Van Hool – Externe privacy policy

In the context of its activities, Van Hool NV, with registered office at Bernard Van Hoolstraat 58, 2500 Lier (“Van Hool”), collects and uses information about natural persons such as yourself (also referred to as “personal data”).

Van Hool considers the protection of your privacy an important matter and therefore commits to process the information that it collects about you only as set out in this policy. In so doing, Van Hool is acting in accordance with the relevant privacy legislation, including the General Data Protection Regulation or “GDPR”.

As part of this commitment, Van Hool wishes to explain with this privacy policy why and how we process your personal data, as well as what your rights and our obligations are in this respect. This policy also provides information about who you can contact within Van Hool if you have questions or to exercise your rights (see point 7).

1 Scope

This privacy policy applies to every type of use of personal data concerning:

  • future, present and former customers (natural persons);

  • future, present and former suppliers (natural persons);

  • representatives and personnel of customers (legal persons);

  • representatives and personnel of suppliers (legal persons);

  • visitors of our premises; and

  • visitors of our websites, including the client portal.

This policy does not apply to information relating to legal persons.

The so-called “controller” is the legal entity which decides on the purposes and means of collecting and using your personal data. Unless otherwise indicated in a supplementary policy relating to a specific processing operation, Van Hool is the controller.

2 What personal data is collected about you by Van Hool?

2.1 General

In the first place we collect the identification and contact details of individuals with whom we communicate, such as your name, email address and/or postal address, landline and/or mobile telephone number. The content of the communication that you exchange with us by post or email is also recorded.

2.2 Professionals

For professional customers and suppliers who are natural persons this further includes your title, position, name of your company, payment data, such as your bank account number, IBAN, BIC and, where applicable, your VAT number, as well as your purchase/sales history at Van Hool.

For the representatives and personnel of customers and suppliers who are legal persons, this also includes your title, position, name of your company.

If you provide us with information about other individuals (such as the contact details of a colleague), you must provide a copy of this privacy policy to these individuals.

2.3 Visitors of our premises

When you visit one of our premises you may also be filmed by our security cameras. This is always indicated by the appropriate pictogram at the entrance of our premises.

If you have an appointment with one of our staff members, you must also give your name at the reception as well as the reason for your visit.

2.4 Visitors of our websites

When you visit our website or client portal, we also collect certain connection and communication data (such as your IP address, the domain name of your internet provider, your type of browser, operating system and platform), statistical information and information relating to your behaviour, habits and preferences (such as information relating to the pages that you have visited, information that you have requested and the time that you have spent on our websites).

3 How is personal data collected?

We have collected this personal data directly or indirectly using (one or more) of the following channels:

  1. when you contact us and communicate with our personnel and/or our IT systems;

  2. when you give us your business card;

  3. when you order and purchase some of our goods or services;

  4. through our CCTV and security systems;

  5. through the company for which you work or through one of your colleagues;

  6. through online research;

  7. when you request online and/or paper catalogues;

  8. by participating in fairs and industry gatherings;

  9. when you visit our website/client portal; or

  10. when you visit our company.

4 Why is personal data collected and used?

Your personal data is always processed for a specific and well-defined purpose and only the data required to achieve that purpose is used.

4.1 General purposes

We process the personal data of (the representatives and personnel of) our customers and suppliers, company and website visitors for the following general purposes:

  1. monitoring of our activities (measuring and compiling statistics on sales, purchases, payments, number of customers, etc.);

  2. management of our IT;

  3. improving the quality of our products and services;

  4. safeguarding our economic interests;

  5. management of our archiving systems;

  6. answering questions from a public authority or court;

  7. compliance with statutory obligations; and

  8. fraud prevention.

4.2 Professionals

We also process the personal data of (the representatives and personnel of) our customers and suppliers for:

  1. the preparation and performance of agreements;

  2. purchase, procurement, invoicing and accounting;

  3. logistical support;

  4. management of relations with customers and suppliers and partner programmes;

  5. providing the necessary and most recent product information, manuals and after-sales service;

  6. recall actions and product improvement; and

  7. monitoring the activities in our premises, including compliance with relevant policies, health and safety rules.

4.3 Visitors of our premises

We process our visitors’ personal data for:

  1. the organisation of company and school visits; and

  2. monitoring the activities on our premises, including compliance with applicable policies, health and safety rules.

4.4 Visitors of our websites

We also process the personal data of the visitors of our website and client portal for:

  1. managing and improving our websites (e.g. through the diagnosis of server problems, optimisation of data traffic, integration and optimisation of web pages);

  2. measuring the use of our websites (e.g. by compiling statistics of the data traffic or collecting information on the behaviour of the visitors and the pages that they visit);

  3. improving and personalising your experience as well as adapting the content of the website to each visitor (e.g. by remembering your selections and preferences, together with the use of cookies); and

  4. monitoring and prevention of fraud and other potential misuse of our website.

5 Legal basis allowing the collection and use of personal data

Personal data may not be processed without a valid legal basis. We will therefore process your personal data only when:

  1. we have received your free, explicit and specific consent for the processing of your personal data for one or more specific purposes; or

  2. the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request; or

  3. the processing is necessary in order to comply with an obligation to which we are subject by a statute, decree or ordinance; or

  4. the processing is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms. Please note that, when processing your personal data on this basis, we always seek to maintain a balance between our legitimate interest and your privacy.

Examples of such legitimate interests include: benefiting from cost-effective services, offering our products and services to our customers, fraud prevention and the security of our IT systems and networks, meeting our corporate and social responsibility objectives.

In most cases your personal data will be processed because this is necessary in the context of our present and future contractual relations. If you require more information on the exact legal basis on which we rely to process certain personal data, please do not hesitate to contact us, as explained in point 7.

6 Who has access to my personal data?

6.1 Within Van Hool

Your personal data will be stored by Van Hool in its IT systems, but will only be accessible to the personnel who require access to your personal data as part of their tasks within Van Hool and only for the purposes set out in point 4.

This personnel is bound by our internal privacy policy relating to security, confidentiality and protection of personal data. They are also obliged to comply with the technical and organisational measures that we have taken to protect your personal data. These security measures were tailored to take into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of the personal data, the volume and risks attached to the processing of personal data.

6.1 Outside Van Hool

Part of the personal data is also shared with certain categories of recipients outside Van Hool in the context of the purposes defined above, but only if they actually require such information. This concerns, in particular:

  1. our service providers such as consultants, IT service providers, insurance companies and financial institutions;

  2. our business partners, such as distributors and agents;

  3. any national and/or international regulatory, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request;

  4. third parties advising and assisting us, such as accountants, bailiffs and lawyers; and

  5. third parties involved in investigating possible fraud or other legal violations.

In the above context, we remain responsible for the processing of your personal data. Except in the case of the authorities, these recipients may process the data only on the basis of our specific instructions and for no other purpose, unless we have informed you of this in advance and have obtained your consent, where required. We also impose specific contractual obligations on them in order to guarantee the protection of your personal data.

6.3 Outside the European Economic Area

Recipients can sometimes be located in a country outside the European Economic Area (“EEA”), which may not provide an adequate level of protection of personal data. The applicable legislation for the transfer of personal data to such countries requires that we implement appropriate safeguards to ensure that the protection of personal data remains guaranteed (such as contractual provisions that impose on the recipients to protect your personal data). You can obtain additional information and an explanation about this or a copy of these measures by exercising your rights as described in point 7.

7 What are my rights and how should I exercise them?

You always have the right to request access to the personal data that Van Hool processes about you and to have inaccurate or incomplete personal data corrected. In some instances you can also object to the processing of this data, request a restriction on the processing or ask us to delete certain data. Lastly, you are also entitled in certain circumstances to request that some of your personal data be transferred to yourself or to a third party.

When you have given your consent for a certain type of processing, you may withdraw it at any time, but you should be aware that in such case you may not be able to fully enjoy all of our services. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. In addition, you can always object at no cost to the use of your personal data for direct marketing purposes.

Should you wish to exercise any of the above rights, please send a letter to the Legal Department at Van Hool or an e-mail to legal@vanhool.be, attaching a copy of your identity card.

Van Hool takes your comments about our processing of personal data seriously and will quickly attend to them. So do not hesitate to contact us if you have any comments.

If you are not satisfied with the way in which we process your personal data, you are entitled to submit a complaint to the supervisory authority responsible for the protection of personal data, in Belgium, the Data Protection Authority (GBA).

8 How long is my data kept?

The exact retention period depends on the purpose for which the personal data is being processed.

In principle, Van Hool uses the following criteria for the retention of personal data: (i) personal data is stored for as long as is necessary for achieving the purpose for which it was collected and (ii) always in line with the relevant statutory, regulatory and internal requirements in this respect.

For personal data that is related to a contract that you (or the company for which you work) have executed with us, the retention period is the duration of this contract, plus the period until claims under this contract become time-barred, unless mandatory statutory or regulatory requirements require a longer or shorter retention period. After the expiry of this period your personal data will be removed from our systems.

CCTV images are retained for a maximum retention period of 3 weeks.

9 Amendment of the policy

This policy may be subject to amendments. This privacy policy was last amended on 30 May 2018. Future amendments or additions to the processing of your personal data as described in this privacy policy will be notified to you in advance through our website(s) (for example, through pop-up screens) as well as by means of our usual communication channels (for example, by e-mail, if we hold your e-mail address). Please always ensure, however, that you use the latest version.

10 Contact us

For general questions you can always contact us by sending a letter to the Legal Department at Van Hool or an email to legal@vanhool.be. For privacy-related questions and/or to exercise your rights, please refer to the contact person mentioned in point 7. We are pleased to help you.