Personal data protection

1. Information & RGPD
SHYFTER SA, hereinafter referred to as SHYFTER, is a company active in the HR and planning management sector offering a service involving the processing of personal data on behalf of another organization (company, enterprise and/or firm). Our services are used to collect information for commercial and marketing purposes by the organization itself and/or by SHYFTER at the request of the organization, in accordance with the GTC (General Terms and Conditions of Sale) included in the commercial contract between us and the organization. However, our most valuable asset is the trust of our customers.

The protection of customer data and its use in accordance with their expectations are of the highest priority for us. For this reason, the following data protection notices have been prepared to inform you about the processing of your personal data and your rights with respect to such processing in accordance with the General Data Protection Regulation (“GDPR”) and additional data protection laws.

2. Data Protection Officer
The personal data you share with us, directly or indirectly, explicitly or automatically, are collected and processed by: SHYFTER SA – Responsible for data protection – Rue des Palais 44 1030 Brussels, VAT BE 0720.922.212. You can contact our data protection officer at any time via the contact details above or by e-mail: rgpd@shyfter.co

3. Processing of your data by SHYFTER
As a subcontractor, SHYFTER undertakes to respect the obligations of the subcontractor to protect the security and confidentiality of the data and that the use of your data will only be carried out on the instructions of the data controller, i.e. the organization (company, enterprise and/or firm) using our services under commercial contract. SHYFTER undertakes to provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of this European Regulation (Article 28) and guarantees the protection of the data subject’s rights.

Any organization responsible for processing through our services, has its own General Data Protection Regulation (“GDPR”). SHYFTER invites you to contact the organization directly to learn more.

By using our services, the contracted organization agrees to our RGPD privacy policy. We reserve the right, at our sole discretion, to change, add or remove portions of this policy at any time.

3.1 What data is collected and processed by SHYFTER?
SHYFTER collects and processes the following categories of personal data through its services:- Identification and contact data, such as your last name, first name, postal address, e-mail address, language preference, gender, date of birth, telephone and/or mobile phone number, photo or other data requested by the customer.Shyfter will in principle refrain from processing sensitive data (special categories of personal data such as your religious beliefs). Translated with www.DeepL.com/Translator (free version) Should this be the case in exceptional cases, your explicit consent will be requested in each case.

3.1.1 HOW DOES SHYFTER OBTAIN THESE DATA?
By registering the customer.

– Via the contact form on our website

You can use the contact form on our website (https://wordpress-911030-3162549.cloudwaysapps.com/en/contact/) to contact us for all your questions. The personal data you have entered on the contact form will only be processed for the purpose of responding to your request and only if you have given your consent to the processing of the data.

– Through the use of our services

Shyfter collects and processes your personal data via services. Our services are made available to organizations (companies, enterprises and/or firms) for which you have given your consent and which will use your data for commercial and marketing purposes.
When using our services with our customers, you may be asked for your data on the basis of your identity card, this information will be added to our database.
By providing your ID, you agree to our RGPD privacy policy and you authorize us to use your private data in connection with our various services. Your data may be used for sending mailings and/or sms.

– Via the contracted organization

Any information or data already available to the contracted organization may be added to our database.
For all photos taken on the physical sites of our customers, when you look at the lens, you give your agreement to the same customer and / or these partners for the use of this photo on the various digital media or handwritten.

3.1.2 WHY DOES SHYFTER PROCESS THIS DATA?
We will process personal data that we collect on behalf of another organization (company, business and/or firm) for the purpose of entering into and fulfilling a contract and to activate your account.

Shyfter collects, stores and processes personal data:

– Comments, suggestions or other information.

(i) to provide you with the products and services for which you have registered (such as scheduling, contract management, …) and to provide customer administration and problem management in this regard;
(ii) to inform you via e-mail or other channels about products and services, including actions and promotions, that our customers offer or that are offered by business partners of those same customers (in the latter case, only with your consent);
(iii) to enable Shyfter and/or its customers to tailor their communications and products and services to your preferences and to provide you with tailored information, based, among other things, on your availability;
(iv) to respond to your comments and/or questions regarding the use of our products or services;
(v) to track customer satisfaction;
(vi) to help ensure the safety of our customers and employees (via a security system);
(vii) to meet our legal obligations, including accounting and tax requirements;
(viii) for the purpose of (general) market research and analysis of the functioning and use of the website and mobile applications.

The processing operations for the purposes mentioned in points (i), (iv) and (vii) are necessary for the conclusion or performance of our contract with the customer.
The processing for the purposes mentioned in points (ii), (iii), (v) and (vi) above are necessary for our legitimate interests to improve and promote our products and services, as well as to ensure a personalized experience for our customers.

Shyfter may use your personal data to contact you directly, by post, by telephone or electronically (e.g. by e-mail or SMS). In case of communication by e-mail, you will always have the possibility to “unsubscribe”.

4. How long does Shyfter keep personal data?
SHYFTER keeps your personal data only for as long as is necessary for the purposes described above and for the commercial contract established with the organization. The provision of data is necessary for us to enter into a contract with our customers and to process your registration as a customer with them.

Thus, the information is in principle only kept for the duration of the commercial contract between us and the customer. In this way, we prevent information that has become obsolete from being retained. We retain certain data for a period of 10 years, but only for evidentiary purposes in the event of litigation or in order to be able to respond to a legal request from a public authority.

At the end of the applicable retention period, the data will be deleted or made anonymous.

5. Does SHYFTER transfer personal data?
SHYFTER through its services collects information on behalf of another organization (company, business and/or firm). According to the GTC (General Terms and Conditions) – “7. Database: The database generated by SHYFTER and its services will be made available exclusively to the signatory of the contract, who will be solely responsible for it.

We share the personal data you have explicitly communicated to us and other non-automated data only with other parties if we have obtained your explicit consent to do so, unless we are required to do so by a legal provision, a request from a public authority or a court order

As a matter of principle, your personal data is not processed outside the European Union and we ensure as much as possible that our “subcontractors” also respect this principle. If, in exceptional cases, they still process your personal data outside the EU, we will ensure, through contractual or other measures, that this data receives an adequate level of protection comparable to the level of protection applied within the EU.

6. Your rights regarding your personal data
As a data subject, you can contact our data protection officer at any time by means of an informal notification via the contact details listed above (2. Data Protection Officer) in order to exercise your rights according to the GDPR.

These rights are as follows:

The right to obtain information about the data processing and a copy of the processed data (right of access, Art. 15 GDPR),
The right to demand rectification of incorrect data or to complete incomplete data (right of rectification, Art. 16 GDPR),
The right to demand the erasure of personal data and, in case the personal data has been made public, the obligation to inform other data controllers about the erasure request (right to erasure, Art. 17 GDPR),
The right to demand the restriction of data processing (right to restrict processing, Art. 18 GDPR),
The right to obtain personal data about the data subject in a structured, widely used and computer-readable format and to request the transmission of such data to another data controller (right to data portability, Art. 20 GDPR),
The right to object to the processing of data with the aim of terminating it (right of objection, Art. 21 GDPR),
The right to withdraw a granted consent and to terminate data processing based on your consent at any time. Withdrawal will not affect the lawfulness of the processing based on the consent prior to the withdrawal (right to withdraw consent, Art. 7 GDPR).
The right to lodge a complaint with a supervisory authority if you believe that the data processing constitutes a breach of the GDPR (right to lodge a complaint with a supervisory authority, Art. 77 GDPR).