Effective as of the 25th of May, 2018.

I. Introduction – Who are we

Insites NV undertakes to respect the applicable data protection legislation as specified in Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (hereafter “General Data Protection Regulation” or “GDPR”).

InSites NV, with registered office at Evergemsesteenweg 195, 9032 Ghent (Belgium) and registered with the Crossroads Bank for Enterprises under the number BE0465.109.357, our subsidiaries and affiliates (hereafter: “InSites”, “our”, “us” or “we”) believes in protecting the privacy and the confidentiality of the Personal Data we hold of you.

We acknowledge that you may have privacy and security concerns with respect to the Personal Data we collect, use, and possibly disclose to third parties for the purpose of allowing us to offer and provide our products and services. To this end, we have developed this Privacy Statement (“Statement”).

Personal Data is any combination of information, in the possession of or likely to come into the possession of InSites, that can be used to identify an individual (hereafter “Personal Data”). All processing of Personal Data by InSites will be treated in accordance with applicable data protection legislation and this Privacy Statement. Any information that cannot be used to identify a discrete individual (such as aggregated statistical information) is not Personal Data.

It should be clear that this Statement only applies to the processing of Personal Data by InSites acting as a controller, meaning when InSites is the one determining the purpose and means (the “why” and “how”) of such processing.

This Statement sets out how InSites processes information collected via the own corporate website http://www.insites-consulting.com/ (hereafter the “Website”) and all activities and services relating to it.

It also sets out our practices regarding the use of such information, the steps we take to protect it, as well as the choices and rights that data subjects (“you” or “your”) have regarding on how we collect and process information about them. Data subjects involved can vary from every user of our Website, recruitment applicants, subscribers to our newsletters, personal or corporate clients (and individuals associated with our corporate clients), suppliers (including subcontractors and individuals associated with our suppliers and subcontractors), business contacts (existing and potential clients and/or individuals associated with them) or any other individuals who get in touch with us.

Should you have any comments or questions about this Privacy Statement you can contact us via our contact information provided below under “Questions about this Statement”.

II. How we process your Personal Data

We may collect and process information via the Website and in connection with all business activities relating to it. These operating activities can involve the processing of Personal Data of the following individuals: every visitor to our Website, recruitment applicants, personal or corporate clients (and individuals associated with our corporate clients), suppliers (including subcontractors and individuals associated with our suppliers and subcontractors), business contacts (existing and potential clients and/or individuals associated with them) or other individuals who get in touch with us

A. When do we collect your Personal Data?

The Personal Data collected and processed by InSites is generally received from:

  • You voluntarily, e.g.
    • when you contact us via the Website, by e-mail, post, telephone, by exchanging business cards, by submitting a request to exercise your rights,…;
    • when you engage or maintain a contractual relationship with us;
    • when you apply for a job with us;
    • when you subscribe to our newsletter;
    • when you leave a comment on our Website;
    • when you request a download;
  • Through website navigation, e.g.
    • when you navigate the Website, we may collect limited Personal Data automatically via the use of cookies on our Website.

If InSites would receive Personal Data of you from third parties and we use this information for further processing as a controller, we will inform you about such processing at the latest at the moment of first contact with you.

B. Which Personal Data of you do we collect?

We may collect and process the following (non-exhaustive) Personal Data. Depending on the situation and the relationship we have with you we do not maintain all information mentioned hereafter.

  • Contact information, such as your name, e-mail address and any other contact details that you provide to us, for example, when you contact us, subscribe to our newsletter or request a download.
  • Personal and identification details, such as age, date of birth, place of birth, copy of an identity card, ….
  • Electronic identification data, such as browser type, Internet Protocol (IP) address, user ID, unique identifier assigned to your device, geographic location, actions performed within a web page, information derived from content of a web page, … as a result of, for example, a visit to our Website that uses cookies.
  • Contact history, such as sent and received communication (e.g. e-mail messages), … as a result of the communication we have with each other or when you leave a comment on our Website.
  • Work related details, such as CV, education, testimonials, language skills, employer (including history of former employers), professional activities, professional skills, publications, salary, assessment & development reports, interview report, reference research, social media profiles, … when you provide it to us in the context of, for example, an application for a job with us.

Through de Website InSites does not process special categories of Personal Data (e.g. information on race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data, sexual life or sexual orientation) or criminal information (e.g. information relating to criminal convictions and offences). This could be the case for other services provided by Insites (Square or surveys). InSites will only process special categories of Personal Data with your explicit consent or when required by law.

C. Why and how do we use your Personal Data?

As mentioned above, we generally obtain your Personal Data from you directly. We only collect the Personal Data necessary for the purposes as mentioned hereafter and we ask you to only share your Personal Data where it is strictly needed for those purposes.

InSites can use the Personal Data for the following purposes:

  • Operational purposes, such as: administering and managing our Website, products and services; considering a job application, answering requests for information or to exercise your rights, security, quality and risk management activities,….
  • Business purposes, such as: providing our products and services; administering, managing and developing our businesses, business relationships, contracts, products and services; providing information about us and our range of services; for research and statistical goals; complying with any requirement of law, regulation or a professional body of which we are a member,….
  • Commercial purposes, such as: direct marketing purposes (e.g. sending you our newsletter),

D. On which legal grounds do we collect your Personal Data?

InSites processes your Personal Data on the following legal grounds:

  • The processing is based upon your explicit consent. You can withdraw your consent at any time. For more information please see section VI. Rights below.
  • The processing is based upon our legitimate interests. We may also process your Personal Data when we have a legitimate interest to do so, such as to defend and prosecute legal claims and rights, and other business interests. Where we rely on this legal processing ground, we will mitigate the effect(s) this might have on your privacy by appropriately minimising our use and putting in place adequate access and security safeguards to prevent unauthorised use.
  • The processing is necessary for the performance of a contract to which, for example, our client or supplier is party, or in order to take further action upon your request in order to enter into a contract with us.
  • We may also process your Personal Data when we have a legal obligation to do so.

III. We use cookies on the website

We utilise cookies, and other online identification technologies such as web beacons, or pixels to provide users with an improved user experience. By using this website or application you consent to the deployment of such identification technologies.

We use these technologies to make navigation of the Websites easier for you and to better deliver tailored content to you.

We also use these technologies to gather tracking information and statistics regarding use of the website.

We may utilise online identification technologies from marketing partners, third party sites and social media platforms. These technologies help us measure the efficacy of our marketing and awareness campaigns and to understand how visitors navigate to the Website from a Insites Consulting ad.

You can control and manage cookies using your browser. Please note that removing or blocking cookies can impact your user experience and some functionality may no longer be available.
Most browsers allow you to view, manage, delete and block cookies for a website. Be aware that if you delete all cookies then any preferences you have set will be lost, including the ability to opt-out from cookies as this function itself requires placement of an opt out cookie on your device.

For information on additional browsers and device types please see http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/.

IV. How long we keep your Personal Data

We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected. Considering the data retention period for which Personal Data can be held, depends on the purposes for which the information was collected, the data retention period can vary in each situation.

V. What measures do we take to secure your Personal Data

InSites takes the security of the Personal Data we process seriously. Therefore we have implemented appropriate technical and organisational measures to secure the processing of Personal Data. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Data, and include measures designed to keep Personal Data protected from unauthorized access. If appropriate, the safeguards include the encryption of communications via for example SSL, encryption of information during storage, firewalls, access controls, separation of duties, and similar security protocols. We restrict access to Personal Data to our staff members and third parties that require access to such information for legitimate and relevant business purposes.

All our staff members, contractors and third parties who will have access to your Personal Data on InSites’ instructions will be bound to confidentiality and we use access controls to limit access to individuals that require such access for the performance of their responsibilities and tasks.

VI. Transfers of Personal Data

We will only share your Personal Data with others when we are legally permitted to do so and where it’s necessary to fulfil the purposes related to those described above.

When we share Personal Data with others, we put contractual arrangements and security mechanisms in place to protect the Personal Data and to comply with our own data protection, confidentiality and security standards.

We are part of a global network of corporations and can make use of third party service provides in other countries to help us run our business. As a result, the Personal Data may be transferred outside the European Economic Area (“EEA”). This includes countries that do not have laws that provide specific protection on the processing of Personal Data. Some of those countries however have been approved by the European Commission as providing essentially equivalent protections as EEA data protection laws. Under certain conditions the GDPR allows InSites to transfer Personal Data to such countries.

In any case, we have taken steps to ensure all Personal Data is processed respecting adequate levels oof security and that all transfers of the Personal Data outside the EEA take place in accordance with applicable data protection legislation and that there will be an appropriate level of protection. We will implement legal safeguards governing such transfer, such as model contractual clauses, individuals’ consent, or other legal grounds permitted by applicable legal requirements.

Personal Data we hold may be transferred:

  • to our subsidiaries and affiliates
    We may share your Personal Data within our global network of corporations when this is necessary for providing or improving our products and services or when this is necessary for the purpose for which your Personal Data was collected. For details of our subsidiaries and affiliates, please click here.
  • to our Service Providers
    We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems or (internal) business processes.
    For example, providers of information technology, cloud based software as a service provider, Website hosting and management, data analysis, recruiting software, data back-up, security and storage services.
  • law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation:
    We reserve the right to disclose any and all pertinent information to law enforcement or other third parties with the authority to acquire Personal Data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for Personal Data where this is necessary and appropriate and where we are permitted to do so in accordance with applicable law or regulation.

VII. Your rights

The GDPR provides you with certain rights in relation to your Personal Data. These rights are listed below. Please contact us if you wish to exercise any of the rights below. You can find our contact information under Questions about this Statement, as set out below.

Please be aware that certain exceptions apply in exercising these rights which means you may not be able to exercise these in all situations:

a) Subject Access: You have a right to have access to your Personal Data held by InSites.

b) Rectification: You can ask us to have inaccurate Personal Data corrected.

c) Erasure (‘Right to be forgotten’): You can ask us to erase Personal Data in certain circumstances and we will take reasonable steps to inform data processors that are processing the Personal Data on our behalf that you have requested the erasure of any links to, copies or replication of your Personal Data.

d) Restriction: You can require certain Personal Data to be marked as restricted and also restrict processing in certain other circumstances.

e) Portability: You can ask us to transmit the Personal Data of you to a third party electronically insofar as permitted under the GDPR.

f) Raise a complaint: You can raise a complaint about our processing with the data protection regulator, the (Belgian) “Data Protection Authority”.

In addition, under certain conditions, you have the right to:

  • where processing is based on consent, withdraw the consent; all newsletters contain an unsubscribe button in the footer of that e-mail.
  • object to any processing of personal that InSites justifies on the “legitimate interests” legal ground, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
  • object to direct marketing (including any profiling for such purposes) at any time.

VIII. Updates to this Statement

InSites reserves the right to revise and update this Statement at any time. The date of the last update can be found at the top of this Statement.

If we make revisions that materially change or affect whether or how we collect or use personal information we will notify you:

  • byemail (if, for example as a user of our Website, you have provided us your email address); or
  • by means of a notice on our Website prior to the change becoming effective.

Therefore, you should review the Website periodically so that you are up-to-date on our most current policies and practices.

IX. Questions about this Statement

Should you have any comments or questions about this Privacy Statement or the processing of your Personal Data by InSites acting as a controller, you may contact us:

  • Via postal mail:
    InSites NV
    Evergemsesteenweg 195
    Privacy department
    9032 Ghent
    Belgium
  • Via e-mail: info@insites-consulting.com
  • Via telephone: +32 (0)9.269.15.00

Company registration number no. 0465.109.357