Privacy Policy

ENGINE DECK REPAIR NV – Industrieweg 11, 2030 Antwerp, Belgium – RLE Antwerp (div. Antwerp) no. 0467.282.454 – VAT BE0467.282.454 (Hereinafter: ‘EDR’, ‘we’ or ‘us’). As your trust in EDR is paramount, your privacy is essential to us. Among other things, this Privacy Policy (Hereinafter: ‘Privacy Policy’) applies to:

our website https://edr-antwerp.eu/ (Hereinafter: ‘Website’); and
all other commercial relationships between EDR and its customers, potential customers, and business partners.

This Privacy Policy contains information on the personal data that EDR collects and how EDR uses and processes these personal data. EDR wishes to emphasize that it always tries to act in accordance with the ‘Privacy Legislation’, namely:

the Belgian Act of July 30, 2018 on the protection of individuals with regard to the processing of personal data;
Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC; and
other applicable special provisions on data protection.

Visiting the Website, requesting a quotation, filling out the contact form, purchasing any of EDR’s products or services, or communicating with EDR implies your explicit consent to the Privacy Policy (through communicating your personal data or opt-in) and thus to how EDR collects, uses, and processes your personal data. Read this Privacy Policy in conjunction with its version history, the legal disclaimer, general terms and conditions, and cookie policy of EDR.

I. Who processes your data?

The controller of your personal data collected on this Website is the private company Engine Deck Repair, with registered office at Industrieweg 11, 2030 Antwerp (Belgium), listed in the Antwerp Register of Legal Entities, division Antwerp, under number 0467.282.454, VAT BE 0467.282.454. EDR’s contact details are included under Part X.

II. EDR’s processing activities (what types, for what purposes, on what legal grounds, and for how long does EDR collect and process personal data? Are these data transferred to third countries)?

General

Providing certain personal data is sometimes a prerequisite to benefit from certain services (for example, to gain access to certain parts of the Website, to subscribe to newsletters, to participate in certain activities and events, to be able to receive certain goods and services). If EDR’s legitimate interest is the legal basis for processing, as shown in the tables below, EDR will always:

assess the necessity of the processing activity in relation to the purpose of the processing (proportionality test); and
assess whether you, the data subject, could reasonably expect the specific processing operation to take place, so we can estimate the possible effects of the processing operation on your fundamental rights and freedoms.

EDR thus always strives to minimize the impact on your fundamental rights and freedoms as much as possible. We warrant that we will process your personal data on the basis of a legitimate interest only if we are absolutely sure that a balance can be found between your rights and freedoms and our interests. If a balance cannot be guaranteed, EDR:

will no longer process your personal data in that specific situation (for that specific purpose); or
will rely on another legal ground to process your personal data (e.g. consent).

Processing activities concerning the use of the Website

COLLECTION METHOD	PERSONAL DATA	PURPOSES	LEGAL BASIS	RETENTION PERIOD
Filling out the contact form	First name, surname, email address, telephone/cell phone number, preferred contact method, date and time you want to be contacted	Answering questions	Explicit consent	2 year
Cookies on the Website	See cookie policy (*)	Optimizing and personalizing your browsing experience	Explicit consent (consent can be withdrawn at any time for non-essential cookies)	Depends on the type of cookie. Session cookies are deleted immediately after the browser session; other cookies are always placed for a specific period.
Filling out the job application form	First name, surname, email address, telephone/cell phone number, preferred contact method, date and time you want to be contacted, CV and the data it contains	Selecting and recruiting potential new employees	Explicit consent	2 year
Sending newsletter	Email address	Providing information about EDR’s existing and new products and services	Legitimate interest for active customers Explicit consent for non-customers	Until the customer/recipient unsubscribes from the newsletter or raises justified objections
Taking pictures at events	Pictures and all personal data to be derived therefrom	Using them on social media / Website to make our activities visible to the outside world	Consent	Until the person photographed withdraws his consent

(*) For more information on the use of cookies, we refer to the cookie policy available on our Website [hyperlink]. EDR also automatically collects anonymous information regarding your use of the Website. For more info on this, please refer to our Cookie Policy (https://edr-antwerp.eu/cookies-policy/).

EDR’s other processing activities

COLLECTION METHOD	PERSONAL DATA	PURPOSES	LEGAL BASIS	RETENTION PERIOD
Interaction with existing and future business partners	Contact person’s first name, surname, email address, and telephone number	Corresponding by telephone or email, whether or not to answer questions	Performing the contract with EDR or to respond to a question/request before concluding a contract	As long as EDR and the business partner have a business relationship + 1 year after termination. 1 year if no relationship has been established
Interaction with existing and future customers	Contact person’s first name, surname, email address, and telephone number	Corresponding by telephone or email, whether or not to answer questions	Performing the contract with EDR or to respond to a question/request before concluding a contract	As long as EDR and the customer have a business relationship + 1 year after termination. 1 year if no customer relationship has been established
Invoicing / accounting	Contact person: first name, surname, email address, and telephone number, Company: name, address, VAT number, bank account numbers, payment status	Invoicing / accounting	Performing the contract with EDR	10 years (minimum statutory retention period)
Camera surveillance / Access control	Camera images, name, surname picture, date of birth, gender, nationality, time of arrival	Protection of safety and health of employees and protection of the company’s assets	Legitimate interest (camera) / Explicit consent (access)	Never longer than 1 month, except when recorded footage can be used to prove a crime or damage, or to identify an offender, a disorderly person, a witness or a victim.

III. With whom do we share your personal data?

EDR will not disclose your personal data to third parties unless necessary for performing the contract. For this purpose, we may disclose your personal data to, among others, payment providers, financial institutions, software suppliers, cloud partners, transport partners, security firms, external consultants, and EDR’s affiliates within the meaning of Section 1:20 of the Belgian Companies and Associations Code. If EDR has to disclose your personal data to third parties for this purpose, the third party concerned must use your personal data in accordance with the provisions of this Privacy Policy and the data processing-or transfer agreement that will be concluded with this party, if applicable. Besides the above, EDR may disclose your personal data:

to the competent authorities (i) if it is obliged to do so by law or in the context of current or future legal proceedings and (ii) to safeguard and defend its rights;
if it or most of its assets are acquired by a third party, in which case your personal data that EDR has collected will be one of the transferred assets.

Except in the cases mentioned in this article and insofar as necessary to achieve the purposes summarized in this privacy policy, EDR shall not sell, rent out, or transfer your personal data to third parties unless it has (i) obtained your explicit consent for this purpose and (ii) concluded a data processing-or data transfer agreement with the third party concerned that includes the necessary warranties on confidentiality and privacy-complaint tratent of your personal data.

IV. Cross-border processing of personal data

If we transfer your personal data to a recipient located outside the European Economic Area (EEA) and we observe that the level of protection for your personal data offered in that country is not equivalent to the level of protection offered within the EEA, we will take appropriate measures to achieve an equivalent level of protection. These measures may include:

i) concluding an agreement with the recipient containing contractual safeguards to protect your personal data (so-called “standard contractual clauses”); or
ii) in the case of data being transferred to a group company, so-called Binding Corporate Rules; or
iii) providing other appropriate safeguards through any other mechanism under the Privacy Legislation or any other regulation governing the processing of personal data.

V. How long do we retain your personal data?

Unless a longer retention period is required or justified (i) by law or (ii) through complying with any other statutory obligation, EDR will retain your personal data only for the period needed to achieve and fulfill the purposes as described in the tables of this Privacy Policy under title II ‘EDR’s processing activities’.

VI. What are your privacy rights?

You have these privacy rights in relation to the processing of your personal data:

Right to access your personal data You may always access and inspect your personal data that EDR has processed. EDR will provide a copy of these personal data on your request.
Right to rectify, supplement, or update your personal dataYou may always have incorrect, incomplete, inappropriate, or outdated personal data removed or rectified.
Right to erasure of your personal data (‘right to be forgotten’)You may request the deletion of (a part of) your personal data.In this context, EDR wishes to point out that certain services will no longer be accessible or can no longer be provided if you delete or have certain necessary personal data deleted.
Right to restrict the processing of your personal dataYou may restrict the processing of your personal data if:
- you dispute the accuracy of the data, for a period that allows EDR to verify the accuracy;
- the processing is unlawful, and you oppose the erasure of your personal data and request the restriction of their use instead;
- EDR no longer needs your personal data for processing purposes, but still needs them to institute, exercise, or substantiate legal claims;
- you have objected to a processing operation and are waiting for an answer on whether your objection is well-founded.
Right to portability of your personal dataYou may obtain the personal data that EDR has processed in a structured, commonly used, and digital format so they can be saved for personal use or reuse, or to send them directly to another controller. This right applies insofar as it is technically possible for the controller to do this.
Right to object to/oppose the further processing of personal data
- You may always object to the processing of your personal data for reasons relating to your specific situation.
- The controller will immediately cease processing your personal data, unless it puts forward compelling legitimate grounds for the processing that override your interests, rights, and freedoms or that relate to instituting, exercising, or substantiating legal claims.

If there is reasonable doubt as to your identity, and this cannot be ascertained by any other means, EDR is entitled to request the front of your identity card for identification purposes before being able to answer your question or request. However, EDR expressly recognizes that it will not systematically request your identity card for this purpose and that it will only use this evidence to establish whether you are actually the person whose personal data are being processed. As soon as both parties are satisfied with the answer to your question, EDR will destroy the proof. In case we ask for the front of your identity card, we might ask you to cover your photo. In this way, we will not process more data than necessary for the identification. In principle, you can exercise the above-mentioned rights free of charge by contacting us, except when the request is obviously unfounded or excessive (as is the case, for example, with a repeated identical request). The contact details of EDR are listed under title X ‘Contacting EDR’ . If and insofar as permitted under the applicable law, EDR may process your contact data for direct marketing purposes. If you no longer wish to receive newsletters or information about EDR’s products or services, you can always unsubscribe by clicking the ‘unsubscribe’ button at the bottom of each email from EDR.

VII. Security of personal data

EDR undertakes to implement appropriate and reasonable physical, technological, and organizational security measures to prevent (i) unauthorized or unlawful access to your personal data, and (ii) the loss, misuse, or alteration of your personal data. EDR will keep all personal data collected on-site and in the cloud with data centers in the EU. Despite (i) EDR’s security policy, (ii) the controls it performs, and (iii) the actions it takes in this regard, an infallible level of security cannot be guaranteed. As no method of transmission or transfer via the internet or any electronic storage method is 100% secure, EDR cannot guarantee absolute security in this context.

VIII. Updates to Privacy Policy

EDR may update this Privacy Policy by posting a new version on the Website. We therefore strongly recommend that you regularly consult the Website and the relevant page of the Privacy Policy to ensure that you are aware of any amendments. The most recent version of this Privacy Policy is always available on the Website. Any updates and corresponding change date will be explained and displayed in the Privacy Policy version history, which can be accessed using this link once an update is available. If the way in which we process your personal data changes in any material way, we will make reasonable efforts to actively inform you.

IX. Links to other websites

The Website may contain hyperlinks to other websites. When you click on one of these links, you could be directed to another website or internet source that might collect information about you intentionally or through cookies or other technologies. EDR has no responsibility, liability, or ability to control these other websites or internet sources, or their collection, use, and dissemination of your personal data. You should check the privacy policies of these other websites and internet resources to determine whether they comply with the Privacy Legislation. This Website may contain hyperlinks to third party websites. When you click on one of these links, you could be directed to another website or internet source that might collect information about you intentionally or through cookies or other technologies. EDR has no responsibility, liability, or ability to control these other websites or internet sources, or their collection, use, and dissemination of your personal data. You should check the privacy policies of these other websites and internet resources to determine whether they comply with the Privacy Legislation.

X. Contacting EDR

If you have questions about the Privacy Policy or about how EDR collects, uses, or processes your personal data, contact us:

by e-mail: BE901-privacy.edr@edr-antwerp.eu
or
by post: EDR NV, Industrieweg 11, 2030 Antwerp, Belgium

If you are dissatisfied with how EDR deals with these questions or comments, or if you have concerns about how EDR collects, uses, or processes your data, you may lodge a complaint with the competent supervisory authority. This may be the supervisory authority of (i) your usual place of residence, (ii) your place of work, or (iii) the location of the alleged breach of the Privacy Legislation. Contact details of the Belgian Data Protection Authority:

Data Protection Authority Rue de la Presse/Drukpersstraat 35, 1000 Brussels, Belgium Tel.: +32 (0)2/ 274 48 00 Email: contact@apd-gba.be