• • •
Econocom
contactez-nous
Econocom

  • nous suivre

contactez-nous
points de vues, tendances, paroles d'expert...
le média d’econocom sur la transformation digitale.
consulter le blog
Econocom

Charte de confidentialité

  1. Introduction

Econocom is committed to protect your personal data and your privacy. We encourage you to carefully read this Privacy Charter.  This Privacy Charter informs you of our data protection and privacy practices and the way your personal data are collected and how that data is used by Econocom. Econocom processes personal data in compliance with data protection legislation, particularly the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”). This Privacy Charter details the commitments Econocom makes when collecting personal data and how such data is used.

For the purposes of this Privacy Charter, the term “data protection legislation” refers to GDPR as well as any other legislation and/or regulation implemented or created pursuant to the GDPR and the e-privacy legislation, or which amends, replaces, re-enacts or consolidates any of them, and any other applicable national laws relating to the processing of personal data and privacy that may exist under applicable law. 

For the purposes of this Privacy Charter, the terms “controller”, “processor”, “third party”, “personal data”, “processing” and “data subject” have the meaning given to them in the data protection legislation.

This Privacy Charter sets out how Econocom will process any personal information that we may collect about you as a visitor to our website, premises or events, or as one of our customers or potential customers, suppliers or potential suppliers, shareholders, or other business partners or in any other cases where we specifically state that this policy will apply.This Privacy Charter also sets out how we protect your privacy and your rights in respect of our use of your personal information.

Econocom may have a privacy policy or statement specific to particular local laws, products, services, events or collaborations in which case such policy or statement shall supplement, and where there is a conflict supersede, this Privacy Charter.

  1. Identity and details of the personal data controller

Unless provided for otherwise in a more detailed Privacy Policy or contractual document or offer, the personal data controller is: ECONOCOM MANAGED SERVICE established in Tour Bastion, Place du Champ de Mars 5 B14, 1050 Brussels, registered under the company n°: 0432.093.428 (“Econocom”), email : privacy_be@econocom.be.

  1. Personal data that may be collected 

Econocom collects and processes personal data for various purposes, as outlined below: 

Events, Webinars, and Trainings

  • Types of Data Collected: Name, company name, email address, job title, phone number, event registration details, participation data (attendance, feedback).
  • Ground for Processing: Consent (Article 6(1)(a) GDPR) – When you register or provide feedback voluntarily. Legitimate interests (Article 6(1)(f) GDPR) – Necessary for organizing events, training sessions, and improving their quality.

Security and Access Control

  • Types of Data Collected: Information from our IT access authorization systems, such as login details, IP addresses, and log files.
  • Ground for Processing: Legitimate interest (Article 6(1)(f) GDPR) - necessary to combat IT security threats and to protect the information we hold from unauthorized access, disclosure, alteration or destruction.

Professional Interactions and Contact Information

  • Types of Data Collected: information about you that you give to us by filling forms on our website (or other forms that we ask you to complete), giving us a business card (or similar) or corresponding with us by telephone, post, email or otherwise, or by reporting a problem related to our service. It may include but is not limited to: your name, address, email address and telephone number; information about your business relationship with Econocom; your opinions or comments on a matter; and/or information about your professional role, background and interests.
  • Ground for Processing:
  • Consent (Article 6(1)(a) GDPR) – When you voluntarily provide information (e.g., by completing forms or subscribing to updates).
  • Performance of a contract (Article 6(1)(b) GDPR) – Where the information is necessary to enter into or perform a business relationship with you.
  • Legitimate interests (Article 6(1)(f) GDPR) – Where processing is necessary to maintain and manage our business relationship, respond to your queries, or improve our services, provided your rights and freedoms are not overridden.
  • Legal obligation (Article 6(1)(c) GDPR) – Where we are required to retain certain information for compliance, record-keeping, or regulatory purposes.

Account Management for our clients

  • Types of Data Collected: Name, company name, email address, phone number, account credentials, usage data, VAT number, ID, and any other personal data requested on the Website
  • Ground for Processing: Performance of a contract (Article 6(1)(b) GDPR) – Necessary for managing your account and providing account-related services 

Order and Pre-order Management

To manage your orders and provide you with the services you have requested, such as confirming your order, preparing and delivering of your order, enabling the collection of your order from a pick-up point, subscribing to specific services/software and notifying you about the expiry of your contract. 

  • Types of Data Collected: Name, company name, email address, phone number, billing and shipping addresses, payment information, purchase history, VAT number and any other personal data requested on the Website
  • Ground for Processing: Performance of a contract (Article 6(1)(b) GDPR) – Necessary for processing your orders and pre-orders

Delivery Management for our clients or their users

  • Types of Data Collected: Name, delivery address, phone number, email address
  • Ground for Processing: Performance of a contract (Article 6(1)(b) GDPR) – Necessary for ensuring the delivery of purchased products

After-sales Service Management: Returns and Repairs (where applicable) 

  • Types of Data Collected: Name, contact details, order details, reason for return/repair and any other data requested on the Website
  • Ground for Processing: Performance of a contract (Article 6(1)(b) GDPR) – Necessary for processing returns and repairs

Management of leasing contracts:

  • Types of Data collected: identification data (name, first name, ID card, function, bank details, contact details, phone numbers)
  • Ground for Processing: Legal obligation (Art. 6.1.c GDPR) – contract & legal compliance

Reviews and Customer Satisfaction Surveys (where applicable) 

  • Types of Data Collected: Name, email address, survey responses, review content
  • Ground for Processing: Legitimate interests (Article 6(1)(f) GDPR) – Necessary for improving our products and services. Consent may be requested where required (Article 6(1)(a) GDPR)

Supplier Contact Management for our clients

  • Types of Data Collected: Name, company name, email address, phone number, communication content
  • Ground for Processing: Legitimate interests (Article 6(1)(f) GDPR) – Necessary for managing supplier relationships and communications

Customer Service Inquiries and complains

  • Types of Data Collected: Name, contact details, order information, inquiry details, detail of complains, communication records
  • Ground for Processing: Performance of a contract (Article 6(1)(b) GDPR) – Necessary for responding to customer service inquiries 

Financial Transactions

  • Types of Data Collected: Payment details, transaction history, invoicing information
  • Ground for Processing: Performance of a contract (Article 6(1)(b) GDPR) – Necessary for processing payments and maintaining financial records

Website Usage Analysis

  • Types of Data Collected: IP address, browser type, device information, usage data, cookies
  • Ground for Processing: Legitimate interest (Article 6(1)(f) GDPR) – Necessary for understanding how the website is used in order to enhance user experience and functionality, ensure its proper operation, and tailor the presentation of information to your preference. Consent may be requested where required (Article 6(1)(a) GDPR) 

Complaint Management

  • Types of Data Collected: Name, contact details, complaint details, order information, communication records
  • Ground for Processing: Legitimate interests (Article 6(1)(f) GDPR) – Necessary for managing and resolving complaints effectively. Performance of a contract (Article 6(1)(b) GDPR) may also apply where complaints are related to specific transactions.

Direct Marketing (where applicable)

  • Types of Data Collected: Name, company name, email address, phone number, marketing preferences, cookies, communication history
  • Ground for Processing: Consent (Article 6(1)(a) GDPR) – Necessary for sending marketing communications (e.g. information of new products). Legitimate interests (Article 6(1)(f) GDPR) – Necessary for promoting our products and services to existing customers (e.g. proposition of products associated with your purchase)

Improvement of services, surveys and communication 

  • Types of Data Collected: Name, company name, email address, phone number, feedback, usage data, survey responses, cookies information, purchase history.
  • Ground for Processing: Legitimate interests (Article 6(1)(f) GDPR) – Necessary for analysing and improving our services, products, and overall user experience. Consent may be requested where required (Article 6(1)(a) GDPR)

Digital visibility via social media activities and advertising

  • Types of Data Collected: account identifiers, interactions of the social media users
  • Ground for Processing: Consent (Article 6(1) a) GDPR) 

Electronic contracts signatures 

  • Types of Data collected: Identification data (name, email, IP address, digital signature), contractual data (contract content, annexe), metadata (date/time of signature, authentication logs)
  • Ground for processing: Legal obligation (Art. 6.1.c GDPR) - contract execution and legitimate interest (Art. 6.1.f GDPR) - efficiency and security of processes

Credit risk assessment for leasing opportunities and contract

  • Types of Data Collected: Identification data (name, contact details), financial data (income, solvency, payment history), professional data (company details, function)
  • Ground for Processing: legitimate interest (Art. 6 GDPR) - to evaluate the financial reliability of potential or existing clients before entering into or executing leasing contract (risk management) & Legal obligation (art. 6(1)(c) GDPR) - compliance with financial regulations

Anti-money laundering (AML) verification 

  • Types of Data collected: identification data, financial data, professional details
  • Ground for Processing: legitimate interest (Art. 6.1.f GDPR – financial management)

Storage and archiving of contracts

  • Types of Data collected: identification data (name, contact details), contractual and financial data (invoice details, payment references, VAT number).
  • Ground for Processing: Legal obligation (art. 6 (1) c) GDPR) – contract and legal compliance

Information gathering for cafeteria-plan management

  • Types of Data collected: identification data (name, badge ID), consumption data (cafeteria transactions, preferences)
  • Ground for processing: Legitimate interest (Art. 6.1.f GDPR) – employee services and facilities management: to collect and analyze data to manage cafeteria usage and improve service

Bid process management

Preparation and follow up of tenders. This includes the transmission of CVs for tenders, provision of mandatory documents for participation in tenders

  • Types of Data Collected: HR data (such as CVs, work experience), background record and other official extracts (only where strictly required), technical skills, diplomas, certifications, background check results, data shared by third-party recruitment agencies or platforms, publicly available professional information on platforms such as LinkedIn, as well as contractual and internal company documents.
  • Ground for Processing:
  • Legal obligation (art. 6(1)(c) GDPR): when required by applicable laws or regulations in the context of public or private tendering.
  • Contract (Art. 6.1.b GDPR) : when the processing is necessary to prepare, enter into, or execute a contract.
  • Legitimate interest (Article 6(1)(f) GDPR) - when necessary to manage and participate in tender processes, provided this does not override your fundamental rights and freedoms (e.g. skills verification). 

Visitors of our premises

  • Types of Data Collected: Name, company, contact details, visit date/time, identification information (e.g., badge or ID).
  • Grounds for Processing:
  • Legitimate interests (Article 6(1)(f) GDPR) – To ensure site security and visitor management.

Job applications

  • Types of Data Collected: Identification and contact details, CV, cover letter, employment history, qualifications, references, and any other recruitment-related information.
  • Grounds for Processing:
  • Consent (Article 6(1)(a) GDPR) – When voluntarily applying.
  • Legitimate interests (Article 6(1)(f) GDPR) – For evaluating candidates.

Personal data of our employees (please refer to our internal privacy policy)

  • Art. 4(1) GDPR: Personal data means any information relating to an identified or identifiable natural person ('Data subject'). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This Privacy Charter does not cover personal data rendered anonymous. Personal data is rendered anonymous if individual persons are no longer identifiable or are identifiable only with a disproportionately large expense in time, cost, or work. If personal data rendered anonymous become no longer anonymous (i.e., individual persons are again identifiable), or if pseudonyms are used and allow identification of individual persons, then this Privacy Charter will again apply.

  1. Retention of personal data

Econocom will retain your personal data only for as long as necessary to fulfil the purpose for which it was collected and processed. Econocom shall determine the appropriate retention period considering the purpose of the processing and the relevant applicable legal requirements. This includes considerations such as the need to answer questions or resolve difficulties, improve or offer new services and to comply with Econocom’s statutory obligations (for example regarding the retention of accounting records and legal documents). This means that Econocom will keep your personal data for a reasonable period of time after processing, in line with the statutory and regulatory obligations that apply to Econocom (for example regarding the retention of accounting records and legal documents) and to provide sufficient time to settle disputes and to exercise or defend the rights that Econocom has in the countries where it is located. Econocom has also established a data retention policy that applies regarding retention of personal data. Personal data that we collect is no longer required, Econocom will destroy or delete it securely.

  1. Recipients of your personal data

Econocom may share your personal data with subprocessors or third parties: 

  • With partners who provide services on our behalf and under our express instructions. For example a delivery service to make deliveries or expedite orders, or a repair workshop to repair defective device.
  • For marketing campaigns, we use external service providers to whom we transfer personal data, e.g., for sending emails, performing customer analysis or delivering personalized ads (e.g., Linkedin).
  • To suppliers of products that we sell in the context of a product recall or important notice relating to the product.  In the context  of internal business operations,  we may share your data with third-party service providers involved in:
  • The management of electronic contracts and their amendments.
  • The physical archiving of contracts and destruction of data.
  • The issuance and electronic transmission of invoices (e.g., via Bill-It and the PEPPOL network, tax authorities, partner banks).
  • Financial reporting and account monitoring.
  • Credit risk assessment (Credit rating agencies, partner banks, financial institution) and client qualification.
  • IT service management (e.g., via Master IT support providers).
  • With financial and institutional partners in specific situations:
  • For the assignment or transfer of leasing contracts to partner banks.
  • For invoicing or regulatory compliance, with tax authorities and banking partners.
  • For verification of authority in public procurement with public authorities or contracting parties.
  • For anti-money laundering (AML) check, where required, with competent regulatory or supervisory authorities.
  • In view of the international dimension of the Econocom Group, the personal data collected by Econocom may be retained and processed in, or transferred between, any country in which the Econocom Group has a business. However, Econocom only grants access to your personal data between Econocom Group subsidiaries if it is necessary.
  1. International transfers

Should personal data be transferred to countries outside the European Economic Area (EEA) that do not provide an adequate level of protection, we will ensure that the transfers take place with service-providers governed by binding corporate rules acknowledged to provide an appropriate level of protection, or that an ad hoc contract for the transfer of data, based on the model set by the European Commission, is signed between Econocom and this service-provider prior to the commencement of the transfer.

  1. Exercising your rights

You may have certain rights when it comes to the handling of your personal information.

  1. Right of access and rectification

You have a right to access your personal data at any time. You also have the right to request its rectification and erasure, the right to restrict processing, the right to object to processing and the right to portability on the terms stated in the applicable regulations.

  1. Right to withdraw your consent 

Where the processing of your data requires your consent, you have the right to withdraw your consent, without such withdrawal being such as to call into question the processing of your personal data that took place prior to the withdrawal of your consent.

  1. Right to restriction of processing

You may ask us to restrict processing of your personal data in each of the following cases: 

  • if you dispute the accuracy of your personal data, you may request a restriction of processing for a period of time allowing us to check the accuracy of the personal data.
  • if said processing is illegal, you object to the deletion of personal data and ask us instead to restrict its use.
  • if we no longer require your personal data for the processing objectives mentioned, but you still need it to file, conduct or support a legal action.
  • If you have objected to a processing operation, we will restrict this operation while awaiting a decision as to whether our legitimate interests prevail over yours.

If your right to restriction of processing is acknowledged, we will cease to perform operations on the relevant personal data, independently of storing this data.

  1. Right to object to specific processing 

The right to object means that you have the right to ask us to stop processing your personal data in the following situations:

Direct Marketing

You have the right to object at any time to the processing of your personal data for direct marketing purposes. This means that upon receiving your objection, we will no longer process your data for these purposes.

Processing Based on Legitimate Interests

If we process your personal data based on our legitimate interests or those of a third party, you have the right to object to this processing. However, we may continue to process your data if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defence of legal claims.

Scientific or Historical Research and Statistics

You may also object to the processing of your personal data for scientific or historical research purposes or statistical purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest.

  1. Right to erasure

You have the right to erase your personal data in certain circumstances. On this basis, you can request us to stop using your personal data if you no longer wish to be in contact with us. However, we may keep some personal data that is necessary to provide evidence.

Pursuant to your right to delete data, you also have the right to ask us to stop using the personal data we process on the basis of your consent or our legitimate interest, at any time. We may continue to process your personal data for legitimate reasons after weighing up your interests and ours, unless you decide to terminate the relationship with us.

  1. Right to portability of your data

You may ask us to send you the personal data we process on the basis of your consent or because it is necessary for us to supply the requested products or services, in a structured, current and digital form, so that you can store it for your personal use or reuse, or ask us to send this personal data directly to another data processor, if this is technically possible for us.

  1. How to exercise your rights 

All these rights may be exercised by sending an e-mail to privacy_be@econocom.com. We undertake to respond to your request within one (1) month of receipt of the e-mail. In certain special cases, we may need more time to examine your request and may require a further two (2) months. We will inform you accordingly if this is the case.

However, please note that it may not always be possible to fulfil a data subject's request or to fulfil it free of charges.

If your concerns are not resolved, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, your place of work or the place of the alleged infringement, if the data subject considers that the processing of his or her personal data is in breach of data protection legislation. We encourage you to contact us in the first instance. However, insofar as this right applies to you, you have the right to complain directly to the supervisory authority: the Belgian Data Protection Authority at www.dataprotectionauthority.be - Rue de la Presse 35 - 1000 Brussels - Tel: +32 2 274 48 00.

  1. Data Security 

Econocom takes the security of personal data very seriously. In accordance with Article 32 of the General Data Protection Regulation (GDPR), we implement appropriate technical and organisational measures to ensure a level of security that is proportionate to the risks associated with our processing activities. These measures are designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, and any other form of unlawful processing.

All security controls and procedures are established within Econocom’s Information Security Management System (ISMS), which is aligned with the international standard ISO/IEC 27001. This ISMS provides a structured framework for continuously assessing and managing information security risks, ensuring data confidentiality, integrity, availability and traceability, and promoting a culture of ongoing improvement across the organisation. It also defines clear responsibilities and governance structures to ensure that all employees and external partners comply with Econocom’s security requirements.

To protect personal data, Econocom applies strong access control mechanisms, encryption and pseudonymisation where appropriate, secure data hosting and transfer protocols, continuous monitoring of systems and vulnerabilities, and well-established incident management and business continuity procedures. Regular audits, employee training and awareness programmes are conducted to maintain a high level of security awareness and compliance throughout the organisation.

All third-party processors and service providers acting on behalf of Econocom are contractually required to implement security measures equivalent to those defined within our ISMS framework and to comply with applicable data protection legislation.

In the event of a personal data breach, Econocom follows its incident response and notification procedures in full compliance with Articles 33 and 34 of the GDPR. This ensures that the competent supervisory authority, and where necessary the affected individuals, are informed without undue delay and that corrective measures are promptly implemented.

  1. Cookies and the Website

Econocom uses cookies and similar technologies to collect information about your browsing activity. A cookie is a small data file stored on your device’s hard drive. This standard technology allows us to remember certain details about your visit — such as your language preference, pages visited, session duration, or login information — to help personalise and enhance your experience on our website.

Some cookies are essential for the proper technical functioning of the site. Others are used to remember your preferences (for example, the language selected during a previous visit) or to analyse how visitors use the Website, so that we can improve its quality, performance, and content. Certain cookies may also be installed by third parties under their own responsibility (for example, analytics or advertising providers).

Econocom respects your right to privacy and to control your personal data. Your consent for the use of non-essential cookies is collected via our cookie banner, which appears upon your first visit to the Website. You can modify your preferences or withdraw your consent at any time by accessing the cookie settings available through this banner.

Alternatively, you may adjust your browser settings (e.g. Firefox, Safari, Edge, Chrome) to block or filter cookies. However, please note that doing so may affect the proper functioning of certain features or prevent Econocom from remembering your browsing preferences. You will find more information about our Cookies Policy on the Website.

  1. Social Networks

Econocom uses social network (Meta, LinkedIn, Facebook, X, etc.) to pass on information to you. You can also use this channel to contact Econocom. Econocom will then use your data to answer your question, respond to your comment or deal with your complaint.

The general terms and conditions of the providers of these social networks apply. By using these services, you accept these conditions. You will find more information on their platforms about the way these service-providers use your data. Econocom is not responsible for the processing of your personal data by these service-providers.