We may collect personal data about persons who are not an ATTENTIA customer through various channels, such as promotions/campaigns and our website, with the intention of making our products and services as relevant as possible to such persons. We hereby guarantee your right to be informed and, where applicable, together with any consent which we legally require from you, we contractually oblige third parties that collect your data on our behalf in this context to do the same.
A list of the categories of personal data that ATTENTIA processes can be found in the table below.
|Images or graphics
|Other personal data
|Profession & job
|Information about training and education
|Racial and ethnic details
|National registry number
|Hobbies and interests
Since ATTENTIA also carries out activities related to Prevention & Protection, medical data is also processed. This is classed under the GDPR as sensitive personal data, which requires additional attention.
The GDPR stipulates that organisations may not subject any person to automated decision-making “which produces legal effects concerning him or her or similarly significantly affects him or her”. However, there are exceptions where the decision:
- s necessary for the performance of a contract;
- is authorised by Union or Member State law (such as for the prevention of fraud);
- is based on the data subject’s explicit consent.
ATTENTIA hereby declares that it does not perform any automated decision-making using personal data. If this changes in the future, ATTENTIA will only do so if one or more of the exceptions above applies.
Since proportionality and purpose are two fundamental principles of the GDPR, ATTENTIA believes it is important for the personal data of customers and employees to only be processed if it is necessary to fulfil the intended purpose.
We use personal data only when it is necessary to:
- prepare for, perform, or terminate a contract between ATTENTIA and the customer (whether the customer is a natural person or an organisation);
- comply with legal or regulatory provisions to which ATTENTIA is subject;
- defend our legitimate interests, in which case we always strive to balance that interest with respect for your privacy.
If the processing of your personal data is not necessary for one of these three reasons, we will always ask for your consent to process your personal data.
ATTENTIA complies with the legally-stipulated retention period. Most social security and tax documents must be retained for period laid down by law. However, such documents may not be kept for any longer than is necessary. More specifically, as soon as the personal data has been stored for longer than the minimum retention period AND the lawful basis on which this data is processed no longer applies, this personal data will be erased.
For more information about the retention period, please email us at Privacy@attentia.be
. Information will also be available on our website soon.
Unfortunately ATTENTIA has neither the time nor the resources to support all of its customers in their own GDPR process, but ATTENTIA does provide the following to its customers:
- a processor agreement for customers with which ATTENTIA has a data processor/data controller relationship;
- support from the ATTENTIA privacy team on aspects contained in the processor agreement, provided this relates to the services that ATTENTIA offers to its customers;
- a GDPR package specifically tailored to SME customers, available in the ATTENTIA webshop.
For any queries about privacy or GDPR with regard to the services that ATTENTIA provides to its customers, please email Privacy@attentia.be
. Our Data Protection Officer or one of their colleagues will respond to your query as quickly as possible.
ATTENTIA puts in place appropriate technical and organisational measures to properly protect all personal data that is processed against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.
Within ATTENTIA, both the Data Protection Officer and Security Officer are responsible for continually checking and optimising the level of security. More information about the specific security measures in place is available to customers on request.
The GDPR has strengthened the rights you have as an individual, as outlined below.
Right of access
You have the right to ask ATTENTIA whether we process your personal data and, if so, to ask to view that data and receive further details about:
- the purpose for which ATTENTIA processes your personal data;
- the categories of personal data processed;
- the recipients of your personal data (if applicable);
- the retention period or, failing that, the criteria for determining the retention period;
- the source of the data, if obtained from a third party;
- whether automated decisions are made using your personal data.
On request, you may receive a free copy of your personal data that we process; however, an administrative fee will be charged for each additional copy requested.
Right of rectification
If you determine that the personal data processed by ATTENTIA is incomplete, incorrect or out of date, then you have the right to have this data rectified. However, ATTENTIA often acts as a data processor in the services it provides to its customers, in which case the ownership of the data does not always lie with ATTENTIA itself, but often with the organisation that is our customer. In such cases, we will forward your request to the relevant organisation.
Right to be forgotten
The GDPR also provides the right to have your personal data erased by ATTENTIA. You may submit a request to this end in the following cases:
- Your personal data is no longer required for the purpose for which it was collected or processed by ATTENTIA.
- You withdraw your prior consent to the processing and there is no other lawful basis for ATTENTIA to continue the processing.
- You object to the processing of your personal data and there is no more compelling, legitimate basis for ATTENTIA to continue the processing.
- Your personal data is being unlawfully processed.
- Your personal data needs to be erased in order to comply with a legal obligation.
- Your personal data was collected when you were underage.
An exception applies if the processing of your data is necessary as part of a judicial investigation, in which case your request to have your data erased cannot be fulfilled. We will inform you about this at your request.
Right to restrict processing
You have the right to restrict the processing of your personal data if one of the following applies:
- You doubt the accuracy of such personal data, in which case the use of your data may be restricted until ATTENTIA can verify the accuracy of the data.
- Your data is being processed unlawfully, in which case you can request to restrict its use instead of having it erased.
- Provided no decision has been made on the exercise of your right to object to the processing, you may request to restrict the use of your personal data.
Right to data portability
You have the right to request to have your personal data transferred to another party. This is only possible for the personal data you have provided to ATTENTIA yourself, after having given your consent or concluded an agreement. You may not exercise this right in any other case, for example if your data is processed on the basis of a legal obligation.
Right to object to processing of your personal data
You have the right to object to the processing of your personal data if the processing is in the legitimate interest of ATTENTIA or in the general interest.
How do I exercise my rights to privacy?
You can exercise your rights to privacy by post or by email to:
ATTENTIA corporate vzw
t.a.v. Data Protection Officer
Sluisweg 1 bus 5
To avoid disclosing your data to unauthorised parties at all costs, we will always ask you to provide identification when submitting a request. Please include a copy of the front of your identity card with your request. In this copy, please redact your passport photo, machine readable zone (the strip with numbers at the bottom of the passport), passport number and national registry number. This is to protect your privacy.
When will I receive a response?
We will always respond to your request within one month. Depending on the complexity and number of the requests, this period may be extended by a further two months if necessary. If we extend the deadline, we will notify you within one month of receiving your request.