Privacy notice
Reynaers Aluminium takes your privacy to heart and therefore takes appropriate measures to protect your privacy in accordance with the EU Regulation on the protection of natural persons with regard to the processing of personal data (also known as “General Data Protection Regulation” or “GDPR”). With this privacy notice (“Notice”), Reynaers Aluminium wishes to inform you about the collection, use and protection of your personal data when you:
- use and interact with us through our websites;
- communicate with us via email, phone, social media, VOIP or other digital communication channels;
- subscribe to and receive our newsletters, promotional communications or other marketing materials;
- meet us at fairs, conferences and similar events;
- download or use our software or applications; or
- are or represent one of our customers or suppliers.
If you wish to know more about the way in which we use cookies and similar tracking technologies, we kindly refer you to our cookie notice https://www.reynaers.com/our-cookie-policy.
We may change this Notice periodically and at our own discretion. When we do so, we will make an updated version available to you via our websites. If any such change pertains to a processing activity for which we asked your consent, you will be asked to consent again with the updated version of the Notice. Please note that our websites may contain links to other sites and services. We are not responsible for the privacy practices, privacy statements, or content relating to these other sites.
1. Who is responsible for the processing of your personal data?
Reynaers Aluminium NV, a company organised and existing under the laws of Belgium, having its registered seat at Oude Liersebaan 266, 2570 Duffel, Belgium and registered in the RPR/RPM Antwerp, Antwerp division under registration number (VAT) (BE)0437.278.077 is responsible for the processing of your personal data as described herein. In case you have questions regarding the content of this Notice or the way your personal data are processed as described herein, you can contact us by sending an e-mail to privacy@reynaers.com.
2. Why and for how long do we process your personal data?
2.1. You use or interact with us through our websites
When you visit our website, fill out a contact form or otherwise interact with one of our websites, we will collect and process the following categories of personal data:
- Electronic communications data (e.g. IP address, browser type and operating system, time zone settings, timestamps, etc.)
- Contact details and any other information which you choose to share with us via the websites (e.g. names, email addresses, professional information, etc.)
We process these personal data to allow you to use our websites in a safe and secure way, for which we rely in our legitimate interest to make our websites available to the public. Personal data related to your website visit are kept for the duration of your visit until 36 months thereafter, without prejudice to other retention periods which have been determined in the cookie notice. We collect these personal data also for statistical purposes and to improve our websites. For these purposes we rely on our legitimate interest to be able to continuously improve our websites, the content distributed thereon and our product and service offering. Personal data aggregated in statistics is de-identified and will be kept indefinitely.
We process the information you choose to leave on our websites to respond to your inquiries and to provide you with the functionalities for which you have interacted with the websites. For both these purposes we rely on our legitimate interest to be able to interact with our website visitors and to provide them with the functionalities which they would like to use. Personal data which you leave on our websites are kept for as long as required to respond to your inquiry or to provide you with the functionality. If your inquiry becomes part of our ongoing business relationship, we will retain it for as long as you are our customer and until five years thereafter.
We share your personal data with our IT providers, marketing service providers and member companies of our Group.
2.2. You communicate with us via email, phone, social media, VOIP or other digital communication channels
When you communicate with us via email, phone, social media, VOIP or other digital communication channels, we will collect and process the following categories of personal data:
- Electronic communications data (e.g. IP addresses, data related to the means of communication you use, etc.)
- Contact details (e.g. your name, email address, phone number, contact aliases, etc.)
- The content of your communication (e.g. an email message, a message sent via social media which may also include limited profile data, a summary of a phone call, etc.)
- Details related to the person with whom you communicate on our side
- Professional information (e.g. the company you work for and your function)
We process this personal data to communicate with you and respond or react to the questions or comments you send us, for normal customer relationship management as well as to improve the functioning of our customer service and improve our products, services and processes. We rely on our legitimate interest to communicate with others as part of our normal day-to-day business and to continuously improve how we operate. You understand that we would not be able to answer your questions or communicate with you if we were not allowed to process this personal data. We will retain these personal data for as long as necessary to deal with the question or comment and for up to one year thereafter.
We will share your personal data with our marketing, IT and communication service providers and with other companies in our Group.
2.3. You subscribe to and receive our newsletters, promotional communications or other marketing materials
When you subscribe to and receive our newsletters, promotional communications or other marketing materials, we will collect and process the following categories of personal data:
- Contact details (e.g. your name, email address, phone number, contact aliases, etc.)
- Communication preferences (e.g. which type of marketing materials you would like to receive)
- Professional information (e.g. the company you work for and your function)
We process these personal data to send you our newsletters, promotional communications or other marketing materials and we will only do so with your explicit consent which you may withdraw at any time. We will retain your personal data until such time when you withdraw your consent. However, if you are or represent an existing customer, we rely on our legitimate interest to be able to send you our marketing materials relating to the products and services which you have ordered with us before. You may unsubscribe from our marketing communications at any time. Your personal data will in this case be kept for as long as you are or represent a customer and until five years thereafter.
We will share your personal data with our marketing, IT and communication service providers and with other companies in our Group.
2.4. You meet us at fairs, conferences or similar events
If you meet with one of our representatives at a fair, conference or other event or you participate at an event which we have organised, we will collect the following information:
- Contact details (e.g. your name, email address, phone number, contact aliases, other information listed on a subscription form or business card, etc.)
- The person on our side whom you have met
- The interactions you have with us at such an event (e.g. in a summary created afterwards)
- Communication preferences (e.g. which type of marketing materials you would like to receive)
- Professional information (e.g. the company you work for and your function)
- Your photo
These personal data are collected to establish and maintain business relationships and be able to successfully participate in fairs, conferences or similar events for which we rely on our legitimate interest to be present or organise such fairs, conferences or events and invite you to them. We will retain your personal data until such time when we have established that you are no longer of commercial interest to us or, when you become or represent a customer, until such time when your commercial relationship with us ends and until five year thereafter.
If we would like to take your picture specifically to publish it on one or more of our communication channels, we will only do so with your explicit consent which you can withdraw at any time. We will retain your personal data until such time when you withdraw your consent.
If we want to use your contact details to send you marketing materials and you are not yet an existing customer, we will only do so with your explicit consent, which you can also withdraw at any time. We will retain your personal data until such time when you withdraw your consent.
Your personal data will be shared with service providers which help us to organise and maintain such events, with our IT service providers, with the photographer who makes your picture, with service providers who operate and/or maintain our communication channels and with other companies in our Group.
2.5. You apply for a job at Reynaers Aluminium NV or one of our subsidiaries
When you apply for one of our vacancies, we collect the following personal data:
- Your name and position
- Your contact details
- Your work experience
- Your training and academic curriculum
- Your image
- Notes taken during job interviews
- Any other information you wish to include in your CV and supporting communications
In principle you are not expected to provide us data related to health or other similarly sensitive information such as political affiliation, ethnicity, race, sexual preference, union membership, religious or philosophical convictions, genetic data or biometrics. If you provide us with such information nonetheless, you explicitly consent to us receiving such data.
If you apply to us directly via LinkedIn, StepStone or similar online platforms, these platforms are initially responsible for the collection and processing of your personal data. For more information on how these platforms process your personal data, we refer to the privacy notices of these platforms. However, note that we are not jointly responsible with these platforms in view of the different purposes of processing.
If you apply via a recruitment agency, the recruitment agency is initially the data controller until such time as we receive your personal data for the purpose of evaluating your application. For more information on how the recruiting company processes your personal data, please refer to the privacy notice of the recruiting company in question. However, we are not jointly responsible with the recruitment agency, given the different purposes of processing.
We process this personal data in order to evaluate your application. This processing is necessary in order to establish a possible employment contract with you. You understand that we would not be able to consider your application if we were not allowed to process this personal data. If you are not retained at the end of the recruitment process, but we wish to keep your profile for future opportunities, we will ask for your explicit consent. You can withdraw this consent at any time.
We also process your personal data to monitor and improve our recruitment process, for which we rely on the legitimate interest to improve our processes.
For those candidates who entered through a recruitment agency, we keep the personal data for at least 12 months. We keep the personal data of all candidates who are invited for an interview for one year after the initial application. We do this to be able to look at your previous interviews in case you apply to us again at a later date.
If you consented to us keeping your data for future opportunities, we will keep such data until such time when you withdraw your consent.The personal data we collect when you apply for one of our vacancies is shared with the following parties:
- You
- IT service providers
- HR service providers
- Other companies within our Group
- The government when legally required
2.6. You are or represent one of our customers or suppliers
When you are or represent one or our suppliers or customers, we collect and process the following personal data:
- Contact details (e.g. your name, email address, phone number, contact aliases, etc.)
- The interactions you have with us (e.g. any business communication)
- Details related to your orders, services and/or products
- Professional information (e.g. the company you work for and your function)
We process this personal data in order to:
- enable us to carry out the contract follow-up;
- complete the ordering and invoicing processes;
- and manage our customer and supplier relationships.
We rely on our legitimate interest to be able to process your personal data in the context of normal relationship management. If you are a sole contractor, we rely on the need to process these personal data for the performance of our contract with you. You understand that we would not be able to execute and perform the contract we have with you or your employer if we were not allowed to process these personal data. The aforementioned personal data will be retained in identifiable form for ten years after our relationship with you or your employer/client has ended, unless we receive earlier notice from your employer/client that you have changed positions or are no longer employed/engaged by this employer/client.
Your personal data will be shared with:
- IT service providers
- Collection agencies, bailiffs and legal service providers in case of non-payment or problems
- Accountants, corporate auditors, professional service providers, banks and payment institutions
-
Other companies within our Group
2.7. You make use of our internet-based services
When you make use of our internet-based services, which may include platforms and/or applications made available by us, we will process the following personal data
- Your contact details (e.g. your name, e-mail address and phone number) which will be required to identify you on our internet-based services;
- Product information (e.g. the serial number of the products);
- Electronic communications data (e.g. IP address, browser type and operating system, time zone settings, timestamps, information relevant for the security of our services, etc.); and
- Usage data (e.g. how you interact with our services, device states, usage patterns, etc.).
These data are required to allow you to make use of our internet-based services. These services are provided to you on the basis of a contract. You understand that we would not be able to perform our contract without processing such data. Our legal basis for processing this data is therefore the contract we concluded.
Additionally, we also have legitimate interest in processing the electronic communications data, product information, and usage data to maintain and improve the functionality of our internet-based services, as well as to develop new products and services. Generally, we will render such information non-identifiable before using it for such purposes.
The information processed for our internet-based services will remain stored in an identifiable manner for the entire duration of our contract as well as ten (10) years thereafter. We may delete information earlier when we deem it no longer required for the purposes identified above.
For this processing purpose, you information may be shared with:
- You; and
-
Our IT service providers facilitating the internet-based services.
2.8. General purposes for which we will collect and use your personal data
i) Legal obligations and legitimate requests
We process your personal data in order to comply with legal obligations, as well as to fulfil a legitimate request by competent officials or representatives of the police, judicial authorities, government bodies or agencies, including data protection authorities, for which we rely on our legal obligations. Your personal data will be kept for as long as necessary to fulfil our legal obligations.
Your personal data will be shared with the competent officials or representatives of the police, judicial authorities, government bodies or agencies to whom we are obliged by our legal obligation to provide the personal data.
ii) Mergers and acquisitions
We process your personal data to prepare and execute corporate transactions, such as mergers, acquisitions or de-mergers, for which we rely on our legitimate interest in entering into such transactions. You understand that in such business transactions the identity of the controller may change. We will retain your personal data for as long as necessary to properly inform the parties involved in the transaction and for as long as necessary to enable further processing by the acquiring party after the transaction.
The personal data that we collect and process when we prepare or execute a business transaction is shared with the following parties:
- IT service providers
- The parties involved in the preparation and implementation of the transaction
- Legal and professional service providers, including lawyers and business banks, assisting the parties
- Public authorities to be informed of the transaction
- Other companies within our Group which are directly or indirectly involved in the transaction
iii) Defence in litigation and proceedings
We process your personal data to defend ourselves in disputes and judicial or other proceedings, as well as to gather evidence and prepare our defence, for which we rely on our legitimate interest to be able to defend ourselves in such circumstances. We will retain your personal data for as long as is necessary in the light of any imminent or ongoing proceedings and until all appeal and limitation periods have expired.
The personal data that we collect and process when preparing and conducting our defence is shared with the following parties:
- IT service providers
- Experts and legal experts
- Legal and professional service providers, including lawyers and bailiffs
- Judicial authorities or administrations that need to be informed about the dispute or the proceedings
- Other companies within our Group directly or indirectly involved in the dispute or procedure
3. Data transfers
In principle we do not transfer your personal data to other countries outside the European Economic Area. Whenever such transfer would be necessary for one or more of the purposes for processing mentioned herein, we will put in place the necessary safeguards such as agreements based on the European Commission’s Standard Contractual Clauses.
4. Your rights
Right of access - You have the right to request access to all the personal data that we have processed in relation to you. In order for us to grant this request, you must explain which personal data you wish to access. We reserve the right to charge an administrative fee for several consecutive requests. We also reserve the right to refuse requests that are manifestly unfounded or excessive.
Right of rectification - You have the right to request the rectification, free of charge, of personal data which are inaccurate. If a request for rectification is made, it must be accompanied by proof of the inaccuracy of the data for which rectification is requested.
Right to erasure - You have the right to request the erasure of your personal data if (a) you withdraw your consent and no other legal ground for processing remains; (b) we are obliged by law to erase them; (c) you have successfully exercised your right to object; (d) they are no longer necessary in view of the purposes described above; or (e) the processing is unlawful. However, you should note that we will assess a request for deletion against:
- a) our overriding interests or those of a third party, insofar as permitted by law;
- and b) legal or regulatory obligations or governmental or judicial orders.
Instead of deletion, you may also ask us to restrict the processing of your personal data if and when (a) you contest the accuracy of such data, (b) the processing is unlawful, or (c) the data is no longer needed for the purposes described above, but you need it to defend yourself in legal proceedings.
Right to object - You have the right to object to the processing of personal data, but you must explain the serious and legitimate reasons relating to your particular circumstances which justify such an objection. This explanation is not necessary if you oppose our processing of your personal data for direct marketing purposes.
Right to data portability - You have the right to request a copy of the personal data that you have provided to us digitally with your consent or for the performance of a contract in a structured, commonly used and machine-readable format.
Right to withdraw consent - If you previously gave your consent to the processing of your personal data, you may withdraw it at any time.
4.1 How to exercise your rights
If you wish to make a request to exercise one or more of the rights mentioned above, please send an email to privacy@reynaers.com for all matters relating to data subjects' rights. An email requesting the exercise of a right shall not be construed as consenting to the processing of your personal data insofar as such processing goes beyond what is necessary in order to process your request.
That request must clearly state and specify which right you wish to exercise and the reasons for doing so, if required by law. It must also be dated and signed, and be accompanied by a digitally scanned copy of your valid identity card proving your identity. We ask this in order to prevent unauthorised persons from abusing your rights.
We will inform you of the receipt of this request without delay. If the request turns out to be well-founded, we will notify you as soon as reasonably possible and no later than thirty days after receipt of the request.
If you have a complaint regarding the processing of your personal data by us, you can always contact us at the e-mail address mentioned in the first paragraph of this clause. If you are not satisfied with our response, you are free to file a complaint with the competent data protection authority, namely the Belgian Data Protection Authority (https://www.gegevensbeschermingsautoriteit.be).