R&T GROUP PRIVACY STATEMENT
Annex internal register of processing activities of the R&T GROUP
Publication date: 8th September 2021
THE PROTECTION OF PERSONAL DATA BY THE R&T GROUP
- R&T Group Privacy Statement
- R&T Group Policy on handling of confidential information of third parties by R&T Group employees
On 25 May 2018, the new General Data Protection Regulation (AVG or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC) entered into force.
The R&T Group is very concerned about the protection of your personal data. Therefore we commit ourselves to process and protect your personal data with the utmost care, respecting these regulations. With this declaration we want to inform you as completely as possible about the processing activities we carry out. We also explain how we, as the person responsible for processing, collect, use and store your personal data.
The R&T Group may amend or update this statement to reflect changes in our practices regarding the processing of your personal data or changes to legislation. We will post the updated version, including the date of publication, on our website and invite you to refer to it regularly.
1. Wie zijn wij ?
The R&T Group is the umbrella brand for the companies Robrechts & Thienpont, SCOPE and Praetorian Engineering. At the time of drafting this declaration, R&T Group is not yet a fully-fledged umbrella company. However, all processes concerning the processing of your personal data already take place at group level. For this reason, this declaration has been drawn up by the R&T Group. In practice, however, we distinguish 3 separate controllers within the R&T Group:
- Robrechts & Thienpont CVBA, Steenweg op Oosthoven 120 bus 1, 2300 Turnhout, België (https://www.rtconsultancy.be/)
- SCOPE CVBA, Steenweg op Oosthoven 120 bus 1, 2300 Turnhout, België (https://scope.be/)
- Praetorian Engineering CVBA, Steenweg op Oosthoven bus 3, 2300 Turnhout, België (https://praetorian-engineering.eu/)
- R&T consultancy BV, Postbus 182, 1230 AD Loosdrecht, Nederland (https://www.rtconsultancy.nl) – KVK nr : 84011874
The R&T Group is composed of 3 SMEs and has less than 250 employees. For this reason the R&T Group has not appointed a data protection officer (DPO). However the R&T Group has an internal reference person for data protection. You can contact this person via the following data
You can contact our internal reference person via the following details:
- For Robrechts & Thienpont BE & NL: firstname.lastname@example.org
- For SCOPE: email@example.com
- For Praetorian Engineering: firstname.lastname@example.org
- For R&T consultancy BV: email@example.com
2. What is the scope of this declaration?
This statement applies to all natural persons who come into contact with the R&T Group (e.g. within the framework of the execution of a project, order or service) or who visit our websites.
Before we explain how we process your personal data, we would like to clarify the following terms:
- Personal data: all information about an identified or identifiable natural person such as a name, an identification number, location data, etc. …
- Controller: means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processing: any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, ...
- Goal: a purpose determined by the employer or the legislator in the context of which the personal data are processed.
- Receiver: means the person who is given knowledge of the personal data.
- Processor: means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Third: means a natural or legal person, a public authority, a department or another body but NOT the data subject, the controller, the processor or the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
3. How do we obtain your personal data?
Depending on the specific nature of our relationship with you, there may be different types of interactions between you and the R&T Group. During these interactions we collect and process certain personal data. We will only process this personal data if you have provided it to us yourself.
We collect certain personal data when you visit the websites of the R&T Group companies. Specifically, this concerns the following situations:
- You are visiting the customer portal on the website of Robrechts & Thienpont Belgium (https://www.rtconsultancy.be/nl/publicaties/)
- You take part in the Scan Your Security tool on the SCOPE website (https://scope.be/nl/scan-your-security/)
In addition, we collect certain personal data when
- You contact us through the various channels we provide for this purpose, for example, for the execution of a project or order or the provision of a service;
- You participate in events that we organise.
4. For what purposes do we process your personal data?
We collect and process your personal data for one or more of the following purposes.
- Supplier management: supplier administration, including management of orders placed, payment of suppliers, prospecting of new suppliers, evaluation of cooperation with existing suppliers.
- Customer management: the administration of the company's clientele, the management of orders, the invoicing of our services, as well as the prospecting of potential new clients and the preparation of offers for potential new clients.
- Project management: the concrete execution of the service agreements concluded between the company and its clients as well as the administration related to the execution of these agreements.
- Public relations and contact management: managing the company's contacts relevant to creating goodwill for our organisation (networking).
- Direct marketing: the communication from the company, addressed to one or more natural persons in a professional context, and aimed at the promotion and sale of the services and products (including training courses and seminars) of the company.
We do not engage in automated decision making or profiling based on the personal data we collect.
Finally, we also process your personal data if you request the exercise of your rights (see also point 11).
5. What personal data do we process?
Depending on the specific purpose (see above), we may process the following personal data within the scope of our interaction:
- Identification data such as (but not limited to) name, first name, user name and password.
- Contact details such as (but not limited to) personal phone number, personal email address, professional phone number, professional email address, website address, company name, company address, visiting address.
- Professional data such as (but not limited to) VAT number, rates, job title, IBAN + BIC number.
- Project-related data such as (but not limited to) description of the assignment.
- Administrative data such as (but not limited to) background information on the company.
6. What is the legal basis for processing these personal data?
We process your personal data on the basis of the following legal grounds:
- Contractual obligation, when the processing is necessary for the performance of a contractual relationship to which you are a party.
- Legal obligation, if the processing is necessary in order for us to comply with a legal obligation to which we are subject.
- Your explicit, specific and informed consent.
- Legitimate interest, when we consider that the processing of your personal data is necessary in order to function as a business.
7. With whom do we share your personal data?
We do not pass on your personal data to third parties for commercial use.
We do pass on your personal data to third parties
- when we are obliged to do so within the framework of a regulation or
- when we are requested to do so by a legislative or judicial authority.
On our websites you may also find links to the websites of third parties. Although we have selected these websites and third parties with care, we are not responsible for the way in which these third parties handle your personal data. We therefore recommend that you always carefully read the privacy statements of these organisations.
We also share your personal data with processors. These are specialised parties whom we call on for certain services in order to improve the quality of our service. These parties are contractually bound to us and must follow our instructions regarding the protection of your personal data. In that case, we also ensure that the processor receives only those data that are necessary for the execution of the assignment and that the processor undertakes to treat the personal data safely and confidentially and to use them only within the framework of the execution of their tasks.
Without being exhaustive, entities such as our IT service providers, etc., receive some of your personal data.
8. Where do we process and store your personal data?
Your personal data is processed and stored by us in Belgium and in the Netherlands or in any other country where our service providers have facilities. It is our clear intention to ensure that your personal data is only stored and processed within the European Union.
9. How long do we keep your personal data?
If the law provides for a retention period, we will retain your personal data for this legally stipulated period.
If the law does not provide a specific period, we will determine this period ourselves based on the purpose for which your personal data was collected. In doing so, we take into account the time required to comply with our legal obligations, to settle disputes or to enforce our agreements. We do not keep your data longer than necessary to fulfil the purpose for which it was collected.
If we use your consent to collect and process your personal data, we will only use this data until you withdraw your consent.
10. How do we protect your personal data?
We consider your personal data to be strictly confidential and we therefore provide appropriate technical and organisational measures to protect your personal data against destruction, loss, accidental or unlawful access or any other unauthorised processing of your personal data.
We have implemented various technical means to protect your personal data from unauthorised access, processing, modification or destruction by third parties. Furthermore, within the R&T Group only those persons who need your data in order to fulfil their tasks have access to your personal data.
11. What rights can you exercise and to whom can you turn?
Right of inspectionYou have the right to access the data relating to you. Thus, you can ask us whether or not we are processing your personal data, for what purposes, how long they are kept, etc. If you decide to exercise this right, we will ask you to provide us with proof of your identity in order to prevent us from disclosing your data unauthorisedly.
- Right of improvement: If you find that, despite all our efforts, your data is incorrect or incomplete, you can ask us to correct it.
- Right of erasureThe law allows you to have your personal data deleted in very specific cases. You have the right to have your data deleted when:
- The personal data is no longer needed for the purposes for which we collected it.
- The processing of your personal data is only done on the basis of your consent and you decide to withdraw your consent.
- You have objected to the processing and we have no compelling and legitimate grounds that outweigh your objection to the processing.
However, your right of deletion is not unlimited. Nevertheless, we have the right to continue processing your personal data as necessary to fulfil our legal obligations or to establish, exercise or substantiate legal claims.
- Right to restriction of processingIn certain cases, you can ask us to restrict the processing of your personal data. In that case, we commit ourselves to limit the processing of your personal data that we perform ourselves. This is the case when:
- You dispute the accuracy of your data and for the time necessary for us to verify it;
- You need your personal data for the establishment, exercise or substantiation of a legal claim, while the data are no longer needed for the purpose of processing.
However, we cannot assume responsibility for restricting the processing of your personal data by other responsible parties.
- Right of transferability: In certain cases, you have the right to have your personal data transferred to yourself or to another data controller (if this is technically possible). You can exercise this right when we process your data on the basis of your consent or when the processing is necessary for the performance of a contract.
- Right to object: when we process your personal data based on a legitimate interest of ours, you have the right to object to this processing for reasons relating to your particular situation.
- Right to withdraw consent: when we process your personal data on the basis of your consent, you have the right to withdraw this consent at any time. The withdrawal of your consent does not affect the lawfulness of the processing before the withdrawal.
If we should collect and process personal data other than those listed in this statement, we will inform you in advance of what data is involved, for what purpose the collection/processing is carried out and to whom the data will be provided. In that case, you have the same rights as set out above.
If you have a question or complaint regarding the processing of your personal data or if you wish to exercise one of the above rights, please contact our internal data protection officer:
- By telephone: +32 14 15 12 72
- By mail:
- Per postal address:
Steenweg op Oosthoven 120 bus 1, 2300 Turnhout, België.
Postbus 182 – 1230 Loosdrecht – Nederland
These rights are free of charge and you can exercise them at any time. We undertake to respond to your request within one month.
If you believe that the processing of your personal data is in breach of the AVG, you can also lodge a complaint with the competent authorities using the following details:
Belgium: The Netherlands:
Gegevensbeschermingsautoriteit Autoriteit persoonsgegevens
Drukpersstraat 35 Bezuidenhoutseweg 30
1000 Brussel 2594 AV DEN HAAG
+32 2 274 48 00 +31 70 88 88 500