1) General information regarding Steepconsult
Steepconsult is a brand of Positive Thinking Company S.A. which is established in Belgium. Positive Thinking Company S.A. is legally registered in accordance with Belgian law with registered offices in Chaussée de Charleroi, 112, 1060 Brussels, Belgium and registered under the company number 0895.492.518
2) Steepconsult’s commitments regarding the protection of personal data
Given the importance of protecting personal data, Steepconsult is committed to adhere to regulations concerning the privacy, especially to the local laws in relation with the enforcement of the GDPR within the countries we operate, as well as the General Data Protection Regulation of 27 April 2016 (“GDPR”), and take all reasonable measures to ensure that personal data provided to us will remain properly handled, confidential where appropriate and safely protected.
More specifically, Steepconsult undertakes to respect the following principles:
- your personal data are processed lawfully, fairly, and transparently, in accordance with article 5.1 a) of the GDPR;
- your personal data are collected for specific, explicit and legitimate purposes and are not further processed in way incompatible with these purposes, in accordance with article 5.1 b) of the GDPR;
- your personal data are stored in an appropriate and relevant manner and are limited to what is necessary for the purposes for which they are processed, in accordance with article 5.1 c) of the GDPR;
- your personal data are accurate, kept up to date and all reasonable steps are taken to ensure that inaccurate data, having regard to the purposes for which they are processed, are erased or rectified without delay, in accordance with article 5.1 d) of the GDPR;
- your personal data are kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the personal data are processed, in accordance with article 5.1 e) of the GDPR;
- in accordance with article 5.1 f) of the GDPR, Steepconsult implements appropriate technical and organizational measures to ensure appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
- Finally, Steepconsult undertakes to comply with all other principles required under the applicable regulations on the protection of personal data.
However, Steepconsult does not accept unauthorized idea submissions outside of established business relationships. To protect the interests of our current clients and ourselves, we must treat the issue of such submissions with great care. Importantly, without a clear business relationship, Steepconsult cannot and does not treat any such submissions in confidence. Accordingly, please do not communicate unauthorized idea submissions to Steepconsult through this website. Any ideas disclosed to Steepconsult outside a pre-existing and documented confidential business relationship are not confidential and Steepconsult may therefore develop, use and freely disclose or publish similar ideas without compensating you or accounting to you. Steepconsult will make every reasonable effort to return or destroy any unauthorized idea submissions without detailed review of them. However, if a review is necessary in Steepconsult’s sole discretion, it will be with the understanding that Steepconsult assumes no obligation to protect the confidentiality of your idea or compensate you for its disclosure or use. By submitting an idea or other detailed submission to Steepconsult through this website, you agree to be bound by the terms of this stated policy.
3) Items of personal information which may be collected and processed by Steepconsult
When using Steepconsult’s services or contacting and interacting with us, you may provide us with your personal information voluntarily which is collected on an individual basis. This includes:
- your first name, last name and email address;
- if applicable, your phone number and country of residence ;
- if applicable, all information included in your curriculum vitae;
- If applicable, the VAT-number used for your commercial activities with Steepconsult;
4) Methods of personal data collection
5) Purposes for which the information is collected and processed
The main purposes for which Steepconsult collects and processes your personal information are as follows:
To perform our contractual obligations and enable an appropriate level of service
For customer care purposes
To communicate with you
For direct marketing purposes
For your career (applications processing).
6) Legal basis of the processing of your personal data
Steepconsult processes your personal data (i) on the basis of your explicit consent, (ii) to perform the contract or in order to take steps at the request of the data subject prior to entering into a contract, (iii) to comply with legal obligations Steepconsult is subject to or (iv) to perform Steepconsult’s legitimate interests.
Your consent may always be withdrawn at any time in accordance with Article 10. In such case, be aware that the withdrawal of consent shall not affect the lawfulness of processing based on your consent before the withdrawal.
Furthermore, if you refuse to provide Steepconsult with some personal data or if you provide Steepconsult with incomplete or inaccurate information required for the performance of the contract or for compliance with a legal obligation, be aware that we may not be able to provide or deliver your all or parts of the services, which you may have requested from us in full quality.
When we process your personal data for our legitimate interests, Steepconsult ensures that a balance of these interests against your legitimate interests has been done. When necessary we have taken appropriate measures to limit implications and prevent unwarranted harm to you.
7) Disclosure to Third Parties
Potential recipient of your Personal Data
Steepconsult may disclose certain personal information to third parties, such as authorized Steepconsult’s employees, undertakings of Steepconsult’s group (i.e. undertakings of the Positive Thinking Company Group), and strategic partners that work with Steepconsult to provide products and services.
However, Personal Data will not be shared with third parties for their marketing purposes.
Steepconsult may be required by law, legal process, litigation and/or requests from public and governmental authorities within or outside your country of residence to disclose your personal information.
Steepconsult may disclose personal information, on a legitimate basis, if Steepconsult determines that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.
Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party.
Transfers of Personal Data to third countries
You are informed that Steepconsult may transfer your Personal Data to third parties located outside the European Union in order to be processed and stored.
In that context and if applicable, Steepconsult undertakes to guarantee the processing of your Personal Data in accordance with Article 46 of the GDPR.
8) Technical measures for protecting personal Information
To secure the safety of personal information from a loss, theft, leak, falsification, or damage, Steepconsult implements the following technical, managerial and physical devises:
- prevent personal information from leakage or damage by hacking or computer virus;
- implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymization;
- ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- ensure a process for regular testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing;
- minimize the number of employees for managing personal information.
9) Period for Personal Data retention
10) Your rights to the personal data collected
As being the data subject, you have the following rights which can be exercised at the following email address: email@example.com.
If you choose to request information from Steepconsult you may need to communicate personal information of a general nature. In addition to, if you choose to correspond further with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protection for these electronic communications that we employ in the maintenance of information received by mail or telephone.
Your rights, resulting from the law of July 30th 2018 on the protection of natural persons with regards to the processing of personal data and the GDPR nevertheless remain guaranteed for as much and insofar as this technology allows it.
The right of access:
Any individual concerned may access the data concerning him, processed by Steepconsult and, if necessary, request that incorrect data be corrected or deleted.
The right of rectification:
Steepconsult makes it easy for you to keep your personal information accurate, complete and up to date. You have the right to obtain from Steepconsult the rectification of inaccurate or incomplete personal data concerning you.
The right to be forgotten:
You have the right to obtain the erasure of your personal data stored by Steepconsult in the situations provided by the GDPR such as in situations where your personal data are no longer necessary in relation to the initial purposes for which they were processed as well as situations where they were processed unlawfully.
The right to restriction of processing:
You have the right to obtain from Steepconsult a limitation of the processing of your personal data without deleting the personal data concerned on the conditions stated in the GDPR.
The right to data portability:
You have the right to recover some of your data for your own use or to transmit them to another company in the conditions provided by the GDPR.
The right to object:
You have the right to object at any time to the processing of your data for prospecting and marketing purposes, including profiling and direct marketing.
The right to withdraw consent:
When the processing of your personal data is subject to your prior consent, you have the right to withdraw your consent at any time.
You shall be aware that the withdrawal of consent shall not affect the lawfulness of processing based on your consent before the withdrawal. In case of withdrawal, it may mean that we will not be able to provide or deliver you all or parts of the service.
The right to lodge a complaint:
You have the right to lodge a complaint with the competent Data Protection Authority (DPA) if you consider that the processing of your personal data constitutes a violation of the GDPR.
11) Communication with you and notification to the Data Protection Authority in case of a breach of your personal data
We will communicate immediately, when your personal data are breached, to you and the relevant Data Protection Authority every time it is required by the GDPR. This communication about your personal data breach will describe in clear and plain language the nature of the personal data breach and contain at least the following information and measures:
- communicate the name and contact details of the Data Protection Officer or other contact point where more information can be obtained;
- describe the likely consequences of the personal data breach;
- describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, when appropriate, measures to mitigate its possible adverse effects.
This communication shall not be required if any of the following conditions are met:
- Steepconsult has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person which is not authorized to access it, such as encryption;
- Steepconsult has taken subsequent measures which ensure that the high risk to your rights and freedoms referred to in the first paragraph is no longer likely to materialize;
- It would involve disproportionate effort for Steepconsult. In such a case, there shall instead be a public communication or similar measure whereby you are informed in an equally effective manner.
12) The Data Controller and the Data Protection Officer:
The Data Controller is Positive Thinking Company S.A., with registered offices in Chaussée de Charleroi, 112 in 1060 Brussels and registered under the company number 0895.492.518 (email: firstname.lastname@example.org).
In order to ensure the security of your personal information and to protect your rights and freedoms, Steepconsulthas appointed a Data Protection Officer:
Mr. Cédric Neef de Sainval
Address: Chaussée de Charleroi, 112 in 1060 Brussels, Belgium