Last date of revision: 1 June 2018

Who DOES this GDPR privacy statement apply to?

 

Atenor (“Atenor” or “We”) is a real estate property promotion company quoted on the NYSE Euronext Brussels. Atenor consists of several companies (“the Atenor Companies”) that process personal data:

All Atenor Companies are separate and independent legal entities. Depending on the processing activity in the context of which your personal data are processed, they may be qualified as a separate data controller or a joint controller with one or more of the other Atenor Companies. None of the Atenor Companies have any liability for the other Atenor Companies’ acts or omissions.

As a company, we are committed to protect your privacy and to process your personal data in an open and transparent manner, in particular with respect of the General Data Protection Regulation 2016/679 of 27 April 2016 (“GDPR”).

 

WHAT IS COVERED BY THIS GDPR PRIVACY STATEMENT?

 

With this Privacy Statement we would like to inform you about why and how we process your personal data when we perform our business activities, or when you use our website (“the Site”) and any of the services we offer through the Sites, who we give that information to, what your rights are and who you can contact for more information or queries.

When we refer to “the Site”, we mean the webpages with a URL commencing  HYPERLINK "http://www.atenor.be" http://www.atenor.be.

The Sites may link to other sites provided by other affiliated companies entities or by third parties. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices of other websites.

When linking to any such sites, we strongly recommend you to review the Privacy Statements on these sites, before disclosing any personal information.

 

WHY WE USE YOUR DATA

 

I AM A WEBSITE VISITOR

We only process your personal data for legitimate business reasons. These purposes include, but are not limited to:

  • the provision and good organisation of our (online) services;
  • dealing with enquiries, requests and complaints;
  • gathering statistics about the use of the Site (“web audience measuring”);
  • improving the Site’s performance and design.

 

I AM A CONTACT PERSON RECEIVING ELECTRONIC COMMUNICATIONS

We hold a database of contact persons (e.g. shareholders, journalists, other business contacts etc.) for the sending of electronic communications. These communications are mainly sent for three different purposes:

  • Regulatory communications: communications sent with a view to respecting our legal obligations such as our information obligations as a publicly quoted company;
  • General branding communications: communications sent for general branding and public relations purposes (including invitations for events);
  • Sales and direct marketing communications: communications sent for sales and direct marketing purposes such as messages about the services and products we offer such (e.g. real estate projects).

We also process the personal data of our database to:

  • deal with enquiries, requests and complaints on these communications;
  • gather statistics about these communications.

 

I AM (A CONTACT PERSON OF) A SUPPLIER, A CUSTOMER, A PROSPECT OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED (E.G. A JOURNALIST, A SHAREHOLDER, A BUSINESS CONTACT ETC.)

We only process your personal data for legitimate business reasons. These purposes include, but are not limited to:

  • respecting our legal obligations;
  • shareholder management;
  • customer and supplier management;
  • visitor management;
  • order and supply management;
  • invoicing and accounting;
  • the provision of information on our company, services and activities;
  • the good organisation of our services (such as day-to-day business communication);
  • marketing and sales;
  • dealing with  enquiries, requests and complaints;
  • dispute management;
  • public relations and press contacts;
  • statistics and market research;
  • access control;
  • security;

 

THE LEGAL GROUNDS FOR PROCESSING YOUR DATA

 

I AM A WEBSITE VISITOR

When you send a message via contact details on our website, your personal data will in principle be processed for the purposes of our legitimate interests (namely the interest to handle all enquiries, requests and complaints sent in the best possible way).

In this respect, we will always determine case by case whether our interests are not overridden by your interests, fundamental rights and freedoms.

 

I AM A CONTACT PERSON RECEIVING ELECTRONIC COMMUNICATIONS

The legal ground which we rely on for the sending of electronic communications depends on the purpose of the communications concerned:

  • Regulatory communications: your personal data will be processed for compliance with a legal obligation.
  • General branding communications: your personal data will be processed to strengthen our image as a brand, which is in our legitimate interest. In this respect, we will always determine case by case whether our interests are not overridden by your interests, fundamental rights and freedoms.
  • Sales and direct marketing communications: your personal data will be processed with your explicit consent, unless we have obtained your contact details in the context of the sale of similar products or services. In the latter case, we will rely on legitimate interests, more specifically the interest to advertise our products and services to existing customers.

 

I AM (A CONTACT PERSON OF) A SUPPLIER, A CUSTOMER, A PROSPECT OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED (E.G. A JOURNALIST, A SHAREHOLDER, A BUSINESS CONTACT ETC.)

We process your personal data for the purposes mentioned above:

  • when necessary for the performance of contracts to which you are party or in order to take steps at your request prior to entering into a contract;
  • when necessary for compliance with our legal obligations (e.g. our obligations as a publicly quoted company);
  • for the purposes of the legitimate interests of the Company and/or of a third party, including (but not limited to) our business activities, customer and supplier management etc. In this respect, we will always determine case by case whether our interests are not overridden by your interests, fundamental rights and freedoms.

If we have the legal obligation to obtain your free, informed, specific and unambiguous consent to process your personal data for certain purposes (e.g. specific direct marketing or market research activities), we will only process your data for such purposes to the extent that we have obtained such consent from you. For more information about the sending of electronic communications for sales and direct marketing purposes, see the “electronic communications” section at point 4.2 above.

 

YOUR RIGHTS

 

You have several rights concerning the information we hold about you. We would like to inform you that you have the right to:

  • obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
  • ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
  • ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data if you believe that there is no (longer a) lawful ground for us to process it;
  • withdraw consent to our processing of your personal data (to the extent such processing is based on consent);
  • receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);
  • object to our processing of your personal data for which we use legitimate interest as a legal basis, in which case we will cease the processing unless we have compelling legitimate grounds for the processing.

You have also the right to object at any time to the processing of personal data for direct marketing. If you do not want to continue receiving any direct marketing from us, you can contact us (see below) or click on the unsubscribe function in any such communication. In that event, the personal data shall no longer be processed for such purposes.

In order to exercise any of your rights, you can send us a request, indicating the right you wish to exercise:

  • by e-mailing us at info@atenor.be; or
  • by addressing your query to Atenor S.A., 92 Avenue Reine Astrid, 1310 La Hulpe.      

You may also use these contact details if you wish to make a complaint to us relating to your privacy.

If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please contact us.

 

HOW WE OBTAIN DATA

 

I AM A WEBSITE VISITOR

We may obtain your personal data when you use the Site and its services, or when you contact us through the contact details on this Site.

 

I AM A CONTACT PERSON RECEIVING ELECTRONIC COMMUNICATIONS

The personal data we hold in our database were provided to us by you or via Internet and social media.

 

I AM (A CONTACT PERSON OF) A SUPPLIER, A CUSTOMER, A PROSPECT OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED (E.G. A JOURNALIST, A SHAREHOLDER, A BUSINESS CONTACT ETC.)

We may obtain you personal data in the framework of the execution of our business activities.

We may obtain such personal data because you give them to us (e.g. by contacting us, by completing online forms, ...), because others give them to us (e.g. your employer or third party service providers that we use in the framework of our business activities) or because they are publicly available.

When we obtain personal data from external parties, we make reasonable efforts to enter into contractual clauses with these parties obliging them to respect the data protection legislation. This can be done by obliging this party to provide you with all necessary information or - if necessary - to obtain your consent for processing the personal data as described in this Privacy Statement.

 

DATA WE COLLECT

 

I AM A WEBSITE VISITOR

The main personal data we collect through this Site are the data that you provide to us when you contact us through the contact details on the Site.

 

I AM A CONTACT PERSON RECEIVING ELECTRONIC COMMUNICATIONS

The personal data we hold in our database may consist of:

  • Your name and surname
  • Your e-mail address
  • Your professional telephone number
  • The company you work for
  • Your job title
  • The category of recipient you belong to (e.g. shareholder, customer, journalist etc.)

 

I AM (A CONTACT PERSON OF) A SUPPLIER, A CUSTOMER, A PROSPECT OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED (E.G. A JOURNALIST, A SHAREHOLDER, A BUSINESS CONTACT ETC.)

The personal data that we collect or obtain may, among other things, include:

  • Identification data (e.g. name, address (private/work), phone number (private / work), e-mail address (private / work), country of residence),
  • personal characteristics (e.g. gender,  language,
  • employment data (e.g. organization you work for, job title, current responsibilities)
  • data about which products and services you order;
  • camera surveillance records;
  • data about how you interact with us (e.g. when you contact us) and other similar information
  • shareholder information etc.

 

ACCESS AND DISCLOSURES

 

I AM A WEBSITE VISITOR

Our staff members will have access to your personal data on a strict ‘need-to-know’ basis for the purposes described above.

Your data are not transferred outside of the EEA.

 

I AM A CONTACT PERSON RECEIVING ELECTRONIC COMMUNICATIONS

Your personal data may be disclosed to staff members of our communication department, IT-department and/or to sales and marketing department (for advertising messages) on a strict need-to-know-basis. Your personal data may be disclosed as well to any service provider which helps us sending out our electronic communications or provides IT assistance with regard to our database.

Your data are not transferred outside of the EEA.

 

I AM (A CONTACT PERSON OF) A SUPPLIER, A CUSTOMER, A PROSPECT OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED (E.G. A JOURNALIST, A SHAREHOLDER, A BUSINESS CONTACT ETC.)

Our staff members will have access to your personal data on a strict need-to-know basis. We may disclose your personal data to affiliated companies, third parties that provide services to us that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “Why we use your data” section above. The following external parties may for instance be involved:

  • external service providers we rely on for various business services;
  • law enforcement authorities in accordance with the relevant legislation;
  • public authorities (e.g. the Belgian Financial Services and Markets Authority or FSMA);
  • external professional advisors (e.g. attorneys or consultants of the company).

Your data are not transferred outside of the EEA.

Your data are not transferred outside of the EEA.

In general, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement.

We reserve the right to disclose your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.

 

SECURITY OF YOUR DATA

 

We employ strict technical and organizational (security) measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both online and offline.

These measures include:

  • training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
  • administrative and technical controls to restrict access to personal data on a ‘need to know’ basis (passwords);
  • technological security measures, including fire walls, encryption and anti-virus software;
  • login access blocks in case of loss or theft of devices ;
  • physical security measures, such as staff security badges to access our premises.

Although we use appropriate security measures once we have received your personal data, the transmission of data - especially over the internet (including by e-mail) - is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.

We limit access to your personal information to those who we believe reasonably need to come into contact with that information in order to carry out their jobs.

 

DATA RETENTION

 

I AM A WEBSITE VISITOR

Your personal data will not be retained longer than necessary for the purposes described above.

As a general rule, personal data obtained through our website are stored for a period of 5 years.

Depending on the specific situation and the applicable national legislation, we may however retain your personal data for a longer period. This will in particular be the case if any of the following periods is longer :

  1. as long as is necessary for our daily business;
  2. any retention period that is required by law;
  3. or the end of the period in which litigation or investigations might arise.

 

I AM A CONTACT PERSON RECEIVING ELECTRONIC COMMUNICATIONS

Your personal data will not be retained longer than necessary for the purposes described above:

  • Regulatory communications: your personal data will be stored as long as you are a shareholder or any other person which we are legally obliged to inform;
  • General branding communications: your personal data will be processed as long as we have any legitimate interest in sending you communications to strengthen our image as a brand (based on your relationship with Atenor as a customer, a shareholder etc.).
  • Sales and direct marketing communications: your personal data will be stored for a period of 5 years as from the last contact with the individual concerned. If you have become a customer during this period, we may however retain your personal data for a longer period, namely 10 years as from the delivery of the products or services, or as from the latest contact with Atenor (if this contact would take place at a later date).

 

We may however retain your personal data for other (longer) periods, depending on one of the following periods:

  1. as long as is necessary for our daily business;
  2. any retention period that is required by law;
  3. or the end of the period in which litigation or investigations might arise.

 

I AM (A CONTACT PERSON OF) A SUPPLIER, A CUSTOMER, A PROSPECT OR ANY OTHER INDIVIDUAL WHOSE PERSONAL DATA ARE PROCESSED (E.G. A JOURNALIST, A SHAREHOLDER, A BUSINESS CONTACT ETC.)

Your personal data will not be retained longer than necessary for the purposes described above.

As a general rule, records in the framework of a contractual relationship are stored for a period of 10 years as from the end of the contractual relationship.

Personal data processed for direct marketing purposes, are however stored for a period of 5 years as from the last contact with the individual concerned. If you have become a customer during this period, we may however retain your personal data for a longer period, namely 10 years as from the delivery of the products or services, or as from the latest contact with Atenor (if this contact would take place at a later date).

We may however retain your personal data for another (longer) period, depending on one of the following periods:

  1. as long as is necessary for our daily business;
  2. any retention period that is required by law;
  3. or the end of the period in which litigation or investigations might arise.

 

AUTOMATED DECISION-MAKING

 

Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.

As a rule, your personal data will not be used for automated decision-making. We do not base any decisions about you solely on automated processing of your personal data.

 

HOW TO CONTACT US?

 

We hope that this Privacy Statement helps you understand, and feel more confident about, the way we process your data. If you have any further queries about this Privacy Statement and this Site in general, please contact us:

  • by e-mailing us at info@atenor.be; or
  • by addressing your query to Atenor S.A., 92 Avenue Reine Astrid, 1310 La Hulpe.   

 

CHANGES TO THIS PRIVACY STATEMENT

 

We may modify or amend this Privacy Statement from time to time. Any changes we may make to this Privacy Statement in the future will be posted on this page. To let you know when we make changes to this Privacy Statement, we will amend the revision date at the top of this page. The new modified or amended Privacy Statement will apply from that revision date. Please check back periodically to see changes and additions.

If we are in the possession of your e-mail address and we are still processing your personal data, we will also inform you electronically about all changes to this Privacy Statement.