Privacy Policy

Craftcode attaches great importance to your privacy and to handling your personal data with care. In this privacy policy we therefore do our utmost to explain to you, in clear and plain language, which personal data we collect from you, what we use them for, and what your rights are in this regard.

This version of the privacy policy (version: 2024.01) is dated 26-04-2024.

1. Table of contents

• Table of contents
• Who are we?
• Scope
• Why and how do we process your personal data?
  • 4.1 Use of our website
  • 4.2 Contact via the website
  • 4.3 Management of customer relationships (incl. prospecting new customers)
  • 4.4 Organisation of events
  • 4.5 Recruitment and selection
  • 4.6 Management of supplier relationships (incl. prospecting new suppliers)
  • 4.7 Sending out the satisfaction survey
• Sharing personal data with third parties
• Transferring personal data outside the EEA
• How long do we keep your personal data?
• Automated individual decision-making
• What are your rights and how can you exercise them?
  • 9.1 Right of access
  • 9.2 Right to rectification
  • 9.3 Right to restriction of processing
  • 9.4 Right to data portability
  • 9.5 Right to object
  • 9.6 Right to erasure (right to be forgotten)
  • 9.7 Right to withdraw your consent
  • 9.8 Right to object to the processing of your personal data in automated individual decision-making
• Whom can I contact with further questions or complaints about privacy?
• Changes to the privacy policy

2. Who are we?

“We”, “us” or “our” means Craftcode, with registered office at Prins Boudewijnlaan 43 box 7, 2650 Edegem and with company number 0822.025.609 (Contribute NV).

If you have any questions, comments or complaints regarding this privacy policy or the processing of your personal data, or if you wish to exercise one of your rights, please contact us in one of the following ways:

• By e-mail: to dpo@fieldside.be, for the attention of the Data Protection Officer;
• By post: to Prins Boudewijnlaan 43 box 7, 2650 Edegem, for the attention of the Data Protection Officer.

3. Scope

This privacy policy applies to this website, our direct marketing activities and the general organisation of Craftcode.

4. Why and how do we process your personal data?

When you visit our website and/or are in contact with us, certain personal data may be processed. Below you will find more information about the various processing activities that may apply to you.

4.1 Use of our website

When you visit our website, we may process personal data using online techniques such as cookies, trackers, scripts and similar technologies (hereinafter “cookies”). These may be (1) essential cookies that are strictly necessary to send a message via an electronic communications network, to ensure the security of our website, or to store information on the provision of a service explicitly requested by you; (2) functional cookies that further shape your use of our website; (3) analytical cookies to measure and analyse your use of our website; (4) marketing cookies to provide you with (personalised) advertisements; and (5) other third-party cookies that we allow on our website.

You can find more information about this in our cookie policy.

4.2 Contact via the website

Consent – Contact forms are available on our website for getting in touch with us. You can also reach us at any time by e-mail or telephone. We process this personal data in order to handle your contact request, but we have no insight into or control over any other personal data that you communicate to us via the open input fields. We ask you not to share any confidential or sensitive data here.

This processing takes place on the basis of your consent. Please note that you can withdraw it at any time. Such withdrawal does not affect the lawfulness of processing carried out before the withdrawal of your consent.

• Which personal data do we process?
  • Identification and contact details
  • Other data possibly volunteered in the contact form:
    • Profession-related data
    • Personal particulars
• How do we obtain this personal data? Directly from you when filling in our contact form.
• How long do we keep them? Up to 1 year after handling the contact request, plus the archiving period for the related communication (such as e-mails).
• With whom can we share this personal data (other than affiliated and associated companies)? Processors (such as our hosting partner) that we engage in the context of our website, contact handling or relationship management.
• Does this activity involve automated individual decision-making? No.
• Does this activity involve a transfer outside the EEA? No.

4.3 Management of customer relationships (incl. prospecting new customers)

Legitimate interest – Craftcode is constantly looking for new customers, actively making new contacts for this purpose, and building relationships with existing customers. In that context, your personal data are processed (e.g. to invite you to other forms of communication, to an event, etc.).

This processing takes place on the basis of Craftcode’s legitimate interest. You can object to it at any time, in accordance with the conditions described under “Right to object” in the chapter “What are your rights and how can you exercise them”.

• Which personal data do we process?
  • Identification and contact details
  • Other data that may have come up during further contacts:
    • Profession-related data
    • Leisure activities and interests
    • Personal particulars
• How do we obtain this personal data? Directly from you through relationship management.
• How long do we keep them? Up to 7 years after the conclusion of the last assignment or contact.
• With whom can we share this personal data (other than affiliated and associated companies)? Processors (such as our CRM platform) that we engage in the context of our website, contact handling or relationship management.
• Does this activity involve automated individual decision-making? No.
• Does this activity involve a transfer outside the EEA? No.

4.4 Organisation of events

Consent – When you register for one of our events, personal data are processed in order to handle your registration and to organise the event.

This processing takes place on the basis of your consent. You may withdraw the consent given at any time, without prejudice to the lawfulness of the data processing up to the moment of withdrawal. In concrete terms, this means that your consent remains valid for all earlier events in which you already participated, but that going forward you will no longer be invited to events.

• Which personal data do we process?
  • Identification and contact details
  • Other data that may be volunteered:
    • Profession-related data
    • Leisure activities and interests
    • Personal particulars
    • Allergies or dietary requirements
    • …
• How do we obtain this personal data? Directly from you upon registration.
• How long do we keep them? We keep the personal data about your participation for up to 1 year after the event has taken place.
• With whom can we share this personal data (other than affiliated and associated companies)? Processors (such as event companies, catering, etc.) that we engage to help organise and shape the event.
• Does this activity involve automated individual decision-making? No.
• Does this activity involve a transfer outside the EEA? No.

4.5 Recruitment and selection

When you apply (spontaneously) for a position at Craftcode, Craftcode processes personal data about you. We do this in the context of recruiting and selecting employees for open or future vacancies. This processing (including the creation of a recruitment reserve) takes place on the basis of your consent. You may withdraw the consent given at any time, without prejudice to the lawfulness of the data processing up to the moment of withdrawal.

When Craftcode actively recruits, Craftcode processes personal data about you. This is done solely on the basis of data that are publicly available about you (e.g. on platforms such as LinkedIn and Google) or data that have been provided to us by third parties. This processing takes place on the basis of Craftcode’s legitimate interest. You can object to it at any time, in accordance with the conditions described under “Right to object” in the chapter “What are your rights and how can you exercise them”.

Finally, we point out that we rely on our legitimate interest to pass on your personal data, in the context of our recruitment process, to the companies affiliated and associated with us within the Fieldside cluster. We do this with a view to finding a suitable assignment for you. You can object to this at any time, in accordance with the conditions described under “Right to object” in the chapter “What are your rights and how can you exercise them”.

• Which personal data do we process?
  • Identification and contact details
  • Other data that may be mentioned on your CV:
    • Personal characteristics
    • Social contacts
    • Psychological data (e.g. a description of your personality or character)
    • Family composition
    • Leisure activities and interests
    • Academic curriculum
    • Professional competence
    • Professional experience
    • Membership of/participation in professional organisations
    • Current position
    • Career
    • Business management data (e.g. (partial) disability)
    • Current salary
    • Current extralegal benefits
    • …
• How do we obtain this personal data?
  • (Spontaneous) application: directly from you when you apply
  • Active recruitment: via third parties such as public platforms or intermediaries
• How long do we keep them?
  • For unsuccessful candidates: we keep the personal data about your application for up to 1 year after the application.
  • For candidates within our recruitment reserve: as long as consent is not withdrawn and up to a maximum of 3 years after the application.
• With whom can we share this personal data (other than affiliated and associated companies)? Processors (such as recruitment agencies) that we engage to recruit and select.
• Does this activity involve automated individual decision-making? No.
• Does this activity involve a transfer outside the EEA? No.

4.6 Management of supplier relationships (incl. prospecting new suppliers)

Legitimate interest – Craftcode works together with suppliers, actively makes new contacts for this purpose, and builds relationships with existing suppliers. In that context, personal data of employees at our suppliers (e.g. account managers) are processed.

This processing takes place on the basis of Craftcode’s legitimate interest. You can object to it at any time, in accordance with the conditions described under “Right to object” in the chapter “What are your rights and how can you exercise them”.

• Which personal data do we process?
  • Identification and contact details
  • Other data that may have come up during further contacts:
    • Profession-related data
    • Leisure activities and interests
    • Personal particulars
• How do we obtain this personal data? Directly from you through relationship management.
• How long do we keep them? Up to 7 years after the conclusion of the last assignment or contact.
• With whom can we share this personal data (other than affiliated and associated companies)? Processors (such as our CRM platform) that we engage in the context of relationship management.
• Does this activity involve automated individual decision-making? No.
• Does this activity involve a transfer outside the EEA? No.

4.7 Sending out the satisfaction survey

Every year, Craftcode sends out a satisfaction survey to its active customers in the context of optimising the services provided.

Legitimate interest – The contact details of the contact person at the customers are collected by Craftcode and, where necessary, shared with other affiliated and associated companies in line with the contractual arrangements with the customer. This processing falls within the management of customer relationships (see 4.3) and takes place on the basis of Craftcode’s legitimate interest.

Consent – We process the feedback received from this satisfaction survey in the context of the general improvement of our services and the strengthening of the customer relationship. Craftcode relies on the free consent of the contact person when receiving feedback through this channel. Any actions resulting from this are therefore of a logical nature and will not be reversed in the event of withdrawal of consent, unless otherwise agreed.

• Which personal data do we process?
  • Identification and contact details
  • Other data that may be volunteered in the satisfaction survey:
    • Profession-related data
    • Personal particulars
    • …
• How do we obtain this personal data? Directly from the customer when filling in the satisfaction survey.
• How long do we keep them? Up to 7 years from the end of the customer relationship (end of the last active contract).
• With whom can we share this personal data (other than affiliated and associated companies)? Processors (such as our CRM platform) that we engage in the context of relationship management.
• Does this activity involve automated individual decision-making? No.
• Does this activity involve a transfer outside the EEA? No.

5. Sharing personal data with third parties

When you visit our website or, as a customer, make use of our products and services, we may, in that context, engage third parties such as partners, affiliated and associated companies and suppliers, to whom we pass on your personal data. These third parties help us to deliver, support and develop our products and services and to gain insight into their use, and they provide services such as hosting, customer and technical support, marketing, analytics, content delivery and/or processing online payments.

In addition, in the context of a reorganisation, restructuring, merger, sale or other transfer of business assets, it is possible that we share data (including personal data) with third parties. We share the information you have provided, the information automatically collected and information from others with these third parties to the extent necessary to enable them to provide their services or support. For each of the activities described above, we indicate per activity with which categories of third parties, other than affiliated and associated companies, we share your personal data.

Furthermore, we may have to provide access to your data or pass on your data on the basis of a legal obligation. This may be to authorities, government bodies or other third parties.

Finally, we may also pass on your data if this proves necessary in the context of your vital interest.

6. Transferring personal data outside the EEA

Craftcode always tries to limit the transfer of personal data to third parties outside the European Economic Area (hereinafter: “EEA”).

If this should nevertheless be the case, we will, in such a situation, ensure as quickly as possible that this transfer is brought into line with the GDPR (e.g. through the existence of an adequacy decision in the country concerned, the implementation of an appropriate alternative, where applicable supplementary measures, etc.).

For specific transfers, please refer to the chapter “Why and how do we process your personal data?“.

7. How long do we keep your personal data?

We do not keep your personal data for longer than is strictly necessary to achieve the purposes for which the personal data were collected, or as required by the legal obligation imposed on us. For specific retention periods, please refer to the chapter “Why and how do we process your personal data?“.

8. Automated individual decision-making

European data protection legislation (GDPR) imposes certain conditions on organisations when they take decisions about individuals based solely on processing that is fully automated, including profiling, and where these decisions have legal effects or other significant consequences. Craftcode does not engage in this type of decision-making.

9. What are your rights and how can you exercise them?

Craftcode considers it important that you always retain control over the processing of your personal data. Below you will find more information about the various rights you have and may invoke regarding the processing of your personal data:

Depending on the processing and the legal basis for that processing, certain conditions or limitations may apply to the exercise of the rights described below.

To exercise the above rights, or for information about them, you can contact dpo@fieldside.be. We will then provide further information if specific arrangements apply to your request. We may also ask for additional information to verify your identity, so that your personal data are not wrongly deleted or shared with someone who has no right to them. We endeavour to respond without undue delay, and in any event within one month of receipt of your request. If we cannot respond within one month and wish to extend the deadline, or if we will not act on your request, we will notify you accordingly.

9.1 Right of access

Where we process your personal data, you have the right to access your personal data, as well as certain additional information as described in this privacy policy. You have the right to receive a copy from us of the personal data we hold, provided that this does not adversely affect the rights and freedoms of others. The first copy will be provided free of charge, but in the event of repeated requests we reserve the right to charge a reasonable fee.

9.2 Right to rectification

If the personal data we hold about you are inaccurate or incomplete, you have the right to have this information corrected or, having regard to the purposes of the processing, completed.

9.3 Right to restriction of processing

You have the right to have the processing of your personal data restricted. This means that the personal data may only be stored by us and used only for limited purposes. This right applies in any of the following situations:

• You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
• The processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead;
• We no longer need your personal data for the processing purposes described above, but you require them for the establishment, exercise or defence of legal claims; or
• You have objected to processing and are asking us to restrict processing pending verification as to whether our interests override yours.

In addition to our right to store your personal data, we may still process them, but only:

• With your consent;
• For the establishment, exercise or defence of legal claims;
• For the protection of the rights of another natural or legal person; or
• For reasons of public interest.

Before we lift the restriction on the processing of your personal data, you will be informed accordingly.

9.4 Right to data portability

If the processing of your personal data is based on your consent, and the processing is carried out by automated means, you have the right to receive a copy of your personal data in a structured, commonly used and machine-readable form. You also have the right, where technically feasible, to have your personal data transmitted directly by us to a third party. This right does not apply where it would adversely affect the rights and freedoms of others.

9.5 Right to object

You have the right to object to the processing of your personal data in the activities described above. In the latter case, this is only possible if the activity relates to (1) the performance of a task carried out in the public interest or in the exercise of official authority vested in us, or (2) the pursuit of our legitimate interests or those of a third party.

If you object to the processing of your personal data, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms.

Where your personal data are processed for direct marketing purposes, regardless of whether this is initial or further processing, you have the right at any time and free of charge to object to such processing, including profiling to the extent that it is related to such direct marketing. If you raise such an objection, we will stop processing your personal data for that purpose.

9.6 Right to erasure (right to be forgotten)

You have the right to ask us to erase your personal data. This means that the personal data must be deleted by us without undue delay. This right applies in any of the following situations:

• The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• You withdraw the consent on which the processing is based, and there is no other legal basis for the processing of your personal data;
• Your personal data have been processed unlawfully;
• The erasure of your personal data is necessary to comply with European or Belgian law.

If you ask us to erase your personal data, we will do so unless one of the following situations (exceptions) applies:

• The processing is part of exercising the right to freedom of expression and information;
• Erasure is not appropriate for reasons of public interest in the area of public health;
• Erasure is not appropriate in view of the need for archiving in the public interest, or for statistical purposes;
• There is a legal obligation to retain the data; or
• Erasure is not appropriate in view of the establishment, exercise or defence of legal claims.

9.7 Right to withdraw your consent

Where you have given consent for a particular processing of your personal data, you may withdraw it at any time. We aim to make withdrawing your consent as easy as possible, and as far as possible just as easy as giving consent.

9.8 Right to object to the processing of your personal data in automated individual decision-making

Where your personal data are used in the context of automated individual decision-making and where such decisions have legal effects or other significant consequences, you may ask us not to use your data any longer. If you object to such processing, we will stop or restrict the processing, unless there are compelling reasons to continue.

10. Whom can I contact with further questions or complaints about privacy?

If, after reading this privacy policy, you have any further questions or comments regarding the collection and processing of your personal data, you can contact us at the following e-mail address: dpo@fieldside.be.

You also have the right to address any comments or complaints to the supervisory authority responsible for data protection. You can do this in the EU Member State where you reside, where you work, or where the alleged infringement has taken place. In Belgium, you can lodge a complaint with the Data Protection Authority:

Data Protection Authority
Drukpersstraat 35, 1000 Brussels
+32 (0)2 274 48 00
www.gegevensbeschermingsautoriteit.be/burger/acties/klacht-indienen
www.gegevensbeschermingsautoriteit.be

Because we attach great importance to our mutual relationship, we kindly ask you to always contact us first, so that we can work out a solution to the underlying cause of your complaint.

11. Changes to the privacy policy

Our organisation, and therefore our website too, are a dynamic and innovative environment. This privacy policy may be amended if our services or applicable legislation so require. This means that we are continuously looking for better service tailored to you. New applications may be introduced under which we collect or process your personal data in a different way. We will of course inform you in the event of significant changes to this privacy policy, and we will request your consent where necessary.