TrustBuilder is committed to protecting and respecting your privacy.

TrustBuilder Privacy Statement - Website visitors

 
 
  1. WHO DOES THIS PRIVACY STATEMENT APPLY TO?
    1. This Privacy Statement applies to TrustBuilder nv, with registered offices at Poortakkerstraat 93, 9051 Gent, company number 0466.701.444.
    2. TrustBuilder nv (“We”) processes various personal data in the context of its activities. We act as data controller for the processing of your personal data when you visit our website.
    3. We are committed to protect the personal data entrusted to us in a correct and transparent manner, in accordance with the applicable law and in particular with respect of the General Data Protection Regulation 2016/679 of 27 April 2016 (“GDPR”).
  2. WHAT IS COVERED BY THIS PRIVACY STATEMENT?
    1. With this Privacy Statement we would like to inform you about why and how we process your personal data as data controller when you visit our site, who we give that information to, what your rights are and who you can contact for more information or queries.
    2. When we refer to “the Site”, we mean the webpages on:
    3. The site may link to other websites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices of other websites. This Privacy Statement only relates to data collected by us. When linking to any such sites, we strongly recommend you to review the privacy statements on these sites, before disclosing any personal information. Please be aware that, when you visit our pages on Facebook, LinkedIn, Instagram and Twitter, cookies are used by Facebook, LinkedIn, Instagram and Twitter. In this way, we can obtain information – in an anonymised way – about the public that visits our social media pages. For more information about why and how your personal data are processed in this respect, we refer to the following privacy and cookie policies:
  3. FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?
    • Our website is mainly informative, which means that we will only process personal data about you in exceptional cases.
    • In particular, we may process your personal data in order to handle enquiries, requests and complaints sent through the contact form.
  4. ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
    1. When you contact us through the contact form or through a general contact address, your personal data will in principle be processed for the purposes of our legitimate interests (namely the interest to handle all enquiries, requests and complaints sent via this form in the best possible way). In this respect, we will always determine case by case whether our interests are not overridden by your interests, fundamental rights and freedoms. If you would like more information about this, you can always contact us.
    2. For sending electronic direct marketing, We will always ask your explicit consent, unless We have obtained your e-mail address in the context of the sale of related products or services and you have not opposed to such use of your data. You may unsubscribe at any time by clicking ‘Unsubscribe’ at the bottom of the direct marketing message.
  5. WHAT ARE YOUR RIGHTS?
    1. You have several rights concerning the personal data we process about you. In particular, you have the right to:
      • gain access to your personal data and request a copy thereof;
      • ask that We update or correct your personal data when you believe they are incorrect or incomplete;
      • ask that We delete your personal data, or restrict the way in which We use such personal data when you believe that We have no (longer a) lawful ground to process it;
      • withdraw consent to the processing of your personal data (to the extent such processing is based on your consent);
      • receive your personal data in a structured, commonly used and machine-readable format and to transfer such data to another party (to the extent the processing is based on consent or on the execution of a contract);
      • object to the processing of your personal data for which We use legitimate interest as a legal ground, in which case We will cease the processing unless We have compelling legitimate grounds for the processing.
    2. You also have the right to object at any time to the processing of personal data for direct marketing by contacting us (see below) or by clicking the unsubscribe link in the direct marketing messages We sent. In that case, We will no longer process your personal data for direct marketing purposes.
    3. In order to exercise any of your rights, you can send us a request, indicating the right you wish to exercise,
      • by sending an e-mail to [email protected];
      • by sending a written query to: TrustBuilder, Kris Van Opstaele, Poortakkerstraat 93, 9051 Ghent.
      You may also use these contact details if you wish to make a complaint to us relating to the processing of your personal data.
    4. If you are unhappy with the way We handle your personal data, you have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
  6. HOW DO WE OBTAIN PERSONAL DATA?
    • We may obtain your personal data when you contact us through the contact forms, register for a webinar, request gated content, visit our website or interact in any other way with TrustBuilder.
  7. WHICH PERSONAL DATA DO WE COLLECT?
    • We may collect any personal data that you provide to us when you contact us using the contact form on the site.
  8. TO WHOM CAN WE DISCLOSE YOUR PERSONAL DATA?
    1. We may disclose your personal data to affiliated companies or third parties that reasonably require access to these data for one or more of the purposes referred to above. The following external parties may for instance be involved:
      • external service providers We rely on for various business services (e.g. analytics and search engine providers, to help us improve and optimize our service);
      • law enforcement authorities and public authorities in accordance with the relevant legislation;
      • external professional advisors (e.g. attorneys or consultants of the company).
      • With your explicit consent, We may transfer personal data to third parties (e.g. marketeers) for direct marketing purposes, including targeted advertising. We do not sell or sell access to your personal information to third parties.
  9. WHAT COOKIES DO WE USE AND HOW CAN YOU MANAGE THEM?
  1. ARE YOUR PERSONAL DATA PROTECTED?
    • We employ strict technical and organizational (security) measures to protect your personal data from access by unauthorised persons and against unlawful processing, abuse, damage, accidental loss and destruction both online and offline.
    1. TECHNICAL MEASURES
      • Access control and authentication:
        • An access control system applicable to all users accessing the IT system is implemented. The system allows creating, approving, reviewing and deleting user accounts.
        • The use of common user accounts is avoided. In cases where this is necessary, it is ensured that all users of the common account have the same roles and responsibilities.
        • When granting access or assigning user roles, the “need-to-know principle” shall be observed in order to limit the number of users having access to personal data only to those who require it for achieving TrustBuilder’s processing purposes.
        • Where authentication mechanisms are based on passwords, TrustBuilder requires the password to be at least eight characters long and conform to very strong password control parameters including length, character complexity, and non-repeatability.
        • The authentication credentials (such as user ID and password) shall never be transmitted unprotected over the network.
      • Logging and monitoring:
        • Log files are activated for each system/application used for the processing of personal data. They include all types of access to data (view, modification, deletion).
      • Security of data at rest:
        • Server/Database security:
          • Database and applications servers are configured to run using a separate account, with minimum OS privileges to function correctly.
          • Database and applications servers only process the personal data that are actually needed to process in order to achieve its processing purposes.
        • Workstation security:
          • Users are not able to deactivate or bypass security settings.
          • Anti-virus applications and detection signatures is configured on a regular basis.
          • Users don’t have privileges to install or deactivate unauthorized software applications.
          • The system has session time-outs when the user has not been active for a certain time period.
          • Critical security updates released by the operating system developer is installed regularly.
        • Network/Communication security:
          • Whenever access is performed through the Internet, communication is encrypted through cryptographic protocols.
          • Traffic to and from the IT system is monitored and controlled through Firewalls and Intrusion Detection Systems.
        • Mobile/Portable devices:
          • Mobile and portable device management procedures are defined and documented establishing clear rules for their proper use.
          • Mobile devices that are allowed to access the information system is pre-registered and pre-authorized.
        • Application lifecycle security:
          • During the development lifecycle, best practice, state of the art and well acknowledged secure development practices or standards is followed.
        • Data deletion/disposal:
          • Software-based overwriting will be performed on media prior to their disposal. In cases where this is not possible (CD’s, DVD’s, etc.) physical destruction will be performed.
          • Shredding of paper and portable media used to store personal data is carried out.
        • Physical security:
          • The physical perimeter of the IT system infrastructure is not accessible by non-authorized personnel. Appropriate technical measures and organizational measures are in place to protect security areas and their access points against entry by unauthorized persons.
    2. ORGANIZATIONAL MEASURES
      • Security management:
        • Security policy and procedures:
          • TrustBuilder must document a security policy with regard to the processing of personal data.
        • Roles and responsibilities:
          • Roles and responsibilities related to the processing of personal data is clearly defined and allocated in accordance with the security policy.
          • During internal re-organizations or terminations and change of employment, revocation of rights and responsibilities with respective hand-over procedures is clearly defined.
        • Access Control Policy: specific access control rights are allocated to each role involved in the processing of personal data, following the need-to-know principle.
        • Resource/asset management: TrustBuilder has a register of the IT resources used for the processing of personal data (hardware, software, and network). A specific person is assigned the task of maintaining and updating the register (e.g. IT officer).
        • Change management: TrustBuilder makes sure that all changes to the IT system are registered and monitored by a specific person (e.g. IT or security officer). Regular monitoring of this process takes place.
      • Incident response and business continuity:
        • Incidents handling / Personal data breaches:
          • An incident response plan with detailed procedures is defined to ensure effective and orderly response to incidents pertaining personal data.
          • TrustBuilder will report without undue delay to the relevant controller any security incident that has resulted in a loss, misuse or unauthorized acquisition of any personal data.
        • Business continuity: TrustBuilder establishes the main procedures and controls to be followed in order to ensure the required level of continuity and availability of the IT system processing personal data (in the event of an incident/personal data breach).
      • Human resources:
        • Confidentiality of personnel: TrustBuilder ensures that all employees understand their responsibilities and obligations related to the processing of personal data. Roles and responsibilities are clearly communicated during the pre-employment and/or induction process.
        • Training: TrustBuilder ensures that all employees are adequately informed about the security controls of the IT system that relate to their everyday work. Employees involved in the processing of personal data are also properly informed about relevant data protection requirements and legal obligations through regular awareness campaigns
  2. HOW LONG WILL YOUR PERSONAL DATA BE STORED?
    1. Your personal data will not be retained longer than necessary for the purposes described above.
    2. As a general rule, personal data obtained through our website are stored for a period of 3 years.Personal data processed in the context of direct marketing, for example for our newsletters, will in principle be stored for a period of 3 years from the last contact with our company.
    3. Depending on the specific situation, we may however retain your personal data for a longer period. This will in particular be the case if any of the following periods is longer : (i) as long as is necessary for the activity or service concerned; (ii) any retention period that is required by law; or (iii) the end of the period in which litigation or investigations might arise.
  3. ARE YOUR PERSONAL DATA USED FOR AUTOMATED DECISION-MAKING?
    1. Automated decisions are defined as decisions about individuals that are solely based on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
    2. As a rule, your personal data will not be used for automated decision-making. We do not base any decisions about you solely on automated processing of your personal data.
  4. HOW TO CONTACT US?
    • If you have any further queries about this Privacy Statement and the Sites in general, you can contact us:
      • by e-mailing us at [email protected];
      • by calling us at +32 (0)9 265 02 70;
      • by addressing your written query to TrustBuilder, Kris Van Opstaele, Poortakkerstraat 93, 9051 Ghent.
  5. CHANGES TO THIS PRIVACY STATEMENT
    • We may modify or amend this Privacy Statement from time to time. To let you know when we make changes to this Privacy Statement, we will amend the revision date at the top of this page. The new modified or amended Privacy Statement will apply from that revision date. Please check back periodically to see changes and additions.