Privacy policy

How we handle your data

Privacy: the full Policy.

We believe in transparency as much as we believe in performance. No secrets, no fluff – just a clear-eyed look at how we protect your information.

1. Who are we?

We process personal data relating to:
- Representatives of our clients;
- Representatives of our suppliers;
- Job applicants;
- Visitors to our Website and our premises; and
- Other data subjects (collectively “data subjects”, “you”, “your”).
This privacy policy (the “Policy”) applies to all processing of your personal data carried out by us.

We are committed to making our best efforts to ensure that our personal data processing activities comply with applicable data protection legislation, including Regulation (EU) 2016/679 (General Data Protection Regulation or “GDPR”) and the Belgian Law of July 30, 2018, as amended or replaced from time to time (“Applicable Data Protection Legislation”).

If you are a representative of one of our clients, we process:
- Personal and professional identification and contact data for the activation and management of our business relationship;
- Identification data for billing purposes;
- Bank details, where applicable, to verify payments;
- Contact data for sending marketing communications, where applicable.
If you are a representative of one of our suppliers: We process your identification and contact data to manage our business relationship.
If you are a job applicant: We process your identification data, professional life data (skills, qualifications, experience), and CV content to evaluate your profile.
If you visit our Website: We may process electronic identification data in an aggregate manner to measure traffic, improve the user experience, and prevent fraud or security breaches.
Surveillance: If our premises are equipped with surveillance cameras, we may access images only when necessary for our legitimate interest in detecting offenses, within the limits of the law.
General purposes: We may also process data to:
- Conduct restructuring operations;
- Perform internal and external audits;
- Manage disputes and legal claims.
Automated decision-making: We do not subject data subjects to decisions based solely on automated processing with legal or significant effects.

We process your personal data as a Data Controller. We determine the purposes and means of the processing.

The provision of your data may be necessary for:
- The performance of a contract or pre-contractual measures (e.g., a job application);
- Compliance with a legal obligation (e.g., accounting or tax);
- The pursuit of our legitimate interests, provided they prevail over your fundamental rights.
We seek your prior, free, and informed consent for specific processing (e.g., image rights).
Failure to provide certain data may prevent us from providing our services or fulfilling our legal obligations.

Data is collected:
- Directly from you (e.g., during our first contact);
- From publicly available sources (e.g., the Internet for screening job applicants).

The following recipients may have access (only as necessary):
- Our administrative and sales staff;
- Our procurement team (for suppliers);
- Legal advisors and lawyers in the event of restructuring or litigation.
We use processors (sub-contractors) only under written instructions in accordance with Applicable Data Protection Legislation.
In restructuring cases (e.g., financing), data may be shared with involved third parties (e.g., banks) as permitted by law.

We ensure our processors comply with Applicable Data Protection Legislation.
They are bound to process data only on our instructions, ensure data security, maintain confidentiality, and assist us in fulfilling data subject rights.

Some recipients may be located outside the European Economic Area (EEA).
In such cases, we ensure safeguards are in place:
- An adequacy decision by the European Commission;
- Standard Contractual Clauses (SCCs);
- For the US, the EU-US Privacy Shield framework (or current equivalent legal mechanism).

Data is kept only as long as necessary for the purposes for which it was collected.
Accounting documents (invoices, etc.) are kept for seven (7) years per legal requirements.
Other criteria include the date of last contact, security needs, ongoing disputes, and legal erasure obligations.

Under the Applicable Data Protection Legislation, you have the right to information, access, rectification, erasure, objection, restriction of processing, data portability, and the right to withdraw consent.
Summary of Rights:

Right	Description
Right to Information	You have the right to clear and transparent information about how we process your data.
Right of Access	You can request confirmation of processing and a copy of your personal data.
Right to Rectification	You can have inaccurate or incomplete data corrected or completed.
Right to Erasure	The “right to be forgotten”—subject to legal exceptions (e.g., legal retention obligations).
Right to Object	You can object to processing based on our legitimate interests due to your specific situation.
Direct Marketing Objection	You can object at any time to your data being used for prospecting/marketing.
Right to Restriction	You can request that processing be limited in certain circumstances.
Data Portability	You can request to receive your data in a structured, machine-readable format to transfer it.
Withdrawal of Consent	If processing is based on consent, you can withdraw it at any time.

To exercise your rights, contact: nicolas@clydeandbonnie.be. We will respond as soon as possible. We may request proof of identity in case of doubt.

We implement appropriate technical and organizational measures to ensure a level of security adapted to the risks.
We follow industry best practices to prevent accidental or unlawful destruction, loss, alteration, or unauthorized access.

Please address questions or complaints first to: nicolas@clydeandbonnie.be.
You also have the right to lodge a complaint with the Data Protection Authority: Autorité de Protection des Données, rue de la presse 35, 1000 Brussels, +32 (0)2 274 48 00, contact@apd-gba.be.

We reserve the right to update this Policy. We will inform you of any changes.
This Policy prevails over any other conflicting document regarding personal data processing.