Privacy Policy

1. Introduction and presentation of the data controller

This Privacy Policy (hereinafter “the Policy”, “the presence”) is issued by ONE GDPR, whose registered office is located at 161 Drève Richelle, Building M, Box 57, 1410 Waterloo, Belgium.

ONE GDPR (hereinafter “we”, “us” / “our”, “ONE GDPR“) is a company that offers a toolbox of modules to help companies to comply with the GDPR and cybersecurity requirements.

The purpose of this Policy is to explain how ONE GDPR collects, uses and retains your personal data. It is important to understand that the protection of personal data and respect for your privacy are core values of our company and we are committed to protecting them from everyone.

By “personal data” we mean any information about you that allows you to be identified, directly or indirectly, as a natural person.

In the course of our activities relating to the website, we may process some of your personal data. This Policy also aims to describe to you the various processing operations we carry out on your data.

More generally, this Policy is part of our desire to act transparently in compliance with the law of 30th July 2018 on the protection of individuals with regard to the processing of personal data and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of individuals with regard to the processing of personal data (hereinafter “GDPR“).

In the light of these texts, we are to be considered as data controller, within the meaning of Article 4(7) of the GDPR, in that we alone determine the purposes and means of processing your personal data collected via our website.

2. Processing of personal data

First of all, it is important to define what is a treatment.

The GDPR defines processing as any operation or set of operations, whether or not by automatic means, which is performed upon personal data or sets of personal data.

The treatments cover a wide range of actions, such as :

  • Registration ;
  • Erasure or destruction ;
  • The organisation ;
  • Conservation ;
  • The use ;
  • Collection ;
  • Adaptation or modification ;
  • Structuring ;
  • The consultation ;
  • The limitation ;
  • Communication by transmission ;
  • Dissemination or other forms of making available ;
  • Reconciliation or interconnection.

3. Categories of data processed and methods of collection

Then there are the questions of what categories of data we process via our website and how they are collected.

a. Collection methods

We collect your personal data directly from you:

  • when you use our website ;
  • when you subscribe to our newsletter ;
  • when you want to contact us to ask for information about the services we offer ;
  • when you wish to submit your unsolicited application.

b. Categories of data collected

Our business activities within the framework of the use of our website lead to the collection of a number of personal data.

The main personal data we will collect are the following:

  • Identification data (name and surname) ;
  • Electronic data (e-mail address) ;
  • Phone data (phone number) ;
  • Postal data (postcode, city) ;
  • Data included in a curriculum vitae (photo, date of birth, past professional and academic experience, lifestyle information etc.)
  • Any other data that you voluntarily provide to us.

c. Non-personal data

In the course of our activities, we may collect non-personal data.

These data are qualified as non-personal data because they do not allow you to be identified, directly or indirectly, as a natural person.

This type of data can be used for any purpose.

However, if non-personal data is combined with personal data in such a way that it can be identified, it will be treated as personal data until such time as it cannot be linked to you.

4. Purposes and legal basis of the processing

a. Legal basis

For the processing of personal data to be legitimate, it is necessary that it is based on one of the 6 legal grounds listed in Article 6 of the GDPR.

The legal bases are as follows:

  • Your informed consent for one or more specific purposes;
  • The need to perform a contract with you to which we are a party or the performance of pre-contractual measures taken at your request;
  • The need to comply with a legal obligation to which we are subject;
  • The need to safeguard your vital interests or those of any other individual;
  • The need to perform a task in the public interest or in the exercise of public authority with which we are entrusted;
  • The need to pursue our legitimate interests or those of any other third party, provided that these interests do not override your interests or fundamental freedoms.

b. Purposes and related legal bases

As mentioned, it is necessary for us to justify the purposes of processing your data on the basis of one of the legal bases of Article 6 of the GDPR.

Treatments Goals Legal basis
Request for information about a service Contact with potential future clients (pre-contractual phase) Execution of pre-contractual measures
Contact form Customer relationship management Consent
Subscribe to our newsletter Getting to know the clients interested in a commercial prospecting of our services Legitimate interests
Sending an unsolicited application Taking cognisance of the identity and professional abilities of a candidate Consent

5. Unplanned treatments and compatibility with current treatments

Should we carry out processing for purposes not yet set out in this policy, we may use your personal data for purposes that are compatible with the purposes for which we originally collected the data.

In doing so, we take into account, among other things, any relationship between the original purposes, the subsequent purposes and the context (our relationship, the nature of the data and the consequences for you) in which the data was collected.

If we consider that the purposes are not compatible with the original purposes, we will contact you before processing the data for these other purposes.

6. Retention period

In accordance with the principle of limited retention, data will be retained strictly for the period necessary to fulfil the purposes for which the processing is justified, and not beyond. Under no circumstances will your data be kept for an unlimited period.

We keep all data for a period of 10 years after the end of the contract between us.

These periods have been set in accordance with Belgian law.

When the data are no longer necessary for the purposes for which their processing was justified or if you withdraw your consent and no other legal basis can be proven, the data will necessarily have to be destroyed so that it is impossible for anyone to trace your identity.

7. Recipients of the data

a. Communication to internal recipients

We only give access to your personal data to internal persons whose function requires it. Access to your data is strictly limited to them. We regularly check these accesses and secure the information provided, as far as possible.

b. Communication to third party recipients

In the course of our activities, we may disclose certain personal data to “recipients” outside our internal organization.

The GDPR defines recipients as the natural or legal person, public authority, department or other body receiving the communication of personal data, whether or not it is a third party.

Therefore, the following may be concerned :

  • Our contractual partners or the natural persons representing them, including its subcontractors, possible subcontractors, and possible co-controllers;
  • Public authorities, including banking institutions, labor inspectorates, tax services, police services, bailiffs, insurance companies, the social secretariat, the National Office for Annual Holidays, the NSSO, the NEMO, the Existence Security Fund, the administrations informed of the employment (unemployment insurance, health, retirement, mutual insurance, etc.), etc. ;
  • Any other authorized service or organization.

8. Rights under the GDPR

The GDPR expressly provides for a range of rights which are fully available to you. We inform you, through this Policy, of how you can exercise your rights. These rights allow you to maintain a form of control over the use of your personal data.

These rights are 7 in number and can be listed as follows:

  • Right of access, information and copy of data ;
  • Right to rectify data ;
  • Right to object to the processing ;
  • Right to erasure (right to be forgotten) ;
  • Right to restrict processing ;
  • Right to portability of your data ;
  • Right to withdraw your consent.

a. The right of access, information and copy of data

You have the right to obtain confirmation from us that your data is being processed.

You also have the right to access a range of information: the purposes justifying the processing, the categories of data concerned, the third parties to whom the data will potentially be disclosed, where and for how long the data will be stored, the existence of the rights of rectification, limitation or opposition, the right to lodge a complaint with the competent authorities, information on the origin of the data if it is not collected from you directly, the existence of automated decision-making and finally any relevant information concerning the logic, meaning and potential consequences of such processing on you.

We must make available a copy, electronic or otherwise, of the data being processed, free of charge, on simple request from you.

If you wish to have additional copies, we may ask you to pay a reasonable charge for the administrative costs of making such copies.

b. Right to rectify data

You have the right to inform us, without delay, of your wish to rectify the accuracy of certain data concerning you when you consider that they are inaccurate, incomplete or obsolete.

In view of the purposes of the processing, you have the right to have your incomplete personal data completed, including by providing an additional declaration.

c. Right to object to processing

Where we process your data on the basis of one of our legitimate interests, you have the right to object to the processing of your personal data at any time and on grounds relating to your particular situation.

We will then have to stop the processing unless we can prove that other grounds for continuing the processing override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

In addition, you have the right to object at any time to communications made for commercial prospecting purposes.

d. Right to erasure (right to be forgotten)

You have the right to obtain from us, under certain conditions, the deletion of your personal data without delay.

You may obtain the deletion of your personal data where one of the following grounds applies:

  • The data are no longer necessary for the purposes of the processing ;
  • You withdraw your consent to the processing of your data and we will only process your data on the legal basis of your consent ;
  • You object to the processing ;
  • We have processed your personal data unlawfully ;
  • The data we have is incomplete, inaccurate or obsolete ;
  • We must delete your personal data in order to comply with a legal obligation (under EU or Member State law) to which we are subject.

If we have made your data available to other entities, we are obliged to take all necessary steps to inform those entities that you have requested to have your data deleted.

e. Right to restrict processing

You have the right to obtain from us the limitation/restriction of the processing of your personal data. This right can be exercised in various cases and may complement the application of other rights.

If the restriction on processing no longer applies, we will inform you of this.

f. Right to portability of your data

If we process your personal data on the basis of a contract or your consent and the processing is carried out by automated means, you may ask us to transfer all of your personal data to you or to transfer it to another controller.

g. Right to withdraw your consent

Where processing is based on your consent, you have the right to withdraw it at any time. However, such withdrawal does not affect the lawfulness of any processing based on your consent that we have carried out prior to such withdrawal.

9. Exercise of rights

To exercise your rights, you can send us a written, dated and signed request either by post to the following address :

161, Drève Richelle

Building M, box 57

1410 Waterloo


In order to be able to help you enforce your rights, we need to verify that your request relates to your personal data.

We may ask you for additional information if it is not reasonably possible to identify you with the information we hold.

We are obliged to provide you with information on the measures taken in response to your request as soon as possible and in any event within one (1) month of receiving your request.

If necessary, this period may be extended by two (2) months if justified by the complexity or number of applications submitted. In the latter case, we shall be obliged to inform you of such an extension within one month of receiving the request.

If your request is refused, you will have the possibility to lodge a complaint with a supervisory authority or to seek legal redress.

10. Data security

We undertake to take all appropriate technical and organizational measures to ensure that the processing of your data is carried out with a level of security that is appropriate to the risk it poses.

We undertake, to the best of our ability, to do everything in our power to prevent them from being distorted, damaged or accessed by unauthorized third parties.

We make our staff members who have access to personal data aware of the risks and consequences of data leakage (e.g. hacking, theft of a work computer, sending an attachment containing data from another client, etc.) and of the need to secure their processing.

If these assumptions occur while we have control over your data, we will act quickly to identify the cause of the problem and take appropriate action.

11. Modification

We reserve the right to modify this Policy to adapt it to new legal requirements. Such changes will take effect immediately after this Policy is updated and will be published on the website.

12. Data that we collect through cookies

A cookie is a small, usually randomly encoded, text files that help your browser navigate through a particular website. The cookie file is generated by the site you are browsing and is accepted and processed by your computer’s browser software. The cookie file is stored in your browser’s folder or subfolder.

Cookies have several functions, such as allowing you to navigate efficiently on a site or a mobile application, to remember your choices, the goods and services you wish to buy, to offer you relevant advertising content according to your centers of interest expressed during your navigation. You will find more information on cookies on the following sites :

ONE GDPR uses the strict minimum of cookies needed for its website. We use in particular :

Stricly necessary cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance cookies 

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Targetting cookies 

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted.

For more information about the different cookies used, their description and their retention time, check below :

13. Applicable law and juridiction

This policy is governed by Belgian law.

Any dispute relating to the interpretation or execution of this policy will fall under the exclusive jurisdiction of the courts of the judicial district of Walloon Brabant.

14. Contact

We are your first point of contact if you have any questions about this Policy or about data protection.

Please feel free to contact us at the postal address 161, Drève Richelle, Building M, Box 57 1410 Waterloo, Belgium or by e-mail at

15. Complaints and complaints to the data protection authority

You can also lodge a complaint with the Data Protection Authority to the following address :

Data Protection Authority

Rue de la Presse, 35

1000 Brussels, Belgium

Telephone + 32 2 274 48 00

Fax + 32 2 274 48 35

Last update: April 2022