Attentia
info@attentia.be
Within Attentia, a program has been set up and developed under the direction of the Data Protection Officer (DPO) for the purpose of processing the personal data of our customers’ employees (customers are the companies that engage the services of Attentia) and of our own employees in accordance with the applicable data protection legislation at European and national level.
The purpose of this privacy statement is to inform you how Attentia collects and processes your personal data.
This privacy statement applies to the personal data processed by the various entities of Attentia and applies to the processing of personal data in the context of all (potential) customer relationships and the use of our websites, applications and offices.
1. What is the legal framework?
3. What personal data about you does Attentia process?
4. For which purposes does Attentia process personal data?
5. On what legal grounds does Attentia base its processing of personal data?
6. Does Attentia qualify as a data controller or a data processor?
7. With which third parties is personal data shared?
9. How long does Attentia keep your personal data?
10. How does Attentia secure your personal data?
13. Latest update of this privacy statement
Attentia processes personal data in accordance with the legal requirements laid down in the General Data Protection Regulation (“GDPR”) and the Belgian law on the protection of natural persons with regard to the processing of their personal data.
Since all Attentia legal entities are established within the European Economic Area (“EEA”), the GDPR applies to all personal data processing activities that take place in the context of our services.
Attentia offers a wide variety of services within which personal data is collected and processed. Below, you will find an overview of our legal entities:
Entity | Address | Company number | VAT number |
---|---|---|---|
ATTENTIA nv | Keizer Karellaan 584 1082 Sint-Agatha-Berchem |
462.975.357 | BE 0462 975 357 |
ATTENTIA preventie & bescherming vzw |
Keizer Karellaan 584, bus 1 1082 Sint-Agatha-Berchem |
409.440.463 | BE 0409 440 463 |
ATTENTIA corporate vzw | Keizer Karellaan 584, bus 4 1082 Sint-Agatha-Berchem |
406.633.995 | BE 0406 633 995 |
ATTENTIA sociaal secretariaat vzw | Keizer Karellaan 584, bus 2 1082 Sint-Agatha-Berchem |
406.607.271 | BE 0406 607 271 |
Krekelbergh - ATTENTIA sociaal kantoor nv | Hoogleedsesteenweg 348 8800 Roeselare |
421.457.179 | BE 0421 457 179 |
Brussels Aviation Medical bv | Luchthaven Brussel Nationaal gebouw 26 1930 Zaventem |
886.963.545 | BE 0886 963 545 |
By “personal data”, Attentia means all information about an identified or identifiable natural person (“the data subject”), as defined in Article 4 of the GDPR.
Depending on the specific service, Attentia mainly collects the following categories of personal data.
Data that enables Attentia to identify you as part of the delivery of our services. Examples: surname, first name, title, national registration number…
Data that enables Attentia to contact you. Examples: telephone number, email address, address…
Data relating to your financial situation. Attentia mainly uses these types of personal data as part of the payroll calculation and related activities, as well as activities relating to bonus optimisation. Examples: salary details, bank account number…
Data about your family situation. Attentia mainly uses these types of personal data as part of the payroll calculation and the calculation of tax returns. Examples: dependants, marital status…
Examples of such personal details are age, gender, date of birth, place of birth, nationality…
Data relating to the education and training courses that you have completed. Examples: degrees, qualifications, certificates…
Data relating to your job and position. Examples: career, professional aptitude, current profession, professional experience…
Data relating to your health. These types of personal data are collected mainly as part of our services as an external service for prevention and protection at work.
These are details providing insight into how website visitors navigate the Attentia website. Examples: cookies and other tracking technologies.
Attentia collects and uses personal data only for specific, expressly defined and justified purposes and will not use personal data in a manner incompatible with these purposes.
The main purposes of processing personal data are:
For the performance of the various services, Attentia undertakes large-scale processing of the personal data of its customers’ employees, both in the context of its service as a social secretariat and in the context of its provision of an external service for prevention and protection at work. Attentia needs these types of personal data to be able to provide the requested services and the amount of types of data are always limited to the minimum required data.
Attentia occasionally collects feedback from its customers about the services provided in order to further optimise its service provision in the future.
Attentia uses the data that you provide (collected using the contact forms on the website, among other things) to provide you with the information that you have requested as effectively and quickly as possible.
Attentia uses your personal data for the organisation of sales and marketing campaigns, ensuring of course that the necessary permission has been obtained to contact you as part of any such campaigns or can be justified by the legitimate interest of Attentia.
Attentia uses the information you provide (mainly identification data and contact details) as part of an application process to evaluate whether you are a good match with the company and to ensure that the application process progresses well.
Attentia processes your personal data to organise access security to the office buildings, to optimise the security of our IT and network environment and to offer a secure and smooth-running service.
Attentia processes certain personal data in order to comply with its legal obligations, among others as an employer, as a social secretariat and as an external service for accident prevention & protection at work.
The legal basis on which Attentia processes personal data may vary depending on the specific scenario in which personal data is collected and processed by Attentia.
For the ordinary categories of personal data (the categories of personal data that do not belong to the categories listed in Articles 9 and 10 of the GDPR):
Grounds for processing |
Examples |
Consent (Article 6(1)(a) of the GDPR) |
|
Necessary for the performance of a contract (Article 6(1)(b) of the GDPR) |
|
Necessary for the fulfilment of our legal obligations (Article 6(1)(c) of the GDPR) |
|
Based upon legitimate interests (Article 6(1)(f) of the GDPR) |
|
For the special categories of personal data (the categories of personal data that are listed in Articles 9 and 10 of the GDPR):
Grounds for processing |
Examples |
Necessary for the purpose of carrying out obligations in the field of employment law, and social security and social protection law (Article 9 (2)(b) of the GDPR) |
|
Necessary for the purposes of preventive or occupational medicine, for the assessment of the employee’s working capacity, and medical diagnoses (Article 9 (2)(h) of the GDPR) |
|
In the context of its various activities, Attentia is qualified as a controller or as a processor of personal data, depending on the situation and the specific service.
As an accredited social secretariat, Attentia always qualifies as a data processor for the processing of personal data of customers’ employees.
As an external service for prevention & protection, Attentia always qualifies as a data controller for the processing of personal data of customers’ employees.
In the context of its other services, depending on the specific processing activity, Attentia qualifies either as a data controller or as a data processor.
Attentia only passes on your personal data to third parties in the following cases:
The main recipients of personal data are listed below.
If an employer uses the services of a legal entity of Attentia in connection with which the personal data of its employees are processed, and this employer also wishes to use the services of another legal entity of Attentia, this employer can instruct the relevant legal entity from which it purchases services to pass on the personal data of its employees to the other legal entity of Attentia. This with a view to provide a smoother service.
In turn, Attentia engages a number of service providers to support certain aspects of the provision of services. One example of this is the IT infrastructure supplier. Personal data that is shared with these service providers in this context shall only be used by them for the purposes for which Attentia processes it on behalf of its customers.
In the context of various services offered by Attentia, Attentia is obliged to pass on personal data to public authorities. Examples include Social Security and Federal Government Department of Finance institutions (FOD Financiën).
In other cases, Attentia will exclusively transfer personal data of customer employees to third parties if an explicit mandate has been given by the customers and/or individuals concerned for a specific transfer of their personal data.
In the event that personal data is to be transferred to a third party outside the EEA, Attentia shall apply the rules governing the international transfer of personal data in accordance with the provisions of the GDPR.
Under the GDPR, individuals have various rights for controlling the use of their personal data. Listening to people who exercise these rights contributes to a healthy and well-structured data protection policy and to a high level of trust on the part of our customers and their employees in the privacy program of Attentia .
However, in the context of specific services, Attentia often acts as a data processor of personal data under the GDPR, while the customer itself acts as a data controller. Where this is the case, Attentia will refer your request with regard to your personal data to the relevant controller.
IIf you wish to exercise one of the following rights, you can contact the DPO by emailing privacy@attentia.be or by letter via:
ATTENTIA For the attention of the Data Protection Officer Sluisweg 1 bus 2, 9000 Gent België |
PLEASE NOTE! As Attentia wishes to avoid disclosing your personal data to the wrong person in all instances, Attentia will always ask you to provide proper identification upon each request. That’s why Attentia asks you to include a copy of the front of your identity card with your request. In this copy, please make your passport photo, machine readable zone (the strip with numbers at the bottom of the passport), passport number and national registry number unreadable.
You are entitled to ask Attentia whether Attentia processes your personal data and, if so, to view that data and receive further details about:
Upon request, you will receive a free copy of the data being processed. An administrative fee will be charged for each additional copy applied for.
If you determine that the personal data processed by Attentia is incomplete, incorrect or out of date, you have the right to have this data rectified.
The GDPR also provides the right to request Attentia to erase your personal data. You may submit a request to this end in the following cases:
Please note! When the processing of your data is necessary as part of a judicial investigation, your request to have your data erased cannot be fulfilled. Attentia shall provide additional information about this, if desired.
You have the right to restrict the processing of your personal data if one of the following applies:
You have the right to request your personal data and to obtain it in a structured, commonly-used and machine-readable format. This is only possible for the personal data you yourself have provided to Attentia, based on consent or pursuant to an agreement. In all other cases, this right does not apply, for example if your data is processed by Attentia based upon a legal obligation.
You have the right to object to the processing of your personal data if the processing is in the legitimate interests of Attentia or processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
This is the case, for example, if Attentia sends you direct marketing communications based upon legitimate interests for equivalent products or services that you have already purchased from Attentia and you no longer wish to receive this information.
Both in the context of the services as a social secretariat and in the context of the services as an external service for prevention & protection at work, Attentia must comply with the legal provisions on the storage of personal data.
The specific legal obligations regarding the storage of personal data as a certified social secretariat can be found in Article 48 of the Royal Decree of 1 July 2006.
The specific legal obligations regarding the storage of personal data as an external service for accident prevention and protection at work can be found in the Well-Being at Work Code (codex over het welzijn op het werk).
As part of our other services, Attentia applies the general principle and only keeps personal data for as long as necessary to achieve the objectives for which the personal data was collected.
Attentia puts in place appropriate technical and organisational measures to properly protect all personal data that is processed against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.
Within Attentia, both the Data Protection Officer and an Information Security Officer have been engaged to monitor and further optimise the level of security of personal data. More information about the specific security measures that Attentia takes to protect personal data is available to customers on request.
The Attentia website may contain links to websites managed by other companies that are not part of Attentia. Attentia is under no circumstances responsible for the content of these websites, nor for any processing of personal data by third parties who manage these websites.
For all questions about the processing of personal data by Attentia, you can contact us by emailing privacy@attentia.be. The Data Protection Officer will look at your question with the necessary level of attention and, where possible, provide you with the requested information.
December 2021