Privacy Statement
(version 11 December 2024) Septentrio is committed to ensuring that your privacy is protected. All personal data that we obtain from you, as a prospective customer (‘prospect’), as a customer, as a user of our website or as an employee, is processed in accordance with applicable data protection legislation, in particular the General Data Protection Regulation 2016/679 of 27 April 2016 ("GDPR"), as well as this Privacy Statement.
This Privacy Statement provides more information about the personal data that we process, why we process it, how we obtain the data, how long we retain the data and with whom we share it.
By accessing and using this website, you confirm that you have read and that you understand the way we collect, process, use and disclose your personal data as described in this Privacy Statement.
- Identity and contact details
- Purposes
- Prospects
- Customers
- Website
- Visitors to premises
- Security
- Rights
- Updates
1. IDENTITY AND CONTACT DETAIL
The data controller for your personal data is the following legal entity:
Septentrio N.V.
Greenhill Campus
Interleuvenlaan 15i
3001 Heverlee
Belgium
Company number: VAT BEB 0470094266
RPM/RPR Leuven
If you have any questions about the processing of your personal data, you can always contact us:
- via e-mail: dataprotection [a] septentrio.com
- by phone: +32 16 30 08 00
2. PURPOSES
When we ask you to provide your personal data in order to properly assess your application or give you access to a service you requested or one of the functions of our website, please note that certain fields or certain information may be marked as mandatory. If you choose not to provide us with this personal data, we may not be able to properly assess your application, provide you the services requested and/or you may not be able to properly use certain website functions.
PROSPECTS
When we meet you at fairs, conferences, etc. and you have shown an interest in our products and/or services, we may process your personal data for one or more of the following purposes:
- Governance of pre-contractual relations
- Direct marketing
Below, you can find for each purpose the personal data that we process, why we process it, how we obtain the data, how long we retain the data and with whom we share it.
1) Governance of pre-contractual relations
As part of the governance of our pre-contractual relations, we may process your personal identification data (name, (company) address, telephone number and email address) and other information you may provide to us (for example, employment data if you are a B2B customer).
This data allows us to execute our sales and contract process and to provide you with offers and answers requested by you.
The legal basis for this processing is to answer your questions prior to entering into an agreement (art. 6, §1, (b) GDPR) or because we have a legitimate interest to process your personal data to enter into the contract (art. 6, §1, (f) GDPR), as the case may be.
We obtain this personal data directly from you, e.g. when we obtain your business card at a trade fair or conference.
For the governance of our pre-contractual relations, we store your personal data for up to 5 years after the respective financial year of our last contact, plus a verification period of 6 months.
We only share this personal data with affiliated partners (wholesalers, distributors/dealers) on a need to know basis and third parties with whom we work together as part of our customer management (IT and software providers). We will never sell your personal data.
2) Direct marketing
For direct marketing, we process your personal identification information such as name, company name, address, telephone number, email address, industry, product and other preferences.
This data allows us to send you messages via e-mail. This way, we can inform you about our new products and services, special offers or other information you may find interesting and we can invite you to events and fairs.
The legal basis for this processing is your consent which you have given to us (art. 6, §1, (a) GDPR). If you have not given us consent, we will send you one message to ask for your consent. That message will be sent on the basis of our legitimate interest to promote our products and services to contacts that have shown interest in our products (art. 6, §1, (f) GDPR).
We always obtain this personal data directly from you.
We send commercial messages until you withdraw your consent (or object to the further receiving of such messages). You can unsubscribe at any time (for more information, see Rights).
We send request commercial messages up to 5 years after the respective financial year of your last contact in this respect plus a verification period of 6 months and we will no longer process your personal data for direct marketing purposes as soon as you withdraw your consent.
We only share this personal data with third parties with whom we work together for direct marketing (IT and software providers and providers of marketing tools). We will never sell your personal data.
CUSTOMERS
When you are our customer, we process your personal data for one or more of the following purposes:
- Customer management and product development and improvement
- Direct marketing
- Finance and corporate housekeeping
- Litigation management
Below, you can find for each purpose the personal data that we process, why we process it, how we obtain the data, how long we retain the data and with whom we share it.
1) Customer management and product development and improvement
We may process your personal identification data (name, (company) billing address, (company) delivery address, telephone number and email address), invoices and orders placed as well as financial data (only if you are a B2C customer) and other information you may provide to us (for example, employment data if you are a B2B customer).
This data allows us to manage and deliver your orders, invoice ordered goods, provide you with product information and updates and answer your questions or solve any problems that you have reported (via e-mail, our website or social media). We may also process this data to develop and improve the services and products we offer.
The legal basis for this processing is the execution of an agreement to which you are a party or to answer your questions prior to entering into an agreement (art. 6, §1, (b) GDPR) or, as applicable, our legitimate interest to develop and improve our services and products (art. 6, §1, (f) GDPR) or your consent (art. 6, §1, (a) GDPR).
We obtain this personal data directly from you, e.g. when you place an order on our web shop or via e-mail.
For our customer management purposes, we store your personal data for up to 10 years after the end of your contractual relationship with Septentrio, plus a verification period of 6 months.
We only share this personal data with affiliated partners (wholesalers, distributors/dealers) on a need to know basis and third parties with whom we work together as part of our customer management (payment service providers and IT and software providers). We will never sell your personal data.
2) Direct marketing
For direct marketing, we may process your personal identification information (such as name, company, (company) address, telephone number and email address) and (industry and other) preferences.
This data allows us to send you messages via e-mail or to contact you via telephone (in case your e-mail address is incorrect). This way, we can inform you about our new products and services, special offers or other information you may find interesting and we can invite you to events and fairs. When you have selected industry and other preferences on our web shop or a (paper) form, we will only send you the messages relating to such industry/industries or other preferences.
The legal basis for this processing is your consent where legally required (art. 6, §1 (a) GDPR), or the legitimate interest to promote our products and services to our customers (art. 6, §1, (f) GDPR).
We always obtain this personal data directly from you.
We send commercial messages up to 5 years after the respective financial year of your last purchase or last contact we had with you, whichever is later, plus a verification period of 6 months. You can unsubscribe at any time (for more information, see Rights) in which case we will no longer process your personal data for direct marketing purposes.
We only share this personal data with third parties with whom we work together for direct marketing (IT and software providers and providers of marketing tools). We will never sell your personal data.
3) Finance and corporate housekeeping
For our internal finance and corporate housekeeping purposes, we process your personal identification data (name, address, e-mail address, payment details) and employment data (if you are a B2B customer).
This data allows us to conduct internal audits and other control procedures, keep our accounting as well as our annual accounts, conduct Know Your Customer (KYC) checks and enter into corporate transactions.
The legal basis for this processing is a legal obligation to which we are subject (art. 6, §1, (c) GDPR). As regards internal audits and controls, we rely on our legitimate interest to ensure legal compliance within our company (art. 6, §1, (f) GDPR). As regards corporate transactions, we rely on our legitimate commercial interests (art. 6, §1, (f) GDPR).
We always obtain this personal data directly from you.
For our internal finance purposes, we store your personal data for up to 10 years after the respective financial year, plus a verification period of 6 months.
We only share this personal data with third parties with whom we work together for the above mentioned purposes (IT and software providers, external auditors, external accountants and other advisors) and other parties on a need to know basis (public authorities, financial institutions, third parties in corporate transactions).
4) Litigation management
For our litigation management, we process your personal identification data (name, address, e-mail address), employment data (if you are a B2B customer) and any other information relevant to the (potential) litigation (if you are a B2C customer).
This data allows us to defend our legitimate interests in all forms of dispute resolution and the administration of disputes (e.g. product liability, tax disputes and labour law disputes).
The legal basis for this processing is the legitimate interest to exercise our rights of defence (art. 6, §1, (f) GDPR).
We always obtain this personal data directly from you.
For our litigation management, we store your personal data for up to 5 years after we closed the dispute or – in case of legal proceedings –until the expiry of the period for appeal at last instance.
We only share this personal data with third parties with whom we work together for the above mentioned purposes (external legal advisors, debt collection agencies) and other third parties on a need to know basis (public authorities, judicial authorities, bailiffs.
WEBSITE
When you visit and/or use our website, we process your personal data for one or more of the following purposes:
- Direct marketing
- Optimisation of the website
- Advice, information and webinars
- Recruitment
1) Direct marketing
For direct marketing, we process your personal identification information (such as name, company name, (company) address, telephone number, email address, IP address, cookies) as well as industry, product and other preferences.
This data allows us to send you messages via e-mail and to display commercial messages online. This way, we can inform you about our new products and services, special offers or other information you may find interesting and we can invite you to events and fairs.
The legal basis for this processing is your consent where legally required (art. 6, §1 (a) GDPR), or the legitimate interest to promote our products and services to our customers and other contacts that have shown interest in our products and services by contacting us via our website (art. 6, §1, (f) GDPR). If you have subscribed to our newsletter via the website, you will receive our commercial messages because you have given your consent (art. 6, §1, (a) GDPR). Save as otherwise permitted by applicable law, commercial messages online will only be displayed if you have given your consent to the placement of advertising cookies via the website (for more information, see Cookie Statement).
We always obtain this personal data directly from you.
We send commercial messages up to 5 years after the respective financial year of your last purchase, or after our last contact with you, plus a verification period of 6 months. You can unsubscribe at any time (for more information, see Rights) in which case we will no longer process your personal data for direct marketing purposes. Also the permission for advertising cookies can be withdrawn at any time via your cookie preferences (for more information, see Cookie Statement), in which case we will no longer process your personal data for direct marketing purposes.
We only share this personal data with third parties with whom we work together for direct marketing (IT and software providers and providers of marketing tools). See also our Cookie Statement in this respect. We will never sell your personal data.
2) Optimisation of the website
In order to optimise our website, we process your electronic identification data (IP address and cookies). Such Information may consist of your internet browser type, operating system, service provider, the webpages you viewed, the time you viewed them and for how long, demographic information about you (such as your age, gender, language, location and interest areas, where available) and what webpages you looked at before viewing the current page. We use this information to get a better idea of how our users interact with our website and then tailor and improve our website accordingly. Such information generally cannot be linked to you individually, but if we can link it to you then we treat it as your personal data in accordance with this Privacy Statement.
This data allows us to offer a well-functioning and user-friendly website and web shop.
Certain information is gathered by means of cookies. Cookies and similar technologies are used on this website as described in our Cookies Statement [https://www.septentrio.com/en/terms-conditions#cookies].
The legal basis for placing technically essential cookies is a legitimate interest to offer a well-functioning and user-friendly website and web shop (Art. 6, §1, (f) GDPR). Analytical cookies and social media cookies are only placed if you have given your consent for placing such cookies via the website (art. 6, §1, (a) GDPR) (for more information, see Cookie Statement).
We obtain this personal data directly from you or indirectly through your device data.
The expiration date varies per cookie and you can change your cookie preferences at any time (for more information, see Cookie Statement and cookie banner).
We only share this personal data with third parties with whom we work for our website and web shop (IT and software providers). See also our Cookie Statement and cookie banner in this respect. We will never sell your personal data.
3) Advice, information and webinars
In order to provide you with advice, information and free on-demand webinars that you have requested via our website, we process your personal identification data (name, e-mail address, telephone number, company name and website, country and login data), product interests and quantity and any possible additional information that you provide to us.
This data allows us to provide you with the advice, information and/or free on-demand webinar that you have requested via our website, e.g. by requesting a quote, requesting a data sheet or brochure, signing-up to a live webinar, sending us a message through our contact form or a request for information or reporting a problem.
The legal basis for this processing is the consent that you have given by submitting to us your personal data for the above mentioned purposes (art. 6, §1, (a) GDPR).
We always obtain this personal data directly from you.
For providing advice and information to you, we store your personal data for 5 years after the respective financial year of your request for advice / information, plus a verification period of 6 months.
We only share this personal data with third parties with whom we work together for data management purposes (IT and software providers).
4) Recruitment
For recruitment purposes, we process your personal identification data (name, e-mail address, and telephone number), education and training (academic curriculum, professional experience and competence and memberships, as may be included in your resume), employment data (current employment and recruitment), the way you found out about the vacancy as well as any other information that you provide to us, e.g. in your cover letter or resume.
This data allows us to process and consider your application and to maintain a database of potential job applicants.
The legal basis for this processing is the necessity to take precontractual steps at your request (art. 6, §1, (b) GDPR), a legal obligation to which we are subject (art. 6, §1, (c) of the GDPR) or our legitimate interests to look for and select the candidate that best fits our needs (art. 6, §1, (f) GDPR) as the case may be. We will only store your personal data in our database for future opportunities if you have explicitly consented hereto (art. 6, §1, (a) GDPR).
We always obtain this personal data directly from you.
For our recruitment purposes, we keep your personal data for up to 5 years after your application, plus a verification period of 6 months, unless you consented to be contacted for future opportunities in which case we will retain your personal data until you withdraw your consent.
We only share this personal data with third parties with whom we work together for data management purposes (IT and software providers).
VISITORS TO PREMISES
When you visit our premises, you will be subject to CCTV monitoring as further detailed below.
A pictogram at the entrance of our premises informs you of the presence of a CCTV system. If you do not wish to be filmed, you should not access our premises.
We collect and process personal data as part of our CCTV system to the extent necessary for the purposes of our legitimate interest to monitor and protect our premises and employees, after carrying out a proper balance with data subjects' interests, fundamental rights and freedoms (art. 6, §1, (f) of the GDPR). We only process personal data collected through our CCTV system for the following purpose: to prevent, find or detect offences against persons or property.
The personal data we process include images on which you appear and that the we collect through CCTV systems installed in our premises.
We obtain this data directly from you.
Images from our CCTV systems will not be shared with third parties, except, in accordance with Belgian law requirements, (i) with our CCTV maintenance and alarm companies, acting as processors under our authority and instructions; (ii) external advisors (e.g. lawyers) or (iii) following specific requests from the police or other authority or the courts. A list of third parties with whom personal data is shared is available on request using the contact methods below. We take appropriate measures to avoid that any non-authorized person accesses CCTV images.
We only record CCTV images for the purposes of gathering evidence of incivilities, facts constituting an offence or generating damage, or searching and identifying their perpetrators, public order offenders, witnesses or victims. We retain CCTV images on our IT systems in Belgium, Interleuvenlaan 15I, 3001 Leuven for a period of thirty (30) days. After thirty (30) days, the images are permanently destroyed (or overwritten) in a secure manner, except where there is a current investigation for which the CCTV images are required, in which case the CCTV footage will not be destroyed until the completion of the investigation and any appeal.
3. SECURITY AND DATA TRANSFERS
We are committed to ensuring that your information is secure. We have therefore implemented appropriate technical and organizational measures to ensure the confidentiality of your personal data and to protect your data from accidental and unlawful destruction, loss, alteration, unauthorized disclosure and access.
We have made the necessary contractual arrangements with the third parties with whom we work together and will not transfer your personal data outside the European Economic Area (“EEA”) without ensuring that your data is granted an equivalent level of protection there.
We may transfer your personal data to entities (recipients) located in countries outside of the EEA, in particular in United States, Japan and South-Korea which is recognized by the European Commission as offering an adequate level of protection of personal data (‘adequacy decision’) and China, which are not recognized as offering an adequate level of protection of personal data under applicable law. In the latter case, we take appropriate safeguards to ensure that your personal data remain subject to an essentially equivalent level of protection, including by entering into Standard Contractual Clauses issued by the European Commission under Article 46.2 of the GDPR or that the transfer is otherwise authorized in accordance with applicable law. You may obtain a copy of the appropriate safeguards we rely on by contacting us as indicated in Section 4.
4. RIGHTS
You can always contact us to exercise the following rights under the conditions set forth by the GDPR and Belgian data protection law :
- the right to request access or rectification of your personal data
- the right to request erasure of your personal data
- the right to request restriction of the processing of your personal data
- the right to object to the processing of your data (including the right to object, upon request and free of charge, to the processing of personal data for direct marketing purposes)
- the right to data portability
- the right to withdraw your consent at any time where the processing of your personal data is based on your consent, without affecting the lawfulness of processing based on consent before its withdrawal
- a complaint if you believe that we are not acting in accordance with applicable data protection laws. You can also submit a complaint to the Belgian Data Protection Authority.
If you wish to exercise your rights with regard to CCTV images, please provide sufficiently detailed indications to allow us to precisely identify the images on which you appear and can be identified.
We do not rely on automated decision-making, including profiling, when processing your personal data.
You can reach us via one of the following channels:
- via e-mail: dataprotection [a] septentrio.com
- by telephone: +32 16 30 08 00
We respect all rights relating to your personal data to which you are entitled under applicable law and will therefore always adhere to your request as required by law.
If you no longer wish to receive our electronic communications and wish to stop the processing of your data for that purpose, you can always use the unsubscribe link provided at the bottom of each communication.
For those processing activities for which the legal basis is a legitimate interest, you can ask us more information about the balancing test that we have carried out in that context (for more information, see Purposes).
For identification purposes, we may ask you for a copy of the front of your identity card or any other identification document.
5. UPDATES
This Privacy Statement may be amended from time to time, within the limits of the applicable data protection laws. Via our website you always have access to the most recent version and where required, you will be notified of such changes.