Last update: April 2019 – version 2.0
Your personal data is collected and processed by CRANIUM International Holding NV, which includes the following related branches:
- CRANIUM Belgium NV
- CRANIUM GDPR Representative BVBA
- PaSMaN VZW
- CRANIUM Nederland BV
- CRANIUM USA Inc
- CRANIUM Hungary Kft.
hereafter referred to as “CRANIUM”.
CRANIUM specializes in mitigating privacy and security risks. CRANIUM supports and familiarizes your organization to be compliant with the applicable EU and national privacy and data protection legislation. This includes the General Data Protection Regulation (GDPR) amongst others, as well as the protection against cyber-attacks and other possible data breaches. CRANIUM has its headquarters at Excelsiorlaan 43, 1930 Zaventem, Belgium, registered with company number 0666.909.642.
Scope of the Privacy Statement
CRANIUM values privacy and is therefore committed to protect the (personal) data of all its stakeholders with the greatest possible care, and to process personal data only in a fair and lawful manner. This Privacy Statement is applicable to our customers, partners and website visitors for the personal data collected and processed by CRANIUM through this website and the related services.
This Privacy Statement contains essential information on how CRANIUM, as the data controller, collects and processes personal data, for what purposes and explains your rights as a data subject.
Processing of Personal Data
Personal data can be defined as any information that allows a natural person to be identified, directly or indirectly. You can provide us with your personal data in the context of the following activities, for the corresponding purposes and based on the stated grounds:
- Contact form or correspondence: By completing the contact form on the website, you consent to CRANIUM processing your name, email address and your question or message. If you contact us directly (by e-mail, telephone or letter), we will process your contact details and the content of this correspondence. We only use this information to sufficiently handle your question or message.
- Newsletter: If you subscribe to our newsletter, you provide us with your name and email address. CRANIUM collects these data based on your consent and for the purpose of sending you relevant information and keeping you up to date with our latest news. We use an external service provider (Mailchimp) to monitor the delivery of our newsletter.
Also, our newsletter contains so-called ‘tracking pixels’. A tracking pixel is a miniature image that allows a statistical analysis of the impact of a marketing campaign e.g. to check whether the email containing the newsletter was opened. The personal data collected through these pixels are stored and analyzed for the purpose of optimizing the form and content of the newsletter and to better align the content with your interests in the future. These personal data are not passed on to third parties.
- For sales and marketing purposes: CRANIUM can use your name and contact details for direct marketing campaigns, to inform you on promotions with regard to the products and services CRANIUM provides, and to contact potential future customers. We can also use the data to make targeted offers, e.g. via email, or to display an advertisement on our own website. We send these communications or place the advertisements, based on the legitimate interest of CRANIUM, if we notice that you are interested in or benefit from our services or products.
- Survey / feedback: Based on the legitimate interest of CRANIUM, we can use your contact details in order to assess, evaluate and improve the services offered to you. For this purpose, we could send out questionnaires or customer surveys, or ask you to fill out our Customer Feedback form.
- Social media plugins: The CRANIUM websites integrate plugins from Facebook, LinkedIn, Twitter and Instagram. From the moment you access our website, these social plug-ins send information to the third party platform about your device, which pages you visit and how you use our services. The plug-ins are processed regardless of whether you have an account.
- Events: When you register for one of our events, we ask you to provide certain information to participate in that particular event. For example, we will usually ask for your name, email address, function and organization. We collect this information based on your consent in order to complete your registration and guarantee the best event experience for everyone.
- Job application: By completing the job application form on the website, you consent to CRANIUM processing your name, email address, cv and motivation for the job application. If you contact us directly or interact with us regarding a job application (by e-mail, telephone, letter or social media such as LinkedIn), we will process your contact details and the content of this correspondence. We only use this information to complete your recruitment process.
- For the provision of our products & services: When you buy certain products or services from CRANIUM, we collect your contact details and billing data. This is for the purpose of providing our services and managing our (customer) relationship and on the basis of your purchase agreement with CRANIUM.
- Other relations: We collect contact details of our current or future suppliers and partners. We process this information to enter into our agreements and to manage our relationships or collaborations. This processing is therefore based on the conclusion and execution of our contracts and business relations.
The legal ground on which CRANIUM processes your data is consent. By providing your personal data and cv when interacting with us or applying for a position at CRANIUM, you consent to the processing of that data.
CRANIUM considers your personal data as confidential and commits to process it only in a way that is compatible with the purposes for which the data were initially collected.
Your Rights as a Data Subject
At all times, the data subject has the possibility to exercise his or her rights as described in the General Data Protection Regulation. The data subject can exercise the following rights:
Right of access
You have the right at any time and free of charge to access your personal data and to request a copy of the personal data that CRANIUM collects about you.
Right to rectification
You always have the right to have incorrect personal data corrected, or incomplete personal data completed.
Right to erasure (“right to be forgotten”)
You can request to have your personal data removed from CRANIUM’s systems.
The request to erase your personal data cannot always be granted due to contractual or legal obligations. CRANIUM will take these obligations into account when replying to your request.
Right to object
You have the right to object to the processing of your personal data if the processing takes place on the ground of the legitimate interest of CRANIUM or on the ground of the public interest. We will stop processing unless we can prove that there are compelling legitimate grounds for the processing or for the exercise of legal claims. You can also object in the case of direct marketing, so the personal data will no longer be processed for these purposes.
Right to withdraw consent
For the processing of your personal data collected by CRANIUM with your consent, you can withdraw your consent at any time. For example, you can always unsubscribe from the newsletters. However, the withdrawal of your consent does not apply to processing previously carried out by CRANIUM.
Right to restriction of processing
In certain cases, the data subject is entitled to obtain the restriction of the processing of his or her personal data. We will continue to store your data, but we will restrict its use. You can e.g. submit this request when you think that your personal data is inaccurate, or the processing by CRANIUM is unjustified. We only have to grant these requests in specific cases as defined by law.
Right to data portability
The data subject has the right to receive the personal data concerning him or her, processed by CRANIUM, in a structured, commonly used and machine-readable format and/or to transmit those data to another controller.
These rights can be exercised free of charge by sending an e-mail to firstname.lastname@example.org. We commit to answer your request within one month upon its receipt. It is possible that we request additional information first in order to confirm your identity and ensure the request originates from you.
Right to lodge a complaint
If, at any time, you believe that CRANIUM infringes your privacy, you have the right to lodge a complaint with the Belgian Data Protection Authority: Gegevensbeschermingsautoriteit, Drukpersstraat 35, 1000 Brussels, Tel +32 (0)2 274 48 00, e-mail: email@example.com.
Disclosure to Third Parties
CRANIUM will refrain from disclosing or selling personal data of data subjects to third parties as well as publicly disclosing data subjects’ personal data, unless in the following specific cases:
- Personal data can be shared between the different branches of CRANIUM, in case this transfer is required for the provision of our products or services in line with the predetermined purpose.
- Personal data can be shared with third party service providers to which CRANIUM outsourced certain processing activities. In any case, they are limited to processing your personal data in accordance with our instructions and if necessary, a data processing agreement will be concluded so they are obliged to comply with all obligations required by the applicable data protection legislation.
- If it is required by applicable laws or regulations.
Regarding international transfers of personal data and processing outside the European Economic Area (EEA), your data are only transferred to other CRANIUM branches or parties in third countries, such as software providers and cloud or mailing services, when permitted under the applicable data protection legislation. We guarantee appropriate safeguards which ensure that your rights are also respected by the data recipient outside the EEA in accordance with an adequate level of data protection.
Retention of your Personal Data
CRANIUM acknowledges the importance of the protection of personal data. We do not retain your personal data no longer than strictly necessary for the realization of the purposes for which we received the data, or for the execution of a contract or for fulfilling a legal obligation. The retention periods differ with regards to the type of processing activity and the purpose for which the personal data were collected.
The personal data that we collect on the basis of your consent will be kept by us for as long as your consent remains valid.
We keep customer and supplier information about your purchases for as long as reasonably necessary to execute our agreements, to comply with our legal obligations (such as accounting and tax obligations) and to resolve disputes or enforce agreements. Therefore, this personal information is retained for the duration of our contractual relationship and for 10 years thereafter.
In all cases, personal data may be retained for a longer period if there is a legal or regulatory reason to do so, or for a shorter period if the data subject objects to the processing of his/her personal data and if there is no longer a legitimate reason to retain them.
We guarantee to only provide limited access to archived data and to remove or render anonymous your personal data if the retention period has passed.
Security and Confidentiality of your Personal Data
CRANIUM has taken technical and organizational security measures to prevent the destruction, loss, falsification, alteration, unauthorized access or disclosure of your personal data to third parties and any other unauthorized processing of these data.
We have made every effort to ensure the confidentiality, integrity and availability of the information systems and services that process personal data. These measures include physical and operational security measures, access control, awareness raising and confidentiality clauses. All our employees and third parties engaged by us are obliged to respect the privacy and security of your data.
If you have comments, questions or concerns about any of the information in this Statement, or any other issues relating to the processing of your personal data by CRANIUM, please contact our Data Protection Single Point of Contact (“DP SPOC”) firstname.lastname@example.org.
In the event you prefer to contact us by post, you can do so on the following address:
Excelsiorlaan 43, 1930 Zaventem, Belgium.
Changes to our Privacy Statement
We may amend or update this Privacy Statement from time to time to reflect changes in our practices with respect to the processing of your personal data, or changes in applicable law. We will be doing this by posting the updated version on this CRANIUM website. When we publish changes to our Privacy Statement, we will change the date and version number of the “last update” of our Privacy Statement. Significant changes will be reported on our homepage. Nevertheless, we encourage you to read our Privacy Statement periodically.