This Policy is established by Kapitol SA, whose registered office is located at 1180 Uccle, Chaussée De Saint-Job 506, and registered with the Banque Carrefour des Entreprises under no. BE 0453.604.761, email form: dpo.kapitol.com (hereinafter "the Company", "we", "our").

We are particularly attentive to the protection of your personal data, which we process in accordance with the legal provisions in force, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter "GDPR") and the Belgian law of 30 July 2018 on the protection of individuals with regard to the processing of personal data.

This statement describes the measures taken for the management of your personal data and your rights as a data subject.

It may be modified at any time in order, in particular, to comply with any regulatory, jurisprudential or technological developments, without notice. We invite you to consult it regularly (last updated December 10, 2020).

Finally, for our website we refer you to the cookie policy by clicking this link: Terms and Conditions

1. Definitions

Personal data: any information relating to an identified or identifiable natural person (hereinafter referred to as "data").

Company: any natural person who carries out a professional activity in a self-employed capacity, any legal person or any other organisation without legal personality.

Private individual: natural person, who is distinct from the legal entity, and who does not act within the framework of his professional activity.

End user: any person to whom the directory and information services available are addressed and who uses them on the site www.infobelpro.com and any other domain name belonging to Kapitol SA in accordance with the general conditions of use.

2. Why do we process your data?

We collect and process your personal data for various purposes based on one of the legal bases determined by the GDPR.

Information concerning the different types of processing, their purpose and legal basis can be accessed by clicking this link : Lawful purpose

3. What data is collected and processed?

We only collect data that is relevant and limited to what is strictly necessary for the purposes for which it is processed. We do not collect and process any sensitive data.

Depending on the purpose, data collection is carried out differently.

We do not/no longer process the data of persons who have requested a secret telephone number or those who have requested the deletion of their data.

Information on the terms and conditions of data collection and processing can be accessed by clicking this link : Data collection

4. Is your data disclosed or shared with third parties?

In addition to the marketing of the data to our customers and partners, the data is accessible to members of our team, or acting as collaborators, if necessary, to our lawyers or any technical advisers, or to banking institutions, to the extent strictly necessary.

We are also likely to pass on your data:

  • on the request of a judicial or administrative legal authority or court officer; or
  • in good faith in considering that such action is required to comply with any applicable law or regulation;
  • in order to protect and defend our rights or those of other users of our services.

We may also have to allow our service providers, qualified as "subcontractors" in the sense of the legislation, access to certain data to the extent strictly necessary to carry out our activities. Information on the categories of service providers to which your data may be transferred can be accessed by clicking this link : Service provider

In all circumstances, we ensure the protection of your data by agreements that guarantee confidentiality.

For reasons relating to security and the protection of our business secrets, the identity of our subcontractors, clients and partners is only communicated to persons who can prove their identity upon first request, and this as soon as possible. To this end, you can send us your request using the form: dpo.kapitol.com

5. Do we transfer your data outside the European Union?

Some of the customers and partners to whom we transmit data are established outside the European Union. For reasons relating to security and the protection of our business secrets, the identity of these customers is only communicated to persons who can prove their identity upon first request, and this as soon as possible. To this end, you can send us your request using the form: dpo.kapitol.com

In any case, we will only transfer data to a country outside the European Union if, and only if:

  • The European Commission has issued an adequacy ruling recognising the country concerned as having an adequate and equivalent level of protection to that provided for by European legislation, or if
  • the recipient of the transfer has explicitly agreed to abide by the Standard Contractual Clauses approved by the Commission.

However, we draw your attention to the fact that, as part of our directory activities, the data published on the www.infobelpro.com  site and any other domain name belonging to Kapitol SA may be consulted by end users throughout the world.

  • The recipient of the transfer has explicitly agreed to abide by the Standard Contractual Clauses approved by the Commission.

6. How long is your data stored?

The storage period varies according to the purposes of the processing of your data and according to possible legal obligations of storage. Information on the length of time data is stored according to the type of processing can be accessed by clicking this link : Duration

7. What are your rights and how do you exercise them?

You have the following rights:

  • The right to request access to your data, including the right to know if we are processing your data;
  • The right to obtain a copy of the processed data in the format in which we keep it;
  • The right to request the rectification of processed data;
  • The right to object to the processing of your data, in particular for processing based on your consent or on our legitimate interest. Nevertheless, certain exceptions exist within the framework of our public interest mission to ensure the provision of a directory service.
  • The right to limit the processing of your data in the following cases:
    • If you dispute the accuracy of this data, pending the assessment of the interests involved before exercising the right to object to the processing of some of your personal data.
    • If the processing of your personal data is illegitimate, but you nevertheless do not wish to exercise your right to the deletion of the data.
    • If we no longer need your personal data, but you need it in connection with legal proceedings.
  • The right to deletion of processed data. However, this right is not absolute and we will not be able to exercise it if we are under a legal obligation to process your data, if we have a contractual obligation towards you or if our legitimate interests or the legitimate interests of third parties prevail.
  • The right to the portability of the processed data, i.e. to retrieve or transfer to a third party designated by you, your personal data processed by us, for your personal use, in the format in which we keep them.
  • The right to file a complaint with the Data Protection Authority:

    www.autoriteprotectiondonnees.be
    Rue de la Presse, 35, 1000 Brussels
    Phone: +32 (0)2 274 48 00
    Fax: +32 (0)2 274 48 35
    Email: contact@apd-gba.be

    For more information on complaints and possible means of redress, you are invited to consult the following address of the Data Protection Authority: www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte.

You may exercise your rights or ask any question relating to the exercise of your rights by completing the form accessible on the page dpo.kapitol.com or by sending us a letter to the following postal address:

DPO – KAPITOL S.A.
Chaussée de St Job, 506
1180 BRUSSELS (Belgium)

Any sending of ordinary mail or request through the web form must be accompanied by a copy of a proof of identity and, in the case of requests from legal entities, proof of the power of representation of the person expressing the same.

We will ensure to follow up on your request as soon as possible, and no later than one month after we receive it.

Depending on the difficulty of your request or the number of requests we receive from others, this period may be extended by two months. In this case, we will notify you of this extension within one month of receiving your request.

We cannot be held responsible for the removal of data displayed on other websites or computer media to which we do not provide data. It is up to you to contact the owner of the sites concerned directly.

In addition, we cannot be required to respond to emails or mail sent to addresses other than those listed in this Privacy Policy.

8. What is the applicable law and competent jurisdiction?

This Policy is governed by Belgian law to the exclusion of all other rights.

Any dispute relating to the interpretation or implementation of this Policy shall fall within the exclusive jurisdiction of the courts of the judicial district of Brussels.

Lawful purpose

.
Processing Purpose of use Legal basis of the processing
Management of the directory service for individuals and companies We process your data in order to provide the end user with directory and information services In the context of directories of individuals, the processing is necessary to carry out our public interest mission and is based on a legal obligation, in accordance with Article 6.1.c) of the GDPR (Art. 25 of European Directive 2002/22/EC of March 7, 2002, the Universal Service Directive, and national transposition laws, including the Belgian law of June 13, 2005 on electronic communications, Art. 45 and 86)
In the context of business directories, this processing is necessary to meet our legitimate interests and the legitimate interests of end users, in accordance with Article 6.1.f) of the GDPR, once we have weighed this interest against your interests or fundamental rights and freedoms by considering your reasonable expectations
Management of contractual and pre-contractual relations We process your data in order to execute the contract(s) we have concluded with you and to provide you with information about our services and benefits
We may also use your data to offer and promote our services and/or send you informational messages about services similar to those we already provide for you
You may object to this processing by contacting us
In accordance with Article 6.1.b) of the GDPR, this processing is necessary for pre-contractual measures and the performance of our contractual obligations to you
With regard to the promotion of our services, the processing is in our legitimate interest, once we have weighed this interest against your interests or fundamental rights and freedoms by considering your reasonable expectations, in accordance with Article 6.1.f) of the GDPR
Management of our communication We process your data in order to respond to the requests and/or questions that you send us, in particular via the contact form on the Infobel.com website or via internal requests. E.g.: questions about our services, requests for access to personal data, sending CVs, etc This processing is necessary for the performance of our legal obligations in accordance with Articles 6.1.b) and 6.1.c) of the GDPR
Management of our litigation We may use your data to defend our interests (or those of third parties) in legal proceedings in the context of our existing or potential future relationship This processing is in our legitimate interest, in accordance with Article 6.1.f) of the GDPR
If sensitive data is used, we are authorised to do so in accordance with Article 9 §2 of the GDPR
However, you may not object to this processing by contacting us
Supplier relationship management We process your data in order to fulfil our contractual obligations to you or your company This processing is necessary for the performance of our contractual obligations in accordance with Article 6.1.b) of the GDPR
Management of data transmission to our partners We process and pass on your data to our partners who specialise in contact management
You may object to this processing by contacting us
We process your data, in accordance with the provisions of Article 6.1.f), on the basis of our legitimate interest, once we have weighed this interest against your interests or fundamental rights and freedoms by considering your reasonable expectations
Managing the resale of databases to our clients for direct marketing purposes We process the data for the purpose of carrying out our business activity of marketing or direct marketing. This data can be enriched with statistics
You may object to this processing by contacting us
Depending on the source and nature of the data, the legal basis is different
We process data from directories and obtained from your operators on the basis of your consent, in accordance with Article 6.1.a) of the GDPR
In other cases, we process your data, in accordance with the provisions of Article 6.1.f), on the basis of our legitimate interest, once we have weighed this interest against your interests or fundamental rights and freedoms by considering your reasonable expectations

Data collection

.
Processing Type of data collected and processed Terms and conditions of collection
Management of the directory service for individuals and companies For individuals:
Personal identification data (surname, first name, address, telephone number, email address)
For companies:
Identification data (surname, first name/company name, address, telephone number, fax, VAT number), electronic contact details (email address), geolocation, financial information and identity of the manager(s)/administrator(s)
For individuals:
The data is transmitted by telephone operators *
For companies:
The data is transmitted by telephone operators*, by our suppliers, collected from public sources or collected directly from you
The financial information comes from Dun & Bradstreet Belgium
* Telephone operators are obliged to communicate the data of their subscribers to companies publishing official directories, of which KAPITOL is a part, as provided for by European Directives 2002/58/EC of 12 July 2002 and 2002/22/EC of 7 March 2002 and Article 45, §2 of the Belgian Law of 13 June 2005 on electronic communications
Management of contractual and pre-contractual relations Personal identification data (surname, first name, address, telephone number, company name, etc.)
Electronic identification data (email address)
Directly from you
Collected from public sources
By a third party who recommends you to us
Management of our communication Personal identification data (surname, first name, address, telephone number, etc.)
Electronic identification data (email address)
In the specific case of sending a CV: personal characteristics (age, gender, date of birth, your country, language) and professional characteristics (profession, degree, career, etc.), photography
Directly from you
Management of our litigation Personal identification data (surname, first name, company name, address, telephone number, national register number, company number, etc.) and electronic data (email address)
Financial data (account number, etc.)
All data necessary to defend our interests in court
The data is transmitted by telephone operators, by our suppliers, collected from public sources or collected directly from you
The accessible financial information comes from Dun & Bradstreet Belgium
Supplier relationship management Personal identification data (surname, first name, address, telephone number, order number, etc.)
Electronic identification data (email address)
Financial data (account number, etc.)
Directly from you
Management of data transmission to our partners Personal identification data (surname, first name, address, telephone number)
Electronic identification data (email address)
General non-nominative statistical data
The data is transmitted by telephone operators, by our suppliers, collected from public sources or collected directly from you
Managing the resale of databases to our clients for direct marketing purposes Identification data (surname, first name/company name, address, telephone number, fax, VAT number), electronic contact details (email address), geolocation, financial information and identity of the manager(s)/administrator(s)
General non-nominative statistical data
The data is transmitted by telephone operators, by our suppliers, collected from public sources or collected directly from you

Service provider

.
Category of service providers Provider name Location
Providers of email sending solutions At first request In Europe
Providers of mailing solutions At first request In Europe
Providers of IT solutions and maintenance of infrastructure and systems At first request In Europe
Social networks At first request In Europe
Hosting / Cloud service providers At first request In Europe
Lawyers and legal service providers At first request In Europe
Accountants and financial service providers At first request In Europe
Communication tools, telephone service provider At first request In Europe
Banks At first request In Europe

Duration

.
Processing Duration
Management of the directory service for individuals and companies The data processed within the framework of our directory service is updated by your operators and used under the conditions and within the time limits set out in the contract binding us to them. During this period, it is used, as long as you do not object to it with your operator, or our services in order to carry out our directory mission. After its update, correction or deletion from the directory, it is however archived for 2 years for evidentiary purposes, to defend our interests in the framework of a possible litigation
Management of contractual and pre-contractual relations The data retention period is a maximum of 3 years from our last interaction or the end of the business relationship, except in the event of a dispute
Management of our communication The shelf life is 3 years from our last interaction
Management of our litigation The data is deleted as soon as the agreement between the parties or the court decision has been fully executed
Management of our suppliers The data retention period is a maximum of 3 years from our last interaction or the end of the business relationship, except in the event of a dispute
Management of data transmission to our partners The data is kept for 2 years after it has been updated, corrected or deleted from the database sold by KAPITOL to its partners. In any case, the data may not be kept for more than 20 years from the date on which consent was obtained for this type of processing
Managing the resale of databases to our clients for direct marketing purposes The data is kept for 2 years after it has been updated, corrected or deleted from the database sold by KAPITOL to its customers. In any case, the data may not be kept for more than 20 years from the date on which consent was obtained for this type of processing
Get in touch