This Privacy Statement is drafted and managed by IDEA Consult NV (40 Joseph II, boîte 1 / Jozef II-Straat 40, bus 1, B-1000 Brussels, Belgium, VAT: BE0463832719), hereafter referred to as “Controller”, “we”, “us”, “our” and/or “IDEA Consult”. 

IDEA Consult may process your personal data (hereinafter “Data Subject”, “you” and/or “your”). We understand the importance of safeguarding your privacy and personal data. This Privacy Statement outlines our commitment to protecting your data and explains how we collect, use, and store personal data in the course of our work and clarifies which rights you can exercise as a Data Subject. 

This Privacy Statement applies to all interactions with the IDEA Consult website (www.ideaconsult.be), as well as the projects undertaken by or on behalf of IDEA Consult. Whether you are visiting our website or participating in one of our projects, this Privacy Statement governs the collection, use, and processing of your personal data. 

This Privacy Statement complies with the applicable legislation governing personal data processing and electronic communications, including the General Data Protection Regulation, also referred to as “GDPR”). 

Aggregate data: 
Aggregate data are made up from microdata files and are the result of a combination of different measures. They are obtained by adding or averaging the individual values obtained. They provide information on groups that have common characteristics. 

Anonymisation: 
The anonymisation of personal data consists in modifying the content or structure of this data in order to make it very difficult or impossible to “re-identify” natural persons. 

Consent:  
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 

Controller or controller responsible for the processing: 
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. 

Data subject: 
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing. 

Encryption: 
Encryption is the process by which segments of data are mathematically mixed using a password. 

General Data Protection Regulation: 
The General Data Protection Regulation is a set of rules designed to protect the personal data of European citizens. This Regulation covers the protection of personal data in the broadest sense of the term, regardless of their form or nature: private, professional, public. The GDPR was approved in April 2016 and as from 25 May 2018, this Regulation is fully applicable in all EU countries. 

Personal data: 
Personal data means any information relating to an identified or identifiable natural person (“data subject”). In the definition provided above, “any information” means any information, such names, genders, occupations and other types of data that is available in different forms, including alphabetical, numerical and graphical, and is kept on paper or stored in computers or in any other manner. 

Processing:
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.  

Processor: 
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. 

Profiling: 
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. 

Pseudonymisation: 
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. 

Recipient:  
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed whether a third party or not. However, public authorities who may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. 

Restriction of processing: 
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future. 

Third party:  
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. 

Website. 
The IDEA Consult website can be accessed and used without providing any personal data. However, in certain situations or when using specific services on our website, the processing of personal data may be required. Your use of the website is governed by this Privacy Statement. 

Projects. 
For certain projects carried out by IDEA Consult, we may need to process personal data on a case-by-case basis. In such instances, the type, extent, and purpose of the data processing will be clearly communicated to the Data Subject. All our projects are conducted in accordance with this Privacy Statement. 

The following legal bases allow IDEA Consult to process personal data: 

• Consent: you have given clear consent for us to process their personal data for a specific purpose. 

• Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract. 

• Legal obligation: the processing is necessary for us to comply with the law (excluding contractual obligations). 

• Legitimate interests: the processing is necessary based on our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. 

IDEA Consult may process your personal data in the context of the following activities, for the corresponding purposes and based on the stated legal bases: 

When the provision of personal data constitutes a contractual requirement, or is necessary to enter into a contract, you are obliged to provide us with the personal data. If you do not provide (certain) personal data, we may not be able to provide our services or otherwise perform our contractual relation with you. 

Each time you visit our website, we collect information using cookies and other technologies to ensure that our website functions optimally. Cookies are a small text files that are sent along with pages of this website and stored by your browser on the hard drive of your computer or another device. For more information on the use of cookies, please consult our Cookie Statement. 

As a Data Subject, you have the possibility to exercise your rights as described in the GDPR. These rights can be exercised free of charge by sending an e-mail at privacy@ideaconsult.be. We undertake to respond to your request within one month of receipt. We may first request additional information to confirm your identity and ensure that the request comes from you. 

You can exercise the following rights: 

Right of access to your personal data. 
You have the right to request access to your personal data at any time, and to request a copy of the personal data that IDEA Consult collects about you. 

Right to rectification. 
You have the right to have incorrect personal data corrected or incomplete personal data completed. 

Right to data erasure ("right to be forgotten"). 
You may request to have your personal data deleted from IDEA Consult systems. Such request cannot always be granted due to contractual or legal obligations. IDEA Consult will observe these obligations when responding to your request. 

Right to object. 
You have the right to object to the processing of your personal data if the processing is based on IDEA Consult’s legitimate interest or on grounds of public interest. We will stop processing your data unless we can demonstrate compelling legitimate grounds for further processing or for the exercise of legal claims.  

Right to withdraw your consent. 
For the processing of your personal data collected by IDEA Consult with your consent, you may withdraw your consent at any time. For example, you can unsubscribe from our newsletter at any time. However, withdrawing your consent does not affect processing operations previously carried out by IDEA Consult. 

Right to restriction of processing. 
In certain cases, you have the right to obtain the restriction of the processing of your personal data. We will continue to store your data, but we will limit its use. For example, you can make this request if you believe your personal data is inaccurate or the processing by IDEA Consult is not justified. We only have to fulfil such request in specific cases, as stipulated by law. 

Right to data portability. 
You have the right to obtain your personal data processed by IDEA Consult in a structured, commonly used and machine-readable format and/or to have such data transmitted to another controller. 

Right to lodge a complaint. 
If at any time you believe that IDEA Consult is infringing your privacy, you have the right to lodge a complaint with the Belgian Supervisory Authority: 

Gegevensbeschermingsautoriteit, Drukpersstraat 35, 1000 Brussels, Tel +32 (0)2 274 48 00, e-mail: contact@apd-gba.be.

IDEA Consult considers your personal data to be confidential and undertakes to process it only in a manner compatible with the purposes for which it was originally collected. 

IDEA Consult will refrain from disclosing your personal data to third parties as well as publicly disclosing your personal data, except in the following specific cases: 

• Personal data may be accessible to certain types of persons in charge and/or involved with the operations of this website or the provision of our services (administration, sales, marketing, legal, system administration). 

• Personal data may be shared with third party service providers to which IDEA Consult outsources certain processing operations. These third-party service providers act as our processors. They only process your personal data in accordance with our documented instructions and the data processing agreement concluded with them.  

• Personal data may be disclosed to third parties if and to the extent that it is required by applicable law or to comply with a judicial request. 

Your personal data will only be transferred to third parties established outside the European Economic Area (hereinafter “EEA”) if permitted under applicable data protection laws. Indeed, it is possible that service providers used by IDEA Consult process your data outside the EEA. In this respect, IDEA Consult is committed to ensuring an adequate and sufficient level of protection for your data pursuant to applicable data protection laws. 

In case we transfer your personal data to a third country or international organisation outside the EEA, we will ensure that your personal data is either transferred to third countries that are deemed to be offering an adequate level of data protection by the European Commission, or, alternatively, we will implement appropriate safeguards with the entity receiving your personal data to guarantee that your personal data remains protected in accordance with applicable data protection laws.

IDEA Consult recognises the importance of protecting your personal data. We will retain your personal data for no longer than strictly necessary to fulfil the purposes for which we received the data, or for the performance of a contract, or to comply with a legal obligation. The retention periods differ in terms of the type of processing activity and the purpose for which the personal data was collected. 

• Personal data that we collect based on your consent is retained for as long as your consent remains valid. 

• We process your applications data only as long as required to process the application. In case of a negative hiring decision, your personal data will be deleted unless you consent to the retention of your personal data for future opportunities. In case of a positive decision, the IDEA Consult employee privacy statement will provide you with more information on retention periods. 

• We keep customer and supplier information for as long as reasonably necessary to perform our agreements, to comply with our legal obligations (such as accounting and tax obligations) and to resolve disputes or enforce contracts.  

In all cases, personal data may be retained for a longer period if there is a legal or regulatory reason to do so, or for a shorter period if you object to the processing of your personal data and there is no longer a legitimate reason to retain it. 

IDEA Consult has implemented technical and organisational security measures to prevent the destruction, loss, forgery, alteration, unauthorised access, or disclosure of your personal data to third parties and any other unauthorised processing of such data. 

We have made every effort to ensure the confidentiality, integrity and availability of the information systems and services used to process personal data. These measures include physical and operational security measures, access controls, data pseudonymisation and encryption, firewalls, awareness policies and confidentiality clauses. All our employees and third parties engaged by us are obliged to respect the privacy and security of your personal data. 

If you would like more information about this Privacy Statement, if you have any questions or wish to exercise any of the above mentioned rights, please do not hesitate to contact our Data Protection Officer at the following address: privacy@ideaconsult.be. 

If you prefer to contact us by post, please do so at the following address: 

IDEA Consult 
37 Stationsstraat  
9810 Eke-Nazareth 
Belgium 

We may amend or update this Privacy Statement from time to time to reflect changes in our practices regarding the processing of your personal data or changes in applicable legislation. We will do so by posting the updated version on this website. When we publish changes to our Privacy Statement, we will change the date and version number of the "last update" of our Privacy Statement. Significant changes will be notified on our homepage. Nevertheless, we encourage you to regularly read our Privacy Statement.