Primaire tabs

U bent hier

ATTENTIA Privacy Policy - English

Go Back

 

What is the GDPR and what does it have to do with ATTENTIA? What kind of processing does ATTENTIA carry out?
Who should I contact about privacy matters?
Is ATTENTIA a data processor or data controller?
Service providers and other recipients of personal data
What categories of personal data are processed by ATTENTIA?
Does ATTENTIA process sensitive personal data?
Automated decision-making
What lawful basis does ATTENTIA have for processing personal data?
What is the retention period that ATTENTIA applies?
Does the ATTENTIA website also use cookies?
What does ATTENTIA offer to its customers to support them in their GDPR process?
What security measures has ATTENTIA implemented to properly protect the personal data that it processes?
What rights do individuals have under the GDPR?
Changes to the Privacy Policy

 

 

1. What is the GDPR and what does it have to do with ATTENTIA?

General Data Protection Regulation

“GDPR” stands for “General Data Protection Regulation”, i.e. Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC . This constitutes the new harmonised European privacy legislation and forms the basis for the ATTENTIA privacy programme.
The GDPR applies to:
  • all organisations within the European Economic Area (EEA); 
  • all organisations, whether within the EEA or not, which process the personal data of natural persons within the EEA.

Since all ATTENTIA entities are located within the EEA, the GDPR applies to all services that we provide to our customers, own employees and third parties.
 

How the GDPR applies to ATTENTIA

ATTENTIA and its entities offer a range of services to customers which involve the processing of personal data. A list of the entities within our group can be found in the table below.
 
The privacy of customers, employees and third parties alike is a priority for ATTENTIA. For that reason, there is an active privacy programme led by the Data Protection Officer which aims to ensure that all personal data of customers and employees is protected in accordance with the requirements laid down in the GDPR and other relevant data protection legislation.
 
ATTENTIA is committed not only to applying these requirements within its own entities, but also to imposing them on all service providers which it works with. These requirements are ensured through dedicated processor agreements that form an addendum to existing contracts with our customers and service providers. The ultimate aim is to guarantee the privacy of each individual involved when providing our services to customers.

 

BU Invoicing Adress Postcode Municipality Subject to VAT Company number VAT number
ATTENTIA preventie & bescherming vzw Sluisweg 1, bus 2 9000 Ghent No 409440463  

ATTENTIA sociaal secretariaat vzw

Sluisweg 1, bus 1

9000 Ghent Yes 406607271 BE0406607271
ATTENTIA nv Sluisweg 1, bus 4 9000 Ghent Yes 462975357 BE0462975357
ATTENTIA corporate vzw Sluisweg 1, bus 5 9000 Ghent Yes 406633995 BE0406633995
Krekelbergh - ATTENTIA - sociaal kantoor nv Hoogleedsesteenweg 348 8800 Roeselare Yes 0421457179

BE0421457179

 

2. What kind of processing does ATTENTIA carry out?

ATTENTIA offers a variety of services to its customers, as explained below. More information about each individual service can be found elsewhere on our website or obtained on request. Multiple categories of personal data are processed in order to provide such services.
 

Services provided by Krekelbergh-Attentia include:

  • Calculating gross salary based on personal data and time data
  • Gross-net calculation
  • Generating and issuing individual and collective salary documents
  • Sending payment orders to the financial institution
  • Further processing the personal data provided by the Data Controller for statistical or reporting purposes on the basis of pseudonymised or anonymised data for global reports or on the basis of the actual personal data for individual reports.
     

Services provided by Attentia social secretariat include:

  • Calculating gross salary based on personal data and time data
  • Gross-net calculation
  • Generating and issuing individual and collective salary documents
  • Sending payment orders to the financial institution
  • Further processing the personal data provided by the Data Controller for statistical or reporting purposes on the basis of pseudonymised or anonymised data for global reports or on the basis of the actual personal data for individual reports.
     

Services provided by Attentia social secretariat include:

  • DOTS Essentials
  • Payroll Essentials
  • Flexible Reward
  • Document Management
  • Connected Time
  • Self assessment computer work
  • Further processing the personal data provided by the Data Controller for statistical or reporting purposes on the basis of aggregated data for global reports or on the basis of the actual personal data for individual reports.
     

Services provided by Attentia nv include:

  • Tax & legal advice: social-legal support, social audits, employment regulations and other policies, cross-border employment
  • Academy: specialist courses (open-access programmes and/or on-site training)
  • Advice on bonus optimisation through warrants, etc.
  • Sourcing and outsourcing services: on-site payroll consulting and/or business process outsourcing (BPO)
  • Strategic wage policy
  • Flexible pay
  • Strategic HR and/or well-being policy
  • SENSOR (psychosocial risk analysis)
  • Medical check-ups
  • Fitness and/or postural check-ups
  • Corporate vitality and Energy2grow: various well-being programmes
  • Further processing the personal data provided by the Data Controller for statistical or reporting purposes on the basis of aggregated data for global reports or on the basis of the actual personal data for individual reports.
 

Services provided by Attentia preventie & bescherming vzw include:

  • Tasks required of the external service for Prevention and Protection under the Welfare Act, covering the following disciplines: occupational safety, occupational medicine, ergonomics, occupational hygiene and psychosocial aspects of work
  • If applicable, medical checks of the navigation qualifications of seafarers in accordance with Belgian law and medical examinations of the fitness to drive for the applicants and holders of a category 2 driving licence
  • Health monitoring
  • Sending reminders as part of a health assessment
  • Electronically processing and reporting reasons for illness
  • Further processing the personal data provided by the Data Controller for statistical or reporting purposes on the basis of aggregated data for global reports or on the basis of the actual personal data for individual reports.
 

3. Who should I contact about privacy matters?

If you have any questions concerning privacy, please email Privacy@attentia.be . Our Data Protection Officer or one of their colleagues will review your query and provide the requested information to you, where relevant.  
If you prefer, you can send a letter to:
 
ATTENTIA corporate vzw
Sluisweg 1 bus 5
B-9000 Ghent
addressing your letter to the Data Protection Officer.
 

4. Is ATTENTIA a data processor or data controller??

For most services, ATTENTIA acts as a data processor to process personal data on behalf of our customers. Detailed arrangements regarding the proper protection of personal data during processing are laid down in a processor agreement between ATTENTIA and the customer, which form an addendum to the existing contract.
For some other activities, ATTENTIA acts as a data controller. More specifically, this concerns activities that fall under Prevention & Protection. The Well-being at Work Code clearly states that an external service itself must be able to determine the purpose of the processing in order to fulfil its mission independently. From this provision, it can be deduced that the external service is a data controller and not simply a processor.
 

5. Service providers and other recipients of personal data

Your personal data will not be transmitted to third parties without your permission, with the exception of third parties whose services ATTENTIA uses to ensure the proper functioning of its group entities and the services provided through the website, such as hosting providers, website and marketing agencies, IT maintenance companies and service providers responsible for additional features you can use on the website. Additional features include receiving our annual calendar and purchasing products and/or services from selected ATTENTIA partners (such as gift vouchers for a medical check-up). These service providers only receive the personal data needed to carry out the tasks with which they are entrusted. They may not use or publish your data for other purposes without your prior consent. A list of these third parties and partners can be provided on request.
ATTENTIA ensures that your personal data is always processed by such third parties with an appropriate and adequate level of protection, as laid down in the GDPR, even if service providers are located in an area outside Europe without adequate protection measures.  
 
In all other cases, ATTENTIA only provides personal data to third parties if it is legally required obliged to do so or if it is ordered to do so as part of judicial or extrajudicial proceedings.
 
When selecting a new service provider, the requirements under the GDPR are included in the processing agreement concluded between ATTENTIA and the service provider. In this way, ATTENTIA can guarantee towards its customers that its service providers also comply with the requirements under the GDPR. A brief overview of the service providers that ATTENTIA currently works with can be obtained by our customers on request.
 
In addition to partners that support us in sectors such as IT, in order to host applications or provide infrastructure for example, there are also a number of parties that receive personal data from us resulting from our own processing. Depending on the service provided by the social secretariat, personal data is frequently provided to certain government bodies (e.g. the Federal Agency for Occupational Risks), health insurance funds and insurance companies. This is mainly to enable us to fulfil our legal obligations which our customers are subject to and help ATTENTIA to support its customers.

6. What categories of personal data are processed by ATTENTIA?

ATTENTIA receives personal data though various channels, as explained below.
 

Data provided by you as a customer:

We process the personal data that you provide to us yourself. This can be done by telephone (e.g. when you call customer service), in writing (e.g. when you send us a letter), electronically (e.g. when you order something on our website or send us an email) or verbally (e.g. in one of our customer offices). 
 

Data collected by our system:

When you use one of our applications as a customer, personal data about you can also be collected. Of course, this will only be done with your consent and for the purpose for which you have given your consent.

Data we receive from third parties:

Given that ATTENTIA has many organisations as its customers for its social secretariat and other services, these customers send personal data about their staff to ATTENTIA in order to calculate salaries, for example. Firm arrangements are always made regarding the proper exchange and management of such personal data, which are laid down in a processor agreement between ATTENTIA and the customer.
Data received from non-customers:
We may collect personal data about persons who are not an ATTENTIA customer through various channels, such as promotions/campaigns and our website, with the intention of making our products and services as relevant as possible to such persons. We hereby guarantee your right to be informed and, where applicable, together with any consent which we legally require from you, we contractually oblige third parties that collect your data on our behalf in this context to do the same.

A list of the categories of personal data that ATTENTIA processes can be found in the table below.

 
Images or graphics
Other personal data
Profession & job
Financial details
Physical attributes
Family composition

Identification details

Information about training and education
Lifestyle
Medical history
Personal characteristics
Psychological details
Racial and ethnic details
National registry number
Residency data
Hobbies and interests

 

7. Does ATTENTIA process sensitive personal data?

Since ATTENTIA also carries out activities related to Prevention & Protection, medical data is also processed. This is classed under the GDPR as sensitive personal data, which requires additional attention.

 

8. Automated decision-making

The GDPR stipulates that organisations may not subject any person to automated decision-making “which produces legal effects concerning him or her or similarly significantly affects him or her”. However, there are exceptions where the decision:

  • s necessary for the performance of a contract;
  • is authorised by Union or Member State law (such as for the prevention of fraud);
  • is based on the data subject’s explicit consent.
  •  

ATTENTIA hereby declares that it does not perform any automated decision-making using personal data. If this changes in the future, ATTENTIA will only do so if one or more of the exceptions above applies.

 

9. What lawful basis does ATTENTIA have for processing personal data?

Since proportionality and purpose are two fundamental principles of the GDPR, ATTENTIA believes it is important for the personal data of customers and employees to only be processed if it is necessary to fulfil the intended purpose.
 
We use personal data only when it is necessary to:
  • prepare for, perform, or terminate a contract between ATTENTIA and the customer (whether the customer is a natural person or an organisation);
  • comply with legal or regulatory provisions to which ATTENTIA is subject; 
  • defend our legitimate interests, in which case we always strive to balance that interest with respect for your privacy.
 
If the processing of your personal data is not necessary for one of these three reasons, we will always ask for your consent to process your personal data.

 

10. What is the retention period that ATTENTIA applies?

ATTENTIA complies with the legally-stipulated retention period. Most social security and tax documents must be retained for period laid down by law. However, such documents may not be kept for any longer than is necessary. More specifically, as soon as the personal data has been stored for longer than the minimum retention period AND the lawful basis on which this data is processed no longer applies, this personal data will be erased.
 
For more information about the retention period, please email us at Privacy@attentia.be. Information will also be available on our website soon.
 
 

11. Does the ATTENTIA website also use cookies?

ATTENTIA’s website uses cookies to optimise the user experience of our website for all our customers. For more information about how we use cookies and why, please see our cookie statement at (zie  https://www.attentia.be/nl/cookieverklaring ).
 
 

12. What does ATTENTIA offer to its customers to support them in their GDPR process?

Unfortunately ATTENTIA has neither the time nor the resources to support all of its customers in their own GDPR process, but ATTENTIA does provide the following to its customers:
  • a processor agreement for customers with which ATTENTIA has a data processor/data controller relationship;
  • support from the ATTENTIA privacy team on aspects contained in the processor agreement, provided this relates to the services that ATTENTIA offers to its customers;
  • a GDPR package specifically tailored to SME customers, available in the ATTENTIA webshop.
 
For any queries about privacy or GDPR with regard to the services that ATTENTIA provides to its customers, please email Privacy@attentia.be . Our Data Protection Officer or one of their colleagues will respond to your query as quickly as possible.
 

 

13. What security measures has ATTENTIA implemented to properly protect the personal data that it processes?

ATTENTIA puts in place appropriate technical and organisational measures to properly protect all personal data that is processed against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.
 
Within ATTENTIA, both the Data Protection Officer and Security Officer are responsible for continually checking and optimising the level of security. More information about the specific security measures in place is available to customers on request.
 
 

14. What rights do individuals have under the GDPR?

The GDPR has strengthened the rights you have as an individual, as outlined below.
 

Right of access

You have the right to ask ATTENTIA whether we process your personal data and, if so, to ask to view that data and receive further details about:
  • the purpose for which ATTENTIA processes your personal data;
  • the categories of personal data processed;
  • the recipients of your personal data (if applicable);
  • the retention period or, failing that, the criteria for determining the retention period;
  • the source of the data, if obtained from a third party;
  • whether automated decisions are made using your personal data.

On request, you may receive a free copy of your personal data that we process; however, an administrative fee will be charged for each additional copy requested.
 

Right of rectification

If you determine that the personal data processed by ATTENTIA is incomplete, incorrect or out of date, then you have the right to have this data rectified. However, ATTENTIA often acts as a data processor in the services it provides to its customers, in which case the ownership of the data does not always lie with ATTENTIA itself, but often with the organisation that is our customer. In such cases, we will forward your request to the relevant organisation.
 

Right to be forgotten

The GDPR also provides the right to have your personal data erased by ATTENTIA. You may submit a request to this end in the following cases:
  • Your personal data is no longer required for the purpose for which it was collected or processed by ATTENTIA.
  • You withdraw your prior consent to the processing and there is no other lawful basis for ATTENTIA to continue the processing.
  • You object to the processing of your personal data and there is no more compelling, legitimate basis for ATTENTIA to continue the processing.
  • Your personal data is being unlawfully processed.
  • Your personal data needs to be erased in order to comply with a legal obligation.
  • Your personal data was collected when you were underage.
An exception applies if the processing of your data is necessary as part of a judicial investigation, in which case your request to have your data erased cannot be fulfilled. We will inform you about this at your request.

 

Right to restrict processing

You have the right to restrict the processing of your personal data if one of the following applies:
  • You doubt the accuracy of such personal data, in which case the use of your data may be restricted until ATTENTIA can verify the accuracy of the data.
  • Your data is being processed unlawfully, in which case you can request to restrict its use instead of having it erased.
  • Provided no decision has been made on the exercise of your right to object to the processing, you may request to restrict the use of your personal data.

 

Right to data portability

You have the right to request to have your personal data transferred to another party. This is only possible for the personal data you have provided to ATTENTIA yourself, after having given your consent or concluded an agreement. You may not exercise this right in any other case, for example if your data is processed on the basis of a legal obligation.

 

Right to object to processing of your personal data

You have the right to object to the processing of your personal data if the processing is in the legitimate interest of ATTENTIA or in the general interest.
 

Practical information

How do I exercise my rights to privacy?

You can exercise your rights to privacy by post or by email to:
 
ATTENTIA corporate vzw
t.a.v. Data Protection Officer
Sluisweg 1 bus 5
B-9000 Ghent
 
To avoid disclosing your data to unauthorised parties at all costs, we will always ask you to provide identification when submitting a request. Please include a copy of the front of your identity card with your request. In this copy, please redact your passport photo, machine readable zone (the strip with numbers at the bottom of the passport), passport number and national registry number. This is to protect your privacy.

 

When will I receive a response?  

We will always respond to your request within one month. Depending on the complexity and number of the requests, this period may be extended by a further two months if necessary. If we extend the deadline, we will notify you within one month of receiving your request.
 
 

15. Changes to the Privacy Policy

In order to accurately reflect the use of personal data within ATTENTIA, this Privacy Policy is regularly updated. You can always find the date on which the current version was published, as well as a link to previous versions.