If you are an SPI staff member, a Privacy and Confidentiality Policy Charter is available on the SPI intranet.
We wish to point out that we may modify this Privacy/Confidentiality Policy. Please visit this page to see any changes that we publish on it.
1. What types of personal data do we collect?
1.1. Users of our website/blog
It is possible to visit our website without sharing any personal data with us. However, when you visit our site, we may automatically collect certain information, whether or not you decide to use our services. This includes in particular your IP address and the dates, times and frequency of your access to our site and how you browse its content.
We automatically collect your data using cookies, in accordance with your browser’s cookie settings. To learn more about cookies, including how we use them and the options available to you, please click here. We also collect data from you when you contact us through the website/blog or when you ask us a question. The data we collect, following your request, will mainly be:
- Surname and first name
- Phone number
- Any other personal data you voluntarily provide to us
When you are an SPI customer for a service offered on our site or the Val Benoît site, we collect personal data. These are nevertheless limited. Specifically, in principle, SPI only needs the contact details of the people in your company who are responsible for the contract between your company and SPI in order to manage and monitor your project. We will therefore mainly request the following data:
- Surname and first name
- Telephone number (mobile)
- Bank details for payment of our invoices
We may also hold additional information that someone in your company has chosen to provide to us. If, for any reason, we need additional personal data, we will inform you.
If you are an SPI supplier or subcontractor, we collect personal data. These are nevertheless limited. Specifically, in principle, SPI only needs the contact details of the people in your company who are responsible for the subcontracting contract between your company and SPI in order to manage and monitor the requested services. We will therefore request the following data:
- Surname and first name
- Telephone number (mobile)
- Bank details
We may also hold additional information that someone in your company has chosen to provide to us. If, for any reason, we need additional personal data, we will inform you. 1.4. Public/Private partners
If you are an SPI public or private partner, we collect personal data. These are nevertheless limited. Specifically, in principle, SPI only needs the contact details of the people in your body/company who are responsible for the dealings between your body/company and SPI in order to manage and monitor our collaboration or the project. We will therefore request the following data:
- Surname and first name
- Telephone number (mobile)
We may also hold additional information that someone in your body/company has chosen to provide to us. If, for any reason, we need additional personal data, we will inform you. 1.5. Applicants for a job vacancy
In the context of a job vacancy at SPI, we will collect the following data:
- Surname and first name;
- Age/date of birth;
- National number assigned at birth;
- Marital status;
- Contact details;
- Educational background;
- Professional experience;
- Immigration status (whether or not a work permit is required);
- Nationality/citizenship/place of birth;
- A copy of your driving licence and/or passport/identity card;
- Social security number and other tax information;
- Information about any criminal convictions if required for the position you wish to apply for;
- Information about your current remuneration, your pension scheme and your employment benefits;
- Information about your interests and needs regarding your future job;
- Additional information that you choose to provide to us;
- Additional information about you that our customers/partners may provide to us, or that we find from third-party sources;
- IP address.
Please note that the above list of categories of personal data that we may collect is not exhaustive.
2. How are personal data collected?
2.1. Visiting our website/blog
We may collect certain data automatically or data that you voluntarily provide to us in order to be able to respond to you.
We will receive personal data directly from you in two ways:
- when you proactively contact us, usually by phone or email;
- through our employees/associates in the context of their tasks.
Where applicable and in accordance with applicable laws and regulations, we may obtain further information about you through:
- market research carried out by third parties and analyses of online and offline media (which we may carry out ourselves or through other companies);
- public databases.
2.3. Applicants for a job vacancy
We collect applicants’ personal data in three ways:
- you send us your personal data directly by post or by any electronic means;
- your data are provided to us by other sources such as our customers, an employment agency, a third party or a site advertising services/jobs;
- during your visit to our website (see above).
3. Purposes and legal bases of processing
In general, personal information are only used to enable us to communicate with you, to provide, improve or develop our services or products, to offer you targeted advertising and services, to protect us and our customers or partners, or to benefit from a service that we have purchased from you or to provide you with a service that you have purchased from us.
More specifically, we use your personal data to:
- enable us to respond to a service that you have ordered from us concerning the rental of an office, the rental of a meeting room or the rental of a bicycle. Thus, the purposes of data processing concern:
- the management of your office/premises/bicycle rental contract;
- the creation of a personal badge giving access to the office/premises/bicycle premises;
- the management of offices, building entrances, meeting rooms and bicycles, the locating of bicycles, the repair and maintenance of bicycles;
- the invoicing of our services;
- the security of our buildings and property as well as the security of our website.
The legal basis for this processing is the contract between you and SPI.
We may also use geolocation data relating to the rental and use of our bicycles for the following purposes:
- your safety;
- the protection of the equipment made available to you;
- satisfaction with the services offered to recover a bicycle in need of repair;
- the improvement of our services by communicating anonymised geolocation data to research centres or universities partnering the project for statistical research, mobility research, etc.;
- to enable us to improve your use of our website, with the legal basis being your consent to the use of our cookies and our legitimate interest in being able to offer you an optimal website;
- to enable us to produce statistics and market research, to improve your use of our services and the SPI services, with the legal basis being your consent to the use of your data if they are not pseudonymised or anonymised. In the event that your data are anonymised or pseudonymised, the processing of your personal data for the purposes described above will have as a legal basis our public interest mission for economic development and spatial planning;
- to assess the suitability of our job vacancies in relation to your profile. The legal basis is your explicit consent and our legitimate interest in hiring a candidate who meets our requirements;
- to communicate with you in order to respond to your questions or requests subject to your explicit consent;
- to meet legal and regulatory obligations, with the legal basis being the law or the regulation;
- to send you invitations, promotions and offers for events such as networking meetings, company or field visits, training, conferences, seminars or exhibitions and customer events, as well as general information on sectors of activity likely to interest you or on SPI activities and services. The legal basis for this communication is your explicit consent. Similarly, subject to your express prior consent, we may share your personal information with third-party partners, who may send you sales communications relating to their products and services. However, you may refuse these direct marketing communications, at any time, by notifying us or via the unsubscribe link in our communication. The legal basis for this processing is your explicit consent;
- to display extracts of your information on the SPI website or blog in order to present your activities in the context of highlighting success stories for promotional purposes. The legal basis is your explicit consent;
- to help us assert, exercise or defend our rights before the courts. These may be situations in which we need to obtain legal advice in relation to legal proceedings or we are legally obliged to retain or disclose certain information in the context of legal proceedings. The basis of our processing is our legitimate interest and compliance with legal and regulatory provisions;
- the security of our services and websites/blog. In this case, we use your personal data to help us check the activities of the users of our services, our website or blog, in order to promote security (in particular building security) and prevent any activity that is potentially illegal or in breach of our conditions or policies. This processing is based on our legitimate interest in contributing to the security of our services and property.
In the event that the legal basis for the processing is our legitimate interest, SPI ensures that the impact of the processing on the protection of your privacy is limited as much as possible and that, in all cases, the balance between the legitimate interests of SPI and its partners and any impact on the protection of your privacy is not disrupted. If you still have objections to this processing, you may exercise your right to object as explained below. SPI will refrain from selling or renting your personal data to third parties, unless you have authorised it to do so.
4. What are your rights regarding the processing of your personal data by SPI, and who can you contact?
You have rights regarding the processing of your personal data. If SPI asks you for explicit authorisation for specific processing of your data, you may always subsequently withdraw your consent at any time.
Your main rights are as follows:
- Right to consult your personal data
You may consult your personal data at any time. Simply contact us at the address mentioned below (Data Controller). We will then provide you with the most complete overview of your data possible.
- Right to rectification of your data
It may be the case that the data in our possession are no longer up-to-date or correct. You may request, at any time, that these data be rectified or completed.
- Right to object, of deletion of your data
If you believe that your data are not being used appropriately, you may ask us to delete your data from our records or limit their use.
- You also have the right to request the transfer of your data to yourself or to a third party. However, the Privacy Law sets some limits on this right, which is therefore not applicable to all data.
- You have the right to lodge a complaint against any infringement of your rights with the supervisory authority if you believe that SPI has not acted in accordance with the applicable legislation (contact details of the supervisory authority under the “Data Controller” section).
You may exercise your rights, ask us any questions or make any comments about this statement at the address mentioned under the “Data Controller” section. We will do our utmost to deal with your request as soon as possible and, in all cases, within one month (subject to extensions permitted by law). Please note that we will not be able to comply with your objection request if:
- we can demonstrate that we have legitimate and compelling reasons to process your data that prevail over your interests or another reason that justifies the continued processing of your personal data (e.g. legal obligation);
- we are processing your data for the purposes of noting, exercising or defending a right in the courts.
5. Data controller for your data
In accordance with the Belgian law of 8 December 1992 on the protection of privacy with regard to the processing of personal data and its subsequent amendments as well as European regulations including Regulation (EU) 2016/679, the General Data Protection Regulation, also referred to as the GDPR, the data controller for your personal data is:
SPI SCRL Rue du Vertbois 11 4000 Liège
To contact us, you can send your requests directly to the Data Protection Officer at the following email address or to the postal address mentioned above:
Email : firstname.lastname@example.org – Tél : +32 4 230 11 11
Please note that this email address may only be used for privacy-related requests. Information about the management of projects you have with SPI or any other question not related to privacy will not be answered via this address. Instead use email@example.com for this purpose.
For any request, we will ask you to prove your identity through the provision of a copy of the front and back of your identity card. We may also request any additional information we deem necessary regarding your request. In the case of access to information that we hold about you, we will not charge you for such access provided that your request is not “manifestly unfounded or excessive”. In this case, we may charge you a reasonable fee to the extent permitted by law.
If you believe that your rights are not being respected, you may lodge a complaint with the supervisory authority.
You can contact it as follows:
- By telephone: (+32) (0)2 274 48 00
- E-mail: https://www.autoriteprotectiondonnees.be/
- Online contact form: https://www.privacycommission.be/en/contact-form
- By post: Privacy Commission, Rue de la Presse 35, 1000 Brussels, Belgium
- Fax: (+32) (0)2 274 48 35
SPI has implemented numerous technical, physical and organisational security measures to ensure the integrity, confidentiality and availability of the data of the people who interact with SPI.
In particular, SPI has implemented security technologies to protect personal data stored on computer servers against unauthorised access, inappropriate use, alteration, illegal or accidental destruction and accidental loss.
SPI is engaged in a continuous process of monitoring and improving its security procedures to take into account new technologies or new risks. SPI has also put contracts in place and imposed specific obligations on its subcontractors, partners or staff so that the manual and electronic processing of all personal data is treated confidentially and with appropriate security measures to avoid any misuse of these data.
If you suspect misuse, loss or unauthorised access concerning your personal information, please inform us immediately at firstname.lastname@example.org
7. Who has access to my personal data?
We share your personal data with the following categories of people:
- our employees who handle your project and your contract. However, they will have access to your data provided that they have a compelling need to know your personal data for the task required of them, i.e. on a need-to-know basis;
- employees of our institutional partners such as the departments of the Walloon authorities, or any other ministry or public authority;
- employees of the tax authorities or any other public body when the law or any other regulation requires that your personal data be disclosed;
- third-party service providers who work on our behalf, including in particular lawyers, bailiffs, surveyors, architects, external consultants, auditors, IT service providers, communication companies, building cleaning and maintenance staff, staff responsible for the security of property and people, etc.
8. Will my personal data be transmitted outside Belgium? In principle, SPI does not transfer personal data outside Belgium. However, if SPI were to be required to communicate your personal information to countries outside the European Economic Area, standard contractual clauses adopted by the European Commission would be imposed on the recipient if the protection of personal data is not sufficient in the destination country. 9. How long will my personal data be kept? We only keep your personal data for as long as is necessary for the purposes described above.
In principle, we will delete your personal data from our systems in the absence of contact with you or the company with which you work and which has a business relationship with SPI, or after the end of the contract between your company and SPI after an uninterrupted period of two years. However, we may retain your personal data for a longer period if we are required to do so by law or a regulation. For the personal data of employees of our partners or our customers, personal data will be deleted after a period of 2 years after we are informed by our partner or customer that you no longer work for them. For candidates for a job at SPI, personal data will be retained at the end of the candidate selection period for a maximum period of 2 years. For purchasers of real estate or tenants, data will be retained in accordance with any applicable laws and regulations.
10. Changes and amendments
We may make changes to this Privacy and Confidentiality Statement from time to time, primarily to adapt to new regulatory requirements. Any changes take effect immediately after the publication of the updated Privacy and Confidentiality Statement. In the event of a substantial change, a notification will be issued before it takes effect or it will be sent to you directly. When you continue to use our services after the effective date of the amended Privacy and Confidentiality Statement, you will be deemed to have accepted these changes.