PRIVACY POLICY

1. Object

This Policy is issued by the company TAS-tms NV whose registered office is located at TER WAARDE 73, 8900 IEPER, BELGIUM.

Hereinafter referred to as the “data controller”.

The purpose of this policy is to inform visitors of the website https://www.tas-tms.com/ (hereinafter referred to as “the website”) of the way in which data is collected and processed by the data controller.

This policy is part of the data controller’s desire to act transparently, in compliance with national provisions and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

(Hereinafter referred to as the “General Data Protection Regulation” or GDPR).

The data controller pays particular attention to the protection of the privacy of data subjects and therefore undertakes to take reasonable precautions to protect the personal data collected against loss, theft, disclosure or unauthorised use.

“Personal data” is defined as all personal data relating to the user of the website (hereinafter referred to as “the data subject”), i.e., any information that directly or indirectly identifies him or her as a natural person.

If the data subject wishes to react to any of the practices described below, he or she may contact the data controller at the postal address or email address specified in the “contact data” section of this Policy.

2. What data do we collect?

The data controller collects and processes the following personal data about data subjects in accordance with the procedures and principles described below:

  • IP address;
  • Data collected via contact forms;
  • All information concerning the pages that the data subject has consulted on the website.

The data controller may also collect non-personal data. These data are qualified as non-personal data because they do not make it possible to identify a specific person directly or indirectly. It may therefore be used for any purpose, for example to improve the website, the products and services offered or the advertising of the controller.

In the event that non-personal data are combined with personal data in such a way that identification of the data subjects is possible, such data will be treated as personal data until such time as it is impossible to link them to a specific person.

3. Methods of collection/processing

The data controller may process personal data in the following ways:

  • Contact forms;
  • Cookies.

    4. Categories of data collected, purposes, legal basis for processing and retention period

    Personal data are collected and processed only for the purposes mentioned below:

    Processing Categories of personal data Purposes Legal base Data retention period
    General contact form

    Name

    First name

    Company name

    Content of the message

    Email address

    Phone number

    Responding to data subjects’ queries. The legal basis of the processing is the pursuit of the Data Controller’s legitimate interest in providing follow-up to Internet users.

    – 3 years from the last contact with the data subject.

    – Mandatory request by the data subject to extend the retention period of the collected data by 3 years.

    Support contact form

    Name

    First name

    Company name

    Content of the message

    Email address

    Phone number

    Providing assistance to prospects and existing customers. The legal basis of the processing is the pursuit of the Data Controller’s legitimate interest in providing assistance to prospects and the performance of a contract for the assistance to existing customers.

    – 3 years from the last contact with the data subject.

    – Mandatory request by the data subject to extend the retention period of the collected data by 3 years.

    Cookies IP and connection data

    – ensuring the functioning of the website

    – audience analysis

    – advertising purposes

    The legal base of the processing is the pursuit of the Data Controller’s legitimate interest in ensuring the functioning of the website as well as consent for other cookies.  

    The data controller may carry out processing operations that are not yet provided for in this Policy. In this case, it will contact the data subject before re-using his/her personal data, in order to inform him/her of the changes and give him/her the possibility, if necessary, to refuse such re-use.

    5. Recipients of the data and disclosure to third parties

    Internal recipients:

    The recipients of the data are only the personnel authorised by the data controller, in charge of marketing, sales and support.

    External recipients: 

    Third parties Transmitted data
    Bluehost (website host) All the data on the website.

    Bluehost is a hosting company located in the United States and it can have access as a data processor to the data stored on the TAS TMS website. For transfers of personal information outside of the EEA, such transfers will be pursuant to the relevant European Commission’s Standard Contractual Clauses for the Transfer of Personal Data to Third Countries (“SCCs”). Bluehost can therefore legitimately receive data from the EU.

    In the event that personal data is disclosed to third parties for direct marketing or business development purposes, the data subject will be informed in advance so that he or she can choose to accept the transfer of his or her data to third parties. Where such transfer is based on the consent of the data subject, the data subject may withdraw his or her consent at any time for that specific purpose.

    The data controller complies with the legal and regulatory provisions in force and will ensure in all cases that its partners, employees, subcontractors or other third parties with access to this personal data comply with this Policy.

    The data controller discloses the personal data of the data subject in the event that a law, legal proceedings or an order from a public authority makes such disclosure necessary.

    6. Application of rights

    The data controller reserves the right to verify the identity of the data subject for the application of the rights set out below.

    This request for additional information will be made within one month of the data subject making the request.

    7. Access to data and copy

    The data subject may obtain free of charge written communication or a copy of the personal data concerning him or her that have been collected.

    The controller may charge a reasonable fee based on administrative costs for any additional copies requested by the data subject.

    Where the data subject makes such a request electronically, the information shall be provided in a commonly used electronic form, unless the data subject requests otherwise.

    Unless otherwise provided for in the GDPR, the copy of his/her data will be communicated to the data subject at the latest within one month after receipt of the request.

    8. Right to withdraw consent

    For all processing operations based on consent, in this case cookies and newsletter subscription, the data subject has the right to withdraw consent at any time.

    9. Right of rectification

    The data subject may obtain, free of charge, as soon as possible and at the latest within one month, the rectification of personal data that are inaccurate, incomplete or irrelevant, as well as the completion of such data if they are found to be incomplete.

     Unless otherwise provided for by the GDPR, the request for application of the right to rectification shall be processed within one month of its submission.

    10. Right to object to processing

    The data subject may at any time, on grounds relating to his or her particular situation, object free of charge to the processing of his or her personal data, except where:

    • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail (in particular where the data subject is a child).

    The controller may refuse to implement the data subject’s right of objection where it establishes compelling legitimate grounds for the processing which override the interests or rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. In the event of a dispute, the data subject may lodge a complaint in accordance with the “Complaints” section of this Policy.

    The data subject may also, at any time, object, without justification and free of charge, to the processing of personal data concerning him or her when his or her data are collected for the purpose of commercial prospecting (including profiling).

    Where personal data are processed for scientific or historical research or statistical purposes in accordance with the GDPR, the data subject shall have the right to object on grounds relating to his or her particular situation to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out in the public interest.

    Save as otherwise provided for in the GDPR, the controller is obliged to reply to the data subject’s request as soon as possible and at the latest within one month, and to give reasons for its reply if it intends not to comply with such a request.

    11. Right to restriction of processing

    The data subject may obtain the restriction of the processing of his/her personal data in the cases listed below:

    • Where the data subject contests the accuracy of a data item and only for as long as it takes for the controller to check it;
    • Where the processing is unlawful and the data subject prefers restriction of processing to erasure;
    • Where, although no longer necessary for the purposes of the processing, the data subject needs it for the establishment, exercise or defence of legal claims;
    • For the time necessary to examine the merits of a request for objection made by the data subject, in other words for the time necessary for the controller to check the balance of interests between the legitimate interests of the controller and those of the data subject.

     The controller will inform the data subject when the restriction on processing is lifted.

     

    12. Right to erasure (right to be forgotten)

    The data subject may obtain the erasure of personal data concerning him or her, where one of the following grounds applies:

    • The data are no longer necessary for the purposes of the processing;
    • The data subject has withdrawn his or her consent to the processing of his or her data and there is no other legal basis for the processing;
    • The data subject objects to the processing and there is no compelling legitimate reason for the processing and/or the data subject exercises his/her specific right to object in relation to direct marketing (including profiling);
    • The personal data have been processed unlawfully;
    • Personal data must be erased in order to comply with a legal obligation (of Union or Member State law) to which the controller is subject;
    • Personal data have been collected in the context of the provision of information society services which are addressed to children.

    However, the erasure of data is not applicable in the following cases:

    • Where the processing is necessary for the exercise of the right to freedom of expression and information;
    • Where processing is necessary for compliance with a legal obligation which requires processing under Union law or the law of the Member State to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    • Where the processing is necessary for reasons of public interest in the field of public health;
    • Where the processing is necessary for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes and insofar as the right to erasure is likely to render impossible or seriously compromise the achievement of the purposes of the processing in question;
    • Where the processing is necessary for the establishment, exercise or defence of legal claims.

    Save for the exceptions provided for in the GDPR, the controller is obliged to reply to the data subject’s request as soon as possible and at the latest within one month and to give reasons for its reply where it intends not to comply with such a request.

    13. Right to data portability

    The data subject may at any time request to receive free of charge his/her personal data in a structured, commonly used and machine-readable format, in particular with a view to their transmission to another data controller, where:

    • The data processing is carried out using automated processes; and where
    • The processing is based on the consent of the data subject or on a contract concluded between the data subject and the controller.

    Under the same conditions and in the same way, the data subject shall have the right to obtain from the controller that the personal data concerning him or her be transmitted directly to another personal data controller, insofar as this is technically possible.

    The right to data portability shall not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    14. Security

    The controller shall implement appropriate technical and organisational measures to ensure a level of security of the processing and of the data collected appropriate to the risks presented by the processing and the nature of the data to be protected. It shall take account of the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of data subjects.

    The data controller has put in place appropriate security measures to protect and prevent the loss, misuse or alteration of the information received.

    In the event that personal data under the control of the controller should be compromised, the controller shall act promptly to identify the cause of the breach and take appropriate remedial action.

    The controller shall inform the data subject of the incident if required by law.

    15. Complaints

    If the data subject wishes to respond to any of the practices described in this Policy, he or she is advised to contact the controller directly. The data subject may also lodge a complaint with his/her national supervisory authority.

    In addition, the data subject has the possibility to bring a complaint before the competent national courts.

    16. Contact details

    For any questions and/or complaints relating to this Policy, the data subject may contact the data controller at the following e-mail address: dpo@sinari.fr  

    17. Modification

    The controller reserves the right to change the provisions of this Policy at any time. Changes will be published directly on the website of the controller.

    18. Applicable law and jurisdiction

    This Policy is governed by the national law of the place of the controller’s principal place of business.

    Any dispute relating to the interpretation or execution of this Policy shall be subject to the jurisdiction of that national law.

    This version of the Policy is dated 19/04/2023.