Privacy Statement

Publication Date: April 19th, 2021

On May 25th, 2018, the new General Data Protection Regulation (GDPR or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC) entered into force.

The R&T Group is very concerned about the protection of your personal data. Therefore, we commit ourselves to process and protect your personal data with the utmost care, respecting these regulations. With this statement we want to inform you as completely as possible about the processing operations we perform. We will also explain how we, as the person responsible for processing, collect, use and store your personal data.

The R&T Group may amend or update this statement because of changes in our practices regarding the processing of your personal data or as a result of changes in the legislation. We always post the updated version, with publication date, on our websites and we invite you to read it regularly.

1. Who are we?

The R&T Group is the umbrella brand name for the companies RST consultancy, SCOPE and Praetorian Engineering. At the time of the preparation of this statement, the R&T Group is not yet a fully-fledged umbrella company. However, all processes regarding the processing of your personal data already take place at group level. For this reason, this statement was prepared from the R&T Group. In practice, however, we distinguish 3 separate controllers within the R&T Group:

RST consultancy CVBA, Steenweg op Oosthoven 120 bus 1, 2300 Turnhout, with company number: 0888.229.790. (https://rtconsultancy.be/)
SCOPE CVBA, Steenweg op Oosthoven 120 bus 1, 2300 Turnhout, with company number: 0883.568.941. (https://scope.be/)
Praetorian Engineering CVBA, Steenweg op Oosthoven bus 3, 2300 Turnhout, with company number: 0713.967.213. (https://praetorian-engineering.eu/)

The R&T Group is composed of 3 SMEs and has fewer than 250 employees. For this reason, the R&T Group has not appointed a data protection officer (DPO). However, the R&T Group has an internal reference person on data protection.

You can contact our internal reference person using the following information:

2. What is the scope of this declaration?

This statement applies to all natural persons who meet with the R&T Group (for example in the context of the execution of a project, assignment or service) or to whoever visits our websites.

Before we explain how we process your personal data, we would like to clarify the following terms:

Personal data: any information about an identified or identifiable natural person such as a name, an identification number, location data, ....
Data controller: a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
Processing: an operation or set of operations relating to personal data or a set of personal data, whether carried out by automated means, such as collection, recording, organization, structuring, storage, ....
Cookies: our websites make use of cookies. These are small pieces of information and text files that are stored by a browser on your computer. Cookies allow us to record certain information about the visitors to our websites. They help to better adapt our websites to your needs. More information about cookies can be found in our Cookie Policy.
Purpose: a purpose defined by the employer or the legislator in the context of which the personal data are processed.
Recipient: the person who receives the personal data.
Processor: a natural or legal person, a government agency, a service, or another body that processes personal data on behalf of the controller.
Third party: a natural or legal person, a governmental body, an agency, or another body but NOT the data subject, the data controller, the processor, or the persons under the direct authority of the data controller or the processor who are authorized to process the personal data.

3. How do we obtain your personal data?

Depending on the concrete nature of our relationship with you, different types of interactions between you and the R&T Group may be possible. During these interactions we collect and process certain personal data. We only process this personal data after you have provided it to us yourself.

We collect certain personal data when you visit the websites of R&T Group companies. Specifically, the following situations are involved:

In addition, we collect certain personal data when:

4. For what purposes do we process your personal data?

Supplier management: the supplier administration, including the management of orders placed, payment of suppliers, prospecting of new suppliers, evaluation of cooperation with existing suppliers.
Customer management: the administration of the company's clientele, the management of orders, the invoicing for our services as well as canvassing for potential new customers and preparing offers for potential new customers.
Project management: the concrete execution of the service agreements concluded between the company and its clients as well as the administration related to the execution of these agreements.
Public relations and contact management: the management of the company's contacts relevant to creating goodwill for our organization (networking).
Direct marketing: the communication from the company and addressed to one or more natural persons in a professional context and aimed at the promotion and sale of the services and products (including training courses and seminars) of the company.

We do not engage in automated decision making or profiling based on the personal data we collect.

Finally, we also process your personal data if you make a request to exercise your rights (see also point 11).

5. What personal data do we process?

Depending on the specific purpose (see above), we may process the following personal data within the scope of our interaction:

Identification information such as (but not limited to) name, first name, username and password.
Contact data such as (but not limited to) personal phone number, personal email address, professional phone number, professional email address, website address, company name, company address, visiting address.
Professional data such as (but not limited to) VAT number, rates, job title, IBAN + BIC number.
Project data such as (but not limited to) the description of the assignment.
Administrative data such as (but not limited to) background information regarding the company.

6. What is the legal basis for processing this personal data?

We process your personal data on the following legal grounds:

Contractual obligation, when the processing is necessary for the performance of a contractual relationship to which you are a party.
Legal obligation, when the processing is necessary for us to comply with a legal obligation that rests on us.
Your explicit, specific, and informed consent:
Legitimate interest:, when we estimate that the processing of your personal data is necessary to function as a company.

7. With whom do we share your personal data?

We do not disclose your personal data to third parties for commercial use.

We will share your personal data with third parties:

On our websites you may also find links to the websites of third parties. Although we have selected these websites and third parties with care, we are not responsible for the way in which these third parties handle your personal data. We therefore recommend that you always carefully read the privacy statement of these organizations.

We also share your personal data with processors. These are specialized parties that we rely on for certain services to improve the quality of our services. These parties are contractually bound to us and must follow our instructions regarding the protection of your personal data. In that case we also ensure that the processor receives only those data necessary for the execution of the assignment and that the processor undertakes to treat the personal data securely and confidentially and to use them only within the framework of the execution of their tasks.

Without being exhaustive, entities such as our IT service providers, etc., receive certain of your personal data.

8. Where do we process and store your personal data?

Your personal data will be processed and stored by us in Belgium or in any other country where our service providers have facilities. It is our clear intention to ensure that your personal data is only stored and processed within the European Union.

9. How long do we keep your personal data?

If the law provides for a retention period, we will retain your personal data for this legally stipulated period.
If the law does not provide for a specific period, we will determine this period ourselves, based on the purpose for which your personal data was collected. In doing so, we consider the period necessary to comply with our legal obligations, to settle disputes or to enforce our agreements. We do not keep your data longer than necessary to fulfill the purpose for which the data was collected.
Where we use your consent to collect and process your personal data, we will only use this data until you withdraw your consent.

10. How do we secure your personal data?

We consider your personal data to be strictly confidential and we therefore provide appropriate technical and organizational measures to protect your personal data against destruction, loss, accidental or unlawful access or any other unauthorized processing of your personal data.

We have established various technical means to protect your personal data from unauthorized access, processing, modification or destruction by third parties. In addition, internally at the R&T Group, only those persons who need your data in order to perform their duties have access to your personal data.

11. What rights can you exercise and to whom can you turn for this purpose?

Right of access: you have the right to access the data relating to you. Thus, you can ask us whether we process your personal data or not, for what purposes, how long they are kept, ... If you decide to exercise this right, we will ask you to provide us with proof of your identity to prevent us from disclosing your data unauthorized.
Right to rectification: If you notice that, despite all our efforts, your data is incorrect or incomplete, you can ask us to rectify it.
Right to erasure: The legislation allows you to have your personal data erased in very specific cases. You have the right to have your data deleted when

The personal data is no longer needed for the purposes for which we collected it.
The processing of your personal data is only done based on your consent, and you decide to withdraw your consent.
You have objected to the processing, and we have no compelling and legitimate grounds that outweigh your objection to the processing. However, your right to erasure is not unlimited. We still have the right to continue processing your personal data to the extent necessary to comply with our legal obligations or to establish, exercise or substantiate legal claims.

You dispute the accuracy of your data and for the time we need to verify this.
You need your personal data for the establishment, exercise, or substantiation of a legal claim while the data are no longer needed for the purpose of processing.. However, we cannot hereby assume responsibility for limiting the processing of your personal data by other responsible parties.

Right to portability: in certain cases, you have the right to have your personal data transferred to yourself or to another data controller (if this is technically possible). You can exercise this right when we process your data based on your consent or when the processing is necessary for the performance of a contract.
Right to object: when we process your personal data based on a legitimate interest of ours, you have the right to object to this processing, for reasons related to your situation.
Right to withdraw your consent: when we process your personal data based on your consent, you have the right to withdraw this consent at any time. The withdrawal of your consent does not affect the lawfulness of the processing before the withdrawal.

If we should collect and process personal data other than those listed in this statement, we will inform you in advance of which data are involved, for what purpose the collection/processing is done and to whom the data will be provided. In that case you have the same rights as set out above.

If you have a question or complaint regarding the processing of your personal data or if you wish to exercise one of the above rights, please contact our internal data protection contact:

These rights are free and you can exercise these rights at any time. We undertake to respond to your request within 1 month.

If you believe that the processing of your personal data is in breach of the GDPR, you can also lodge a complaint with the Data Protection Authority using the following details:
Drukpersstraat 35
1000 Brussel
+32 2 274 48 00
contact@apd-gba.be