CRESYM commitments – Privacy policy

Article 1 – Scope: what does this privacy notice cover?

This privacy notice provides information regarding the processing of the personal data of any Individual who is:

  • An employee of CRESYM;
  • A representative of a member, in application of CRESYM’s by-laws and internal rules;
  • A representative of a partner of CRESYM, in application of the contract binding CRESYM and the said partner;
  • A visitor of the cresym.eu domain, when browsing it or using its services.

This privacy notice may be completed by any further agreement entered into by CRESYM and the Individual.

This Privacy Notice explains what personal data are processed about the Individual; why CRESYM is processing such personal data and for which purposes; for how long the personal data is hold for; how to access and update one’s own personal data, as well as the Individual’s options regarding her personal data and where to go for further information.

This Privacy Notice complies with the provisions of EU Regulation 2016/679 of 27 April 2016 in force since 25 May 2018 on data protection (“GDPR”).

Article 2 – Collection of information: what personal data does CRESYM process?

CRESYM collects and processes either

  • Private contact information (first name, last name, e-mail address, postal address, phone number) only if necessary, especially when registering to events organised by CRESYM; or
  • Employee file information (first & last name, e-mail address, postal address, resume, pictures, nationality, ID card number, national identification number, tax identification number, bank account details, wage and associated parameters, data compulsorily required by law for registration to social security programs and employment administrations, geolocation required by security reasons) in case the Individual is employed by CRESYM; or
  • Business contact and other information (such as job title, department, name of organisation, alias(es) on CRESYM projects workspaces hosted on external web platforms, and the Individual’s dealings with CRESYM on her behalf or on behalf of the relevant organisation).

With the exception of recruitment and employment processes, CRESYM doesn’t collect the User’s geolocation, nor health data nor bank details. CRESYM does not store any connection-related information (IP address, device ID or unique identifier, etc.)

Article 3 – Purpose: why does CRESYM process personal data?

The personal data covered by this Privacy Notice are only processed either

  • where the Individual and CRESYM concludes a transaction (in a broad meaning, e.g. including the deletion of the Individual’s personal data from CRESYM’s files; or a public event organised by CRESYM and starring the Individual as speaker); or
  • where CRESYM undertakes fraud prevention, audits, investigations, dispute resolution or insurance purposes, litigation and defence of claims involving the Individual; or
  • where it is necessary for CRESYM to comply with a legal obligation; or
  • where it is necessary for the purposes of the legitimate interests pursued by CRESYM or a relevant partner, except where such interests are overridden by the Individual’s interests or fundamental rights and freedoms.

Article 4 – Consent, withdrawal of consent, opposition

The personal data covered by this Privacy Notice are only processed with the Individual’s consent. Th individual’s consent is implicit when she voluntarily provides the personal information to CRESYM.

However, the Individual has the right to withdraw her consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent.

Where the Individual choose not to provide CRESYM with personal information, the only consequence is to limit the Individual’s ability to complete the process where the data is collected or to take advantage from it.

Article 5 – Access: who may access personal data?

The personal data are exclusively processed for one or more purposes referred to above in §3 and will only be shared on a strict need to know basis with staff members and third-parties needing to process, or to know about, them to achieve such purposes.

In particular, CRESYM may share some information with the service providers involved in a transaction (e.g. banks concerned with a payment).

Article 6 – Liability: who is responsible for personal data?

CRESYM is responsible for processing personal data.

CRESYM’s Data Protection Manager is CRESYM’s General Manager (Sébastien Lepy to date).

Article 7 – Security: how safe are personal data?

CRESYM is committed to safeguarding personal data.

CRESYM implements technology, especially encryption, and policies, especially systematic Non-Disclosure Agreements with every contractor, member and partner of CRESYM, with the objective of protecting personal data provided to CRESYM from non-authorised access and improper use.

All personal data provided to CRESYM are stored in Belgium and/or France, where CRESYM’s IT facilities are located.

Article 8 – Duration: how long can CRESYM hold personal data for?

CRESYM only holds every Individual’s personal data for a defined period of time.

For example, CRESYM holds personal data

  • of unsuccessful Applicants no longer than two years after the recruitment process or assessment has completed;
  • of employees for 3 years after the end of their work contract;
  • of participants to R&D projects or event for 3 years after their last interaction with CRESYM.

Information may be held for (i) a longer period of time where there is a legal or regulatory reason to do so (in which case it will be deleted once no longer required for the legal or regulatory purpose); or (ii) a shorter period where the individual objects to the processing of their personal data and there is no longer a legitimate business purpose to retain it.

Article 9 – Rights: how long can CRESYM hold personal data for?

CRESYM aims at keeping information as accurate as possible. Any Individual can request:

  • access to her personal data;
  • correction or deletion of her personal data (but only where it is no longer required for a legitimate business purpose such as completing a retail transaction);
  • no longer to receive news about CRESYM events, projects, etc.;
  • to restrict the processing of her personal data (provided it is not required by law); and/or
  • to receive the personal data provided and stored by CRESYM, in a structured, digital form, if this is technically feasible;

Any request or complaint shall be sent to: info@cresym.eu.

Article 10 – Cookies & similar technologies

CRESYM may implement cookies to learn how every User interact with its web sites content and to improve the User’s experience when visiting its web sites. By using the Site without deleting or rejecting some or all cookies, an Individual agrees that CRESYM can place those cookies that she has not deleted or rejected on her device.

The Individual can choose to reject or block all or specific types of cookies by clicking on cookie preferences panel popping up when accessing cresym.eu. The Individual may also visit www.allaboutcookies.org for details on how to delete or reject cookies and for further information on cookies generally.

If essential cookies are opposed by the User, CRESYM cannot ensure that the Site will work as smoothly as expected.

Article 11 – Changes to this Privacy Notice

This Privacy Notice may be changed over time.

Individuals are advised to regularly review this Privacy Notice for possible changes.

This Privacy Notice was last updated in December 2022.