2. What personal data are processed?
You do not need to provide us with any personal data to use most of our Website.
When you use the Website and/or Services, we process the following categories of personal data relating to you:
For marketing purposes:
- last name, first name
- contact details (such as e-mail)
- job title
For job applications:
- address and other contact details (such as telephone number) and personal data that applicants upload in their CVs through the Website
In principle, we obtain the above-mentioned personal data directly from you. We do not send any personal information that you provide through the Website to social media providers unless you have consented to this.
3. Why do we process your personal data?
Cheops collects the aforementioned information to get a clear picture of your needs and to offer you a better service, and more specifically for the following purposes:
- To provide you with information on products and Services that you request in a personalised and efficient way, or to respond to your (online) enquiries about our products or Services, whether through the Website, e-mail, telephone or social media channels.
- To be able to provide you with the Services and/or deliver products.
- To improve our products and Services.
- To investigate complaints about our products and Services or about our Website.
- To consider your job application if you apply for a vacancy.
- For direct marketing purposes, i.e. to provide you with targeted communications, promotions, offers and other advertisements from us or our selected partners. We will ask for your prior consent for this use.
- To perform statistical analyses to improve our Website and/or Services, or to develop new products or Services.
- To provide to a financial institution or payment service provider, to enable your financial institution and the payment service provider to comply with their legal obligations.
- To transfer to the police or the judicial authorities as evidence of possible crimes or if there are justified suspicions of an unlawful act or crime committed by you through your registration with or use of the Website or the Services.
- To meet legal and regulatory obligations as well as obligations and requirements relating to compliance.
- In the context of a possible merger with, acquisition of/by or demerger by a third party, even if this third party is located outside the EEA (European Economic Area).
- If and when your registration on the Website or use of the Website or Services can be considered (a) a breach of the terms and conditions or the intellectual property rights or any other right of a third party, (b) a threat to the security or integrity of the Services, (c) a danger to the Website or Services or systems belonging to us or our subcontractors as a result of viruses, Trojan horses, spyware, malware, or any other form of malicious code, or (d) being in any manner whatsoever illegal or unlawful, discriminatory or offensive, we may process your data in the interests of ourselves, our partners or third parties.
4. Who we share data with
We do not send your personal data to third parties in an identifiable manner if this is not necessary to provide the Services, unless you have given your explicit consent to do so.
We may engage external processors to provide you with the Website and/or Services, based on our legitimate interests. We ensure that third-party processors may only process your personal data on our behalf, and on our written instructions, and only when this is strictly necessary to carry out their activities. We guarantee that all external processors are selected with due care in order to ensure the security and integrity of your personal data, and that they do not use your personal data for any other purposes.
We may transfer anonymised and/or aggregated data to other organisations that may use these data to improve products and services, and to tailor the marketing, presentation and sale of products and services.
In the event that (part of) the activities of Cheops are sold or merged with another company, your data will be disclosed to the adviser of any potential buyer and transferred to the new owners of the company. In this case, we will take appropriate measures to ensure the integrity and confidentiality of your personal data.
5. Where we process data
We and our external processors will only process your identifiable personal data in the EEA.
We may transfer your anonymised and/or aggregated data to organisations outside the EEA. If such a transfer takes place, we will ensure that appropriate safeguards are in place to guarantee the security and integrity of your personal data, and that all rights with respect to personal data that you may have under applicable mandatory laws are guaranteed.
If there is a transfer of your personal data and/or anonymised and/or aggregated data, the following legal protection mechanism will be implemented:
|Country outside EEA||Legal transfer mechanism|
|HubSpot||USA||SCC model contract|
|USA||SCC model contract|
|USA||SCC model contract|
|USA||SCC model contract|
|Greenhouse||USA||SCC model contract|
|OneTrust||USA||SCC model contract|
6. How we process data
We will take appropriate technical and organisational measures to keep your personal data secure from unauthorised access or theft and from accidental loss, alteration or destruction. Access by our personnel or the personnel of our external processors is only possible on a need-to-know basis and subject to strict confidentiality obligations. However, you should be aware that the care for safety and security are only best-effort obligations, which can never be guaranteed.
7. How long do we keep your data?
The retention periods vary depending on the nature of the service provided. We keep your data for the longest of the following periods:
- as long as is necessary for the purposes for which they are collected and processed.
- as long as is necessary to comply with our legal, contractual and statutory obligations and to fulfil our commercial operational activities.
8. Your Rights
You have the right to request access to all the personal data that we process about you. However, requests for access that are clearly submitted with a view to causing nuisance or harm to us will not be dealt with.
You have the right to request that any personal data about you that is incorrect or inaccurate be corrected free of charge. If such a request is submitted, you must also enclose with this request proof that the personal data for which correction is requested are incorrect.
You have the right to withdraw your previously given consent to the processing of your personal data. You can withdraw your consent at any time by sending an e-mail to email@example.com or by deleting your profile (if applicable).
Instead of requesting deletion, you may request that we restrict the processing of your personal data if (a) you dispute the accuracy of the data, (b) the processing is unlawful, or (c) the data are no longer necessary for the stated purposes, but you need them to defend yourself in legal proceedings.
You have the right to object to the processing of personal data if you can demonstrate that there are serious and legitimate reasons relating to special circumstances that warrant such an objection. However, if the intended processing qualifies as direct marketing, you have the right to object to such processing free of charge and without justification.
If your personal data are processed on the basis of consent or on the basis of a contract and the processing is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and, if technically possible, you have the right to transfer such data directly to another service provider. The technical feasibility of this will be assessed exclusively by us.
If you wish to submit a request to exercise one or more of the above-mentioned rights, please send an e-mail to firstname.lastname@example.org. This request must clearly state which right you wish to exercise and why. It must also be dated and signed, and be accompanied by a digitally scanned copy of your valid identity card showing your identity. We will immediately inform you of the receipt of such a request. If the request appears to be well-founded, we will comply with the request as soon as reasonably possible and no later than thirty (30) days after receipt of the request.
If you have a complaint about the processing of your personal data by us, you can always contact our Data Protection Manager at the e-mail address email@example.com. If you remain dissatisfied with our answer, you are free to lodge a complaint with the competent Belgian Data Protection Authority. For more information, go to https://www.dataprotectionauthority.be/
Cheops makes every effort to ensure the security of your data. We have implemented reasonable technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or unauthorised access to the data transmitted, stored or otherwise processed. However, please note that the internet is an open system and we cannot guarantee that it will be impossible for unauthorised third parties to circumvent these measures or use your personal data for improper purposes.
This Website may contain links to third-party websites. Cheops is not responsible for the content of these websites, nor is it responsible for the privacy standards and practices of these third parties. Please ensure that you read and understand the relevant privacy policies of these third parties and their websites before you accept their cookies and visit their website to ensure that your personal data are adequately protected.
10. The protection of reporters of violations of European Union or national law
In accordance with the provisions of the Law of November 28, 2022 on the protection of individuals reporting breaches of European Union or national law occurring within a legal entity in the private sector, Cheops has established an internal reporting channel.
If, in a work-related context, you have obtained information about:
- breaches affecting the EU’s financial interests;
- breaches relating to the internal market, including breaches of EU competition and State aid rules, and breaches of national corporate tax rules;
- breaches related to public procurement, financial services, products and markets, prevention of money laundering and terrorist financing, product safety and product compliance, transport safety, protection of the environment, radiation protection and nuclear safety, food and feed safety, animal health and welfare, public health, consumer protection, protection of privacy and personal data, and security of network and information systems, fight against tax fraud, social fraud
you may report them to Cheops.
Reports can be made -anonymously or not- in the following way:
- by phone at the phone number +32 3 880 23 53
- by e-mail to Notifications@cheops.com
You will receive acknowledgment of receipt of the report within seven days of that receipt
Within three months after the acknowledgment of receipt, you will receive feedback regarding the report.
Any processing of personal data will be done in accordance with the principles of the GDPR. Any personal data not relevant to the processing of a specific report will be deleted immediately.
Reports will be kept in the appropriate register until expiration of the statute of limitations, taking into account confidentiality requirements. Reports are kept as long as the contractual relationship with the reporter runs.
11. Google Signals
Google Analytics will associate the visitation information it collects from Cheops’ services with Google information from accounts of signed-in users who have consented to this association for the purpose of ad personalization.
This information is collected under a service called “Google Signals”, which is also a service of Google. With this information, Google Signals compiles for us multi-platform data reports on Google users that have enabled personalised advertising in their Google accounts.
This Google information may include end user location, search history, YouTube history, and data from sites that partner with Google—and is used to provide aggregated and anonymized insights into users’ cross device behaviors.
12. Changes to this policy
Cheops may amend and update this policy from time to time to ensure that the policy describes how we process your personal data at any given time. The updated version of this policy will be posted on the same web page and will take effect immediately upon publication. Please return to this web page regularly to ensure that you are always aware of what information we collect and process, how and under what circumstances your data are used and in which cases we share your data with third parties.
Version 26 September 2023