Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, commonly referred to as the “GDPR” is applicable on 25 May 2018. It aims to harmonize the laws on the protection of personal data within the European Union and to strengthen the protection of natural persons with regard to the processing of their personal data, the fundamental right of every person.
An integral part of its DNA, data represents for the ALTARES – D&B group one of the main raw materials for business growth; its mission is to offer its expertise across the entire value chain of data in order to enhance the wealth of data of its customers and make it a performance engine.
ALTARES – D&B group is the exclusive partner in France, BeNeLux and Maghreb of the international network of DUN & BRADSTREET, world leader in BtoB economic information. ALTARES – D&B group provides data on a worldwide scale (on a base of more than 280 million companies in 220 countries), aggregates them with those of its customers and with multiple sources, and offers solutions tailored to the needs of its customers.
In the sense of the GDPR:
The natural or legal person processing personal data may be:
The purpose of this “Personal Data Protection Policy” is to inform all concerned people about how ALTARES – D&B Group collects and uses personal data and about the means available to data subjects to control said use.
GDPR applies to:
The data collected by ALTARES – D&B group mainly concerns companies. For the most part, they do not make it possible to directly or indirectly identify a natural person; thus, they do not fall under the category of personal data. These include, for example, legal identity, legal category – share capital, activity, date of creation, date of registration, number of employees, number of establishments, telephone, fax, payment experience, balance sheet …
Some of these data may, however, be described as “personal data” according to the GDPR, such as e-mail, capital links, first names, names and, where applicable, birth dates of statutory officers, operational managers, insolvency proceedings, legal notices, …
These BtoB data include data from public and private sources. A distinction must be made between public data, collected and disseminated by public authorities in application of laws and regulations aimed at guaranteeing the respect of public order and the securing of transactions between companies, and data from private sources relating to the professional activity of the data subjects.
Legal basis of data processing in ALTARES – D&B group databasesALTARES – D&B group puts data at the service of the business challenges of its customers by offering “Risk Management”, “Sales & Marketing”, “Compliance” and “Data Management” solutions.
The legal basis of this processing is the legitimate interest within the meaning of the GDPR: the information processing carried out by the ALTARES – D&B group contributes to the security of commercial transactions, in that it allows companies to manage their financial risks, develop a better understanding of their customers, partners and suppliers, including for marketing purposes and to comply with the various regulatory requirements applicable to their business, such as protection against fraud, corruption and money laundering.
The collection of data by public entities meets legal obligations requiring the publicity of this information. Data subjects may therefore legitimately expect that the information will be subject to further processing. The basis of the legitimate interest implies that the prior collection of the data subject’s consent is not necessary for the processing of their personal data as long as the legitimate interest prevails over the potential infringement of the data subject’s interests or fundamental rights and freedoms. The personal data are kept for the duration of the participation of the data subjects in the company plus the duration of the legal prescriptions.
ALTARES – D&B group and Dun & BRADSTREET:ALTARES – D&B group and DUN & BRADSTREET have signed standard contractual clauses to regulate the transmission of personal information between them.DUN & BRADSTREET has also adhered to the Privacy Shield and has formalized its policy of personal data processing accessible on the following link: https://www.dnb.co.uk/utility-pages/privacy-policy.html
ALTARES – D&B group has implemented the necessary technical and organizational measures to guarantee a level of protection adapted to the risk incurred. It manages an infrastructure designed to ensure an optimum level of security throughout the entire data processing lifecycle.
ALTARES – D&B group protects and secures personal data to prevent destruction, loss, alteration and unauthorized disclosure of personal data or unauthorized access accidentally or unlawfully.
As a result, ALTARES – D&B group has taken the relevant physical, electronic and organizational protection measures for personal data.
All the actions and commitments of ALTARES – D&B group aim to respect the GDPR’s principles such as the principles of loyalty, lawfulness, transparency, determined, explicit and legitimate purposes, minimization and accuracy of data of a specific nature. personal data and respect for the rights of data subjects regarding their personal data.
ALTARES – D&B group directly carries out most of the personal data processing activities necessary to provide its services; however, ALTARES – D&B group may also use suppliers to help provide these services. Each of its suppliers is subject to a rigorous selection process to ensure that it has the necessary technical expertise and is able to provide the appropriate level of security and confidentiality. A written contract concluded between ALTARES – D&B group and each service provider obviously stipulates the respective obligations with regard to the personal data, in compliance with the requirements of the GDPR.
In accordance with the applicable regulations, ALTARES – D&B group and its partners shall process any request by a data subject for access to personal data, rectification or deletion of the personal data or limitation of the processing or opposition to processing on said data.
Any data subject may also define guidelines on the fate of his personal data after his death.
These rights are exercised by email to firstname.lastname@example.org presentation of a proof of identity of the person concerned.
The data subject also has the right to lodge a complaint with a supervisory authority.
This personal data protection Policy applies to entities of ALTARES – D&B group located on the territory of the European Union as well as those located outside the European Union when they are required to offer goods or services to data subjects within the territory of the European Union.
In a constant effort to improve its services and processes as well as to protect the right of data subjects in accordance with the regulations in force, ALTARES – D&B group reserves the right to update this Personal Data Protection Policy according to its needs and circumstances or if required by law; therefore, we invite you to regularly check for updates.
Altares Dun & Bradstreet
Inter Access Park
1702 Dilbeek (Brussels)