Personal data protection policy

The processing of personal data is central to the activity of our company TDM LOG.

Therefore, the protection of this data features prominently in our daily commitments to our commercial partners but also to the persons concerned eventually.

Therefore, this document reflects the commitment made to implement appropriate technical and organisational measures when collecting and/or using the data of persons concerned eventually, within the framework of TDM LOG’s activity or the services we provide on behalf of our clients.

Applicable regulations

TDM LOG undertakes to comply with the legal and/or regulatory provisions in force, applicable to its processing of personal data, and in particular:

  • the General Data Protection Regulation (EU) 2016/679 (GDPR) of the European Parliament and of the Council of 27 April 2016 applicable as from 25 May 2018
  • the law of 30 July 2018 published in the Belgian Official Journal on 5 September 2018,
  • and French law no. 78-17 of 6 January 1978, as amended, relating to data processing, files and freedoms.

In addition, TDM LOG follows the recommendations of the Belgian data protection authority, the DPA, and the French supervisory authority, the CNIL, with regard to data protection

Définitions

Processing of data :Any operation or set of operations
which is performed upon such data, regardless of the means used, such as recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by supply, dissemination or otherwise making available, alignment, combination, blocking, erasure or destruction.

Personal data : Personal data is any information relating to an individual who is identified or can be identified, directly or indirectly, by reference to an identification number or to one or more of its distinctive elements. In order to determine whether a person is identifiable, it is necessary to consider all the means of identification available or accessible to the controller or any other person.

CNIL : Commission Nationale de l’Informatique et des Libertés (national commission for data protection and liberties)

DPA : Belgian data protection authority

Controller: the public or private natural or legal person or the service which determines, alone or with others, the purposes and means of the processing.

Processor : the public or private natural or legal person or the service which processes personal data on behalf of the controller.

Data protection officer

On 6 September 2018, TDM LOG appointed a data protection officer to oversee its compliance with the new legislation and to ensure that it is monitored, but also to benefit from a point of contact specialised in data protection with various stakeholders (persons concerned, commercial partners, data protection authority).

To contact the DPO, email

sandra.holvoet@tracker.fr

or write to TDM LOG service DPO, 422B Chaussée de Lille 7501 ORCQ TOURNAI, Belgium.

Data processed

TDM LOG processes two sorts of personal data:

  • Data related to the internal functioning of our company, i.e. data of our employees or of our clients or prospects.
  • Data relating to the clients or prospects of our clients, who are responsible for processing.

This data is strictly necessary for our internal functioning or our activity to enable us to carry out our duties with the controller.

Therefore, we are required to process:

  • Identity data such as title, surname, first name,
  • Data relating to contact details such as postal address, email address, landline or mobile telephone numbers
  • Data collected using cookies
  • For TDM LOG employees, date and place of birth, data on family status, employment status, bank details, NRN (national register number)

Purposes of processing

The processing carried out by TDM LOG is carried out for specific, explicit and legitimate purposes.

In particular, your data may be processed for:

  • Managing our commercial relations
  • Managing our staff
  • Meeting legal or contractual obligations
  • Collecting our debts
  • Responding to your contact or information requests
  • Communicating about products and services to clients or prospects of our clients, data controllers
  • Delivering orders placed with our clients, data controllers

Legal bases for processing

We ensure that each of our processing operations is carried out in accordance with its legal basis, whether in the area of:

  • Implementing a contractual relationship
  • Obtaining consent
  • Responding to our legitimate interests
  • The law

The recipients of personal data processed

Your personal data will only be communicated to specific authorised recipients.

These recipients may have access to your data to the extent necessary to achieve the purposes described above

The following may be recipients:

  • TDM LOG as a controller or processor
  • Our authorised personnel
  • Service providers and processors performing services on behalf of TDM LOG

The storage of personal data

Concerning the clients or prospects of TDM LOG, personal data is kept for the entire duration of the commercial relationship.It may be kept beyond the end of the relationship, in particular to comply with applicable regulations, to enforce our rights or defend our interests.

Your data may be archived for a longer period for the management of complaints and/or disputes, to meet our regulatory obligations, or to satisfy the demands of duly authorised judicial or administrative authorities.

With regard to clients, depending on its nature and the applicable legislation, data may be kept for up to 10 years after the end of the relationship.

Data relating to prospects may be kept for a period of 3 years from the date of collection or last contact.

With regard to data processed on behalf of our clients, data controllers, TDM LOG undertakes to keep the personal data entrusted to it only for the minimum time required to properly implement its services. These storage periods are determined under contract by our clients, data controllers, and are listed in their records of categories of processing that TDM LOG carries out on behalf of each of its clients.

The data storage/archiving and destruction policy supplements the information in this regard.

Location of the data processing

The processing of personal data is carried out exclusively on the premises of TDM LOG within the EU territory.

If processing is carried out outside the premises of TDM LOG, this will only be done with the express, prior and written permission of the client within the European Union or in a third country benefitting from an adequacy decision.

The transfer of personal data outside the European Union

TDM LOG does not transfer any personal data to any country outside the European Union.

The processing of cookies

In accordance with the ePrivacy Directive, Internet users must be informed and give their consent before certain trackers are deposited and read.

For more information in this regard, we invite you to consult our cookies management policy.

 

Commitments of TDM LOG

TDM LOG undertakes to take into account, with regard to its tools, products, applications or services, the principles of personal data protection by design and data protection by default.

TDM LOG undertakes to process the data entrusted to it solely for the purpose(s) for which it is acting as a processor.

As a processor, TDM LOG undertakes to process the data in accordance with the controller’s documented instructions communicated when an order is placed. If TDM LOG considers an instruction to violate European regulation on data protection or any other aspect of EU law or the law of Member States relating to data protection, they will inform the controller immediately.

TDM LOG undertakes to notify the controller of any personal data violation within a maximum of 3 hours of becoming aware of it. This notification shall be accompanied by all relevant documentation to enable the controller, if necessary, to notify the competent supervisory authority of this violation.

TDM LOG undertakes to assist the data controller on whose behalf it is acting in carrying out a data protection impact assessment.

Security of data

TDM LOG implements all appropriate technical and organisational security measures to ensure the confidentiality and integrity of the personal data it processes, and in particular:

  • TDM LOG takes all appropriate security measures for all exchanges of data or files relating to personal data carried out not only between the processor and the controller but also with authorised third parties, using a secure data exchange platform.
  • TDM LOG is not allowed to take copies of personal data.
  • TDM LOG restricts access to the information and personal data entrusted exclusively to personnel authorised to work with such data by virtue of their duties to the exclusion of any other person.
  • TDN LOG ensures that the personnel authorised to carry out personal data processing:
  • Undertake to respect confidentiality or are subject to a legal confidentiality obligation
  • Receive the necessary training regarding personal data protection
  • TDM LOG ensures that the premises in which the data is processed are secured.

TDM LOG ensures that the premises in which the data is processed are secured.

Rights of persons

You have rights concerning the processing of your personal data, which may be exercised under the conditions laid down by the regulations in force, namely:

  • The right to be informed in a comprehensible, easily accessible manner about the processing of your data that is carried out.
  • The right to access your data.
  • The right to rectify and have amended any of your data which is inaccurate or incomplete.
  • The right to have your data erased, unless we have legal or legitimate reasons to store it.
  • The right to object to processing where this is based on the legitimate interests of the controller.
  • The right to object to any processing free of charge, without having to give reasons, [sic] to your data being used for commercial prospecting purposes.
  • The right to limit the processing of your personal data.
  • The right to the portability of your data where the processing is based on consent or the performance of contracts and the processing is carried out by automated means.
  • The right to withdraw your consent at any time where the processing of your personal data is based on your consent
  • The right to give specific or general instructions regarding the storage, erasure, and disclosure of your personal data, applicable after your death.
  • The right to lodge a complaint with the relevant data protection authority.

If you have any questions regarding the exercise of these rights, you can contact the TDM LOG data protection officer at the following addresses:

In acting as processor, TDM LOG undertakes to assist the controller on whose behalf it is acting as far as possible in meeting its obligation to respond to requests to exercise the rights of data subjects.

Competent authority

You have the right to appeal in the event of a violation of the applicable regulations on the protection of personal data, and in particular the GDPR:

  • with the Belgian data protection authority, with which TDM LOG is affiliated
  • with the Commission Nationale de l’Informatique et des Libertés (French national commission for data protection and liberties) if you are a French citizen

 

Registers and documentation

  • TDM LOG also declares that it keeps two registers: a register of the processing operations it carries as part of its internal operations as a data controller and a register of the categories of processing operations carried out on behalf of its clients, who are themselves data controllers.
  • TDM LOG provides its business partners with the necessary documentation to demonstrate compliance with all its obligations and to enable audits, including inspections, to be carried out by its client or another auditor appointed by it, and to assist in these audits.

Personal Data Protection Policy updated on 26 November 2021 by the DPO.