Personal data protection policy

1. Collection of personal data

Personal data refers to any information relating to an identified or identifiable natural person, such as name, telephone number, e-mail address, bank account number, ...

They may involve vendors, iBPM users, employees, applicants, agents and other current and former employees.

iBPM only collects personal data that is necessary to conduct its business, or required by law. The legal basis of the processing varies according to the purpose of the processing and the type of data.

The different categories of personal data usually processed by iBPM are as follows:

  • identification data and personal characteristics (copies of passports, identity cards, driving licences);
  • curriculum vitae data (education, training, qualifications, occupation);
  • contact details (name, address, telephone number, e-mail address, etc.);
  • other data provided when contacting iBPM, including by using the contact, download or registration forms on the website;
  • data sent to iBPM via an online survey or application.

In principle, iBPM does not collect or use sensitive personal data such as data relating to health, religious, political or philosophical beliefs, sexual orientation or ethnicity.

2. Purposes of collection, use and disclosure of personal data

Data shall be collected for the following specific, explicit and legitimate purposes:

  • implementation, maintenance and improvement of iBPM services ;
  • Sending useful information on activities and events organized by iBPM ;
  • relationship management with members and client companies ;
  • personnel and salary management ;
  • work planning and organization ;
  • prevention, detection and circumvention of loopholes, fraudulent operations and other illegal activities ;
  • communication on iBPM service updates;
  • monitoring and analysis of trends, usage and activities related to its services;
  • compliance with legal obligations ;
  • accounting management ;
  • obtaining professional advice ;
  • archiving and data storage ;
  • any other incidental purposes relating thereto and for such other purposes as individuals or organizations may from time to time agree.

3. Disclosure of personal data

The personal data kept by iBPM is kept confidential and secure.

Personal data is only accessible to iBPM staff who are responsible for carrying out the specific purpose for which the data was collected.

However, this data may be transmitted to third parties at your request, or when necessary to achieve the specific purpose, or in cases provided for by law, in particular to :

  • service providers performing services on behalf of iBPM ;
  • certain regulated professions such as lawyers, notaries or auditors.

4. Protection of technical and organisational data

iBPM takes all appropriate technical and organizational measures to protect personal data against unauthorized interception. iBPM stores this data in secure environments.

In particular, iBPM informs its employees about best practices in data protection.

Although iBPM uses all reasonable efforts to protect personal information, it cannot guarantee the absolute security of data submitted via its website.

Data may be disclosed to trusted third parties for the purposes set out in this Data Protection Policy. iBPM requires such third parties to implement appropriate technical and operational security measures to protect the data concerned.

5. Data retention period

iBPM keeps personal data only for as long as is necessary to achieve the specific purposes for which the processing is carried out.

In determining the appropriate length of time, account is taken of the quantity, nature and sensitivity of the personal data, the purposes for which it is processed and the possibility of achieving those purposes by other means.

Account is also taken of the need to comply with its legal and regulatory obligations.

When the data are no longer needed, they are destroyed. In order to ensure the highest level of security, the period of use and storage of the data may be reduced and steps are taken to make them anonymous. The purpose of anonymisation is to make it no longer possible to associate a data item with the data subject.

6. Transfer of personal data outside Belgium and outside the European Union (EU)

IBPM may transfer personal data outside Belgium and the EU for specified purposes. Such data and information may be disclosed, processed and stored in accordance with local data protection laws, rules and regulations applicable in the jurisdictions concerned.

iBPM will ask for your explicit consent before transferring your personal data to a third country with an insufficient level of protection.

7. Disclosure of third party personal data to iBPM

Before disclosing to iBPM personal data relating to your employees, contractors and others, you must ensure that these persons are duly informed of this policy and, if necessary, have obtained their consent to the collection, use and disclosure of their personal data described in this policy.

8. Updating personal data

By submitting personal data to iBPM, you agree that such information is true, accurate and complete.

In order to ensure the accuracy and validity of the personal data collected, used and disclosed, you must inform iBPM in writing of any change in the personal data previously provided to iBPM.

9. Rights of data subjects and contact person within iBPM

iBPM maintains a high level of transparency regarding the data it uses.

Provided that the conditions laid down in the applicable legislation are met, all persons whose data are processed shall have the right :

  • to request information in order to find out whether iBPM holds personal information and, if so, what that information is and for what purposes it is processed ;
  • to access and, where appropriate, rectify their personal data ;
  • to object to the processing operation concerned on grounds relating to their specific situation ;
  • to obtain the deletion of these data or the limitation of their processing, which makes it possible, for example, to ask iBPM to suspend the processing of personal data for the time necessary to check the accuracy of certain data;
  • to receive personal data relating to them in a structured, commonly used and machine-readable format and to transmit those data to another controller ;
  • to lodge a complaint with the Data Protection Authority if they find that such processing violates applicable laws and regulations.

You may exercise the rights mentioned above by means of a dated and signed request accompanied, for security reasons, by a copy of your identity card. The request can be sent by post to iBPM, Data Protection Officer, rue du Bon Pasteur 60 bte 11, 1140 Brussels. The request can also be sent by e-mail with electronic signature to the following address:

The exercise of these rights is also free of charge. However, if the request is manifestly unfounded or abusive, access may be refused and/or reasonable fees may be charged.

10. Miscellaneous

This policy is an integral part of all contracts, agreements or other binding commitments that you have entered into or intend to enter into with iBPM .

This policy may be updated over time to reflect changes and developments in data protection legislation.

Version date: 16/8/2019