Privacy Policy

ACV INTERNATIONAL NV, with registered offices at 1653 Dworp, Oude Vijverweg, 6, Belgium and registered with the Crossroads Bank for Enterprises under the number 0464.842.608, acting as data controller, processes and uses personal data pertaining to personnel employed by its customers or prospective customers (hereinafter collectively referred to as “Customers”), in compliance with the applicable data protection laws, in particular the European Regulation 2016/679 of 27 April 2016 called the General Data Protection Regulation (hereinafter referred to as “GDPR”). 

This privacy notice sets out why and how ACV INTERNATIONAL collects personal information about individuals of its Customers (hereinafter referred to as “Customer Data”), how ACV INTERNATIONAL protects it and for how long this information is retained. This without prejudice to specific provisions set out in any contract entered into between ACV INTERNATIONAL and a Customer.

1. Why ACV INTERNATIONAL processes Customer Data?

ACV INTERNATIONAL keeps and processes Customer Data, whether or not in electronic form, for administrative, marketing and customer management purposes, including for the following non-exhaustive activities: responding to any communication, inquiry or request which a Customer submits to ACV INTERNATIONAL (including via the website), processing information relating to the purchase (actual or potential) of ACV INTERNATIONAL’s products and/or services, sending statements and invoices, providing Customers with newsletters and marketing communications, conducting surveys and market research, improving ACV INTERNATIONAL’s products and/or services and dispute resolution.

2. Legal grounds for processing the Customer Data

Customer Data is processed on one or more of the following legal grounds:

  • Contract: To enter into and managing the performance of a sales related contract with a Customer
  • Legal Obligation: To comply with ACV INTERNATIONAL’s legal obligations or requirements
  • Legitimate Interest: Processing is necessary for the legitimate interests of ACV INTERNATIONAL and/or a third party
  • Consent: The individual concerned has provided consent to allow ACV INTERNATIONAL to process their Customer Data

The nature in which ACV INTERNATIONAL and/or a third party processes Customer Data for legitimate interests is in communicating with the Customers from time to time about products, services, events offered by ACV INTERNATIONAL, and other communications such as research and insights, that may be of interest to the Customers. ACV INTERNATIONAL will never process Customer Data for legitimate interest unless the processing is necessary and appropriate balanced against the individuals own interest. 

 

3. Categories of personal data processed as Customer Data

Customer Data is all personal information relating to an identified or identifiable natural person who is associated with or related to a Customer.  For the abovementioned purposes, the processing of Customer Data may include the following categories: 

  • personal identification data, such as name and address;
  • electronic identification data, such as email address and phone number;
  • employment related data, such as job title and related employer;
  • personal details, such as language and gender; and
  • Survey data.

 

4. Where Customer Data comes from

When an individual of a Customer contacts ACV INTERNATIONAL, the initial data is likely to come from the individual concerned.  ACV INTERNATIONAL may also contact an individual of a Customer for prospective purposes if initial data has not been obtained from such individual directly (e.g. resellers who pass on personal data to ACV INTERNATIONAL for a contact at a prospective Customer). During the course of the Customer relationship, the individual concerned or another representative of the Customer will provide ACV INTERNATIONAL with further information (e.g. information needed for the purchase order). If the Customer does not provide ACV INTERNATIONAL with information that is required by law or contract, ACV INTERNATIONAL may decide not to enter into the contract or end the sales relationship. For instance, if a Customer contact does not wish to share with ACV INTERNATIONAL their email address, they will not receive any of the ACV INTERNATIONAL’s electronic newsletters.

ACV INTERNATIONAL may also receive or generate data relating to the Customer contacts from other customers, suppliers or those to whom the Customer contact communicates by email or other systems.

 

5. Who has access to the Customer Data

For the abovementioned purposes, Customer Data may be disclosed to, and possibly even processed by:  

  • the individuals themselves or other individuals employed by or representing the Customer;
  • ACV INTERNATIONAL’s personnel who have a need-to-know about the Customer Data at stake;
  • the personnel of affiliates of ACV INTERNATIONAL and who have a need-to-know about the Customer Data at stake;
  • the public authorities in accordance with the applicable laws and regulations;
  • ACV INTERNATIONAL’s service providers who have a need-to-know about the Customer Data at stake, such as IT and logistics providers; and
  • other professional advisors of ACV INTERNATIONAL who have a need-to-know about the Customer Data at stake.

 

6. Customer Data transferred Internationally 

ACV INTERNATIONAL may transfer information about Customers, including Customer Data, to affiliates of ACV INTERNATIONAL for purposes connected with the management of the ACV INTERNATIONAL’s business.  It may also be necessary in limited circumstances to transfer Customer Data abroad or to an international organisation to process and/or store this information to comply with our legal or contractual requirements. For transfers of data internationally, ACV INTERNATIONAL has implemented appropriate safeguards in line with GDPR requirements.

 

7. Retention of Customer Data 

Customer Data will be retained no longer than necessary for the purposes described above. Customer Data provided in respect of a contact of a prospective Customer is retained no longer than a normal sales cycle length, with a maximum period of 1 year after the end of the prospecting procedure. Typically, and unless otherwise stated in other related documents for specific categories of data, Customer Data will be retained during the term of the contract as well as following the expiration or termination of the applicable contract for as long as ACV INTERNATIONAL may have legal liability for which the use of Customer Data may be relevant, taking into account the applicable statutory periods of limitation and legal retention obligations.

 

8. How Customer Data is protected 

ACV INTERNATIONAL keeps the Customer Data as safe and secure as reasonably possible, protecting it against loss and unauthorised disclosure or access.

 

9. What are the individuals’ rights and who can they contact? 

Subject to the requirement of GDPR, the individuals who have personal information collected and processed as Customer Data have the right at any time to contact ACV INTERNATIONAL to: 

  • access, rectify or erase their Customer Data;
  • restrict or object to the processing of their Customer Data;
  • data portability, allowing the individual to copy or transfer their Customer Data;
  • where an individual has provided consent to process their Customer Data, to withdraw that consent at any time (which will not affect the lawfulness of the processing before consent was withdrawn); and
  • receive more information about the safeguards in case of international data transfers.

Individuals also have a right to lodge a complaint with the Belgian Data Protection Authority or another EU supervisory authority if the individual thinks ACV INTERNATIONAL has not acted in line with any applicable data protection laws in respect of dealing with their Customer Data.

The contact at ACV INTERNATIONAL for any further information about these rights is:

privacy@acv.com

10. Changes 

ACV INTERNATIONAL may amend this privacy notice from time to time as needed, notably to comply with changes in any applicable laws, regulations or requirements introduced by data protection authorities.