Privacy Policy

The European General Data Protection Regulation (GDPR) – Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC – requires organisations and companies to appoint a data protection officer.

The manager was appointed data protection officer as per Article 37 of the European Data Protection Regulation 2016/679.

Your privacy is very important to us. Our aim is to process your personal data in a legal, correct and transparent manner. In this privacy statement, we explain the personal data related to a natural person that we collect and process. From now on, we refer to your data as a citizen, or as another data subject, such as beneficiary, contact person in a company, etc. In whatever capacity, your rights remain the same and we will handle your data with the same level of care.

We are the data controller of the personal data. Rest assured that we handle personal data carefully and securely. To guarantee this, we have an approved information security policy. The policy is consistent with the relevant legislation.

Multiform NV is committed to providing efficient and high-quality services. We are committed to managing your personal information securely at all times.

We take care to ensure we only process your data if we have valid legal grounds for doing so. Essentially, we only process personal data within the scope of a legal mandate or in the public interest. In a limited number of cases, we do so on the basis of a contractual obligation or to protect the vital interests of a natural person. In all other cases, we will ask for your consent to process your data. This includes:

• Use of cookies on the website.
• Processing images: photos and videos.
• Use of contact details for newsletters to which you subscribe.

Personal data is collected in one of the following ways:

• We request your personal data directly from you.
• The information users provide during a purchase on the website: name, address, e-mail address and phone number and IP address.
• The information users provide while filling in a contact form: name, e-mail address, phone number and IP address.

The personal data is processed by employees of Multiform NV. All our staff are subject to legal professional secrecy and sign a confidentiality agreement. We make every effort to continuously educate our employees on the importance of privacy and data protection.

Employees use automated systems purchased from third parties. In addition to IT suppliers, we also have contracts for personnel management, legal assistance, etc. These suppliers are processors who handle personal data on our behalf. To ensure privacy, a processor agreement has been concluded with these suppliers. These suppliers are bound by the same legal grounds and security measures as those applicable to us.

We may also disclose your personal data: (i) if we are required to do so by law or another legal process; (ii) to law enforcement authorities or other government agencies in accordance with their legal powers; (iii) when we believe that disclosure is necessary or appropriate to prevent physical harm; or (iv) in connection with an investigation of suspected or actual fraudulent or illegal activity.

We store and process your data primarily within the European Union. We will also only use IT systems operating within the European Union.

If there is no equivalent alternative within this zone, the board may use applications that process data in countries outside the European Union, as long as these applications provide sufficient guarantees of compliance with the European regulation, preferably because they are located in so-called safe countries.

We retain personal data based on the statutory retention periods.

Personal data will not be kept longer than necessary. After the expiry of these deadlines, personal data will be destroyed according to the procedure described in the information security policy.

We take appropriate administrative, technical and physical security measures to protect personal data against accidental or unlawful deletion, accidental loss, unauthorised modification, unauthorised disclosure or access, misuse and any other unlawful form of processing of the personal data in our possession. The level of security is determined by a data protection impact assessment.