Privacy policy

1. Objective

Protection of your privacy and your personal data is of capital importance to VENTYR. This document comprises the privacy policy defined by VENTYR within the scope of the following activities:

When you use our websites (such as, but not limited to, www.ventyrenergy.com) or the contact form;
When you use our social media;
When you enter into an agreement with us, become a partner or a supplier or carry out works for us, register to use our (online) applications (each time you log in or use the service), participate in a tender with us or when you communicate with us in that context;
When you are a shareholder in our company;
When you apply for a job at VENTYR;
When you subscribe to our newsletters;
When you visit our premises; and
When you communicate with us by e-mail, phone or any other digital communication channel.

This privacy policy has been written to comply with the European Regulation 2016/679 dated 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).

The goal of this privacy policy is to give you comprehensive information on this subject, to explain how we collect, use and store your personal data and what your rights are.

2. What constitutes “processing of your data” and who is responsible for it?

“We” in this privacy policy refers to VENTYR:

VENTYR acts as the data controller of the personal data that it processes within the scope of the above-mentioned activities. We only collect and use personal data that is necessary within the scope of such activities.

In certain circumstances, third parties may (also) be responsible for the processing of your personal data. For example, if you click on a link and leave our website or if you use our social media (e.g., LinkedIn or Twitter) and have your own social media account. We have no control over the data social media providers collect about you. In that case, we recommend that you consult the privacy policies of these third parties.

For some services, we call upon specialized third-party operators which, in some cases, work as processors. In such cases, they are duty bound to follow our directives. In other cases, these third parties and VENTYR are jointly responsible for processing and they must therefore respect the legal obligations connected to this position as well.

We ensure that these processors only receive the data that is strictly necessary for the performance of their tasks, as defined in our agreements with them. They have to implement a privacy policy, in line with the legal obligations and the privacy policy of VENTYR as well.

3. What data is covered by our policy?

The data covered by our policy is personal data of natural persons. This is data that can directly or indirectly enable identification of a data subject. However, we never process data concerning your racial or ethnic origins, political opinions, religion, philosophical beliefs, trade union membership, genetic data, sex life or sexual preferences, unless obliged to do so by the law (e.g., when we organize social elections).

We also process personal data of minors, but only to the extent required for the administration and legal obligations related to our shareholders.

We will only process your personal data for a specific purpose and to the extent permitted by law. We further explain below in which cases we collect and use your personal data. If we do not receive your personal data directly from you, we will also inform you of this in below cases:

When you use our website or the contact form
When you enter into an agreement with us, become a partner or a supplier or carry out works for us, register to use our (online) applications (each time you log in or use the service), participate in a tender with us or when you communicate with us in that context
When you are a shareholder in our company
When you apply for a job at VENTYR
When you subscribe to our commercial mailings
When you visit our premises
When you communicate with us by e-mail, phone or any other digital communication channel
In all of the above cases

4. When is your personal data collected?

The data that we use can be collected directly from you in the above-mentioned situations, or can be obtained from the following sources with the aim of verifying or enhancing our databases:

Publications/databases made accessible by the official authorities (e.g., the Belgian State Gazette).
Our corporate partners, suppliers or other business contacts.
Databases made public by third parties.

5. Who has access to your data and to whom are they transferred?

Only authorized users have access to your personal data to carry out the tasks mentioned above.

An authorized user is somebody who, as part of carrying out their work for VENTYR, is authorized to process personal data within the framework of VENTYR’s directives (e.g., persons who work for us, as well as suppliers who help us process your personal data).

To accomplish the aforementioned tasks, VENTYR can disclose your personal data to:

Shareholders of entities in the VENTYR
An external auditor;
A legal advisor;
A financial consultant;
Another professional and/or service provider/consultant;
A social bureau, banking organizations, insurers, funds;
Our employees, suppliers or other contractors;
Your employer or business partners;
IT-companies or service providers for software and electronic data storage (servers, etc.);
Legal, administrative or police authorities;
Government or judicial authorities to the extent that we are obliged to share your personal data with them (e.g., tax authorities, police or judicial authorities or supervisory authorities).

6. How long do we keep your data?

We store your personal data for as long as necessary to achieve the purposes described above (such as good book-keeping, efficient management of our assets and responses, claim management and legal or regulatory demands) or, when we have asked you for your consent, until you withdraw your consent.

As a general rule, we will de-identify your personal data when it is no longer needed for the purposes described above or when the retention period, as explained in this Article 6, has expired. However, we cannot delete your personal data if there is a legal or regulatory obligation or a court or administrative order preventing us from doing so, or to the extent that such personal data are used or can be used as evidence in imminent or on-going disputes.

We retain all personal data collected through our website for as long as necessary to protect the legitimate interests stated above or until your consent is withdrawn. We retain technical information such as our server log files until one year after your visit to our website, after which it will be deleted or de-identified. Messages that you send us via the contact form will be retained as long as necessary to handle and follow up your question, request, comment, or other input. We also keep an archive of so-called tickets we received via the contact form. We will remove or de-identify tickets we have closed no later than 5 years after closure.

All personal data we collect through our social media we retain as long as necessary to protect the legitimate interests stated above. Messages that you send to us via social media and your identity and contact details and technical details related thereto, we will retain as long as necessary to handle and follow up your question, request, comment or other input. We will not retain this data longer than 5 years after your message, after which it will be deleted or de-identified.

We retain all personal data collected when we have an agreement with you, or when you become a partner, supplier or carry out work for us, for the duration of our contractual or business relationship with you and until 10 years after the end of that relationship. When you participate in a tender with us, we will retain your personal data for the whole duration of the tendering process and, if we win, until 10 years after the end of the assignment for which we tendered, or if we lose, until 5 years after we received the decision that we did not win or after the decision to revoke our participation to the call for tenders.

We retain all personal data of our shareholders for as long as you are a shareholder and until 5 years thereafter unless the law requires a longer retention period.

We will retain all personal data we collect from you as part of your application for the duration of the application process and, if we choose to employ you, in accordance with our privacy policy for employees. If we do not choose to employ you, but we have invited you for an interview, we will retain your personal data for 2 years after the review process has ended. If you consent to the inclusion of your personal data in our recruitment reserve, we will retain your personal data for 2 years after receipt of your personal data.

All personal data we collect when you visit our premises will be retained as long as necessary to protect the legitimate interests stated above or, if you have used our Wi-Fi network, until your personal data is no longer required for this purpose. We consider this retention to be necessary until 1 year after your last access to our Wi-Fi network. Identity and contact details and other information collected as part of your visit, we retain as long as necessary to manage our business activities responsibly and professionally. We will not retain this data longer than 3 months after your visit. We do not retain camera images recorded during your visit for more than 14 days after the image was recorded, unless there is a legitimate reason to retain these camera images for a longer period of time.

All personal data we collect through our interactions with you through social media, telephone, e-mail or other digital communication channels will be retained for as long as necessary to communicate with you, but also to maintain a historical record of our communications. This allows us to return to previous communications when you come back to us with new questions, requests, comments or other input.

Certain data is archived for a minimum duration to meet our legal obligations and for evidence purposes to safeguard your rights and the rights of our company. This archived data is only accessible for needs as evidence in legal proceedings, for inspection by authorized authorities (such as the tax authorities), or to provide documents to the legal, administrative or police authorities.

7. Security and confidentiality

VENTYR undertakes to adopt the required and appropriate technical, physical and organizational measures to protect personal data against unauthorized access, unlawful and unauthorized processing, loss or accidental damage and unauthorized destruction.

These measures are regularly assessed and updated if necessary in order provide maximum protection for the personal data of the data subjects concerned.

In case of a data breach or computer flaw, as described below, VENTYR takes the required and appropriate measures to assess the extent and consequences, to put an end to such occurrences as quickly as possible and, where necessary, limit its impact for the data subjects concerned.

8. Transfer of data outside the EEA

In the case of international transfers from the EEA to a third-party country that the European Commission officially recognizes as having a level of personal data protection that is equivalent to the level stipulated by legislation within the EEA, we will rely on the relevant adequacy decision to transfer your personal data.

For transfers to countries outside the EEA that the European Commission does not officially recognize to have sufficient data protection, we base our action on a dispensation applicable to the situation (for example, in the case of international payments, such a transfer is necessary for performance of the contract).

If you require more information about how we transfer your personal data, please contact us by e-mail at gdpr@Ventyr.eu.

9. What are your rights and how can you exercise them?

Rights of data subjects

In compliance with enforceable regulations, you have various rights:

The right to request access to personal data (A)
The right to rectify such data (A)
The right to delete such data (A)
The right to oppose processing of such data (B)
The right to request limitations on processing (B)
The right to withdraw your consent (B)
The right to data portability (C)

A – Right to access, rectification and deletion

Any data subject has the right to make a request to access their data. If a data subject exercises this right, VENTYR is required to provide the information regarding this matter, including:

Giving a description and copy of the personal data.
Informing the data subject why VENTYR processes such data.

If the data is inaccurate or incomplete, the data subject can request their rectification.

In certain circumstances, the data subject may, in compliance with data protection regulations, request the deletion of personal data concerning him, if, amongst other reasons, the personal data is no longer required for the purposes for which it was collected or processed. However, VENTYR can refuse to delete such data, for example due to the establishment, implementation or to proof of a right in legal proceedings.

To ensure your data is kept fully up-to-date, we ask that you inform us of any changes (for example, change in civil status, address, etc.).

VENTYR can only base itself on the personal data that were shared with VENTYR by the data subject itself and does not accept any responsibility in case this data should not be correct.

B – Right to oppose and limit processing of your data and the right to withdraw your consent

You have the right to oppose certain processing of your personal data that we wish to perform. This right is only valid if you have serious and legitimate reasons based on your specific situation to oppose the processing of your personal data. If this reason is justified, your data will not be further processed.

You may also request that processing of your data be restricted under certain conditions:

If you contest the accuracy of your personal data, during the period that VENTYR needs to check your personal data;
If the processing is unlawful and you oppose the erasure of the personal data
If VENTYR no longer needs your personal data, but you need them for the establishment, exercise or defense of legal claims.

If you have given your consent for processing of your personal data, you have the right to withdraw this consent at any moment.

C – The right to data portability

When necessary and insofar as it is possible, the data subject may request to receive the personal data he supplied to VENTYR within the scope of managing and conducting his activities and to transfer such data to another data controller. In cases where it is technically possible, the data subject may request that VENTYR directly transfers such data to another data controller.

10. How can you familiarize yourself with this policy and its modifications?

In a world of constantly changing technology, we regularly update our privacy policy.

We therefore invite you to familiarize yourself with the latest version of this document on our website and we will try to inform you of any substantial modifications via our website or our normal methods of communication.

11. How to contact us

If you have any question concerning the use of your personal data by VENTYR or this policy, you can contact the general address contact@ventyrenergy.com

This privacy policy is applicable with effect from 25/08/2022