Responsible editor
The responsible editor of this site is Contraste Europe NV, whose registered office is located at Avenue Arianelaan N°5 – 1200 Brussels, Belgium (VAT registered under number BE 451.992.086 Company number 0451.992.086). You can contact the company by telephone +32 (0)2 730 79 80 or by e-mail ContrastePrivacy@contraste.com.
Privacy policy
Contraste Europe is the data controller for the data collected via this website. Contraste Europe’s Data Protection Officer is Robin Smets. You can contact him by mail via ContrastePrivacy@contraste.com for privacy requests.
Contraste Europe is a group of companies offering IT services and solutions to businesses. It operates exclusively on the B2B market and does not offer its services to private individuals.
The Group comprises the following companies Amsit, Audaxis, Contrast Consulting, Contraste Europe, Defimedia, The Digital Journey.
The group has operations in Luxembourg, Belgium, France, Switzerland and Tunisia.
In this policy, we use the name Contraste to refer to all the companies in the group.
This policy documents Contraste’s policy as controller, i.e. all aspects of the processing that Contraste applies to personal data that it directly controls.
What personal data is collected about users of this website ?
Users can provide personal data to Contraste on this website by browsing, applying online or using the contact form.
For complete information on the confidentiality of online applications, please refer to the specific confidentiality policy for applicants.
For each request via the contact web form, Contraste Europe collects the following information:
Name, First name, Company, E-mail, Subject, Message
During browsing, our server stores a server log consisting of your IP address and request history (such as page requests).
Why does Contraste store and use this personal data ?
Navigation
Contraste keeps server logs in order to detect intrusions and correct bugs on the website to ensure system security.
Online request
Contraste keeps data on professionals seeking employment. This personal data is mainly used to assess a candidate’s suitability for a job offered by Contraste or a Contraste client (qualifications, experience, etc.). More information on https://www.contraste.com/en/contraste-europe-privacy-policy-candidates
Contact web form
The information provided by the user via the contact web form is used only to respond to the user’s request. With the user’s express consent, their personal data may also be used to send them mail on subjects related to their work (new service offers, participation in trade fairs, etc.).
User data is only used for these purposes.
How Contraste collects personal data
Contraste creates and stores user data through the following information sources:
- Users send an email to join-us@contraste.com ;
- Users send a message to the ‘info’ address of a company in the Contrast group;
- Users apply for jobs online using the web form ;
- Users send a request via the web contact form ;
- Cookies
- Server log
Who processes users’ personal data ?
Navigation
Contraste’s IT department (data controller) and Audaxis SAS (host, subcontractor) are the main recipients of the user’s server log for the purposes described above. Access to the server log is secured and supervised. Audaxis SAS, as subcontractor, guarantees to take all technical and organisational measures to protect data as required by the new General Data Protection Regulation (RGPD) which replaces Directive 95/46/EC on data protection.
Online request
Contraste’s recruitment department is the main recipient of the candidate’s personal data for the purposes described in this privacy policy. During the recruitment process, candidate data is also passed on to Contraste’s client sales managers and consultants seeking Contraste clients. For more information, see: https://www.contraste.com/en/contraste-europe-privacy-policy-candidates
Contact web form
Contraste’s sales department is the main recipient of information collected from users via the contact form for the purposes described above. Depending on the nature of the request, the user’s personal data may be passed on to other Contraste Europe departments/companies involved in the request (Recruitment, Marketing, IT, Admin…).
How Contraste collects and retains user consent
Each user is clearly informed of the use of their personal data as described in this confidentiality policy.
Consent is only required for candidates and prospects. After the initial contact, the candidate/prospect is asked to give their explicit consent to data processing by means of an online form. The consent is stored in Contraste’s system. If Contraste does not obtain consent from the candidate/prospect, the candidate/prospect’s data will not be stored and processed.
How long does Contraste keep users’ personal data and what is the legal basis ?
Navigation
Server logs are stored for 6 months. The storage of server logs is legal until the user is duly informed and only for security purposes, such as the detection/resolution of intrusions and bugs.
Online request
After the candidate’s online acceptance, Contraste keeps the data for two years in accordance with the recommendations of the data protection authorities and only with the candidate’s express consent. On the basis of its legitimate interest, Contraste Europe keeps a minimum amount of personal information on the candidate (first name, surname, postal address, telephone number) for the proper functioning of the recruitment service.
Contact form
Personal data from the contact form is kept for the time necessary to respond to the user’s request. The retention period varies and depends on the complexity of the request. When a user submits a contact form, they can expect to receive a reply.
If the request is commercial, Contraste keeps the data for 3 years after the last contact, in accordance with the recommendations of the authorities responsible for the protection of privacy and only with the explicit consent of the candidate.
The data subject’s rights with regard to personal data
In relation to the new General Data Protection Regulation (GDPR), users have the following rights in relation to their personal data stored by Contraste:
- Right of access
- Right of rectification
- Right to erasure (right to be forgotten)
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right not to be subject to a decision based exclusively on automated processing
To exercise any of these rights, data subjects may send an e-mail to ContrastePrivacy@contraste.com stating the reason for the request. Contraste will provide any information requested relating to the rights of data subjects within one calendar month of receipt of the request. If Contraste receives a large number of requests or particularly complex requests, the deadline may be extended by a maximum of two months.
For security reasons, upon receipt of an application, Contraste will check the identity of the applicant. To this end, the acknowledgement of receipt will contain an invitation to perform one of the following operations:
Send a scan of an official proof of identity (identity card, passport) and a copy of a recent electricity bill (telephone, electricity…) clearly indicating the name and address of the person concerned.
The organisation of a telephone conversation, during which a certain number of questions can be asked, the answers being compared with the personal data contained in the Contraste database.
The request will be processed if and only if a positive authentication is obtained.
Data controller
Contraste never shares personal data with any other organisation outside the Contraste Europe group, with the exception of identified data controllers. As part of the recruitment process, the data controllers responsible for processing candidates’ data are as follows:
- Contraste clients are looking for consultants
- Microsoft Dynamics CRM
- Microsoft Office 365
Audaxis SAS is responsible for hosting this website.
As data controllers, they ensure that all technical and organisational measures to protect data are implemented, as required by the new General Data Protection Regulation (GDPR), which replaces the Data Protection Directive 95/46/EC.
Security measures for technical information
List of safety measures
Contraste Europe uses a networked IT infrastructure, enabling its employees to communicate internally and with third parties and to use applications and services. Contraste has implemented various security measures covering the following areas:
- Raising user awareness
- User authentication
- Authorisation management
- Access monitoring and incident management
- Securing workstations
- Secure mobile computing
- Securing the IT network
- Securing servers
- Secure websites
- Store and plan for business continuity
- Secure archiving
- Data maintenance and destruction control
- Outsourcing management
- Secure exchanges with other organisations
- Protecting buildings
- Guide IT developments
- Encrypt, guarantee integrity or sign
- Contraste regularly tests and improves these security measures.
Security breaches
Detecting security vulnerabilities
Any event representing a potential threat to personal data must be considered as a security breach. The threat may be of various kinds: loss, alteration, corruption or exposure to third parties.
The events that must be considered as a threat are the following:
- Intrusion of a third party into the company network.
- Infection of one or more devices by malicious software, in particular a virus, rootkit, etc.
- Loss of a USB stick containing files with personal data.
- Loss of a PC, tablet or smartphone containing or capable of accessing files containing personal data.
- Security breach at one of our subcontractors
Contraste has taken a number of steps to detect each of these events immediately.
Risk assessment
When carrying out a risk analysis, Contraste first identifies the potential damage (physical, material or moral) associated with a processing activity. Next, we assess the seriousness of the harm that could result. Finally, Contraste assesses the likelihood of the event by analysing the vulnerabilities of its systems and operations and the nature of the threats. Risks are classified into three categories: ‘high risk’, ‘risk’ and ‘low risk’.
Reporting security breaches to the authorities
If the breach of security could result in a threat to data subjects, such as, for example, identity theft, fraud, financial loss or influence, Contraste will notify the authorities.
This notification must be made within 72 hours of the positive finding of the threat to safety. If this deadline is exceeded, the additional delay must be justified.
Notification of the security breach to the persons concerned
If the risk to the persons concerned is deemed high, they must also be informed. If there is any doubt about the extent of the risk, the authorities may be contacted for verification.
If the situation requires notification to the persons concerned, they must also be given advice on how to mitigate the risk.
Definitions
Controller
The controller is a natural or legal person (e.g. a company), public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
For example, Contraste is a legal entity that is responsible for processing the personal data of its employees as part of its human resources management.
GDPR, Art.4 (7)
Processor
The processor is a natural or legal person, public authority, department or other body which processes personal data on behalf of the controller and solely on the controller’s instructions.
An employee of the controller is not considered to be a processor.
GDPR, Art.4 (8)
Processing of personal data
The processing of personal data is any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means (e.g. software), such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
GDPR, Art.4 (2)
Personal data
Personal data refers to any information relating to an identified or identifiable natural person, also known as a ‘data subject’. A person is considered identifiable when he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors characterising the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Source : GDPR, Rec.26 ; Art.4 (1)
Sensitive personal data
Sensitive personal data’ means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data. Data relating to offences and convictions are dealt with separately (criminal law does not fall within the legislative competence of the EU)’.
Source : GDPR, Rec.10, 34, 35, 51 ; Art.9 (1)
Privacy protection authorities
Belgium
Data Protection Authority Rue de la Presse, 35 B-1000 Brussels Belgium Telephone +32 2 274 48 00 www.dataprotectionauthority.be contact@apd-gba.be
France
Commission Nationale de l’Informatique et des Libertés (CNIL) (French Data Protection Authority) 3 Place de Fontenoy TSA 80715 F-75334 Paris Cedex 07 France Phone +33 1 53 73 22 22
Luxembourg
National Commission for Data Protection (CNDP) 1, avenue du Rock’n’Roll L-4631 Esch-su-Alzette Luxembourg Telephone +352 26 10 60 1
Europe
European Data Protection Supervisor