Privacy

Social Secretariat

  1. Introduction

Besox attaches great value to a safe, transparent and confidential collection and processing of your personal data. In particular, we want to protect the data of our clients, suppliers, employees and other contact persons against loss, leaks, errors, unauthorized access or illegal processing.

Naturally, this also goes for the personal data we as a social secretariat receive from our clients regarding their staff members, for whom we act as a processor. For this, we refer to the provisions included in our general terms and conditions (processor agreement in the sense of article 8 ‘Data Processing’, after this ‘GDPR’.

With this data protection policy we want to inform you on the collection and processing of your personal data. We ask you to read this Data Protection Policy carefully, as it contains essential information on the way your personal data is processed and for what.

By providing your personal data you expressly declare to have taken note of this Data Protection Policy and also expressly agree to it, as well as to the processing itself.

  1.  Area of Application

This Data Protection Policy pertains to all services provided by (or to) us, and in general to all activities we perform.

  1. Controller

Besox, with registered office on Bayauxlaan 12, 8300 Knokke-Heist, and with business number 0470.305.488, is the controller of your personal data.

In the collection and processing of your personal data we respect Belgian regulations regarding the protection of personal data, as well as the GDPR from its implementation as of 25 May 2018.

  1. Personal data

Depending on your activities and your relationship to our enterprise, we process the following personal data: your personal identification data; client number; national registry number (following our legal obligation – application for social security number), financial identification data; data concerning solvability; financial transactions; social security and CBE number; professional activities; agreements and settlements; data of our staff as explained in our separate policy for employees.

It is important to note that you have the responsibility for all data you provide to us and that we trust their correctness. If your data is no longer up to date, we kindly request you to inform us of this immediately.

You are not obliged to provide your personal data, but you will understand that providing certain services or collaborating will become impossible if you do not agree to collection and processing.

  1.  Processing Purposes and Legal Base

5.1                    Clients’ Data

For the purpose of our services and our activities we collect and process personal data of our customers and clients, their staff, employees, appointees and other useful contact persons. We process the following personal data: your personal identification data; client number; national registry number (following our legal obligation – application for social security number), financial identification data; data concerning solvability; financial transactions; social security and CBE number; professional activities; agreements and settlements; data of our staff as explained in our separate policy for employees.

Purposes for this processing is the implementation of the agreements with our clients, client management, accounting and direct marketing activities including sending promotional or commercial information or invitations for a seminar or information session. The legal grounds are the implementation of the agreement, compliance with legal and regulatory obligations and/or our legitimate interest. For direct marketing activities by e-mail (such as a newsletter of invitation for events) permission will always be asked and can also be withdrawn at any moment.

5.2                   Suppliers’ Data

We collect and process personal data of our suppliers, their staff, employees, appointees and other useful contact persons. We process the following personal data: personal identification data, financial identification data, solvability (e.g. withholding obligation), financial transactions, agreements and settlements, CBE number.

The purposes of this processing are the implementation of the agreement, supplier management and our accounting. The legal grounds are the implementation of the agreement, compliance with legal and regulatory obligations and/or our legitimate interest.

5.3                    Staff Data

We process the personal data of our employees as part of our staff management and payroll administration. Given its specific nature, this processing is laid down in a separate Data Protection Policy for employees.

Regarding the personal data of the employees of our clients, which we receive from our clients and for which we act as processor, we refer to the provisions included on this in our general terms and conditions (processor agreement in the sense of article 8, after this ‘GDPR’).

5.4                   Other Data

In addition to the aforementioned data we also process personal data of others, such as prospective new clients, useful contacts within our sector, network contacts, etc. The purposes of this processing are in the interest of our activities, direct marketing and public relations. The legal ground is our legitimate interest or, in some cases, implementation of the agreement.

  1. Duration of Processing

The personal data are stored and processed by us for a period that is necessary for the purposes of processing and in function of the (whether or not contractual) relationship we already have with you.

In principle, data of clients will be removed from our systems after a term of seven years (for suppliers: ten years) after termination of the agreement, the partnership or the project, except for the personal data we are obliged by specific legislation to preserve longer, or in case of an ongoing dispute for which personal data are still necessary.

  1. Rights

7.1 affiliated employers and their employees

For the rights of the affiliated employers and their employees we refer to the general terms and conditions of the affiliation agreement.

7.2 others

In compliance with and under the conditions of Belgian privacy legislation and the provisions of the GDPR we inform you that you have the following rights:

–            Right to access and inspection: you have the right to take note of the data we have about you free of charge and check what they are used for.

–            Right to rectification: you have the right to rectification (correction) of your incorrect personal data, as well as completion of incomplete personal data.

–            Right to deletion or limitation of data: you have the right to request us to delete your personal data or limit processing of it in the circumstances and under the conditions as defined by the GDPR. We can refuse deletion or limitation of any data that is necessary for us for compliance with the legal obligation, implementation of the agreement or our legitimate interest, for as long as the data is necessary for the purposes for which it was collected.

–            Right to transferability of data: you have the right to obtain the data concerning yourself and provided to us by you in a structured, customary and machine-readable form. You have the right to transfer this data to another responsible party for processing.

–            Right of objection: you have the right to object to processing of your personal data on serious and legitimate grounds. Please take into account, however, that you cannot object to processing of personal data that is necessary for us to comply with legal obligations, implementation of the agreement or our legitimate interest, for as long as this data is necessary for the purposes for which it was collected.

–            Right of withdrawal of permission: If processing of the personal data is based on prior permission, you have the right to withdraw this permission. This personal data will only be processed if we have another legal ground for this.

–            Automatic decisions and profiling: we confirm that processing of the personal data does not contain profiling and that you will not be subjected to fully automated decisions.

You can exercise the aforementioned rights by contacting Mrs Leen Vandeweege (gdpr@besox.be ; tel. 050 68 11 14).

We do all we can to handle your personal data in a careful and legitimate way, in compliance with applicable regulations. If you are still convinced that your rights have been violated and that your worries are ignored within our enterprise, you are free to file a complaint.

Commission for the Protection of Privacy

Drukpersstraat 35, 1000 Brussels

Tel. 02 274 48 00

Fax. 02 274 48 35

E-mail:  commission@privacycommission.be

You can also turn to a court of justice if you think you are likely to suffer damage as a result of the processing of your personal data.

  1. Transfer to Third Parties

Certain personal data collected by us will be passed on to and possibly processed by authorities (such as the social security department, withholding tax, sector funds, PDOK), as well as third service providers, including our IT supplier, accountant, reviser, insurance companies etc.

It is possible that one or several of the aforementioned third parties are localized outside the European Economic Space (‘EES’). However, only personal data will be passed on to third countries with an appropriate level of protection.

The employees, managers and/or representatives of the aforementioned service providers or institutions and the specialized service providers appointed by them, must respect the confidential nature of your personal data and may use this data only for the purposes for which it was provided.

If necessary, your personal data can be passed on to other third parties. This may be the case when we would be reorganized entirely or partially, when our activities would be transferred or if we would be declared bankrupt. It is also possible that personal data must be passed on by court order or to comply with certain legal obligations. In that case, we will do all we can to inform you in advance on this notification to other third parties. However, you will recognize and understand that this is not always technically or commercially possible in certain circumstances, or that legal restrictions may apply.

Under no circumstances will we sell your personal data or make it available commercially to direct marketing firms or similar service providers, except with prior permission.

  1. Technical and Organizational Measures

We take the necessary technical and organizational measures to process your personal data according to a sufficient level of security and protect it against destruction, loss, theft, change, non-authorized access or erroneous notification to third parties, as well as any other non-permitted processing of these data.

Under no circumstances Besox can be held liable for any direct or indirect damage emanating from incorrect or illegal use or these personal data by a third party.

  1. Access for Third Parties

With an eye to the processing of your personal data, we give access to your personal data to our employees, staff and appointees. We warrant a similar level of protection by making contractual obligations opposable to our staff, employees and appointees that are similar to this Data Protection Policy.

  1. Any Questions?

If after reading this Data Protection Policy you have any further questions or remarks concerning the collection and processing of your personal data, you can contact Mrs Leen Vandeweege (gdpr@besox.be; tel. 050 68 11 14) or by mail to the besox, to the attention of Mrs Leen Vandeweege, Bayauxlaan 12, 8300 Knokke-Heist.


Insurances

Besox Insurance (henceforth called “office”) takes your right in data processing very seriously. In this policy document, we will inform you on how we collect, process and use your personal data. It forms the general policy of the office in regards of data processing conforming to the applicable law including the General Data Regulation (GDPR).

As an insurance broker, the office might play a double role regarding data processing. In that case, we are both controller and processor. We take on the role of controller when we process data on our own behalf and on our own account. Additionally, on behalf of the companies, we also play the role of processor. This means that we also collect and process personal data for the insurance companies we collaborate with and whose products we introduce and offer to you. In this declaration, we merely go deeper into the processing of your data as controller.

Controller

The controller for processing is Besox Verzekeringen, Bayauxlaan 12, 8300 Knokke with company number 0438.697.247 with Managers Mr Vuylsteke Bernard and Mr Ballegeer Yves.

For all questions regarding our privacy policy, you can contact us using verzekeringen@besox.be or by phone using 050/630.700. For questions that go beyond a simple question for information, we can ask you to identify yourself, so we’re sure we’re passing the information and data on to the right person.

When does our office collect and process data?

The office collects and processes data about you when you contact us for advice about insurance agreements, offering or proposing insurance agreement, doing preparatory work with the intent of making an insurance agreement and the act of making an insurance agreement. Additionally, you can also request or contact us for support in the management and carrying out of the insurance agreements you have entered. Even when you contact us in any other way, we will (have to) process your data. Lastly, there is also the possibility that we obtain data about you from third parties and we will use this data to approach you for the purpose of entering an agreement using our mediation.

Which data does our office collect and process?

The office collects and processes data that you relate to us as part of contacting the office, such as your name, address, email address and professional data, such as the company name and VAT number. It also concerns all data necessary to let us assess your insurance needs. This also concerns, among others, data regarding your residence (within the framework of fire insurance), your financial data (for investment related insurance) and medical data (for medical insurance). Your data will only be processed within the framework of the insurance for which you inquire our help, unless you want otherwise and indicate so.

We collect this data when you fill in our documents and forms both manually and electronically. Should you visit your website, we use cookies. For more information regarding this, feel free to contact our office.

For what purpose does our office collect and process data?

The purpose for which we processes data is various and will be explained below.

For our clients, we process this data for client management, especially the acceptance, management and entering of an insurance contact and the promotion of other products and services of the office itself. These are chiefly based on the contractual relationship with our clients, but also, to the extent of prospection, your explicit permission.

We process this data to suppliers within the framework of our supplier management and based on the contractual relationship we maintain or build with our suppliers.

To the extent of prospects, these are private individuals that are not (yet) customers of ours, we process data for the purpose of direct marketing, based on our legitimate interest to do so. We also ask prospects that are approached by email explicit permission to approach them again in the future. We request prospects that are approached by letter to tick an opt-out clause should they not want to be approached by us again.

We process data about our employees for the purpose of personnel management and wage administration.

Regarding our website, we adjust the contents and user-friendliness to you as a user. Additionally, we process your data to meet the obligations that stem from putting a website and its contents at your disposal and to enable you to use the interactive applications and services on this website.

What are the grounds for processing data by our office?

Fundamentally, we collect and process your data based on the contractual relation we maintain with you as a result of your application and request regarding an insurance need and the agreement(s) that stem from it, as well as a result of the request to support you in managing and follow-up of the insurance agreements that you made.

When processing isn’t necessary to carry out the contractual relationship, it’s based on our legitimate interests as a company, especially free enterprise and information. Additionally, we continuously provide a balance between our interests in yours, for example by granting you the right of opposition.

To the extent of health data or so-called sensitive data, we can only process your personal data with your explicit data. We ask for this permission the moment you become our client. If this has not occurred, we request that you will report this, so we can take the necessary measures.

Will the data be communicated to third parties?

Your data is mainly processed internally. This does not take away from the fact that it must also be communicated to the insurance company with whom you end up entering into an agreement.

It’s also possible that we solicit third parties for certain punctual services. In such cases, your data can be delivered to third parties, but only for the service in question and always monitored by our office.

In certain cases, there’s the legal obligation to transfer certain data. This is particularly the case when we are legally obligated to do so or when government institutions have the right to request data from us.

Fundamentally, your data will not be provided to third countries and international organisations.

Your rights

The legislation provides you with several rights that ensure proper protection.

You can always oppose the use of your data by our office for the purpose of direct marketing. If you do not wish to be informed of the offers by our office, you can notify us using [email address through which you can contact the company to this end] or by ticking a box in the information provided to you at specific occasions.

You can always view the data we processes and, if necessary, have it corrected. All that you need to do is file a request using [email address through which you can contact the company to this end], with proof of your identity. We ask this to prevent your data being shared with someone who has no right to it.

If you do not agree with the way we process your data, you can file a complaint at the Commission for the Protection of Privacy, Drukpersstraat 35, 1000 Brussels. You can also ask general questions here in regard to the processing and protection of personal data.

Changes

Our office reserves the right to change this declaration/policy. Changes will be reported to users on the website.