At CAPIEL, we care greatly about your privacy. In order to protect the security and confidentiality of your data, we have developed this website with the professional help and continuous support of our trusted and ISO 27001:2013 certified supplier UniWeb.
Their high standards and strong controls for information security allow us to protect your critical and sensitive personal data contained in our information systems. As such, we prevent your personal data from being compromised, altered, lost, destroyed, published or disclosed without proper authorization.
CAPIEL is ready to meet the challenges of the General Data Protection Regulation!
Let us explain in a bit more detail...
2. Who has access?
Rue de l’Amiral Hamelin 17
‘s Herenweg 16
Represented by: Rudi Tielemans (Managing Director)
CAPIEL relies on the continuous support of UniWeb (hereafter referred to as ‘Data Processor’, as defined under applicable data protection law) for the development, hosting and maintenance of this website. UniWeb processes personal data submitted, stored, sent or received by CAPIEL (hereafter referred to as ‘Data Controller’) and you, the user, (hereafter referred to as ‘Data Subject’). UniWeb processes the personal data for the sole purpose of providing services and technical support as contractually agreed between UniWeb and CAPIEL. (‘Processing’, ‘personal data’, ‘Data Controller’ and ‘Data Subject’ as defined under applicable data protection law)
The Data Controller, nor the Data Processor are involved in selling personal data of their users to third parties.
All suppliers are thoroughly vetted before CAPIEL engages their services. Compliance with applicable data protection legislation (including GDPR compliance) is included in the vetting requirements for all such suppliers. The collaboration with suppliers and the conditions of that collaboration are regularly reviewed, including continued compliance with any applicable legal and regulatory requirements. Collaboration may be ceased when a supplier no longer meets such requirements.
To the extent permitted by applicable law, the Data Controller or the Data Processor may also disclose your personal data to the following parties:
- Governmental/regulatory authorities and law enforcement agencies;
- (Internal/external) auditors;
- In response to subpoenas, court orders, or other legal, regulatory or judicial processes; to establish or exercise the legal rights of the Data Controller or the Data Processor; to defend against legal claims; or as otherwise required by law or binding order.
- When the Data Controller or the Data Processor believes it is necessary to investigate, prevent, or take action regarding illegal activities; to protect and defend the rights, property, or safety of UniWeb, its users, or others;
- In connection with a corporate transaction, such as divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy;
- To affiliates of the Data Controller or the Data Processor;
- The Data Controller or the Data Processor may also share aggregated or anonymous information with third parties, including partners, advertisers and investors.
3. What do we process and why?
During the design process of this website, the Data Controller compiled a data inventory. We intend to acquire and process only the data that is strictly necessary for fulfilling the purposes described below.
The personal data that is processed by this website can vary based on the user roles and related purposes.
If you wish to consult the detailed data inventory or wish to acquire more information about the purpose of the data processing activities, please contact the DPO.
4. Where do we store your personal data?
The Data Processor is responsible for the hosting of this website and has full control over the hardware used to store your personal data. The production and test servers are located in Belgium at the secure data center of the Data Processor’s supplier Interxion, which is ISO 27001:2013 and ISO 22301:2012 certified. The development servers of the Data Processor are located in Belgium, at the secure offices of UniWeb bvba. The backups of all servers are stored at both locations.
5. How long do we store personal data?
Default retention period
As required by applicable data protection legislation, the Data Controller strives to remove your personal data as soon as it is no longer necessary to accomplish the purpose for which it was originally collected, and after no more than 180 days (hereafter referred to as the ‘default retention period’). The data will be fully removed from the backups within 180 days.
Data retention in case of a removal request
Please see: Removing your data
6. How do we ensure security?
Security by design
The following security measures have been implemented to help protect personal data processed through this website against unauthorized access, alteration, loss, or destruction (non-exhaustive list):
- All data is encrypted both at rest and in transit between the server and your browser
- All data is fully backed up
Information security events
If an information security event should occur, the Data Controller and the Data Processor will deal with this promptly and adequately in accordance with the standard operating procedures. Like the security measures, these procedures are frequently reviewed and updated to meet the ever changing challenges of information security.
All employees of the Data Controller and the Data Processor receive regular training with regards to security best practices and company procedures. The same level of commitment is expected from all suppliers, whose services are regularly reviewed.
7. What are your rights as a Data Subject?
Unless your request is reasonably deemed excessive or unfounded, you may exercise the following rights in relation to your personal data processed through this website:
- request information concerning the processing of your personal data,
- request a copy of all your data in possession of the Data Controller and the Data Processor in a standard format,
- request the Data Controller to modify or correct your personal data if it is wrong,
- request the restriction of certain processing activities in certain circumstances as specified under applicable data protection legislation,
- object against certain processing activities as specified under applicable data protection legislation,
- withdraw your consent,
- have your personal data erased in certain circumstances as specified under applicable data protection legislation.
For a full review of your rights as Data Subject, please consult the General Data Protection Regulation.
You can easily exercise any of your rights by contacting us by e-mail.
The Data Controller reserves the right to charge a reasonable fee in case your request is deemed excessive at our sole discretion.
Modifying and correcting your personal data
Website allows Data Subjects to manage the processed personal data themselves. If you are unable to complete the modifications or corrections to the data, then you can request the Data Controller to perform these actions for you.
Removing your personal data
The following procedure will be applied when a request for removal of data from the Data Subject is presented to CAPIEL:
The Data Subject must send by written a personal data removal request to the DPO.
The DPO will assess without undue delay the nature of the request and check which data need to be removed from which database in accordance with the GDPR requirements.
If the personal data is present in the application and no exemption to GDPR requirement is applicable, the Data Controller will remove the personal data from the database of the website within 30 calendar days following the personal data removal request. The DPO will notify the Data Subject of removal in writing within 30 calendar days.
If Data Controller cannot grant the request for removal, the DPO will notify the Data Subject about the decision and the reason for it within 30 days following the data removal request.
All personal data that you have selected for deletion will be fully purged from the backups within 180 days.
Unsubscribing to newsletters and promotional emails
If you no longer wish to receive emails containing news facts, event or services provided by CAPIEL, you can simply use the ‘unsubscribe’ button or hyperlink included in every newsletter or promotional email. When you unsubscribe, your personal data will be removed from our systems. This removal of data excludes information that is required by the Data Controller or the Data Processor to provide other services which you have requested.
8. How you can provide consent?
By accepting this privacy statement and furnishing personal data via the website, the Data Subject expressly gives consent to the Data Controller to process the data for the stated purposes.
If the Data Controller or the Data Processor wishes to pass on specific personal data to third parties, additional consent will be requested from the user. The foregoing also applies to processing of personal data outside of the EU, both in countries or recognised and not recognised by the European Commission to offer adequate data protection. Where required, a data transfer agreement will be entered into, in accordance with the contractual clauses set out in EU Commission Decision C(2010)593 Standard Contractual Clauses (processors) for the purposes of Article 26(2) of Directive 95/46/EC).
9. Who can you contact?
10. Privacy statement changes