Part 1 – Why is this privacy notice important to you?
1. Introduction
This Privacy Notice is provided to inform you about the personal data processed by TPO Solutions Belgium, based in Hochstrasse 81, 4700 Eupen, registered with the Belgium’s Crossroad Bank for Enterprises under number 0672.648.973, and TPO Solutions Luxembourg based in 28 Op de Haart, 9999 Wemperhardt, registered with Luxembourg’s Trade and Companies Register (RCS) under number B213350 (hereinafter together “we”, “us” or “our“) as joint-controllers.
We work together as joint controllers and have an agreement to follow the rules about personal data protection. If you would like to receive a copy of this agreement, do not hesitate to contact us (see contact information in Point 10).
We attach great importance to the protection of the personal data entrusted to us, in particular by our website visitors, prosects and clients (hereinafter “you” or “your“). We therefore secure and protect your data in accordance with the applicable legislation, including the General Data Protection Regulation[1] (hereinafter “GDPR”) and the Belgian law of 30 July 2018 on the protection of individuals with regard to the processing of personal data as well as the Luxembourg Law about personal data protection dated August 1, 2018.
The purpose of this privacy notice is to inform you about what personal data we process about you, what we use it for and with whom we share it. We will tell you the legal basis on which we process your data and explain your rights and options.
Part 2- What data do we process about you and how?
2. What personal data do we process about you?
In the table below, we have set out the categories of personal data that we process about you and how we collect it:
| Data categories | Description of the data | Data source |
| Contact data | Name, first name, professional telephone number | Information displayed on the website of your organization or other public internet sources |
| Identification data | Name, first name, email-address, telephone number, address | Provided by you when registering for a call-back, signing up for our newsletter or sending us an email |
| Location of your organization | Country of the organization | Provided by you when registering for a call-back |
| Professional data | Name of organization, job title/function | Provided by you when registering for a call-back |
| Electronic identification data | Cookie related personal data (please refer to separate cookie related Section 5 below for further details) | Provided by you when visiting our website |
| Electronic communication data | Email content | Provided by you when sending us an email |
| Details requesting a call-back | Any personal data included in your reason asking for a call-back, including the hours you are available | Provided by you when registering for a call-back |
3. For what purposes do we use your personal data and on what legal basis?
In the table below, we have set out the purposes for which we process your personal data, the associated legal bases on which we lawfully process your personal data and the categories of personal data (as specified above) used for those purposes.
| Purpose | Legal basis | Data categories | Data subject |
| To send you our newsletter | Processing is based on your consent to receive our newsletter (Art. 6, (1), a) GDPR) | Identification data | Website visitors |
| To call you back | Processing is based on your consent as per your request to be called back (Art. 6, (1), a) GDPR) | Identification data, professional data, details requesting a call-back, location of the company | Website visitors |
| To contact you for fixing an appointment | Processing is based on your consent as per your request for an appointment (Art. 6, (1), a) GDPR) | Identification data, professional data, details requesting a call-back, location of the company | Website visitors |
| To contact you for trainings (including trainings that are part of our GDPR Club and our DPO Breakfast) | Processing is based on your consent as per your request for training (Art. 6, (1), a) GDPR) | Identification data, professional data, details requesting a call-back, location of the company | Website visitors |
| Processing is necessary for the purposes of our legitimate interests to execute the service agreement we have signed with your organization (Art. 6, (1), f) GDPR) | Clients | ||
| To call you for proposing our services | Processing is necessary for the purposes of our legitimate interests to sell our products and services (Art. 6, (1), f) GDPR) | Contact data | Prospects |
| Cookie related purposes (see Section 5) | Processing is necessary for the purposes of our legitimate interests to ensure the proper functioning of this website (Art. 6, (1), f) GDPR) | Data collected through strictly necessary cookies | Website visitors |
| The consent you provide through our cookie consent management tool (Art. 6, (1), a) GDPR) | Data collected through cookies requiring consent |
4. Who has access to your data?
In order to pursue the purposes mentioned in the table above, we may disclose your personal data to the following recipients:
| Recipient categories | Recipient | Reason for the transfer |
| Other private companies | NC Communication, Léonard Web Solution SRL (LWS), OVH, Usercentrics | We work with organizations that may need access to some of your personal data in order to provide their services. |
Where we transfer personal data outside the European Economic Area to countries that the European Commission considers do not provide an adequate level of protection for personal data, we use standard contractual clauses approved by the European Commission to ensure adequate protection. For more information, including a copy of the documents used to protect your personal data, please contact us as described in section 10. below.
5. Cookies
This section covers how we use cookies and tracking devices on the web interface www.tpo.solutions where this privacy statement has been posted. It is essential that you understand these aspects for reasons of transparency and so that you can ensure that your privacy is protected online.
5.1 Cookies and tracking devices
Cookies are small text files that websites or other web interfaces place in the browser of your computer (or other digital device) when you visit them. They are used to enable web interfaces to function correctly and efficiently, and to provide information to the owners who manage the web interface.
5.1.1. Strictly necessary cookies that do not require your consent
This web interface uses the cookies described below in order to function. These cookies cannot be refused as they are ‘strictly necessary’ for the web interface to function properly.
The table below provides you with all required information about these cookies.
| Name of the cookie : reCaptcha v3 | |
| Personal data processed | IP-address |
| Purpose of the cookie | Protection of the website against abuse |
| Legal basis | Our legitimate interest to protect this website |
| Retention period of the data | 6 months |
| Third-party access | Yes |
| Recipients of the data | |
| Recipient countries outside of EEA | USA |
| Automated decision-making | No |
| Name of the cookie :Usercentrics Consent Management Platform | |
| Personal data processed | Opt-in and opt-out data, referrer URL, User agent, User settings, consent ID, Time of consent, consent type, template version, banner language, IP address, geographic location |
| Purpose of the cookie | Consent management |
| Legal basis | Legal obligation (Art. 6, (1), c) GDPR |
| Retention period of the data | 1 year |
| Third-party access | Yes |
| Recipients of the data | Usercentrics GmbH |
| Recipient countries outside of EEA | no |
| Automated decision-making | No |
5.1.2. Non-essential cookies requiring your consent
On this web interface, we also use non-essential cookies, which require your consent. These cookies help us to improve the performance of our website.
5.1.3. Social media cookies
We do not use social media cookies on this website.
5.1.4. How can you manage cookies or deactivate them?
You can manage your cookie preferences on this web interface. To deactivate non-essential cookies, click on ‘prohibit’ or ‘refuse all’ in the pop-up window that appears when you first open the site. You can also access this option later via the cookie consent management window. This also allows you to make more subtle choices.
5.2 Links to third-party websites
Certain parts of this web interface contain links to third-party websites. This is the case when you open the videos accessible from our website, which are hosted on YouTube whose privacy notice is accessible here. It is also the case, when you click on one of the social media icons present on our website for you convenience. Please be aware that these links are provided for your convenience. We have no control over these third parties or their websites. They have their own privacy statements, which are different from ours and which apply when you use these third party websites. We recommend that you read such privacy notices carefully before providing any personal data to the website concerned.
Part 4 – How do we protect your data?
6. How do we secure your personal data?
We implement technical and organizational measures in accordance with standard industry practice to ensure an appropriate level of security for the personal data processed. Nevertheless, security requires efforts from all parties involved. We therefore encourage you to contribute to these efforts by taking appropriate security measures yourself, including, where applicable, using strong passwords and keeping all usernames and passwords confidential.
7. How long do we store your personal data?
We will only retain your personal data for as long as is necessary to fulfil the purposes described above or as required by the applicable statutory retention periods and the statutory limitation periods for claims.
8. No automated decision-making
We do not use any decision-making processes, including profiling, that are based solely on automated processing, unless this is necessary for the fulfilment of a contract concluded between you and us or is permitted by applicable national or European legislation or is based on your express consent. In such a case, we will inform you about the logic involved in the decision and the scope and intended effects of such processing for you.
9. What are your rights?
The GDPR grants individuals certain rights in relation to their personal data. Accordingly, we are available to assist you in exercising these rights. Unless restricted by applicable law and subject to applicability, individuals are granted the following rights:
Right of access: The right to be informed and to have access to the personal data that we process about you;
Right to rectification: the right to have us correct or update your personal data if it is inaccurate or incomplete;
Right to erasure: the right to have us erase your personal data;
Right to restriction of processing: the right to have us temporarily or permanently stop processing all or part of your personal data;
Right of objection :
- the right to object, on grounds relating to your particular situation, at any time to processing of your personal data;
- the right to object to the processing of your personal data for the purpose of prospecting;
Right to data portability: the right to receive a copy of your personal data in an electronic format and the right to transfer that personal data for use by a third party service; and
Right to object to automated decision-making: the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to withdraw consent: If we have asked you for your consent, you can withdraw it at any time without giving reasons. If you wish to withdraw your consent, this will not affect the lawfulness of processing based on consent before its withdrawal.
These rights may be limited, for example, if the execution of your request reveals personal data of another person, or if you ask us to delete information that we are required to keep by law or compelling legitimate interests.
You can exercise your rights by contacting us as set out in section 10 below.
Finally, as a data subject, you have the right to lodge a complaint with a supervisory authority (in particular in the EU Member State of your habitual residence, place of work or place of the infringement) if you consider that the processing of personal data relating to you infringes applicable data protection law. For your information, you can find the contact details of the Belgian and the Luxembourg data protection authority on their respective websites: https://www.dataprotectionauthority.be
Commission nationale pour la protection des données – Luxembourg (public.lu)
10. Contact and procedure for questions
If you wish to exercise your rights under applicable data protection laws, please send your request to privacy@tpo.solutions. You can also send a letter to the following postal address: The Privacy Office SA, Hochstrasse 81 – 4700 Eupen.
11. Updating and revision
This privacy notice was last updated on 13/06/2024. We may make changes from time to time. Please contact privacy@tpo.solutions for the latest version.
[1] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.