Contact usGot hacked?

Any question?
Leave us a message








Has your business been hacked?

Contact our experts 24/7 via csirt@approach-cyber.com
or call us on

You are here

Privacy Statement

 

APPROACH GROUP (hereinafter referred to as APPROACH) respects and is committed to protecting the personal information of our covered individuals. We follow privacy policies and data protection practices to comply with the law and to earn trust and confidence in APPROACH. Our privacy policies and data protection practices extend by contract to our supplier and partner relationships. APPROACH board members, employees, and those working on behalf of APPROACH are informed about these policies and practices and are expected to follow them.

This Privacy Statement informs you of our privacy practices and of the choices you can make about the way we collect and use information about you, including information that may be collected from your online activity, and information provided to APPROACH for purposes of recruitment or employment consideration.

This statement, set forth below, is our Privacy Statement APPROACH. Here we describe the practices we follow to respect the privacy of all visitors to our website.

1. Principles

1.1 Lawfulness and Fairness

We process personal data in accordance with EU General Data Protection Regulation 2016/679 and with transparency and fairness to you. 
Our data processing activities are conducted: 1) with your consent; 2) in order to fulfil our obligations to you; 3) for the legitimate purposes of operating our business, or 4) otherwise in accordance with law.

1.2 Transparency and Consent

We are transparent and provide clear notice and choice to you about the types of personal data collected and the purposes for which it is collected and processed. We will not use personal data for purposes that are incompatible with these Principles or our Privacy Statement.

1.3 Data Access

We provide you with reasonable access along with the ability to review, correct, amend or delete the personal data you have shared with us.

1.4 Accuracy and Integrity

We take reasonable steps to ensure that personal data is accurate, complete and current.

1.5 Purpose Limitation

We only use personal data for the purposes described at the time of collection or for additional compatible purposes in accordance with law.

1.6 Data Security

We are implementing strong information security controls in our own operations in order to protect personal data against unauthorised use or disclosure.

1.7 Data Transfer

We acknowledge our potential liability for transfers of to third parties. Personal data will only be shared when third parties are obliged by contract to provide equivalent levels of protection.

1.8 Special categories of personal data

APPROACH does not collect any special categories of personal data (sensitive personal information). Sensitive personal information includes: information revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; the processing of genetic or biometric data for the purpose of uniquely identifying a natural person; information concerning health; information concerning a natural person's sex life or sexual orientation; and in some cases, social security numbers or financial information.

1.9 Children

APPROACH does not knowingly collect information from children as defined by local law and does not target its websites or mobile applications at children.

2. What does data-processing mean and who is responsible?

“Personal data-processing” means any operations or set of operations which is performed on personal data or on a set of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, or combination, restriction, erasure or destruction.

APPROACH, with registered offices at 1435 Mont-Saint-Guibert, rue Edouard Belin 7, Belgium, company number 0427-365-964, is responsible (data controller) for the processing of your data. You are legally entitled to request details of the personal information we are holding about you.

3. How do we collect, use, protect and disclose your data

We collect and use personal data to manage your relationship with APPROACH. Examples of how we may use your data include:

3.1 Use of our website

Registration is not required for you to use our website. If you are merely a visitor, we do not collect any personal information about you except to a limited extent through the use of cookies, which are described in the Cookie Statement. However, there may be circumstances in which you choose to register and receive updates or information from APPROACH. In these cases, APPROACH may contact registrants to invite them to special events, provide them with information about our services, publications and products, or for other marketing purposes.

3.1.1 Contact forms

APPROACH facilitates various contact forms (e.g. event registration, contact for information, candidature, etc.) via our website. Personal information may be collected via those forms. The type of information collected is contact information, including first name, last name, mailing address, telephone number, fax number, email address and other similar type of information.

APIs from third parties complying with data protection regulations is used in order to capture and send data entered in the forms via mail. Your data is not stored on a local database. The information collected on registration is protected using industry-standard encryption technology because it is sent over the Internet.

In case of event organisation, APPROACH may share registrant information with third parties in association with the event.

Examples of "third parties" include hotels, sponsors or co-sponsors, promoters, event organisers (including via third party websites), speakers, etc. Please check the details provided at individual events to understand fully how your information will be used and retained.

When you register on our website, your personal information will be stored in our customer relationship management (CRM) system. We use Salesforce, a cloud-based platform that allows us to store, organise, and manage customer data such as names, email addresses, phone numbers, and other contact information. We use this information to communicate with our customers, to provide customer support, and to personalize our services.

Data of registrants who have been out of active use for 24 months will be deleted from our CRM system.

3.2 Mailing

APPROACH makes uses of Sendinblue for targeted mail campaigns purpose (examples: newsletter, announcement, etc.). More information on the measures Sendinblue has taken in terms of GDPR compliance can be found by clicking on the following link:

https://www.sendinblue.com/gdpr/

3.3 Google reCAPTCHA

We use Google reCAPTCHA on our website to prevent spam and abuse by bots. reCAPTCHA is a security service provided by Google that uses advanced risk analysis to distinguish humans from bots. reCAPTCHA collects various information about website visitors and this information is used to determine whether a visitor is a human or a bot and to prevent spam and abuse. By using our website, you consent to the processing of your data by Google for the purposes of providing the reCAPTCHA service. Please review Google's Privacy Policy and Terms of Service for more information.

3.4 Google Tag Manager

We use Google Tag Manager on our website to manage and deploy various tracking and marketing tags. Google Tag Manager is a tag management system provided by Google that allows website owners to add, modify, or remove tags without modifying the website's code directly. When you use our website, Google Tag Manager collects certain information about your visit, such as your IP address, browser type, and operating system, as well as information about the tags that are triggered during your visit. We use this information to improve the performance of our website and to analyse user behaviour. Please review Google's Privacy Policy and Terms of Service for more information.

3.5 Google Analytics 4

We use Google Analytics 4 on our website to analyse how users interact with our content and to improve our website's performance. Google Analytics 4 is a web analytics service provided by Google that tracks and reports website traffic. Google Analytics 4 collects various information about website visitors, such as IP addresses, device types, and browser types, in order to provide analytics and insights about user behaviour. We use this information to understand how users interact with our website, to identify areas for improvement, and to personalize our content and advertising. Please review Google's Privacy Policy and Terms of Service for more information.

3.6 Processing of the personal data of candidates

This is the Privacy Statement of APPROACH for the processing of personal data of candidates or applicants. This applies to the processing by APPROACH of all personal data of potential candidates or applicants (hereinafter: candidates) obtained in the context of our recruitment activities.
The goal is to inform our candidates about how we will use their personal data in connection with applications at APPROACH.
Please note that as candidate, the acceptation to the use of your personal data for our recruitment process signifies your understanding and acceptance of the terms of this Privacy Statement.

3.6.1 Purpose of collecting your personal data

Our purpose is finding suitable candidates for our current and future vacancies.

We collect your personal data on our Approach Salesforce tool from:

  • your received information if you have responded to an APPROACH recruitment initiative;
  • any correspondence between you and our recruiter(s);
  • your public profiles on LinkedIn or other social networks and other public available websites (like ICTjobs).
3.6.2 On what legal basis do we process personal data for this purpose?

For this purpose, we process your personal data on the basis of our legitimate business interest. We process your personal data to find suitable candidates for vacancies and/or an employee contract at APPROACH.

3.6.3 What personal data do we process for this purpose?

For this purpose, we process personal data that we have collected (see 2.3.1). This includes information such as your name, contact details, address (optional), country of residence, citizenship status, the job you are applying for and any recruitment information that you provide to us, such as a link to your public social media account (e.g., LinkedIn) (optional), your curriculum vitae, employment history, educational background, skills, motivation, gender (optional), disability (optional), current remuneration.
Reference can also be taken to previous colleagues, with your explicit permission. You give us the name of the persons with who we can make a reference check.

3.6.4 How long do we keep your personal data for this purpose?

For this purpose, your personal data will remain for as long as the purpose for which we had collected it exists and with a maximum of 24 months (unless a longer retention period is necessary to comply with legal requirements or to protect our interests and only in this case with your specific consent).
If you have applied for a job and were unsuccessful, APPROACH may retain your personal data for a period of 24 months from our last contact with you for future employment opportunities. After this period, or at your request, your personal data will be deleted from our systems.
You can also ask us to stop contacting you for career opportunities and to remove your personal data from our systems. You can do this by sending an email to the address: jobs@approach-cyber.com with as subject: Delete contact data. After receiving this e-mail, we will delete your data from all our systems and will no longer contact you.

3.6.5 Who has access to your personal data within Approach and where are they stored?

Your personal data can be viewed only by relevant APPROACH collaborators implicated in our recruitment process such as recruiters, hiring managers, APPROACH staff who are directly involved in your application process, and other HR functions involved.
Your personal data are store on our Recruitment database System (based on our Salesforce tool).  

3.6.6 How is your personal data secured?

We always send to candidates an email asking for their consent. It includes the link to our Privacy Statement.
APPROACH has set up adequate safeguards to guarantee the confidentiality and security of your personal data. APPROACH has implemented appropriate technical, physical and organizational measures within the framework of the Information Security Management System (ISMS). Your data will be protected as such and only the authorized persons mentioned above will be given access.

3.6.7 Your rights

Based on applicable data protection and privacy laws, you may have the following rights:

  • The right to access your personal data
  • The right to correct and erase your personal data
  • The right to request restriction of processing
  • The right to object to the processing of your personal data
  • The right to withdraw your consent to the processing of your personal data
  • The right to data portability
  • The right to lodge a complaint with the supervisory authority

3.7 Security

APPROACH uses reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process to protect the confidentiality and security of information it obtains in the course of its business. Access to such information is limited and policies and procedures are in place, designed to safeguard the information from loss, misuse and improper disclosure.

3.8 Disclosure

APPROACH does not collect or compile personal information for dissemination or sale to outside parties for consumer marketing purposes or host mailings on behalf of third parties.
APPROACH may only disclose your personal information outside APPROACH BELGIUM S.A.:

  • Where the disclosure is necessary to fulfil your request, and involves a third-party organisation with which APPROACH has relationship; or
  • When explicitly requested by you; or
  • As required by a court order or any other legal or regulatory requirement; or
  • Where the disclosure is reasonably related to the sale or other disposal of all or part of our business.
3.8.1 Service Providers

We retain service providers to manage or support certain aspects of our business operations on our behalf. These service providers may be located outside Belgium and may provide services such IT services, email services, data hosting or CRM management. Our service providers are required by contract to safeguard any personal data they receive from us and are prohibited from using personal data for any purpose other than to perform the services as instructed by APPROACH.  We also take steps to provide adequate protection for any transfers of your personal data in accordance with applicable law.

3.9 Customer Satisfaction Surveys

Receiving feedback from our customers is very important to improve the quality of our services. This is the reason why our quality team may send a survey to our customers on a regular basis by email at the end of the provision of our services.

Please see 3.2 for more information regarding the way APPROACH processes personal data in the context of mailings.

Given that each satisfaction survey is being linked to a specific service, we ask respondents to fill in their email in the form. In the context of the survey, respondents will also be asked to provide APPROACH with feedback.

Such individual feedback is used for the following purposes:

  • link the feedback to a specific project;
  • give the account manager assigned to the respondent's organisation the opportunity to contact the respondent (if and only if the respondent gives his express consent to it); and
  • aggregate the individual feedback into an aggregated feedback report.

The individual feedback will only be kept for a period of 6 months after the survey and is accessible only to the quality team and the account manager assigned to the respondent's organisation.

After these 6 months, only aggregated reports containing non-personal data will be kept and used for the following reasons: draw up evolving statistics, share customer experience feedback on our projects for possible audits, prioritise and carry out the necessary actions internally within the framework of the improvement of our services.
The processing or personal data as described under 3.6 is based on the legitimate interests of APPROACH (it being understood that, as explained above, respondents will only be contacted in respect of the feedback they have provided if they have explicitly consented to it).

The respondent has the right to object at any time to the processing of his/her personal data for the purpose of performing customer satisfaction surveys and/or to exercise his/her other rights in accordance with section 4 below.

4. How to control your personal information and exercise your right?

APPROACH provides you with the ability to keep your personal information accurate and up to date. If at any time you would like APPROACH to rectify, erase or restrict the processing of your personal information, or you would like to obtain confirmation whether or not your personal information is processed by APPROACH, access your personal information, ask to whom the data is disclosed, exercise your right to data portability or withdraw your consent to processing, please contact us at privacy@approach-cyber.com

5. Third-party links

Please be aware that APPROACH sometimes contains links to other sites that are not governed by this Privacy Statement. Visitors to our website may be directed to third-party sites for more information.

APPROACH makes no representations or warranties regarding how your information is stored or used on third-party servers. We recommend that you review the privacy statement of each third-party site linked from the website to determine the way they use your personal information.

6. Contact

Questions, comments and requests regarding this Privacy Statement are welcomed and should be addressed to privacy@approach-cyber.com

7. Changes

If you have any questions relating to our Privacy Statement and how APPROACH uses and protects your personal data, please contact us at privacy@approach-cyber.com.

We may update this statement from time to time. If we make significant changes we will let you know but please regularly check this statement to ensure you are aware of the most updated version.

This statement was last reviewed on 8th May 2023.