We continuously strive to offer you a service at the highest standards. The protection of your personal data is therefore of our utmost concern. We are taking all necessary precautions to protect your personal data and in order to ensure you that you can continue to entrust us with your personal data. Hence, we are always handling your personal data in a safe and confidential manner. All reasonable protection measures have been taken in order to avoid loss, alterations, access by persons who are not authorized to obtain access, accidental dissemination among third parties and/or any other unlawful or illegitimate processing of the collected personal data.
Who are we?
GC Europe N.V. is a public limited liability company with its registered office located at Researchpark, Haasrode-Leuven 1240, Interleuvenlaan 33, 3001 Leuven, Belgium, and registered under company number 0452.407.307 (hereinafter referred to as “GC Europe”, “we”, “our” or “us”).
You can contact us via the following contact details:
GC Europe N.V.
Researchpark Haasrode-Leuven 1240
Your personal data shall only be processed in accordance with the existing and applicable legal provisions concerning the protection of personal data, including the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and the national implementing legislation.
Clarification of terms used
For the purposes of this privacy statement, the concept of “personal data” refers to: any information relating to an identified or identifiable natural person (the “data subject”). A natural person shall be deemed “identifiable” if he or she can be identified on a direct or indirect basis, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Hence, all information on the basis whereof a natural person can be identified must be taken into account. I.e.: amongst others the personʼs name, date of birth, address, telephone number, e-mail address and IP-address are taken into account.
The term “processing” has a broad scope and inter alia refers to the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Person responsible for the processing of your personal data (“controller”):
GC Europe is the legal person responsible for the processing of your personal data. This means that we determine the purposes and means of the processing of your personal data.
When do we collect your personal data?
The moments on which we collect your personal data (either directly from you or indirectly through your use of our services, regardless of whether you use a computer, mobile phone, tablet or other smart device) include the times when you:
- visit our website or use our app(s);
- provide us with your contact-details through the contact form on our website;
- request samples on our sample page(s);
- register for one of our online webinars;
- follow us on social media (e.g. Facebook, Twitter, LinkedIn);
- become or aim to become a client or licensed partner of GC Europe;
- participate in sweepstakes organized by GC Europe;
- visit our campus;
- participate in trainings organized in our campus;
- participate in our customer surveys;
- subscribe to our newsletter;
- conclude an agreement with us;
- include or aim to include our products in your product range;
- contact our customer service (e.g. via telephone or e-mail).
In principle, we do not aim to collect personal data regarding persons younger than 13 years old. Persons younger than 13 years old may not provide us with their personal data or with a statement of consent without providing the consent of the persons carrying the parental responsibility of such persons.
What personal data do we process, why and on which legal basis?
GC Europe takes the data minimization principle (art. 5 GDPR) very seriously, and therefore aims to only process personal data through its websites or apps which is strictly necessary to provide you with the service you requested.
We only process your personal data as long as necessary. We ensure that we will delete your personal data as soon as this data is no longer required for the purposes below, or, if applicable, for as long as the legal retention period lasts.
The schedule below provides which categories of personal data are processed by us (column 1), why such personal data is being processed (the “purposes” – column 2) and on which legal basis such processing takes place (column 3).
The processing of personal data shall only take place for one or more specific purposes.
Please note that the retention period for the different purposes can differ.
Furthermore, there is always a demonstrable legal basis for every processing of personal data. The numbering used in the column “legal basis” has the following meaning:
- Consent: you have given your consent for the processing of personal data for one or more specific purposes;
- Agreement: the processing of the personal data is necessary for the performance of a contract to which you are a contracting party;
- Legal obligation: the processing is necessary for the compliance with a legal obligation to which the controller is subject;
- Legitimate interests: the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
|Categories of personal data||Purposes||Legal basis|
|Identification – and contact details: first name, last name, date of birth, address, gender, username, e-mail address, telephone number, profession, interests, workplace, choice of language, payment details, IP-address and IMEI-code||Processing, administration and execution of your order||Agreement|
|Identification – and contact details: first name, last name, date of birth, address, gender, username, e-mail address, telephone number, profession, interests, workplace, choice of language, payment details, IP-address and IMEI-code||Execution of the contract (including invoicing)||Agreement|
|Identification – and contact details: username, e-mail address, choice of language (optional: surname, name, address, telephone number, fax number, date of birth), payment details, IP-address and IMEI-code||Client service before, during and after sale and complaint handling
e.g. the processing of your requests for information on our products and services.
|Identification – and contact details: username, e-mail address, choice of language (optional: surname, name, address, telephone number, fax number, date of birth), payment details, IP-address and IMEI-code||Collection of product-feedback aiming at enhancing our products and services||Legitimate interests|
|Identification – and contact details (e-mail address), IP-address and IMEI-code||To inform you about technical information concerning our products by means of a newsletter||Consent, legitimate interests|
|Identification – and contact details (e-mail address), IP-address and IMEI-code||To respond to your question issued with the contact form on our website||Legitimate interests|
|Identification – and contact details: username, e-mail address, choice of language (optional: surname, name, address, telephone number, fax number, date of birth), payment details, IP-address and IMEI-code||For use in demographic studies, to monitor customer patterns with the aim of improving and ensuring the proper, effective and secure functioning of our websites (e.g. “retargeting pixels”) and/or our apps||Legitimate interests, consent|
|Identification – and contact details (surname, name, address), payment details and invoices||To provide you with commercial information and advertisements regarding promotions and discounts|
|Identification – and contact details (surname, name, address), payment details and invoices||To comply with legal, regulatory and administrative obligations||Legal obligation|
|Identification – and contact details (surname, name, address), payment details and invoices||To protect and safeguard our rights||Legitimate interests|
|Identification – and contact details: first name, last name, address, gender, username, e-mail address, telephone number, profession, interests, workplace, choice of language, Advertising Identifier (IDFA)||To enable us to create your account or profiles (e.g. to use our apps)||Agreement|
|Identification – and contact details: first name, last name, address, gender, username, e-mail address, telephone number, profession, interests, workplace, choice of language, Advertising Identifier (IDFA)||To ensure the proper functioning of our apps and to provide you a service or feature you requested||Agreement|
|Identification – and contact details: first name, last name, address, gender, username, e-mail address, choice of language, Advertising Identifier (IDFA), information about your use of our apps||To provide you customised information based on your past activities on our apps||Legitimate interests and if required, consent|
In order to give you more control regarding the processing of personal data, you have various rights at your disposal. These rights are inter alia discussed and provided in articles 15-22 GDPR.
You have the following rights:
- Right of access to the processed personal data (art. 15 GDPR):
You have the right to obtain our confirmation as to whether or not your personal data is being processed, and, where that is the case, to obtain access to the personal data and the following information:
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making.
In the event that we cannot provide you access to the personal data (for example in the event of a legal obligation to restrict the data subject from access to such information), we shall inform you of the reasons of such an inability.
Furthermore, you can also request a copy of the personal data undergoing processing free of charge. Please note however, that we are entitled to charge reasonable fee based on administrative costs for each additional copy you request.
- The right to be forgotten or to request erasure of personal data (art. 17 GDPR)
In certain instances, you may request us to erase your personal data. Be aware however that under such circumstance, we will not be able to provide you with our services any longer. Furthermore, we ask you to bear in mind that the “right to be forgotten” is not an absolute right. We shall have the right to continue to store your personal data, inter alia, in the following cases: (i) where such storage is necessary for the performance of a contract to which you are a contracting party, (ii) where such storage is necessary for compliance with a legal obligation, or (iii) where such storage is necessary for the establishment, exercise or defence of legal claims. We shall inform you of the reasons for the storage of your personal data in our response to your request of erasure.
- The right to rectification (art. 16 GDPR):
In the event that your personal data are inaccurate, dated or incomplete, you can request us to rectify or complete your personal data.
- The right to data portability (art. 20 GDPR):
Under certain conditions, you shall also have the right to request us to transmit the personal data you provided us with and for which you have given us your consent, to another controller. We shall transmit such personal data directly to the new controller in so far as such transmission is technically feasible.
- Right to restriction of processing (art. 18 GDPR):
You shall have the right to obtain the restriction of processing where one of the following applies:
- You contest the accuracy of the personal data (in such an event the use of the personal data shall be limited for a period enabling us to verify the accuracy of the personal data);
- The processing of the personal data is unlawful;
- We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
- Pending the verification whether the legitimate grounds for the processing of the personal data override those of the data subject, you may request us to limit the usage of the personal data.
- The right to object (art. 21 GDPR):
You have the right to object, on grounds relating to your particular situation, the processing of your personal data in case that such processing is done for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by us. In such an event, we shall no longer process the personal data unless (i) there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or (ii) the processing of the personal data is done for the establishment, exercise or defence of legal claims.
- Automate individual decision-making, including profiling (art. 22 GDPR):
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or which may significantly affect you in a similar manner.
Such right can however not be invoked in the following circumstances:
- If the decision is authorised by law (for example: in order to prevent tax fraud);
- If the decision is based on the data subjectʼs explicit consent; or
- If the decision is necessary for entering into, or performance of, a contract between the data subject and the data controller (note that in such instances, we shall always make a case by case assessment of whether less privacy intrusive methods can be applied to facilitate the entry into, or performance of the contract).
- The right to withdraw your consent (art. 7 GDPR):
Where the processing of personal data is based on consent, you shall have the right to withdraw such consent at any time through a simple request.
The exercise of your rights
To exercise the rights listed above, you can contact us via e-mail on the following e-mail address: DataprotectionCommittee.email@example.com.
In order to verify your identity, we ask you attach a copy of the front side of you ID-card to your e-mail.
All rights can be exercised free of charge, unless your request is manifestly unfounded or disproportionate (for example: due to the repetitive character of your request). In such cases, we have the right to charge you with a proportional fee or to refuse to adhere to your request.
Transfer of personal data to affiliated companies and third parties
We may also send your personal data to third parties whose intervention as data processor, on behalf and under control of GC Europe, is required for the purposes indicated above. These data processors are natural persons or legal entities that process the personal data on behalf of GC Europe. These processors were carefully selected by us and offer all the adequate guarantees with regard to technical and organizational security measures regarding the processing of your personal data. These entities are limited by contractual provisions in their ability to use your personal data for purposes other than providing services for GC Europe.
Your personal data shall only be transferred to third parties in conformity with the legal provisions in that regard, when you have provided us with your consent to do so, or when such transfer is necessary to ensure the provision of our services (on the basis of our legitimate interests). No personal data shall be transferred to third parties under any other circumstances, unless we are obligated to do so on the basis of compulsory legal or regulatory provisions (e.g.: the transfer of personal data to external bodies or authorities, such as law enforcement authorities).
When you submit a question or request to GC Europe via our websites (including but not limited to a question via our “Contact” section, a subscription request to our newsletter, a sample request on our sample page(s), or a registration request for one of our online webinars), GC Europe will forward this question or request and the personal information provided by that internet user to the company within the GC group located or operational in the internet userʼs country of residence. In these circumstances, personal data are thus not only processed by GC Europe, or under the sole control of GC Europe, but also by its affiliated companies and/or subsidiaries. If you oppose this transfer, you can contact us by email at DataprotectionCommittee.firstname.lastname@example.org or by post at the aforementioned address to the attention of the Data Protection Committee.
We ensure that your personal data will not be rented nor sold in personally identifiable form to anyone but companies within the GC Group, or the trusted and reputable third party processors described under this title. All third party processors are bound to keep your information confidential. All information provided to third party processors is used by them only to carry out the service they are providing for us.
Categories of recipients
We see to it that the personal data shall only be accessible within our company to those persons who require access to the personal data in order to comply with the contractual and legal obligations.
In some circumstances, our employees and staff are assisted by external service providers in the execution of their tasks. In order to protect your personal data, we have concluded an agreement with all such external service providers in order to guarantee the safe, respectful and cautious management and administration of your personal data.
Transfer of personal data to third countries
Your personal data shall only be transferred or disclosed to processors or controllers in third countries in so far as we are legally authorised to do so.
In so far as such disclosure or transfer is necessary, we shall take appropriate measures to ensure that your personal data shall be significantly protected and that all disclosures or transfers of personal data outside of the EEA take place in a lawful and legitimate manner. In the event that a disclosure or transfer takes place to a country outside of the EEA, for which the European Commission has not determined that this country does not maintain an equivalent level of protection of the personal data, such disclosure or transfer shall always be subject to appropriate safeguards, such as making use of the approved standard data protection clauses and provisions for the transfer of personal data to third countries as established by the European Commission.
You can consult the approved standard terms and provisions of the European Commission via the following hyperlink: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
Protection of your personal data
We have taken all reasonable and suitable technical and organizational measures in order to protect your personal data as well as possible against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
Storage of personal data
We store your personal data for the period of time necessary for achieving the purpose for which such personal data is processed. Please note that we must take into account a number of (legal) storage periods (time limits) which oblige us to continue to store your personal data. In the event that no obligation or duty to store the personal data exists, the personal data shall be erased and destroyed on a routine basis once the purpose for which the personal data is collected has been achieved.
Furthermore, we may store your personal data if you have given us your consent to do so or where such storage is necessary for the establishment, exercise or defence of legal claims. In this last instance, certain personal data shall be used for evidence purposes. Such personal data shall therefore be stored in line with the legal prescription period, which can amount up to a period of thirty years; the usual limitation period in relation to actions in personam amounts up to ten years.
The protection of your personal data is our primary concern. As such, we aim to take all necessary measures in order to guarantee the protection of your personal data. Should you have a complaint regarding the manner in which your personal data is processed, please feel free to contact us. We shall try to live up to your expectations and meet your concerns as soon as practically possible.
You may also file your complaint to the supervisory authority for personal data protection. The authority assigned to supervise our organization is the Belgian Data Protection Authority:
Do you have any further questions?
Please feel free to contact us via telephone, e-mail or letter. We are happy to be of any further assistance.
GC Europe N.V.
Researchpark Haasrode-Leuven 1240
+32 (0) 16 74 10 00
Last date of modification: 20th of June 2019