Introduction

B&R Construction Group and all its subsidiaries attach great importance to the secure, transparent and confidential collection and processing of your personal data. In particular, we want to protect the data of, inter alia, our customers, subcontractors and suppliers against matters such as loss, leaks, mistakes, unauthorised access or illegitimate processing.

We want to use this Privacy Statement to inform you on the collection and processing of your personal data.

We request that you carefully read this Privacy Statement since it contains essential information on how and why your personal data are processed.

By communicating your personal data, your expressly declare that you have taken due note of this Privacy Statement and that you also expressly agree with it, as well as with the processing as such.

Scope

This Privacy Statement relates to any services provided by B&R Construction Group and all its subsidiaries and, in general, to any activities performed by us.

Controller and its obligations

B&R NV, which has its registered office at Hoge Mauw 1510 in 2370 Arendonk, the company number of which is 0461.486.210, and its subsidiaries listed below, are controllers of your personal data:

  • AGBb BVBA
  • Alcomel NV
  • Alcopro NV
  • Arkana BVBA
  • ATA BVBA
  • B&R Building Materials BVBA
  • B&R Development BVBA
  • B&R Facility Management BVBA
  • B.T.I. BVBA
  • Blockx Dakwerken BVBA
  • Bouwbedrijf E. Rombaut NV
  • Brebuild NV
  • Bruyndoncx BVBA
  • BSR BVBA
  • Hooyberghs NV
  • Hooyberghs Verhuur en Logistiek BVBA
  • Into Facilities NV
  • Tegels Van Bergen NV
  • Van De Craen NV
  • Verheyen Betonproducten NV

When collecting and processing your personal data, we duly respect the Belgian legislation on the protection of personal data, as well as the General Data Protection Regulation (“GDPR”), as from its coming into force on 25 May 2018.

Personal data

Depending on your activities and your relationship with our company, you communicate the following personal data to us: your identity and contact details (name, form of address, street address, email address, telephone and mobile phone numbers and Curriculum Vitae). For certain specific statutory obligations (electronic attendance registration and 30bis declaration regarding jobs), you may provide us with additional data to register your attendance (such as e-ID data and Limosa number).

We would like to take this opportunity to point out to you that you bear the responsibility for any data that you provide to us and that we trust that these are correct. If your data are no longer up to date, we request you to inform us of this by return.

You are not obliged to disclose your personal data but please understand that not agreeing with having data collected and processed renders providing services or cooperation impossible.

Processing purposes and legal basis

Customer data

Within the scope of our service provision, we collect and process the identity and contact data (including but not limited to: names, addresses, telephone numbers, email addresses, images, customer numbers, etc.) of our customers, principals, their staff, employees, appointed representatives and other useful contacts. The purposes for such processing are the execution of the agreements with our customers, customer management, HR department, the accounting and direct marketing activities such as the despatch of promotional or commercial information. The legal bases are the execution of the agreement, the fulfilment of the statutory and regulatory obligations (such as the 30bis statement of employment, for example) and/or our legitimate interest.

Data of suppliers and subcontractors

We collect and process the identity and contact data of our suppliers and subcontractors, as well as of any (sub)contractor(s), their staff, employees, agents and other useful contacts. The purposes for such processing are the execution of this agreement, the management of the suppliers/subcontractors, HR department, the accounting and direct marketing activities such as the despatch of promotional or commercial information. The legal bases are the execution of the agreement, the fulfilment of the statutory and regulatory obligations (such as the mandatory electronic attendance registration, the 30bis statement of employment, the attendance list or other obligations for public procurements, etc.) and/or our legitimate interest (such as the interest in direct marketing). Where appropriate, the e-ID data or the Limosa number are processed for electronic attendance registration purposes. Consent will always be requested for direct marketing activities by email (such as a newsletter or invitation to events), and this can also be withdrawn at any point in time.

Staff data

We process the personal data of our employees within the scope of our staff management and payroll administrative services. Having regard to its specific nature, such processing is regulated more extensively in a Data Protection Policy for employees.

Other data

In addition to data on customers, suppliers/subcontractors and staff, we also process personal data of others, such as possible new customers/prospective customers, useful contacts in our sector, network contacts, contacts of experts, etc. The purposes of such processing lie in the interests of our activities, direct marketing and public relations. The legal basis is our legitimate interest or, in some cases, the execution of an agreement.

Duration of the processing

We store and process the personal data for a period that is necessary to process them and within the scope of the relationship that we have with you (which may or may not be contractual).

In any event, data of customers, suppliers or subcontractors will be erased from our systems after a period of 10 years after the agreement has been terminated or the project has been completed, except for those personal data that we need to store for longer on the grounds of specific legislation, in the case of a pending dispute for which personal data are still necessary, in the case of a pending statutory or contractual guarantee period of a supplier/customer or maintenance or after-sales contracts which make a longer period necessary.

Rights

In accordance with and subject to the condition of the Belgian privacy legislation and the provisions of the General Data Protection Regulation, we inform you that you have the following rights:

  • Right to access and perusal: you have the right to take due note of the data that we have on you free of charge and to check why these are used.
  • Right to rectification: you have the right to the rectification (correction) of your incorrect personal data, and to completion of incomplete personal data.
  • Right to personal data erasure or restriction: you have the right to request us to erase your personal data or to restrict the processing thereof in the circumstances and subject to the conditions laid down by the General Data Protection Regulation. We can refuse the data erasure or restriction of any personal data that are necessary for us to perform a statutory obligation, to execute the agreement or our legitimate interest, as long as such data are necessary for the purposes for which they were collected.
  • Right to data portability: you have the right to obtain the personal data that you have provided to us in a structured, commonly used and machine-readable format. You have the right to transmit such data to another controller for processing purposes.
  • Right of objection: you have the right to object to the processing of your personal data for serious and legitimate reasons. However, please consider that you cannot object to the processing of personal data that are necessary for us to perform a statutory obligation, to execute the agreement or our legitimate interest, as long as such data are necessary for the purposes for which they were collected.
  • Right to withdraw consent: If the processing of the personal data is based on your prior consent, you have the right to withdraw it. Such personal data shall then only still be processed if we have any other legal basis to do so.
  • Automatic decisions and profiling: we confirm that the processing of the personal data does not involve any profiling and that you are not subjected to fully automated decisions.

You can contact us if you want access to your personal data, or want your data to be rectified, erased or restricted. You can exercise the above-mentioned rights by sending an email to gdpr@benrgroep.be. We will then contact you and request additional information to be able to verify your identity. In most cases, we will be able to update your data as requested. Nevertheless, in certain cases we will need to restrict or refuse your request if required or allowed by law or in the case where it is impossible for us to verify your identity.

We do our utmost to carefully and legitimately handle your personal data in accordance with the applicable regulations. If you are nevertheless of the opinion that your rights have been violated and you do not find anyone in our company to listen to your concerns, you are free to lodge a complaint with:

Privacy Commission
Drukpersstraat 35, 1000 Brussels
Tel.: 02 274 48 00
Fax. 02 274 48 35
Email: commission@privacycommission.be

Moreover, you can address a court of law if you are of the opinion that you will suffer damage as a result of the processing of your personal data.

Transmission to third parties

Certain personal data that we collect will be transmitted to and possibly processed by third service providers, such as our IT supplier, accountant, auditor, Social Secretarial Office, as well as by the government (for example for the 30bis statement of employment, the electronic attendance registration or to compete for public procurements).

One or more of the above-mentioned parties may be located outside the European Economic Area (“EEA”). However, personal data will only be sent to third countries that have an appropriate security level.

The employees, managers and/or representatives of the above-mentioned service providers or institutions and the specialised service providers appointed by them, must duly respect the confidential nature of your personal data and can only use these data for the purposes within the framework for which they were provided.

If necessary, your personal data can be transmitted to other third parties. This may be the case, for example, if we are fully or partially reorganised, if our activities are transferred or if we are declared bankrupt. It may also be that personal data must be transmitted pursuant to a judicial order or to fulfil a certain statutory obligation. In that case, we will make every possible effort to inform you in advance of such communication to other third parties. However, you will acknowledge and understand that, in certain circumstances, it is not always technically or commercially viable or possible statutory restrictions may apply.

In no case whatsoever will we sell your personal data or make them commercially available to direct marketing agencies or similar service providers unless you give your prior consent.

Technical and organisational measures

We take the necessary technical and organisational measures to process your personal data in conformity with an adequate security level and to protect them against destruction, loss, forging, change, unauthorised access or disclosure to third parties by mistake, as well as any other unauthorised processing of such data.

Under no circumstances can B&R NV be regarded liable for any direct or indirect damage arising from a third party’s incorrect or unlawful use of the personal data.

Access by third parties

With a view to processing your personal data, we grant our employees, workers and persons we engage access to your personal data. We guarantee a level of protection similar to this Privacy Statement by making contractual obligations enforceable vis-à-vis said employees, workers and persons whom we engage.

Any more questions?

If, after you have read this Privacy Statement, you still have any further questions or remarks regarding the collection and processing of your personal data, you can contact the person responsible for GDPR - Mr Jan Van Lint - either by sending a letter by ordinary post to GDPR B&R Construction Group – Hobe Mauw 1510, 2370 Arendonk or by email to gdpr@benrgroep.be.