Schréder Privacy Notice

At Schréder ("Schréder” or “we” or “us”), we are committed to protecting your privacy and we value the relationship with our business partners, customers and any party interested in our business.

This Privacy Notice (the “Notice”) outlines the types of information, including Personal Data (“Information” or “Personal Data”), we collect about our business partners, our customers and our Websites and Customer Portal users, how they are used and otherwise Processed, to whom we may disclose them as well as your rights in relation to your Information.  

By using the Websites and/or the Customer Portal and/or our services, you acknowledge that you have read this Notice and that you agree with its content without reservation. By ticking the box stating that you have read and accepted this Notice on the Websites, you declare that you have read and without reservation agreed to this Notice. You declare that you understand the purpose(s) for which your Personal Data are processed. You also agree that your continued use will be understood as continued consent.

For ease of reference, all capitalized terms that are not defined in the body of this Notice are defined in Section 11 below or shall have the meaning ascribed to these terms in the GDPR.
 

Schréder SA is a global company, operating through its Affiliates, with headquarters in Belgium, at Rue de Lusambo 67, 1190 Brussels. As the case may be, Schréder SA or any of its Affiliates will be responsible in respect of Information we collect about you and will be referred to as Data Controller.

In particular circumstances, such as cross-border matters, Schréder SA and its Affiliates will be jointly responsible for your Information and will collaborate, to the extent necessary, to comply with our obligations under Applicable Laws.
 

Schréder collects Information that are voluntarily provided by you or collected by automated means as outlined below. Schréder only collects Personal Data that are adequate, relevant and limited to what is strictly necessary for the purposes for which it is processed (indicated at Section 4 of this Notice).

Information we collect about our business partners and customers in relation to the supply of our products and services is primarily company data and business information.

a) Use of the Website

b)    Client relationship Management

c)    External event organization

d)    Satisfaction Surveys

e)    Commercial prospection

f)    Customer and Suppliers invoicing

g) Compliance with accounting and tax obligations

For more information on the cookies we use on our Websites and Customer Portal, please read our Cookies Notice available at the bottom of our Websites and Portal, accessible at the following link: Cookies Policy.

Should you provide us with Information related to a Third Party, you confirm that you have a legal basis to do so (consent or another lawful basis, as the case may be) to share such Information with us and that you have made the information in this Notice available to the Third Party.
 

We will not share, sell, license, trade or rent your Information to or with any Third Party (except as stated below) without your prior consent.  

We will only share Information as follows:

a) Affiliates: We share Information within the Affiliated companies of Schréder SA.

b) Law enforcement purposes: We disclose Information if requested or required by government authorities (such as law enforcement authorities, courts, and/or regulators) or otherwise to comply with a legal obligation. In addition, we also disclose Information collected in order to exercise or protect legal rights or defense against legal claims.

c) Our Third-Party service providers, agents and distributors ("services providers"): We share Information with our services providers who provide services to us or on our behalf. These service providers are contractually prohibited from using your Information for any purpose other than to provide their assistance, from sharing Information we disclosed to them and are required to protect your Information.

d) Transfer of Information outside of the European Economic Area (“EEA”): We may transfer Information to certain Affiliates located outside the EEA. Transfer to other third parties outside the EEA will take place using a data transfer mechanism in accordance with GDPR standards.

e) Fraud prevention: We disclose Information when disclosure is necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or to protect the safety, rights, or property of our users, others and/or us.
 

We use appropriate technical and organizational measures to protect your Information against unauthorized or unlawful Processing and against accidental loss, destruction or damage. We also limit access to your Information to employees duly authorized and informed who reasonably need access to it to provide products or services to you within the scope of their attributions.

However, if you become aware of a data breach or suspect one, we ask you to report it immediately by contacting Schréder.
 

We will retain Information we collect for as long as necessary to perform the purposes outlined above or to comply with a legal obligation, or for the establishment, exercise or defense of a legal claim in accordance with Applicable Laws. Additional information about retention of your Personal Data may be provided on at your request.
 

The GDPR and other Applicable Laws provide certain rights to you. Those rights may vary depending on your location and are subject to various conditions under Applicable Laws. In certain cases, the exercise of your rights may make it impossible for us to achieve the purposes identified at Section 4.
Should you want to assert your rights, please see Section 9 below.
We will do our best to provide you with the requested information within the legal deadline. However, if access cannot be provided within a reasonable time frame, we will provide you with an explanation and a date when the information will be provided. If for some reason access is denied, we will provide you with an explanation as to why access has been denied.
Where Applicable Laws so provide, the following rights apply to you:

a) Access: You have the right to obtain confirmation whether we Process your Information and to obtain a copy of your Personal Data; 
b) Rectification: You have the right to request the rectification, free of any charge, of any inaccurate Personal Data and to have incomplete Personal Data completed;
Objection: You have the right to object to the Processing of your Personal Data if you are able to proof that there are serious and justified reasons connected with the particular circumstance that warrant such opposition. However, if the intended processing qualifies as direct marketing, you have the right to opt out of such processing free of charge and without justification; 
c) Portability: You may receive your Personal Data provided to us, in a structured, commonly used and machine-readable format. In addition, you have the right to have your Personal Data transmitted, where technically feasible, to other Data Controllers without hindrance. This right only exists if the Processing is based on your consent or a contract and the processing is carried out by automated means;
d) Restriction: You may request the restriction of the Processing of your Personal Data in accordance with Article 18 paragraph 1, a) to d) of GPDR;
e) Erasure: You may request the erasure of your Personal Data if it is no longer necessary for the purposes for which we have collected it or when you have withdrawn your consent and no other legal ground for the Processing exists or when you objected and no overriding legitimate grounds for the Processing exists or when the Processing is unlawful or erasure is required to comply with a legal obligation;
f) Right to lodge a complaint: You also have the right to lodge a complaint with the competent Supervisory Authority and before the competent courts;  
g) Right to refuse or withdraw consent: In case a processing activity is based on your consent, you are free to refuse to give such consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any Processing of your Personal Data that occurred prior to the withdrawal of your consent will not be affected. Note that withdrawal of consent may imply that you can no longer use the whole or part of the Website, Customer Portal, or services;
h) Opt-out: You can always ‘opt-out’ of any communications should you prefer not to receive them in the future by using the facility provided in the communication itself (e.g. “unsubscribe”).
i) Right against discrimination: California residents have the right to not be discriminated against for exercising their rights under the CCPA.
 

The products and services provided on our Websites and Portal are not intended for users under the age of 16. We do not knowingly collect any Information from children under the age of 16. If we become aware that a person submitting information is under 16, we will attempt to delete the information as soon as possible.

Our Websites and Portal users hereby represent that they are at least 16 or at an age to provide valid consent in their country.
 

For any right you would like to exercise or for any question you might have about the way we Process your Information, please contact us at dpo@schreder.com. Such request should clearly state which right you wish to exercise. Such request will always be assessed and balanced with other obligations of Schréder SA, but should it prove valid, we will honor it as soon as reasonably possible and at the latest 30 days after having received the request.
 

We may update this Notice from time to time in accordance with legal requirements and/or any changes to our Information management practices. When required, we will notify you about such change. A copy of the latest version of this Notice will always be available on this page.
 

Affiliates: refers to Schréder S.A.’ affiliates, which are entities under common ownership or control of Schréder S.A.

Applicable Laws: means any applicable national data protection and privacy laws and, to the extent applicable, the GDPR.

Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and the means of the processing of Personal Data.

Customer Portal: Schréder Customer Portal (https://portal.Schréder.com).

GDPR: means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Information: any type of information about you, including Personal Data.

Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing or Processed or Process:  means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Supervisory Authority: refers to the national public supervisory authority that is competent for supervising and enforcing compliance with any national data protection laws within its jurisdiction.

Third Party or Third Parties: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.