Within Attentia, a program has been set up and developed under the direction of the Data Protection Officer (DPO) for the purpose of processing the personal data of our customers’ employees (customers are the companies that engage the services of Attentia) and of our own employees in accordance with the applicable data protection legislation at European and national level.

The purpose of this privacy statement is to inform you how Attentia collects and processes your personal data.

This privacy statement applies to the personal data processed by the various entities of Attentia and applies to the processing of personal data in the context of all (potential) customer relationships and the use of our websites, applications and offices.

1. What is the legal framework?

Attentia processes personal data in accordance with the legal requirements laid down in the General Data Protection Regulation (“GDPR”) and the Belgian law on the protection of natural persons with regard to the processing of their personal data.

 

Since all Attentia legal entities are established within the European Economic Area (“EEA”), the GDPR applies to all personal data processing activities that take place in the context of our services.

2. Attentia legal entities

Attentia offers a wide variety of services within which personal data is collected and processed. Below, you will find an overview of our legal entities:

 

3. What personal data about you does Attentia process?

By “personal data”, Attentia means all information about an identified or identifiable natural person (“the data subject”), as defined in Article 4 of the GDPR.

Depending on the specific service, Attentia mainly collects the following categories of personal data.

 

Identification details

Data that enables Attentia to identify you as part of the delivery of our services. Examples: surname, first name, title, national registration number

 

Contact details

Data that enables Attentia to contact you. Examples: telephone number, email address, address…

 

Financial detail

Data relating to your financial situation. Attentia mainly uses these types of personal data as part of the payroll calculation and related activities, as well as activities relating to bonus optimisation. Examples: salary details, bank account number…

 

Family composition

Data about your family situation. Attentia mainly uses these types of personal data as part of the payroll calculation and the calculation of tax returns. Examples: dependants, marital status…

 

Personal characteristics

Examples of such personal details are age, gender, date of birth, place of birth, nationality…

 

Education and training

Data relating to the education and training courses that you have completed. Examples: degrees, qualifications, certificates…

 

Profession and job

Data relating to your job and position. Examples: career, professional aptitude, current profession, professional experience…

 

Medical details

Data relating to your health. These types of personal data are collected mainly as part of our services as an external service for prevention and protection at work.

 

Details relating to your surfing behaviour

These are details providing insight into how website visitors navigate the Attentia website. Examples: cookies and other tracking technologies.

4. For which purposes does Attentia process personal data?

Attentia collects and uses personal data only for specific, expressly defined and justified purposes and will not use personal data in a manner incompatible with these purposes.

 

The main purposes of processing personal data are:

 

• Organising and performing our wide range of services.

For the performance of the various services, Attentia undertakes large-scale processing of the personal data of its customers’ employees, both in the context of its service as a social secretariat and in the context of its provision of an external service for prevention and protection at work. Attentia needs these types of personal data to be able to provide the requested services and the amount of types of data are always limited to the minimum required data.

 

• Optimising the services provided by Attentia.

Attentia occasionally collects feedback from its customers about the services provided in order to further optimise its service provision in the future.

 

• Providing information in response to queries and enquiries.

Attentia uses the data that you provide (collected using the contact forms on the website, among other things) to provide you with the information that you have requested as effectively and quickly as possible.

 

• Organising sales and marketing campaigns.

Attentia uses your personal data for the organisation of sales and marketing campaigns, ensuring of course that the necessary permission has been obtained to contact you as part of any such campaigns or can be justified by the legitimate interest of Attentia.

 

• Recruiting professionals to strengthen our team.

Attentia uses the information you provide (mainly identification data and contact details) as part of an application process to evaluate whether you are a good match with the company and to ensure that the application process progresses well.

 

• Guaranteeing the reliable provision of services

Attentia processes your personal data to organise access security to the office buildings, to optimise the security of our IT and network environment and to offer a secure and smooth-running service.

 

• Fulfilling legal obligations, both as a service provider and employer.

Attentia processes certain personal data in order to comply with its legal obligations, among others as an employer, as a social secretariat and as an external service for accident prevention & protection at work.

5. On what legal grounds does Attentia base its processing of personal data?

The legal basis on which Attentia processes personal data may vary depending on the specific scenario in which personal data is collected and processed by Attentia.

 

For the ordinary categories of personal data (the categories of personal data that do not belong to the categories listed in Articles 9 and 10 of the GDPR):

 

Grounds for processing

 

Consent (Article 6(1)(a) of the GDPR)

 

For the purpose of sending direct marketing communications to contact persons at (potential) customers, Attentia processes personal data of these contact persons based upon their informed, specific, free and unambiguous consent.

 

Necessary for the performance of a contract (Article 6(1)(b) of the GDPR)

 

In the context of the services as a social secretariat, Attentia processes the personal data of its customers’ employees on the basis of necessity for the performance of the contract with the customer.

 

Necessary for the fulfilment of our legal obligations (Article 6(1)(c) of the GDPR)

 

In the context of the services as a social secretariat, Attentia processes personal data of data subjects on the basis of certain legal obligations set out in the relevant legislation (Article 48 of the Royal Decree of 1 July 2006).

In the context of the services as an external service for accident prevention and protection at work, Attentia processes the personal data of its customers’ employees on the basis of legal obligations set out in the Well-Being at Work Code.

 

Based upon legitimate interests (Article 6(1)(f) of the GDPR)

 

For the purpose of sending direct marketing communications to contact persons at existing customers in connection with equivalent services or products that they have purchased from Attentia, Attentia may process the personal data of these contact persons based upon legitimate interests.

 

For the special categories of personal data (the categories of personal data that are listed in Articles 9 and 10 of the GDPR):

 

Grounds for processing

 

Necessary for the purpose of carrying out obligations in the field of  employment law, and social security and social protection law (Article 9 (2)(b) of the GDPR)

 

The processing of special categories of personal data by Attentia as a service for prevention and protection at work is legally regulated by the well-Being at work code (codex over het welzijn op het werk). Attentia therefore lawfully processes personal data based upon provisions in the applicable employment law.

 

Necessary for the purposes of preventive or occupational medicine, for the assessment of the employee’s working capacity, and medical diagnoses (Article 9 (2)(h) of the GDPR)

 

The processing of special categories of personal data by Attentia as an accredited service for accident prevention and protection at work for determining working capacity is legally regulated by the Well-Being at Work Code (codex over het welzijn op het werk). Attentia therefore lawfully processes personal data based upon provisions in the applicable employment law.

6. Does Attentia qualify as a data controller or a data processor?

In the context of its various activities, Attentia is qualified as a controller or as a processor of personal data, depending on the situation and the specific service.

 

As an accredited social secretariat, Attentia always qualifies as a data processor for the processing of personal data of customers’ employees.

 

As an external service for prevention & protection, Attentia always qualifies as a data controller for the processing of personal data of customers’ employees.

 

In the context of its other services, depending on the specific processing activity, Attentia qualifies either as a data controller or as a data processor.

7. With which third parties is personal data shared?

Attentia only passes on your personal data to third parties in the following cases:

• If the transfer of personal data is necessary for the performance of our services;
• If there is a legal obligation on Attentia to pass on personal data;
• If an explicit mandate has been given by our customers and/or individuals concerned for a specific transfer of their personal data.

 

The main recipients of personal data are listed below.

7.1. Other Attentia legal entities

If an employer uses the services of a legal entity of Attentia in connection with which the personal data of its employees are processed, and this employer also wishes to use the services of another legal entity of Attentia, this employer can instruct the relevant legal entity from which it purchases services to pass on the personal data of its employees to the other legal entity of Attentia. This with a view to provide a smoother service.

7.2. Service providers

In turn, Attentia engages a number of service providers to support certain aspects of the provision of services. One example of this is the IT infrastructure supplier. Personal data that is shared with these service providers in this context shall only be used by them for the purposes for which Attentia processes it on behalf of its customers.

7.3. Government institutions

In the context of various services offered by Attentia, Attentia is obliged to pass on personal data to public authorities. Examples include Social Security and Federal Government Department of Finance institutions (FOD Financiën).

7.4. Other third parties

In other cases, Attentia will exclusively transfer personal data of customer employees to third parties if an explicit mandate has been given by the customers and/or individuals concerned for a specific transfer of their personal data.

7.5. Transfers outside the European Economic Area (EEA)

In the event that personal data is to be transferred to a third party outside the EEA, Attentia shall apply the rules governing the international transfer of personal data in accordance with the provisions of the GDPR.

8. What are your rights?

Under the GDPR, individuals have various rights for controlling the use of their personal data. Listening to people who exercise these rights contributes to a healthy and well-structured data protection policy and to a high level of trust on the part of our customers and their employees in the privacy program of Attentia

 

However, in the context of specific services, Attentia often acts as a data processor of personal data under the GDPR, while the customer itself acts as a data controller. Where this is the case, Attentia will refer your request with regard to your personal data to the relevant controller.

 

If you wish to exercise one of the following rights, you can contact the DPO by emailing privacy@attentia.be or by letter via:

 

ATTENTIA

For the attention of the Data Protection Officer

Sluisweg 1 bus 2, 9000 Ghent

Belgium

 

PLEASE NOTE! As Attentia wishes to avoid disclosing your personal data to the wrong person in all instances, Attentia will always ask you to provide proper identification upon each request. That’s why Attentia asks you to include a copy of the front of your identity card with your request. In this copy, please make your passport photo, machine readable zone (the strip with

numbers at the bottom of the passport), passport number and national registry number unreadable.

 

 8.1. Right of access

You are entitled to ask Attentia whether Attentia processes your personal data and, if so, to view that data and receive further details about:

 

• the purposes for which Attentia processes your personal data;
• the categories of personal data processed;
• the recipients of your personal data (if applicable)
• the retention period or, failing that, the criteria for determining the retention period;
• the information that Attentia has about the source of the data, if Attentia obtains personal data from a third party;
• whether automated decisions are made using your personal data.

 

Upon request, you will receive a free copy of the data being processed. An administrative fee will be charged for each additional copy applied for.

 

8.2. Right to correction

If you determine that the personal data processed by Attentia is incomplete, incorrect or out of date, you have the right to have this data rectified.

 

8.3. Right to erasure of data (the ‘right to be forgotten’)

The GDPR also provides the right to request Attentia to erase your personal data. You may submit a request to this end in the following cases:

 

• Your personal data is no longer required for the purposes for which it was collected or processed by Attentia;
• You withdraw your prior consent to the processing and there is no other legal basis that Attentia can invoke for (continued) processing thereof;
• You object to the processing of your personal data and there are no more compelling, legitimate grounds for (continued) processing by Attentia;
• Your personal data is being unlawfully processed;
• Your personal data needs to be erased in order to comply with a legal obligation;
• Your personal data was collected when you were under age.

 

Please note! When the processing of your data is necessary as part of a judicial investigation, your request to have your data erased cannot be fulfilled. Attentia shall provide additional information about this, if desired.

 

8.4. Right to restrict processing

You have the right to restrict the processing of your personal data if one of the following applies:

 

• You dispute the accuracy of your personal data: its use is restricted until Attentia is able to verify the accuracy of the data;
• Your data is being processed unlawfully, in which case you can request to restrict its use instead of having it erased;
• Provided no decision has been made on exercising your right to object to the processing, you may request that the use of your personal data is restricted;

 

8.5. Right to data portability

You have the right to request your personal data and to obtain it in a structured, commonly-used and machine-readable format. This is only possible for the personal data you yourself have provided to Attentia, based on consent or pursuant to an agreement. In all other cases, this right does not apply, for example if your data is processed by Attentia based upon a legal obligation.

 

8.6. Right to object to the processing of your personal data

You have the right to object to the processing of your personal data if the processing is in the legitimate interests of Attentia or processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

This is the case, for example, if Attentia sends you direct marketing communications based upon legitimate interests for equivalent products or services that you have already purchased from Attentia and you no longer wish to receive this information.

9. How long does Attentia keep your personal data?

Both in the context of the services as a social secretariat and in the context of the services as an external service for prevention & protection at work, Attentia must comply with the legal provisions on the storage of personal data.

 

The specific legal obligations regarding the storage of personal data as a certified social secretariat can be found in Article 48 of the Royal Decree of 1 July 2006.

 

The specific legal obligations regarding the storage of personal data as an external service for accident prevention and protection at work can be found in the Well-Being at Work Code (codex over het welzijn op het werk).

 

As part of our other services, Attentia applies the general principle and only keeps personal data for as long as necessary to achieve the objectives for which the personal data was collected.

10. How does Attentia secure your personal data?

Attentia puts in place appropriate technical and organisational measures to properly protect all personal data that is processed against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.

 

Within Attentia, both the Data Protection Officer and an Information Security Officer have been engaged to monitor and further optimise the level of security of personal data. More information about the specific security measures that Attentia takes to protect personal data is available to customers on request.

11. Links to other websites

The Attentia website may contain links to websites managed by other companies that are not part of Attentia. Attentia is under no circumstances responsible for the content of these websites, nor for any processing of personal data by third parties who manage these websites.

12. Contact us

For all questions about the processing of personal data by Attentia, you can contact us by emailing privacy@attentia.be. The Data Protection Officer will look at your question with the necessary level of attention and, where possible, provide you with the requested information.

13. Latest update of this privacy statement

December 2021