Elements Advisory
Regulatory support for active substances and biocidal products

Privacy Statement

General policy on data processing and protection

Who processes your data?

Your personal data is processed by Elements Advisory. This is the controller responsible for the processing activities with regard to your data as they are described and explained in this document. Starting point is that Elements Advisory only processes personal data insofar that this is necessary for the purposes and activities it deploys. Furthermore, Elements Advisory takes utmost account of the dispositions of the General Data Protection Regulation (GDPR), as the case may be complemented by local (for instance federal and Flemish) regulation on the protection when processing personal data.

For any information and general questions about the way we process your personal data, you can always contact an.ghekiere@elements-advisory.be. This is also the service/person you can contact with remarks and suggestions, as well as for exercising the rights that the Regulation provides to you (see further).

When do we collect and process your personal data?

We collect and process data about you in various cases:

  • when you interact with us as a representative of a customer (legal person) or as a customer (natural person);

  • when you interact with us as a representative of a supplier (legal person) or as a supplier (natural person);

  • when we contact you as a representative of a (professional) prospect (legal person) or as a prospect (natural person);

  • when we ask your professional support and/or assistance or want to use your services (with regard to public relations and/or networking).

What data do we process about you?

The data we process about you are (also) personal data. This means that these data allow us to identify you or to make a link with you as a natural person.

The data that we process are the following data:

  • identification data (such as first and family name, gender, address, phone number, email address …)

  • financial data (bank details) – in order to get paid

  • function data (such as function and position, in particular in the legal person you represent)

  • other data, in function of the processing activity and purpose

The type of data we process depends on the generic purpose of the processing. For instance, for customer management we process your identification and function data, i.e. the data that will allow us to contact you in your capacity of representative of a professional client (who is a legal person).

For some purposes we collect additional information. That is the case for direct marketing where we can process data from third parties that give us a better understanding on who you are and what your interests are.

How do we collect and process your personal data?

The personal data we process are normally collected directly from you, through questionnaires and other forms we ask you to fill in. In other cases, we also process data from other sources than yourself, such as from colleagues at the legal person you represent. Whenever we process data obtained indirectly, we will inform you of the source where we obtained your data.

For which purposes do we process your personal data?

We process your personal data for the following (generic) purposes: customer relations management, direct marketing, supplier management, accounting and communication/public relations, investor relations, prospects, R&D, Safety and Health Environment as well as recruitment and selection.

What is the legal basis for processing your personal data?

The processing of your personal data is necessary for the execution of the contractual relation that exists between us. Without those data it is not possible to register your orders and to deliver the ordered products or to register the order of your company and to deliver the products at the right service or department of your company. The contractual relation is also the basis for the processing of data in the recruitment and selection process, albeit that the processing then is necessary to take some (pre-contractual) steps at your request, following your application to our company.

In some cases, the processing will be based upon our legitimate interests, such as our freedom to enterprise, social responsibility, protect and safeguard our sites. This is the case for direct marketing, research & development and communication/public Relations and Safety and Health Environment. Then we take care that there is a balance between our interests and your rights or freedoms, for instance by giving you the possibility to oppose to the processing.

How long do we keep your personal data?

In general, we only keep your data for so long as is necessary to realize the purpose for which we process them. In practice, this means that we certainly process your data as long as you have a relationship with us, e.g. as a customer, a supplier, as a contact person or a legal person of one of our clients.

When our relationship with you ends, the data will be kept as long as is necessary and in particular imposed by the legislation. Normally the data is not kept any longer than the period during which legal action is possible regarding the execution of previous contracts.

When you apply for a job, your data will be kept during the recruitment and selection process.

  • If you are hired, the data will be transferred to our processing activities with regard to personnel administration and management.

  • If you are not selected, the following scenarios are applicable

    • Selection process based solely on resume and interviews: In principle your resume will be deleted unless you gave your consent that we could store your data longer, for instance for establishing a reserve list. In this case we will keep your data for 2 years

    • Selection processed based on resume, interviews and profiling by 3rd party: Your profiling data will be kept for 5 years by the external provider used for such profiling. In principle your resume will be deleted unless you gave your consent that we could store your data longer, for instance for establishing a reserve list

When visiting a facility with camera surveillance, your data will be stored for 1 month.

In keeping the data, we make a distinction between the period when your file and data is active and the period when the file and data become passive. A file and data is active as long as you are in a relationship to us. Afterwards the file and data become passive, which means that only a selected number of collaborators of the competent service or department have access to your data.

Do we transfer or communicate your personal data to others?

Your personal data is mainly processed internally, by our services/departments and collaborators.

For some specific services we do use third parties who then act as processors. Whenever we are using a processor, your personal data is transferred to this processor, albeit just to enable that processor to render the service for which we ask his or her assistance and always under our control. To that effect, we conclude a processor agreement with each and every of our processors.

In some cases, we are obliged to transfer or communicate data on you. This is the case when there is a legal obligation, such as the obligation to communicate data to government authorities who are legally entitled to ask them. In that case we always verify whether the conditions to ask us the data, are met.

Are your personal data transferred to third countries, outside of the European Economic Area?

It is possible that your data is transferred to third countries, i.e. countries outside the territory of the European Economic Area (European Union + Iceland, Norway and Liechtenstein). This is the case

  • when your data is processed by an external processor located in a third country.

In that case, we always verify whether the recipient is located in a country that provides an adequate level of protection or, if that is not the case, that a standard contractual clause is signed with the recipient, or specific agreements with those external processors are in place. If none of the aforementioned situations apply, the transfer will be based on one of the derogations for specific situations as described in the GDPR.

If you want to know what we do to protect your data in the above mentioned cases, you can always contact an.ghekiere@elements-advisory.be.

What rights do you have?

You always have the right to have access to the personal data we process about you. If you find those data to be incorrect or incomplete, you can always ask us to rectify or complement the data. To do so, you have to file a request, preferably by filling in our contact form, together with a proof of your identity or by contacting an.ghekiere@elements-advisory.be.

If you find that your data is no longer relevant and should not be processed anymore, you can also request their erasure following the same procedure. It is important to observe that 1) as long as you’re a customer, supplier, applicant or prospect, your data is processed since this is necessary and indispensable for the execution of the contract and/or the legitimate interest at stake, and 2) local legislations may be applicable, so that during this period they cannot be erased.

If you do not agree with the way we process your personal data, for instance, during the selection process, you can take various actions. You can contact an.ghekiere@elements-advisory.be or you can file a complaint with the competent supervisory authority. In Belgium this is the Data Protection Authority (Drukpersstraat 35; 1000 Brussels).

How are your personal data secured?

Internal data protection regulations ensure that uniform and high data protection standards apply to all systems.
Security measures are in place to protect your data against accidental and deliberate manipulation, loss, destruction and against access by unauthorized persons.

General information

We reserve the right to modify or adapt this policy. You will always be informed of those modifications or adaptations through the usual channels of communication we use in our company.