Privacy Policy

Who is Aquafin?

Aquafin NV is a Flemish company owned by PMV. In Flanders, Aquafin is responsible for the pre-financing, development, and management of water treatment infrastructure. Aquafin also provides its expertise to Flemish cities and municipalities.

The registered office is located at Dijkstraat 8, 2630 Aartselaar, and the company is registered in the Antwerp register for legal entities under number 0440.691.388.

In performing its duties, Aquafin collects personal data. The entity responsible for data processing is Aquafin itself. Within a collaboration with a drinking water company or municipality, Aquafin may also act as a data processor.

We process personal data only for legitimate purposes based on lawful processing grounds. Aquafin ensures that personal data is processed lawfully, fairly, proportionately, and transparently.

Below is an overview of the key aspects of how your personal data is processed.

What personal data do we process?

Aquafin processes personal data as part of its duties. If necessary, we may collect the following categories of data:

• Identification information (e.g. name, address, etc.)
• Financial information (e.g. bank account number, insurance data, etc.)
• Personal characteristics (e.g. gender)
• Lifestyle data (e.g. information on property ownership)
• Family composition
• Leisure activities and interests
• Legal data (e.g. guardianship, provisional administration, etc.)
• Consumption habits (e.g. rental information)
• Health-related data
• Education and qualifications (e.g. CV, professional competence, etc.)
• Employment and professional information (e.g. employer)
• National register number
• Political opinions (e.g. political position)
• Images or recordings

This list may be updated based on legal requirements or functional needs.

Why, and on what legal basis, does Aquafin process this data?

Aquafin uses your personal data solely for the following purposes:

• Purposes relating to realising Aquafin’s social mission, e.g. for the implementation of projects and the treatment of wastewater
• Administration of personnel and intermediaries
• Management of personnel and intermediaries
• Work scheduling
• Work site inspection
• Customer management
• Prevention of fraud and client misconduct
• Dispute management
• Supplier management
• Public relations
• Technical/commercial information
• Registration and administration of shareholders or partners
• Security
• Conflict management
• Protection of the company, sector or organisation

Aquafin processes this data on the basis of the following legal grounds:

• Necessity for the performance of a contract
• Legal obligation
• Protection of vital interests of the data subject
• Public interest or exercise of official authority
• Consent of the data subject
• Legitimate interests of the entity responsible for data processing or a third party

The provision of certain personal data is legally or contractually required to establish agreements or public contracts. Without such data, the agreement or contract cannot be concluded.

Under certain conditions, the personal data may be shared with third parties. For more information, see ‘Who do we share personal data with?’.

Aquafin ensures that personal data is processed lawfully, fairly, proportionately, and transparently.

Our Cookie Policy is an integral part of this Privacy Policy.

How do we protect your personal data?

Aquafin is committed to protecting personal data against unauthorised access, alteration, disclosure, or destruction. Digital data is always stored on secure servers.

We also implement appropriate physical, electronic, and organisational safeguards to maintain a security level proportionate to the risks involved. These measures are regularly audited to evaluate their effectiveness.

What happens if the security of this data is nevertheless compromised?

Under the GDPR, Aquafin must promptly notify affected individuals and the Data Protection Authority of any issue that is likely to pose a high risk to the rights and freedoms of natural persons. We then make every effort to resolve these issues as quickly as possible, and update our security policy to prevent similar problems in the future.

Who do we share personal data with?

Aquafin may share your data with:

• The data subject
• Personal contacts of the data subject
• Professional advisers of the data subject
• Employers or business contacts of the data subject
• Individuals or organisations directly involved with Aquafin
• Other private companies
• Government agencies
• Courts and police authorities
• Social security institutions
• Banks and insurance companies

The personal data is not disclosed to any third parties other than those referred to in this Privacy Policy and is not used for promotional, commercial or direct marketing purposes. The data that Aquafin collects itself will never be sold or rented to third parties.

Aquafin will only share your personal data with, or receive it from, the following third parties in the cases described below:

• For public-interest tasks using third-parties such as contractors, engineering consultancies, notaries, surveyors, etc.
• For legal reasons or to fulfil statutory obligations
• For external processing
• With explicit consent

Personal data may be shared outside the EU when using third-party IT applications.

What rights do you have regarding the processing of your personal data?

If you are a natural person, you have the right at any time to request access to your personal data, to inspect it, to have it corrected, to restrict its processing, to register an objection to its processing, to have it transferred, or to have it erased, unless an exception under the GDPR applies.

Where processing is based exclusively on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out prior to the withdrawal.

You also have the right to lodge a complaint with the supervisory authority in Belgium.

Using the contact details provided below, you may exercise the above rights in relation to the processing of your personal data by Aquafin, except where this would require a disproportionate effort on the part of Aquafin:

• Simply submit a written, dated and signed request to Aquafin NV, for the attention of the Privacy Officer, Dijkstraat 8, 2630 Aartselaar, Belgium.
• You may send an email to privacy.officer@aquafin.be;

Subject to proof of identity (for example, by providing a scan of your identity card, with details such as your national registration number and photograph redacted, or by appearing in person), we will provide you with your personal data free of charge.

How long do we retain your personal data?

Aquafin ensures that personal data is not kept longer than necessary. The retention period depends on the purpose for which the data was collected.
For example, personal data processed in the context of agreements will be retained for the duration of those agreements or for as long as business or personal rights remain valid. Certain web forms you complete will be deleted after your request has been processed. It is possible that your personal data may still be retained for other processing purposes (e.g. retention of the agreement or invoicing) for as long as necessary to fulfil the purposes of those activities.

In many cases, personal data must be kept for an additional period to ensure it is available in case questions or disputes arise.

Because Aquafin aims to carry out the tasks required by the applicable law in a way that protects personal data from accidental or malicious destruction, it is possible that, after your personal data has been deleted from our applications, residual copies are not immediately removed from our active applications or backup systems.

We process your personal data in accordance with this Privacy Policy for as long as we retain it.

How do we ensure compliance with our Privacy Policy?

We conduct regular audits to verify that we comply with our own Privacy Policy.

If we receive formal complaints via the contact methods listed above, we will get in touch with the person who submitted the complaint.

Please note that the website may contain links, hyperlinks, or references to other sites that Aquafin does not control, and to which this Privacy Policy does not apply. Aquafin is not responsible for the content of these sites or for any offers, products, or services they may feature.

Aquafin also uses cookies (small pieces of information stored on the website user’s hard drive) to facilitate the use of the website. More information can be found in the Cookie Policy, which is part of this Privacy Policy.

How do we cooperate with supervisory authorities?

We cooperate with the relevant regulatory authorities, in particular the Data Protection Authority, to resolve complaints regarding the transfer of personal data that cannot be directly resolved with the data subject.

In the event of a judicial investigation or a request from the police, data may be transferred in accordance with applicable law, including the GDPR, without prior consent from the data subject. Such transfers will always be carried out under the supervision of the judicial and police authorities.
 

Under certain conditions, data must be provided to administrative authorities.

How are changes to the current Privacy Policy made?

Aquafin’s Privacy Policy may be amended, for example due to changes in Aquafin’s responsibilities that affect the processing of personal data. The last update was on 15 October 2020 (v201015). The most recent version of this Privacy Policy can always be consulted on our website. Older versions of the Privacy Policy will be kept in our archive.

Applicable law and competent courts

This Privacy Policy is governed, interpreted, and enforced in accordance with Belgian law, which shall have exclusive jurisdiction over any disputes.