your personal data to:

• subcontractors processing personal data on our behalf (processors).

Disso may collect and process one or more of the following personal data:

• contact information: e.g. name, first name, e-mail address, company name, role in your company, address;
• correspondence and other forms of communication: e-mails and other (forms of) communication;
• your electronic identification data: e.g. your IP address, connection times, etc. following a visit to our Website that uses cookies or similar techniques.

However, we will never collect more personal data from you than is strictly necessary to achieve the purposes for which we have collected your personal data.

Disso processes the above personal data for the following purposes:

1. to answer your question or request for information, or to schedule an exploratory meeting;
2. for direct marketing, to keep you informed about, among other things, Disso activities, products and services;
3. for placing and reading cookies. More information on our use of cookies can be found in our Cookie Statement.

Disso processes the personal data listed above on the following legal grounds:

• the processing is necessary to take pre-contractual measures at your request (purpose I above);
• The user/visitor has given consent for the processing of his/her personal data (purposes II and III above). Regarding cookies, we request your consent for categories of cookies other than strictly necessary cookies (e.g., preference cookies, analytical cookies, etc.), insofar as our Website/Platform uses them. For more information, we refer you to our Cookie Statement;
• The processing is necessary for the protection of the legitimate interests of Disso or a third party (purpose III above). For strictly necessary cookies, which are cookies that ensure functionalities without which you would not be able to use our Website/Platform as intended, we rely on the legal basis of legitimate interest. These cookies are required purely for technical reasons to be able to use the Website/Platform. Given the technical necessity, there is only an obligation to provide information, and we place these cookies as soon as you access the Website/Platform.

Disso will not retain your personal data for longer than necessary for the purposes for which they were collected. The following retention periods apply:

• Disso will retain your personal data for up to 6 months after the last contact you had with us as a prospect (purpose I above);
• Disso will retain your personal data until you withdraw your consent to the use of your data. You may withdraw your consent at any time using the procedure described under titles 2.4 and 2.5 of this Privacy Statement (purpose II above);
• the retention period for cookies varies depending on the type of cookie. More information on our use of cookies can be found in our Cookie Statement (purpose III above).

In pursuit of these purposes, we may disclose your personal data to:

• subcontractors processing personal data on our behalf (processors);
• the third parties listed in the Cookie Statement.

Disso may collect and process one or more of the following personal data:

• contact information: name, first name, function, telephone and mobile number, home address, e-mail address, social media account and other contact information;
• correspondence and other forms of communication: letters, e-mails and other (forms of) communication; and
• other recruitment-related information: gender, date of birth, photograph, application form, CV, interview notes, and other employment history information.

However, we will never collect more personal data from you than is strictly necessary to achieve the purposes for which we have collected your personal data.

Disso processes the above personal data for the following purposes:

1. to assess the suitability of the (potential) applicant and to start an application process and for the evaluation of the application;
2. to keep applicants informed of our job openings; and
3. to invite applicants to our Disso activities and have them participate in our activities.

Disso processes the personal data listed above on the following legal grounds:

• the processing is necessary to take steps at the applicant's request prior to the conclusion of an agreement to which the applicant becomes a party (purpose I above);
• the applicant has given consent to the processing of his/her personal data (purposes II and III above).

Disso will delete applicants' personal data no later than 4 weeks after the end of the application process unless the applicant has given his/her express consent to keep his/her data for a longer period. In that case, Disso will keep the personal data for a period of 1 year, after which the applicant will be asked whether he/she wishes to renew his/her consent.

In pursuit of these purposes, we may disclose your personal data to:

• subcontractors processing personal data on our behalf (processors).

Disso may collect and process one or more of the following personal data:

• contact information: name, first name, company name, function, address, telephone and mobile number, e-mail address, payment details (in case of paid activity);
• correspondence and other forms of communication;
• in case of events: business cards, dietary restrictions, photos, videos, etc.

However, we will never collect more personal data from you than is strictly necessary to achieve the purposes for which we have collected your personal data.

Disso processes the above personal data for the following purposes:

1. organizing the Disso activity;
2. direct marketing: to invite participants to our Disso activities and engage them in our activities; and
3. marketing: posting photos and videos on Disso's Website and social media (e.g. LinkedIn, etc.) to promote our services and activities.

Disso processes the personal data listed above on the following legal grounds:

• the processing is necessary for the performance of an agreement to which you are a party or to take steps at your request prior to the conclusion of an agreement (purpose I above);
• the processing is necessary for the protection of the legitimate interests of Disso or a third party (purpose II above). Our legitimate interests include serving you even better by keeping you informed about other Disso activities; and
• the data subject has given consent to the processing of his/her personal data (purpose III).

Disso will not retain your personal data for longer than is necessary for the purposes described above for which it was collected.

In pursuit of these purposes, we may disclose your personal data to:

• subcontractors processing personal data on our behalf (processors).