Your privacy is important to us. Read all about it here.

1. Who are ‘we’?

“We” or “our” implies Cronos DMS with registered office in Veldkant 33A, 2550 Kontich, and with registration number 0677.419.096.

If you have any questions, comments or complaints regarding this privacy statement or the processing of your personal data, or if you wish to exercise any of your rights, please contact us by email to info@cronosdms.com

2. Scope

This privacy statement applies to this website, our direct marketing activities, and the overall organisation of Cronos DMS.

3. Why and how do we process your personal data?

If you visit our website and/or are in contact with us, certain personal data may be processed. You will find more information on the different processing activities that may apply to you below.

3.1 Use of our website

When you visit our website, we may process personal data using online techniques such as cookies, trackers, scripts, and similar technologies (hereinafter referred to as 'cookies'). These may include (1) essential cookies that are strictly necessary to send a message via an electronic communications network, to ensure the security of our website or to store information about the provision of a service that you expressly requested; (2) functional cookies that further shape your use of our website; (3) analytical cookies to measure and analyse your use of our website; (4) marketing cookies to deliver (personalised) advertisements; and (5) other third-party cookies that we allow on our website.

For additional information we refer to our cookie statement .

3.2 Contact via website

Consent - Contact forms are available on our website to get in touch with us. You can also reach us by email or phone at any time. We process personal data to process your contact request but have no visibility or control over any other personal data you may communicate to us via the open fields. Please do not include any confidential or sensitive data.

The data are processed with your consent. Please know that you can revoke at any time. This revocation does not affect the lawfulness of the processing that took place before the revocation of your consent.

  • Which personal data do we process?
    • Identification and contact data
    • Other possible voluntarily shared data in the contact form:
      • Work related data
      • Particular personal details
  • How do we acquire the personal data? At first hand when you complete our contact form.
  • How long do we store the data? Up to 1 year after the contact request has been completed plus the archiving period of related communications (such as emails)
  • With whom do we share the personal data (other than affiliated and associated companies)? Data processing partners (cfr. our hosting partner) to whom we appeal for our website, contact and customer relations.
  • Do these activities include automated individual decision-making? No
  • Are data transferred outside the EEA? No

3.3 Customer relations management (prospective customers included)

Legitimate interest – Cronos DMS is continually looking for new customers, actively establishing new contacts for this purpose and building relationships with existing customers. In this respect, your personal data will be processed (e.g. to invite you to other forms of communication, an event...).

The data processing is based on the legitimate interest of Cronos DMS. You can always object to this according to the terms described under 'right to object' in the section 'What are your rights and how to exercise them'.

  • Which personal data do we process?
    • Identification and contact data
    • Other possible data shared during subsequent contacts:
      • Work related data
      • Leisure and interests
      • Particular personal details
  • How do we acquire personal data? At first hand from your data via customer relations management
  • How long do we store the data? Up to 7 years after termination of a final project or contact.
  • With whom do we share the personal data (other than affiliated and associated companies)? Data processing partners (cfr. CRM-platform) to whom we appeal for our website, contact or customer relations.
  • Do these activities include automated individual decision-making? No
  • Are data transferred outside the EEA? No

3.4 Newsletter mailing

Consent - You can subscribe to our newsletter via our website. We process the collected personal data to contact you when a new newsletter is available.

The data are processed with your consent. You can revoke your consent any time. This revocation does not affect the lawfulness of the processing that took place before the revocation of your consent. This means that your consent applies to all previously received newsletters but not to future mailings.

  • Which personal data do we process? Identification and contact data
  • How do we acquire personal data? At first hand upon subscription
  • How long do we store the data? As long as the consent is not revoked
  • With whom do we share the personal data (other than affiliated and associated companies)? Data processing partners (cfr. our e-mail platform) to whom we appeal for our website or newsletter editions.
  • Do these activities include automated individual decision-making? No
  • Are data transferred outside the EEA? No

3.5 Organisation of events

Consent – When you register for one of our events, personal data are handled to process your registration and the organisation of the event.

The data are processed with your consent. You can revoke the given consent at any time without prejudice to the lawfulness of the data processing up to the time the revocation took place. This means that your consent applies for all previous events in which you have already participated, but you will no longer be invited to events in the future.

  • Which personal data do we process?
    • Identification and contact data
    • Other possible voluntarily shared data:
      • Work related data
      • Leisure and interests
      • Particular personal details
      • Dietary preferences or allergies
  • How do we acquire the data? At first hand upon registration
  • How long do we store them? We keep personal data about your participation for up to 1 year after the event takes place.
  • With whom do we share the personal data (other than subsidiaries and associated companies)? Data processing partners (cfr. event organisers, catering, etc.) to whom we appeal to organise and shape our events.
  • Do these activities include automated individual decision-making? No
  • Are data transferred outside the EEA? No

3.6 Recruitment and selection

Consent to (spontaneous) applications and to build a recruitment pool.
-Legitimate interest for active recruitment –

When you (spontaneously) apply for a position at Cronos DMS, Cronos DMS processes your personal data for recruitment and selection of employees for open or future vacancies. The data are processed (including building a recruitment pool) with your consent. You can revoke the given consent at any time without prejudice to the lawfulness of the data processing up to the time the revocation took place.

When Cronos DMS actively recruits, Cronos DMS processes your personal data. This only includes the data that are publicly available (e.g. LinkedIn and Google platforms) or data transferred through third parties. This processing is based on the legitimate interest of Cronos DMS. You can always object to this according to the conditions described under "Right to object" in the section "What are your rights and how to exercise them".

Finally, we refer to our legitimate interest in sharing your personal data with our affiliated and associated companies as part of our recruitment process. We always proceed with a view to finding a suitable assignment for you. You can always object to this according to the conditions as described under 'Right to object' in the chapter 'What are your rights and how can you exercise them'.

  • Which personal data do we process?
    • Identification and contact data
    • Other data possibly mentioned on your CV:
      • Personal characteristics
      • Social contacts
      • Psychological data (cfr. Personality description or character)
      • Family composition
      • Leisure activities and personal interests
      • Academic curriculum
      • Professional competence
      • Professional experience
      • Membership or active participation in professional organisations.
      • Current position
      • Carreer
      • Business records (cfr. (partial) incapacity)
      • Current salary
      • Current fringe
      • Social security number
  • How do we acquire the data?
    • (Spontaneous) application: at first hand during the application process
    • Active recruitment: via third parties such as public platforms or intermediaries.
  • How long do we store them?
    • Of non-retained applicants: we store your personal application data up to maximum 1 year after your candidacy.
    • Of recruitment pool applicants: as long as the consent is not revoked, up to 3 years after the candidacy.
  • With whom do we share the personal data (other than affiliated and associated companies)?
    • Data processing partners (such as recruitment agencies) to whom we appeal for recruitment and selection.
  • Do these activities include automated individual decision-making? No
  • Are data transferred outside the EEA? No

3.7 Supplier relations management (prospective suppliers included)

Legitimate interest – Cronos DMS actively establishes contacts with potential suppliers and solidifies existing partnerships. To this end, our suppliers process data of co-workers (cfr. account managers)

The data processing is based on the legitimate interest of Cronos DMS. You can always object to this according to the terms described under 'right to object' in the section 'What are your rights and how to exercise them'.

  • Which personal data do we process?
    • Identification and contact data
    • Other data possibly shared during subsequent contacts:
      • Work related data
      • Leisure and interests
      • Particular personal details
  • How do we acquire the data? At first hand via relation management.
  • How long do we store them? Up to 7 years after termination of a final contract or contact.
  • With whom do we share the personal data (other than affiliated and associated companies)? Data processing systems (cfr. our CRM-platform) which we use for our relation management.
  • Do these activities include automated individual decision-making? No
  • Are data transferred outside the EEA? No

3.8 Booking of appointments

Consent - On our website, you can make appointments through our online appointment booking system. As a result, we process your personal data to organise and handle the appointment.

The data are processed with your consent. You can revoke the given consent at any time without prejudice to the lawfulness of the data processing up to the time the revocation took place. This implies that your consent applies to all previously booked appointments and no longer for future appointments.

  • Which data do we process?
    • Identification and contact data
    • Work related data
  • How do we acquire personal data? At first hand upon scheduling an appointment.
  • How long do we store them? Tot Up to 1 year after handling the contact request plus the archiving period of related communication (e.g. emails).
  • With whom do we share the personal data (other than affiliated and associated companies)? Data processing partners (cfr. our hosting partner) to whom we appeal for the arrangement of appointments.
  • Do these activities include automated individual decision-making? No
  • Are data transferred outside the EEA? No

3.9 Chatbot

Consent – You can inquire and chat with our chatbot on our website. To this end, we process your data to enable communication.

The data are processed with your consent. You can revoke the given consent at any time without prejudice to the lawfulness of the data processing up to the time the revocation took place. This implies that your consent applies to all previous chats but not to future chats.

  • Which data do we process?
    • Identification and contact data
    • Other data possibly shared during the conversation.
  • How do we acquire the personal data? At first hand from your conversation with the chatbot.
  • How long do we store them? Up to the moment you close your chat plus the archiving period of related communication (e.g. emails).
  • With whom do we share the personal data (other than affiliated and associated companies)? Data processing partners (cfr. our hosting partner) to whom we appeal to keep our chatbot available.
  • Do these activities include automated individual decision-making? No
  • Are data transferred outside the EEA? No

3.10 Purchasing from our webshop

Execution of an agreement – You can purchase digitally on our website. We process your personal data to handle your purchase (payment included) and to deliver the product/service.

The data processing is essential for the execution of the agreement.

  • Which personal data do we process?
    • Identification and contact data
    • Financial identification data
    • Financial transactions
  • How do we acquire the personal data? First hand during the purchasing process.
  • How long do we store them? We store personal data for the duration of the processing and fulfilment of your order. Data which we are obliged to store in accordance with legal obligations, statutes or contractual retention requirements will be restricted rather than deleted to avoid being used for other purposes.
  • With whom do we share the personal data (other than affiliated and associated companies)? Data processing partners to whom we appeal to handle the purchase and delivery of your product / service.
  • Do these activities include automated individual decision-making? No
  • Are data transferred outside the EEA? No

3.11 Extra

Legal ground – explanation

  • Which personal data do we process?
  • How do we acquire the personal data?
  • How long do we store them?
  • With whom do we share the personal data?
  • Do these activities imply automated individual decision-making?
  • Do these activities imply transfer outside the EEA?

4 Sharing personal data with third parties

When you visit our website or use our products and services as a customer, we may use third parties, such as partners, affiliated and associated companies and suppliers to whom we transfer your personal data as part of this process. The third parties help us provide, support, develop and understand the use of our products and services and provide services such as hosting, customer and technical support, marketing, analytics, content delivery and/or execution of online payment(s), among others.

In addition, we may also share data (including personal data) with third parties as part of a reorganisation, restructuring, merger, sale, or other transfer of business assets. We share information provided by you, automatically collected information and information from others with the third parties to the extent necessary to enable them to provide their services or support. In the activities described above, we indicate for each activity the categories of third parties, other than affiliated and associated companies, with which we share your personal data.

Furthermore, we may have to provide access to your data or transfer your data because of a legal obligation. This can imply authorities, government agencies or other third parties.

Finally, we may share your data if this proves necessary to your vital interest.

5 Transfer of personal data outside the EEA

Cronos DMS always tries to limit the transfer of personal data to third parties outside the European Economic Area ("EEA").

Should this nevertheless occur, we will ensure as soon as possible that this transfer is brought into line with the GDPR (by, among other things, the presence of an adequacy decision in the country concerned or the establishment of an appropriate alternative, additional measures, if necessary, etc.).

We refer to the section "Why and how do we process your personal data?") for specific transfers.

6 How Long do We store your Personal Data?

We will not retain your personal data for longer than strictly necessary to fulfil the purposes for which the personal data were collected or according to the legal obligation imposed on us. We refer to the section "Why and how do we process your personal data?") for the specific retention period.

7 Automated individual decision-making

European data protection legislation (GDPR) imposes certain conditions on organisations when they make decisions about individuals solely on the basis of processing operations that are fully automated, including profiling, and when these decisions have legal effects or other significant consequences. Cronos DMS does not engage in this type of decision-making.

8 What are your rights and how to exercise them?

Cronos DMS considers it important that you always retain control over the processing of your personal data. Below you will find more information on the various rights you have and can invoke in relation to the processing of your personal data:

Depending on the processing and its legal ground, certain conditions or restrictions may be attached to the exercise of the rights below.

To exercise the aforementioned rights, or information about them, please contact info@cronosdms.com. We will provide more information if there are certain modalities associated with your request. Furthermore, we may request additional information to verify your identity so that your personal data are not erroneously deleted or shared with someone who is not entitled to them. We will endeavour to respond to your request without unreasonable delay, but in any event within a period of one month from receipt of your request. If we cannot respond within one month and wish to extend the deadline, or if we will not act on the request, we will notify you.

8.1 Right to information and right of access:

When we process your personal data, you have the right to access your personal data, as well as certain additional information as described in this privacy statement. You have the right to receive from us a copy of the personal data we hold, provided this does not adversely affect the rights and freedoms of others. The first copy will be provided to you free of charge, but upon repeated request we reserve the right to charge a reasonable fee.

8.2 Right to rectification:

If the personal data we hold about you are inaccurate or incomplete, you have the right to have this information corrected or, given the purposes of the processing - completed.

8.3 Right to restriction of processing:

You have the right to have the processing of your personal data restricted. This means that the personal data may only be stored by us and used only for limited purposes. This right applies if any of the following situations occur:

  • You dispute the accuracy of the personal data, for a period that allows us to verify the accuracy of the personal data;
  • The processing is unlawful, but you oppose the deletion of the personal data and request instead that its use be restricted;
  • We no longer need your personal data for the processing purposes described above but you need it for the establishment, exercise, or defence of legal claims; or,
  • You have objected to a processing operation and request to restrict the processing pending the answer to whether our interests outweigh yours.

In addition to our right to store your personal data, we can still process them, but only:

  • With your consent;
  • For instituting, exercising, or defending legal action;
  • To protect the rights of another natural or legal person; or
  • For reasons of public interest.

Before we lift the restriction on processing your personal data, you will be informed about it.

8.4 Right to data portability:

If the processing of your personal data is based on your consent, and the processing is carried out through automated processes, you have the right to receive a copy of your personal data in a structured, common, and machine-readable form. You also have the right, where technically possible, to have your personal data transmitted directly by us to a third party. This right does not apply where this would infringe the rights and freedoms of others.

8.5 Right to object:

You have the right to object to the processing of your personal data in the activities described above. In the latter case, this is only possible if the activity is related to (1) the performance of a task in the public interest or in the exercise of a task in the exercise of public authority conferred on us or (2) the protection of our legitimate interests or those of a third party.

If you object to the processing of your personal data, we will no longer process the personal data unless we can demonstrate legitimate interests for processing that outweigh your interests, fundamental rights, and freedoms.

If your personal data are processed for direct marketing purposes, regardless of whether this is initial or further processing, you have the right to object to this processing at any time and free of charge, including in the case of profiling insofar as it relates to direct marketing. If you raise such an objection, we will cease to process your personal data for this purpose.

8.6 Right to data erasure (‘right to be forgotten’):

You have the right to request us to delete your personal data. This means that the personal data must be deleted by us without unreasonable delay. This right applies if any of the following situations occur:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • You withdraw your consent on which the processing is based, and there is no other legal basis for processing your personal data;
  • Your personal data have been processed unlawfully;
  • Erasure of your personal data is necessary to comply with European or Belgian law;

If you request to delete your personal data, we will delete the personal data unless any of the following situations (exceptions) occur:

  • The processing is part of exercising the right to freedom of expression and information;
  • Deletion is not applicable for the reason of general interest in the domain of public health;
  • Deletion is not applicable given the need for archiving in the public interest, or statistical purposes;
    A legal obligation to retain the data applies; or,
  • Deletion is not applicable given the institution, exercise, or substantiation of a legal claim.

8.7 Right to revoke your consent:

If you have consented to certain processing of your personal data, you can withdraw your consent at any time. We try to make withdrawal of consent as simple as giving your consent possible, wherever possible.

8.8 Right to object to the processing of your personal data in automated individual decision-making:

When your personal data are used in the context of automated individual decision-making and when these decisions have legal effects or other significant consequences, you can ask us to stop using your data. If you oppose such processing, we will stop or restrict processing unless there are compelling reasons to do so.

9 Whom to address questions or possible complaints about privacy?

If after reading this privacy statement you have further questions or comments regarding the collection and processing of your personal data, you can always contact us at the following e-mail address: info@cronosdms.com

In addition, you have the right to submit any comments and observations or complaints to the supervisory authority responsible for data protection. You can do this in the EU Member State where you reside, the place where you work or the place where the alleged breach took place. In Belgium, you can file a complaint with the Data Protection Authority:

Gegevensbeschermingsautoriteit (Data Protection Authority)
Drukpersstraat 35, 1000 Brussel
+32 (0)2 274 48 00
https://www.dataprotectionauthority.be/citizen/actions/lodge-a-complaint
www.gegevensbeschermingsautoriteit.be

As we are committed to our mutual relationship, we ask you to always contact us first so that we can work out a solution to what lies at the root of your complaint.

10 Amendments to the Privacy Statement

Our organisation and our website are a dynamic and innovative environment. This privacy statement may be modified if our services or applicable legislation so require. This means that we are constantly looking to provide a better service tailored to your needs. It is possible that there will be new applications where we will collect or process your personal data in a different way. As a matter of course, we will inform you when there are important changes to this privacy statement, and we will ask your permission if necessary.