In this privacy notice, we want to explain clearly what personal data, and why, we process under our CRM (customer-relationship management) and marketing activities. If you have expressed interest in our services as a prospect, if you’re an existing commercial contact person of ours (like an HR business partner with one of our customers), or if you have attended one of our events, this privacy notice will be applicable to our processing of your personal data.
By ‘we’, we mean SD Worx People Solutions NV (“SD Worx”). SD Worx is the controller of your personal data for these activities. Where you have opted in to receive more information about our services, if you attend one of our events, or if you already employ our services, SD Worx People Solutions will process your personal data for marketing and CRM purposes. This privacy notice does not cover any other processing activities of SD Worx.
SD Worx Group NV
Attn.: Data Protection Officer
In the following sections of this privacy notice, we will explain what personal data we process about you for our CRM and marketing activities, and why. Other details will include who has access to your personal data, and how long we keep it. We’ll also point out what your individual rights for that personal data are and how you can exercise them, as well as other important information.
For our CRM and marketing activities, we will process the following categories of personal data about you:
We may collect this information directly from you during RFI/RPFs and related activities, or via forms that are present on our website which allow you to provide us with your contact details.
We will use your personal data only as necessary for our marketing and CRM activities, delivery of newsletters, and organising webinars and/or events. This processing is carried out on the basis of our legitimate interest to carry out sound customer relationship management and delivery of marketing materials, or on the basis of your consent (e.g. by explicitly opting in to receive a newsletter about our services).
In this section, we want to make explain who can have access to your personal data, and why. As a strict rule, we make sure people, our suppliers, or other third parties only receive or have access to what is really necessary. For clarity’s sake, we distinguish between two kinds of recipients: those within SD Worx, and those outside of our organization.
SD Worx is a global organization. Our marketing division includes team members located in our entity in Mauritius and Switzerland. The international transfer of personal data to Mauritius is covered by additional safeguards including standard contractual clauses which may be consulted here. The international transfer to Switzerland is supported by an adequacy decision of the European Commission.
For our CRM and marketing activities to operate smoothly, we make use of several suppliers. These suppliers, also called processors, may host your personal data, or have access to it as part of a marketing campaign. We have strict contracts in place to make sure that they protect any personal data they receive or have access to. These parties are the following:
To support the international transfer of data towards Salesforce.com, based in the UK, we have implemented additional safeguards, called ‘standard contractual clauses’, which can be consulted here.
We take care not to hold your personal data for longer than necessary. As a rule, your personal data will be retained as long as necessary for the purpose that it has been collected or is being processed. In some cases, we will be under a legal obligation to retain your personal data for a specific period of time. When a retention period has expired, we will either securely delete or safely anonymize the personal data that period applied to.
Data protection law provides you a number of rights. Here, we want to explain what those rights entail, and how you can exercise them. You have the following rights:
If you want to exercise any of the rights above, we ask you to reach out to our Data Protection Officer via email to firstname.lastname@example.org.
It helps both of us if you make your request as specific as possible. In some cases, we may reach out to you to verify your identity. This way, we avoid any personal data ending up in the wrong place. We will do our best to respond to your request within a month of receipt or after having verified your identity. If your request is complex, this may take longer.
You also have the right to submit a complaint with your local supervisory authority. A full overview of these authorities can be found here.
Whenever we make changes to our CRM activities, we will update this privacy notice as necessary.
This version of our privacy notice was published on 15 June 2021