Privacystatement - Suppliers

Version 25/06/2024

1.   Suppliers

Corilus processes personal data from suppliers as part of the implementation of an order (delivery of services, products and/or works).

2.   How do we collect your personal data?

Corilus may collect your personal data in a variety of ways:

• by receiving them directly from you, e.g., when submitting an offer
• by obtaining them indirectly, e.g., through information on the Internet

3.   What data do we process about you as a supplier?

From suppliers, we may process the following personal data:

• Identification data (name, first name, address, place of residence, e-mail address, phone number)
• Profession and job;
• Financial information; (e.g., account number, VAT number, company number, etc.)
• Location data (IP address))

4.   Why do we process this data?

Corilus processes your personal data necessary for:

• supplier management
• access management
• supplier administration (accounting)
• managing disputes
• complying with our legal obligations

5.   What is the legal basis for this processing?

Corilus always processes personal data lawfully for specified purposes.

Corilus makes every effort to process no more personal data than is necessary for this purpose and to retain personal data for no longer than necessary.

Corilus processes data for the preparation, awarding and execution of assignments and agreements, compliance with legal obligations (including tax obligations) and for the representation of legitimate interests (freedom of enterprise) of our organization.

6.   How long do we keep this data?

Corilus processes your data only for the purposes listed above for the time necessary to fulfill these purposes, taking into account the legal retention periods applicable to Corilus and any statutes of limitation that apply in the areas of accounting, taxation, etc., among others.

The retention period may be extended for warranty and after-sales service requirements of the contract, as well as for contacting you in connection with future purchases or (new) commercial questions.

7.   Overview

(*) The retention period may be extended for warranty and after-sales service conditions of the contract, as well as for contacting you in case of future purchases or (new) commercial questions. 

8.   Will this data be shared with others?

Corilus will neither disclose nor pass on your personal data except in the following cases:

• To competent authorities as part of an investigation or legal proceeding
• If it is required by law
• To the responsible entity or entities in mergers or acquisitions
• For internal sharing of administrative data within the Affiliated Companies of Corilus Group
• Subcontractors or contracting parties as necessary for the stated purposes. This may be an IT supplier in the context of an IT system supplier management, a third party such as banks, company auditors, external accounting firms in the context of supplier administration or the government if we are required to do so under regulations.

Corilus makes appropriate arrangements with these parties to ensure the security of your personal data.

9.   What are your privacy rights?

9.1.Right of inspection and a copy

You have the right to know what personal data we process about you, exactly what we do with it and why we do it. You also have the right to get a copy of this information.

9.2.Right to correction of data

If you believe that certain personal information about you is inaccurate or incomplete you have the right to notify us. You may also request that your personal data be temporarily withheld until it is accurate or complete. If it effectively concerns incorrect or incomplete personal data, we will amend it and, in principle, we will also ensure that other parties with whom your data is shared are notified.

9.3.Right to restriction of processing

If you dispute the accuracy of the personal data, you have the right to request that the processing of your personal data be stopped temporarily for the period of time Corilus needs to verify the accuracy of the personal data. If it turns out that the personal data is indeed incorrect, it will be updated and we will notify you.

9.4.Right to object

You have the right to object to processing of your personal data that is based on the legitimate interest of Corilus such as processing in the context of newsletters, marketing, or other processing that is not necessary in the context of our professional relationship.

9.5.Right to expiry

You have the right to request that your personal data be deleted if it is no longer needed for the purposes of this privacy statement or if you withdraw your consent to processing.

However, Corilus cannot delete personal data if we must or may retain it because of a legal obligation.

9.6.Transferability of your personal data

You have the right to receive your personal data in a universally readable format, such as a text file or other digital file, when the processing is based on consent, a contract or is carried out through automated processes.

9.1.Complaint to competent authorities

You also have the right to lodge a complaint with the Data Protection Authority, the supervisory authority in the field of privacy protection in Belgium(www.gegevensbeschermingsautoriteit.be), Drukpersstraat 35, 1000 Brussels, contact@apd-gba.be, if you believe that the processing of your personal data is in violation of applicable privacy laws.

10.       How can you exercise your rights?

Would you like further explanation or to exercise your rights as a data subject? If so, please contact us at qc@corilus.be

When requesting an exercise of rights, we may ask for information to verify the identity of the requester/data subject before answering a question. This is to determine whether you are actually the data subject whose personal data is being processed.