1. WHAT DO WE DO WITH YOUR PERSONAL DATA?
1.1SPIKE COMMUNICATIONS AGENCY SPRL, a company with limited liability organised under Belgian law, with statutory seat located at Rue du bourdon 100, 1180 Uccle (Belgium) and registered with the Crossroads Bank for Enterprises under company number 0464.221.709 (“Spike”, “we”, “our”, “us”) processes personal data related to its former and past customers or customers’ representatives, its prospects, its suppliers’ representatives, the visitors to its websites and other data subjects (the “data subject”, “you”, “your”).
2.1We use our best efforts to bring our data processing activities into compliance with applicable data protection legislation,including Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.
3. CATEGORIES OF PERSONAL DATA
3.1We process the following categories of personal data, in particular for the purposes described hereafter:
Your personal identification data (surname, first name, title), professional identification data (job title), email address, postal address and telephone number for managing our customer relationships, preparing our customer contracts, performing our business development, for invoicing purposes and for handling requests for information;
Your email address for allowing us to contact you for direct marketing purposes, to send you our newsletters and to invite you to commercial events;
Your personal identification data (surname, first name, title), professional identification data (job title), email address, postal address and telephone number for managing our supplier relationships and preparing our supplier contracts;
Data related to your professional life (work aptitudes, experience, information on your CV, etc.) for recruitment purposes;
Your electronic identification data (IP address, dates and hour of access to the website, pages consulted, etc.), only processed, on an aggregated basis, for measuring our website audience and for generally improving your user experience on our website;
Your personal identification data and email address when you make a request for information through our website;
Video footage of you, only processed in the context of the surveillance of our premises through CCTV and only to the extent permitted by applicable law.
3.2We may also process certain other categories of personal data where their processing is necessary for the establishment, exercise or defence of a legal claim.
3.3When performing market analysis online, we may process any personal data that is being made publicly available (e.g. information that is available on the Internet) or that we have otherwise obtained in accordance with Applicable Data Protection Law.
3.4We may also process your personal data: To carry out corporate restructuring operations; For the management of disputes with customers, suppliers and other data subjects.
3.5We may be processing your personal data in a capacity of data processor on behalf of our customers. In that case, we are acting under the documented instructions of our customers. We invite you to read their privacy statements to understand how your personal data is being processed and how to exercise your data protection rights. Unless otherwise agreed with our customers, we will forward to our customers any requests from you to exercise your data protection rights.
3.6The provision of your personal data may be necessary for:
The performance of a contract (e.g. the services contract between Spike and its customer) or in order to take pre-contractual steps at your request (e.g. in the context of a request for information for Spike services);
Compliance with a legal obligation applicable to us (e.g. with regard to invoicing, surveillance of our premises, taxation, etc.);
The legitimate interests pursued by us (or by a data recipient) provided that these interests prevail over your fundamental rights and freedoms.
3.7In some cases, we will ask for your free, prior and informed consent before processing some of your personal data (e.g. your email address for direct marketing purposes if you are not yet a customer with us, etc.).
3.8We do not subject you to decisions based exclusively on automated processing that produce legal effects concerning you or affect you significantly
3.9The provision of some of your personal data (e.g. your name, etc.) is a condition to the conclusion of a services contract with Spike.
3.10The possible consequences of not providing your personal data could include our inability to meet our obligations under the services contract or a breach by us of one or more obligations under applicable laws (e.g. accounting or tax laws).
3.11Please note that we may process personal data contained in the electronic communications you have with us or that you voluntarily provide in the context of a request for information.
4. SOURCE OF THE DATA
4.1We may collect your personal data as follows:
Directly from you, e.g. through the request for information; or
From publicly accessible information (on the Internet).
5. RECIPIENTS OF YOUR PERSONAL DATA
5.1We may disclose your personal data to the following recipients:
The account managers;
The customer support team;
The directors of Spike;
Our legal counsels and/or lawyers in the context of corporate restructuring operations and litigation proceedings;
Third party service providers related to the operation and maintenance of the information systems processing your personal data (these providers only have access to the personal data necessary to carry out their missions);
Government entities authorised to access and/or obtain your personal data in accordance with applicable law;
The courts and tribunals of the judicial order in the event of a dispute involving you;
Law enforcement authorities in the event of a finding or a suspicion of the occurrence of an offence involving you in accordance with or as required by applicable law.
5.2In the event of corporate restructuring operations (e.g. mergers or acquisitions), we may transfer your personal data to a third party involved in the transaction (for example, a buyer) in accordance with Applicable Data Protection Law.
6. THIRD PARTIES
6.1We take appropriate measures to ensure that our third party vendors process your personal data in accordance with Applicable Data Protection Law
6.2We also ensure that our processors undertake to, among other things, process your personal data only on our instructions, not hire subprocessors without our consent, take appropriate technical and organisational measures to ensure an adequate level of security of your personal data, ensure that persons authorised to access your personal data are subject to obligations of confidentiality, return and/or destroy your personal data at the end of their services, comply with audits and assist us in following up on your requests regarding the exercise of your data protection rights.
7. TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA
7.1We transfer your personal data to countries located outside of the European Economic Area (“EEA”), such as the United States.
7.2In case your personal data is transferred to countries located outside of the EEA, we will ensure that appropriate safeguards are taken, such as:
The country to which the personal data are transferred has benefited from an adequacy decision by the European Commission under Article 45 of the GDPR; or
Standard data protection contractual clauses as approved by the European Commission pursuant to Article 47 of the GDPR have been established; or
In case of a transfer of personal data to the United States, the transfer complies with the conditions imposed by the EU-US Privacy Shield under Article 45 of the GDPR.
7.3For further information about transfers of personal data outside of the EEA, please consult the following link: https://edps.europa.eu/data-protection/data-protection/reference-library/international-transfers_en.
7.4If you would like to obtain more information about the appropriate safeguards taken by Spike for the transfer of personal data outside of the EEA, please contact our Data Protection Correspondent by email at GDPR@spike.be.
8.1We ensure that your personal data are kept for no longer than is necessary for the purposes for which they are processed.
8.2We use the following criteria to determine the retention periods of personal data according to the context and purposes of each processing operation:
The date of your last contact with Spike;
The date of your last visit on the website of Spike;
The sensitivity of personal data;
Security reasons (for example, the security of our premises or of our information systems);
Any current or potential dispute involving you;
Any legal or regulatory obligation to retain or delete personal data (for example, a retention obligation imposed by accounting.
or tax laws).
9. YOUR RIGHTS
9.1Subject to Applicable Data Protection Law, you have the rights to be informed, to access, rectify and erase your personal data, the rights to object to or restrict the processing of your personal data, the right to data portability and the right to withdraw consent.
What does it mean ?
The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this Policy.
The right of access
You have the right to obtain access to your personal data. This is so you are aware and can check that we are using your personal data in accordance with Applicable Data Protection Law.
The right to rectification
You are entitled to have your personal data rectified if they are inaccurate or incomplete.
The right to erasure
(the “right to be forgotten”)
You have the right to have your personal data erased. However, the right to erasure (or the “right to be forgotten”) is not absolute and is subject to special conditions. We may retain your personal data to the extent permitted by applicable law, and in particular when their processing remains necessary to comply with a legal obligation to which Spike is subject or for the establishment, exercise or defence of a legal claim.
The right to restrict processing
You have rights to restrict further use of your personal data (e.g. when Spike does not need your personal data anymore but your personal data are still necessary for the establishment, exercise or defence of a legal claim).
The right to object to processing
You have the right to object to certain types of processing (e.g. when the processing is based on the legitimate interests of Spike and, taking into account your particular situation, your interests or fundamental rights and freedoms prevail).
The right to data portability
You have the right, under certain circumstances, to receive the personal data concerning you and that you have provided to Spike in a structured and commonly used machine-readable format and to transmit them to another data controller.
The right to withdraw consent
If you have given your consent to the processing by Spike of your personal data, you have the right to withdraw your consent at any time.
9.2 Please forward any request regarding your rights as data subject to our Data Protection Correspondent by email at GDPR@spike.be. We will try to comply with your request as soon as reasonably practicable and always under the timeframes set forth by Applicable Data Protection Law. Please note that we may need to retain certain of your personal data for certain purposes as required or authorised by law. Please also note that, if we have doubts about your identity, we may require you to provide us a proof of your identity to prevent unauthorised access to your personal data.
10. RIGHT TO OBJECT TO MARKETING
10.1 If you are a customer of Spike, we process your email address for direct marketing purposes.
10.2 You have the right to object at any time to the processing of your personal data for direct marketing purposes by unsubscribing from our mailing list or by sending an email to our Data Protection Correspondent at GDPR@spike.be.
11.1 We implement adequate technical and organisational measures to ensure a level of security of your personal data that is appropriate to the risks.
11.2 We take appropriate measures to ensure that we report security incidents leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
12. QUESTIONS AND COMPLAINTS
12.1 If you have any questions or complaints about the way we process your personal data, please send them to our Data Protection Correspondent by email at GDPR@spike.be or by post at Spike Communications Agency SPRL, Rue du bourdon 100, 1180 Uccle (Belgium).
12.2 You have the right to lodge a complaint at the competent supervisory authority. The competent supervisory authority for Belgium can be contacted at
35 Rue de la Presse / Drukpersstraat, 1000 Brussels
+32 (0)2 274 48 00
13.1 We reserve the right to modify this Policy at any time, so please review it frequently. We will inform you of changes we make to this Policy so that you are at any time aware of the way we process your personal data.
13.2 We reserve the right to modify this Policy at any time, so please review it frequently. We will inform you of changes we make to this Policy so that you are at any time aware of the way we process your personal data.
13.3 This Policy is governed by Belgian law and any litigation arising out of, or in connection with, the formation, execution, interpretation and termination of this Policy will be submitted to the courts of Brussels.