This Privacy Statement applies to the processing of the personal data of customers and commercial suppliers, as undertaken by Eurofiber SA/NV and other companies active within Eurofiber Group (hereafter referred to as “we”). We are the controller of these personal data in accordance with the General Data Protection Regulation (“GDPR”).
Personal data are all data concerning an identified or identifiable natural person. For example, they may be the names and contact details of customer representatives (existing or potential customers with a public service company or organisation status), as well as information relating to visits to our website(s). Specific legal provisions apply to the processing of personal data. We comply with the laws and regulations in force, including the GDPR, when we process the personal data of customers (potential) or website visitors.
We process personal data in a legal, reasonable and transparent manner.
We process the following types of personal data relating to professional customers:
- The contact details and address of the (potential) customer (or representatives thereof), including the business email address and the telephone number of the contact person;
- The content of written or oral communications with (various departments of) Eurofiber, including information that (the representative of) the Customer shares within the context of the preparation or execution of a contract;
- Contract(s) with Eurofiber;
- Information relating to payments, particularly invoices and payment details, including the name and function of a creditor and the bank account number;
- Installer and supplier comments, including photographs of the place the fibre optic network is delivered to;
- Customer responses to follow-up questions, such as questions contained in service surveys;
- Data concerning visits to our website(s), including IP addresses and click tracking.
We process the following types of personal data relating to (the employees of) our suppliers:
- The contact details and address of the supplier (or representatives thereof), including the business email address and the telephone number of the contact person;
- Installer and supplier comments concerning work undertaken;
- The qualifications required on the part of employees carrying out work, such as the required diplomas, and information relating to any disqualification.
We do not process the private personal data of our customers or suppliers.
Purposes and principles of data processing
We primarily process the personal data of our customers for two purposes: corporate management and marketing.
These two broad objectives can be broken down into various specific sub-objectives. The GDPR is founded on several principles for the processing of personal data. In addition to the principle of consent, we rely on a further three principles for the various sub-objectives, namely: the need to conclude or execute the contract, the need to comply with a legal obligation and the need to respect a legitimate interest.
- The sending of a newsletter;
- The offer of (more) relevant content – by e-mail on the basis of downloaded content – aimed at customers and individuals interested in Eurofiber’s services. Our sales department may also approach these individuals to provide them with more detailed information about our services;
- The sending and reading of tracking cookies and similar techniques via the website(s).
Principle: contract requirements
- The conclusion of a contract;
- The provision of a service, including the response to the customers’ need and their desire to personalise the service;
- Management of services and infrastructure (including their security and continuity);
- The execution of (necessary) repairs;
- The application of security measures, both digital and analogue;
- Communication with existing customers, including the sending of service and communication messages for commercial purposes;
- The detection and prevention of damage and fraud.
Principle: legal obligation
- Compliance with laws and regulations, including, if applicable, compliance with legitimate requests from authorities responsible for investigations;
- The handling of disputes;
- The conduct of verifications, including financial checks.
Principle: justified interest requirements
- Management of customer files, also including data relating to potential customers and former customers;
- Market research (or the commission thereof);
- Product and service development, including strategy definition;
- The drawing up of targeted offers for existing customers;
- The monitoring of the use of our website(s), as well as its/their analysis, maintenance, optimisation and security. This optimisation also includes recourse to techniques making it possible to memorise visitors’ data, in order to avoid them having to enter the same data several times when downloading content. However, the visitor must have authorised the installation and reading of tracking cookies on his/her system beforehand;
- The exchange of personal data between the various companies within Eurofiber Group. For example, personal data may be combined with other data collected within the context of the use of our products or services (and/or products or services of the Group’s other companies). This information allows us to create customer profiles and, accordingly, provide a better individual service and adapt our products and services to a customer’s specific wishes and needs.
We only process the personal data (of employees) of suppliers when it is necessary to do so for the purposes of carrying out our activities and only for the needs of the effective execution of the contract between us and the aforementioned suppliers, or for the purposes of our justified interest [during the termination of a relationship within the context of a disqualification].
Sharing and disclosure of personal data
When our commercial activities demand it or when a legal obligation compels us to do so, we may make personal data available to a third party with a view to detecting or preventing damage or fraud, as well as ensuring the security and continuity of our network and our services. Insofar as is possible (as long as the party has not been designated by the law to execute a specific task independently), these parties shall be bound by a processing agreement, or Eurofiber will sign a joint liability contract.
We may also have a third party actively participate in the execution of our activities and our marketing activities. We have signed processing agreements with these organisations. These processors can only process personal data at our request and under our control, uniquely for the purposes we determine and in the strictest confidentiality. We actively ensure that our processors comply with security obligations.
When we use processors located outside the European Economic Area (EEA) or processors who themselves use processors located outside the European Economic Area (EEA), we implement the appropriate safeguards referred to in article 46 of the GDPR, such as the use of standard data protection clauses approved by the European Commission (Standard Contractual Clauses) or, for processors located in the United States, we ensure compliance by these parties with the safeguards set out in the Privacy Shield.
We guarantee that any person who processes personal data under our responsibility is bound by a duty of confidentiality. These persons are employees, temporary staff, contract workers, temporary workers or (employees of) suppliers.
As set out above in the “Purposes and principles” section, Eurofiber may be required to provide personal data to third parties. Eurofiber takes measures to ensure that it only provides personal data when and if required to do so as a result of a legal decision, a legal provision or an injunction issued by a competent public authority.
All access and/or identification codes, certificates, information relating to access policy and/or passwords and all information we provide to customers in accordance with the technical and organisational security measures included in the privacy statement are confidential. Customers must treat this information as such and must only disclose it to authorised personnel. It is the customers’ responsibility to ensure employees comply with the obligations set out in this article.
We take all necessary measures to maintain an adequate level of security. Accordingly, we implement technical and organisational security measures. When implementing the security measures the persons concerned can expect of our services as a function of the intended use, we take into account technical progress, the cost of implementing security measures, the nature, scope and context of the data processing, the purposes and intended use of our products and services, the processing risks and – in terms of probability and gravity – the risks for the rights and freedoms of the persons concerned.
It is customers’ responsibility to implement the appropriate technical and organisational safeguards to protect the personal data they process via our services. We advise customers to encrypt the transport of their personal data. If customers purchase active services from us, using our active equipment (particularly Ethernet), we are able to provide encryption as an optional service.
Offences relating to personal data (data breach protocol)
We implement measures to prevent data breaches. These include digital and analogue security measures on our infrastructure, a rigorous selection of processors, contractual agreements and continuing training for our employees.
In addition, procedures are in place concerning measures to be implemented in the event of a data breach. They are designed to ensure rapid and effective action is taken to limit any associated damage. Plugging a data breach is an absolute priority as soon as such an event is detected.
When required to do so by law, we notify the data protection authority of the breach, unless the breach is unlikely to represent a risk to the persons concerned. If the data breach may represent a considerable risk to the private life of the persons concerned, we also notify them. Such notification is not necessary if:
- the personal data has been rendered incomprehensible for unauthorised persons, for example because effective and up-to-date encrypting has been used and the key has not been disclosed;
- the nature of the data, combined with our protection measures, mean that the breach does not represent a significant risk for the persons concerned;
- the communication of information to the persons concerned requires a disproportionate effort, insofar as we do not have in our possession the contact details of these persons (particularly where we only have the IP addresses of website visitors). In such cases, we shall make a public announcement or use a similar means of effective communication to report the data breach.
We only keep data for as long as is necessary for the legitimate objectives for which we process them. This includes compliance with tax retention requirements. We have defined all storage periods within an ad hoc policy. To determine these storage periods, we have taken into account the nature of the personal data (sensitive or rapidly obsolete), their purpose (occasional or structural), the purpose for which we collected the data and the storage period customers and suppliers may reasonably expect.
We install cookies via our websites. For further information about the personal data we process (or have processed) via cookies, please consult our cookie statement.
Rights of the persons concerned
Users, customers and suppliers (i.e. the persons concerned) can exercise their right to private life, in accordance with articles 15 to 22 of the GDPR. This may, for example, be in form of a request for access to personal data concerning them. Following a request for access to personal data, some of these data may turn out to be incorrect or incomplete. We correct and complete inaccurate or incomplete data on request.
Persons concerned can also ask us to delete data, restrict the processing or (if this processing is based on consent or a contract) transfer their data (data portability). We will comply with these requests if no legal obligation or other reasonable grounds require us to store the data. Persons concerned can always oppose the processing of their personal data for marketing purposes and withdraw their consent.
Requests connected with data processed by a Eurofiber Group company can be submitted to us at any time. These requests can be sent to email@example.com or, sent in writing, with the reference ‘personal data’, to:
Belgicastraat 5 bus 7
Building Fountainplaza 504
Eurofiber as communication provider with active equipment
Eurofiber provides communication services enabling customers to use equipment that is installed and managed by Eurofiber. VPN and WDM services are examples of these communication services. Eurofiber is the processor within the meaning of the General Data Protection Regulation for the use of these personal data.
personal data by Eurofiber, please contact us at firstname.lastname@example.org. You can also contact us by post:
Belgicastraat 5 bus 7
Building Fountainplaza 504
Do you have a request or a complaint concerning the processing of data and feel that we do not respond promptly enough or according to your expectations? If so, you can submit a complaint at any time to the data protection authority.
We retain data which are processed in connection with the provision of communication services only for as long as is strictly necessary for achieving the purposes.
We are liable to modify this Privacy statement at any time. If so, we will announce the change on our website. If we wish to substantially modify the purposes of processing, and this processing is subject to your consent, we will begin by asking you to renew your consent on the basis of these new purposes.
This Privacy statement was last modified on 1 July 2019.