INFORMATION ON THE PROTECTION OF PERSONAL DATA

1. INTRODUCTION

N.V. BESIX S.A., with its registered office at Avenue des Communautés 100, 1200 Woluwe-Saint- Lambert and registered in the Crossroads Bank for Enterprises (BCE/KBO) under enterprise number BE 0413 630 071, attaches great importance to the gathering and safe, transparent and confidential processing of your personal data. BESIX is particularly concerned to protect the data of its clients, subcontractors and suppliers, especially against loss, violation, errors, unauthorized access or unauthorized processing.

BESIX is publishing this data protection memorandum to inform you about the gathering and processing of your personal data.

We ask you to read this data protection memorandum carefully, as it contains important information about how and why BESIX processes your personal data.

By providing your personal data, you expressly acknowledge that you have read this data protection memorandum, and that you expressly accept its content as well as the processing of the data.

2. SCOPE

This data protection memorandum covers all activities carried out and all services provided by BESIX.

3. IDENTITY AND COMMITMENTS OF THE PERSON RESPONSIBLE FOR THE DATA PROCESSING (“CONTROLLER”)

N.V. BESIX S.A. , with its registered office at Avenue des Communautés 100, 1200 Woluwe-Saint- Lambert and with the enterprise number BE 0413 630 071, is the person responsible for the processing of your personal data (“controller” in the language of the General Data Protection Regulation).

In gathering and processing your personal data, BESIX complies with the Belgian legislation on the protection of personal data and the General Data Protection Regulation (GDPR), as from its entry into force on 25 May 2018.

4. PERSONAL DATA

Depending on your activities and your relationship with BESIX, you may find yourself communicating the following personal data: your identity details and contact information (name, title, address, e-mail address, telephone number, mobile phone number). For some specific legal requirements (electronic registration of attendance, 30bis work declaration), it is possible that you

have to provide additional data, especially in order to record your attendance (such as E-ID data, Limosa number).

You bear full responsibility for the completeness and accuracy of the data you provide. If your data is out of date, we ask you to inform us immediately.

5. PURPOSES OF THE PROCESSING AND THE LEGAL BASIS

5.1. Client data

In the context of its activities and services, BESIX gathers and processes identity data and contact information of its existing and prospective clients and principals, of their personnel, persons working for them, agents and any other relevant contact persons. The purposes of this processing are the negotiation and execution of the agreements with the contracting parties concerned, the management of clients and service providers of any kind, the accounting, and direct prospecting activities, such as the sending of promotional or commercial information. The legal bases are the negotiation and execution of the contracts concerned, the respect of legal and regulatory obligations (such as the 30bis work declaration) and/or the legitimate interest pursued by BESIX.

5.2. Supplier and subcontractor data

BESIX gathers and processes the identity data and contact details of its suppliers, subcontractors and suppliers as well as any of their potential (sub)subcontractor(s), of their personnel, persons working for them, agents and any other useful contact person. The purposes of these processing operations are the negotiation and execution of the agreements with the contracting parties concerned, the management of suppliers/contractors and service providers of any kind, the accounting, and direct prospecting activities, such as the sending of promotional or commercial information. The legal bases and the purposes are the negotiation and the execution of the contract, the respect of legal and regulatory obligations (such as the obligatory electronic registration of presence, the 30bis work declaration, the list of presence or other public procurement-related obligations) and/or the legitimate interest pursued by BESIX. For the electronic registration of presence, the E-ID data or Limosa number will be processed where applicable.

5.3. Employee data

BESIX gathers and processes the personal data of its employees as part of its personnel and salary management. Given its specific nature, this processing is addressed in greater detail in an employee data protection policy.

5.4. Other data

In addition to the data of clients, suppliers / subcontractors / service providers of any kind and employees, BESIX also processes the personal data of other persons, such as new clients / “prospects”, useful contacts in relevant market sectors, networking contacts, experts, direct marketing contacts, etc. For direct e-mail marketing activities (such as newsletters or invitations to events), the authorization may be withdrawn at any time.

The purposes of such processing operations are in the interest of our activities, direct prospecting and public relations. The legal bases are the legitimate interest pursued by BESIX and / or in certain cases the execution of a contract.

6. DURATION OF PROCESSING

Personal data are stored and processed for a period of time depending on the purpose of the processing and the relationship (contractual or otherwise) between the parties involved.
Client, supplier or subcontractor data will, in any event, be removed from the BESIX systems after 10 years from the termination of the relevant contract or from the end of the project, except for data of a personal nature that BESIX is required to keep for longer based on specific legislation or in the event of ongoing litigation for which personal data are necessary and/ or opportune.

7. RIGHTS

In accordance with and under the terms of Belgian data protection legislation and the provisions of the General Data Protection Regulation, we hereby inform you that you have the following rights:

Right of access: You are entitled to ask to know, free of charge, what personal data about you BESIX processes and to verify for what purpose they are used.

Right of rectification: You have the right to obtain a rectification (correction) of personal data about you which is incorrect and the right to supplement personal data (about you) that is incomplete.

Right to be forgotten or to restrict data: You have the right to ask BESIX to erase personal data about you and to restrict the processing of such data in the circumstances and under the conditions stipulated in the General Data Protection Regulation. BESIX is entitled to refuse to erase or to restrict data that is necessary for salary processing, fulfilling a legal obligation, concluding an employment contract or for its legitimate interest, provided that such data are necessary for the purposes for which which they were gathered.

Right to data portability: You have the right to receive the personal data concerning you that you have provided to BESIX, in a structured, commonly used and machine-readable format. You have the right to pass on this data to another controller.

Right to oppose: You have the right to oppose the processing of your personal data for serious and legitimate reasons. You may not, however, oppose the processing of data that is necessary for BESIX to fulfil a legal obligation, conclude an employment contract or for its legitimate interest, provided that such data are necessary for the purposes for which they were gathered.

Right of withdrawal of consent: Where the processing of personal data is based on prior consent, you have the right to withdraw that consent. This personal data will then be processed only if BESIX has another legal basis to justify the said processing.

Decisions based on automatic processing, profiling: BESIX confirms that the processing of personal data does not include profiling and that you will not be subject to decisions based entirely  on automated processing.

You may exercise the aforementioned rights by contacting: communication@besix.com.

8. TRANSFERS OF DATA TO THIRD PARTIES

Certain personal data of employees collected by the employer will be transferred to and may be processed by third parties (e.g. IT supplier, accountant, auditor), as well as by any administrative and/or public authority (e.g. in the case of the 30bis declaration of work, the electronic registration of presence or for the award of public contracts).

It can happen that one or more of these third parties is located outside the European Economic Area (“EEA”). However, personal data will be transmitted only to third countries having an adequate level of protection.

The employees, managers and/or representatives of the aforementioned service providers or institutions as well as the specialized service providers designated by them, are required to respect the confidential nature of your personal data and may use these data solely for the purposes for which they were provided.

If necessary, personal data may be transmitted to other third parties. This may be done in the event of a partial or complete reorganization of BESIX, if its activities are transferred or in the event of a declaration of bankruptcy. It is also possible that your personal data have to be transferred owing to an injunction or in order to fulfil a particular legal obligation. In this case, BESIX will endeavour to inform you in advance of this communication to other third parties. You acknowledge and understand, however, that under certain circumstances this is not always technically or commercially feasible or that legal restrictions may apply.
BESIX will not in any event sell your personal data or make them available to direct marketing offices or similar service providers, except with your prior consent.

9. TECHNICAL AND ORGANIZATIONAL MEASURES

BESIX will take the technical and organizational measures to process the data to a sufficient level of security and to protect your personal data against any destruction, loss, falsification, unauthorized access or accidental notification to third parties as well as any unauthorized processing of these data.

In no event may N.V. BESIX S.A. be held responsible for any direct or indirect damage caused by the erroneous or illicit use of personal data by a third party.

10. ACCESS BY THIRD PARTIES

In order to process your personal data, BESIX grants access to your personal data to its employees, persons working for it and agents, as well as to subcontractors. BESIX guarantees a similar level of protection by imposing contractual obligations on its employees, persons working for it and  agents, as well as on its subcontractors.

11. DO YOU HAVE ANY QUESTIONS?

If, after reading this data protection memorandum, you have further questions about the gathering and processing of your personal data, you may contact: communication@besix.com.