Cvr NV, registered in the Crossroads Bank for Enterprises with its registered office at 3580 Beringen, Lochtemanweg 52 and company number 0438.423.370,
hereinafter referred to as “Cvr”,
declares the following:
Cvr processes personal data in the performance of the assignment entrusted by the client, as well as in case of contact via the contact form and/or visits to the website (www.cvr.be). This is done as a data controller or as a processor, depending on the specific circumstances.
Cvr is the data controller insofar as the processing of personal data takes place for its own purposes and Cvr itself determines the means for this. Insofar as personal data of data subjects are processed on behalf of the client, Cvr acts as a processor.
Cvr acknowledges the importance of secure processing of personal data. In this respect, both Cvr and the client acknowledge that all processing will take place in accordance with the applicable national legislation, including the Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, as well as Regulation (EU) 2016/679 (hereinafter: GDPR) applicable as of 25 May 2018, and that they will comply with it. In case of substantive legislative changes, Cvr undertakes to adjust this privacy policy accordingly.
The privacy policy and any amendments are available for consultation at all times on the Cvr website, www.cvr.be.
For proper understanding of this privacy policy, the following terms have the following meanings:
This privacy policy applies to the contractual relationship between Cvr and the client or data subject for the entire duration of the agreement. Deviations from this privacy policy are only permissible in the context of a contractual relationship between the client and Cvr if required by law or with explicit or implicit consent of both parties. Material changes will be expressly communicated on the website.
By consulting the Cvr website (www.cvr.be) and/or using the contact form, the data subject acknowledges having taken note of the privacy policy and agrees that Cvr may use the collected personal data considering the scope of the request for which the data was provided (Art. 6.1.a and 6.1.b GDPR).
Cvr does not guarantee in any way the completeness, correctness or timeliness of the information contained on the website, nor of the content of third-party websites referred to.
Cvr guarantees that personal data are collected and processed transparently and only for specific, explicit and legitimate purposes. Each processing activity is limited to what is necessary for the purposes for which the data is processed. Cvr ensures that the personal data are recorded correctly and updated if necessary.
In the context of its services, the collected personal data include, among others: first name, last name, email address, physical address, and telephone number, as well as any other personal information the client or data subject chooses to provide when requesting information or services. No data belonging to special categories of personal data are processed.
Cvr does not retain personal data longer than necessary for the intended purpose of the processing or as required by legal obligations.
By using the services of Cvr or completing the contact form and providing personal data, the client acknowledges and accepts that these data may be processed (Art. 6.1.b GDPR). The client or data subject remains the owner of the provided data.
For personal data that Cvr processes as data controller for marketing purposes and client management, Cvr relies on the necessity for the performance of the agreement and on legitimate interest arising from the fact that the data subject is a client following the placement of an assignment (Art. 6.1.b and 6.1.f GDPR).
For personal data of leads, Cvr relies on the explicit consent of the lead (Art. 6.1.a GDPR).
The client/lead, as data subject, may at any time modify or withdraw their consent, insofar as the processing is based solely on consent and no other legal basis applies.
Cvr processes personal data for the following purposes:
| Type of Personal Data | Purposes |
| Identification data: first name, last name, address, email address, telephone number, VAT number | Service provision and client management (including identity checks, audits, training, etc.) |
| Identification data: first name, last name, email address, telephone number | Providing information about services, processing requests submitted by email or via the contact form |
| Identification data: first name, last name, email address, address | Marketing purposes |
| Identification data: first name, last name, address, email address, telephone number, VAT number — Financial data: account number | Accounting purposes (invoicing) |
| Identification data: first name, last name, address, email address, telephone number, VAT number | Legal obligations (identification requirements and anti-money laundering regulations) |
When you visit the Cvr website and, where applicable, use the contact form, certain data may be required to enable communication. This information will be used internally only unless the data subject consents to additional processing.
Cvr will only process the minimum personal data necessary for the requested services.
Cvr also uses cookies on its website, which may record certain information, including personal data. More information can be found in the Cvr cookie policy.
Cvr will take appropriate technical and organisational measures to ensure secure processing of personal data, reducing risks of destruction, loss, unauthorised modification or processing. These measures take into account industry standards, the state of technology, the nature, scope and context of processing, and related risks. Detailed information on Cvr’s security policy is available on written request.
Cvr uses (sub)processors who process personal data on behalf of and under the supervision of Cvr. These processing activities are limited to what is strictly necessary for the relevant assignment.
Cvr ensures that its (sub)processors—including employees and subcontractors—process personal data in accordance with applicable law and commit to the necessary security measures (Art. 28 GDPR).
(Sub)processors independently determine how personal data is processed within their expertise. Cvr is not liable for unlawful processing resulting from incorrect assessments by (sub)processors lacking equivalent expertise. Cvr is not responsible for loss or corruption of data, data theft, viruses or other attacks on the IT systems and (cloud) servers of these (sub)processors.
Except for employees and (sub)processors involved in service delivery, Cvr will not share personal data with third parties unless there is explicit consent, a data subject’s request, a request by judicial authorities, or a legal obligation. In the latter case, Cvr will inform the data subject immediately unless prohibited.
Cvr aims to limit data transfers to countries within the European Economic Area or to countries offering adequate protection equivalent to the GDPR. Upon written request, Cvr will provide further explanation regarding data processing outside the EEA.
Under the GDPR, the data subject has the following rights (Art. 12–22 GDPR):
Requests regarding these rights must be submitted in writing (email: info@cvr.be or by post: Lochtemanweg 52, 3580 Beringen). Cvr will process each request promptly and respond within 30 days. This period may be extended by two months if required; Cvr will inform the data subject within the initial 30 days.
Cvr guarantees that personal data are not stored longer than necessary to achieve the intended purpose, except for accounting documents and liability-related documents which may require longer retention under legal provisions. Other data necessary for after-sales service or future services will be anonymised where possible.
Once retention is no longer required, data will be securely destroyed, deleted, or returned to the data subject.
Cvr takes the necessary measures to prevent data loss. If a data breach occurs, Cvr will notify the Data Protection Authority (DPA) within the legal deadlines, unless the breach is minor.
If the data breach poses a high risk to the rights and freedoms of data subjects, Cvr will inform the affected individuals without undue delay.
Cvr will fully cooperate with authorities to limit the consequences of the breach.
Cvr guarantees the necessary support to data subjects in fulfilling their obligations, except where confidentiality or legal restrictions apply.
The person responsible for the processing of personal data at Cvr is Mr. Tom Smet, Lochtemanweg 52, 3580 Beringen. For more information, you may also contact the Data Protection Authority: 1000 Brussels, Drukpersstraat 35 (02/274.48.00) or www.gegevensbeschermingsautoriteit.be.
If any provision of this privacy policy is invalid, it shall be interpreted in accordance with the GDPR. The invalidity of one provision does not affect the validity of the remaining provisions. In case of discrepancies between this privacy policy and the agreement between Cvr and the client or data subject, the provisions of the latter shall prevail.
Cvr reserves the right to adjust the privacy policy if necessary to comply with rights and obligations under the GDPR. Material changes will always be published on the website. It is advisable to visit the website regularly to stay informed.
This privacy policy is governed exclusively by Belgian law. Only the courts of the judicial district of Cvr’s registered office have jurisdiction.
