Skip to main content

Privacy

Privacy Policy

27/04/2026

1. Identity and contact details of the data controller

This privacy policy applies to all personal data processed by Otolith Belgium BV, with its registered office at Veldstraat 2, 8730, registered in the CBE under company number 0782.517.410, which is the data controller for this website.

The data controller attaches great importance to your privacy and therefore processes your personal data in accordance with European Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter “GDPR”), as well as any future or supplementary legislation implementing it, where applicable. 

If you have any further questions or comments regarding how we handle your personal data, please feel free to contact us at any time, either by email to info@otolith.be or by post to the above-mentioned postal address.

2. What does ‘processing personal data’ mean?

The processing of personal data (hereinafter “data”) encompasses any processing of data that can identify you as a natural person. You can find out what data is involved in this privacy policy. The term ‘processing’ is very broad and covers, among other things, the collection, storage and use of your data, or the sharing of such data with third parties.

3. What data do we process? 

Below, we explain what personal data we may process about you. Depending on the specific situation, your preferences and the way in which you contact us, we may not process all of the data listed below. 

3.1. General

We may process the following data relating to all our contacts:

  • Electronic identification data and usage data (e.g. IP address, browser type, location data);
  • Identification data;
  • Contact details (e.g. last name, first name, address, email address, etc.);
  • Contact history (e.g. email messages, messages sent via web forms, etc.).

3.2. Main activity

In the context of our commercial activities, we may also process the following data from our customers:

  • Order and payment details;

  • After-sales data;

  • Feedback, testimonials and promotional content such as photos and videos.

3.3. Job candidates

We may also process the following data relating to job candidates. Naturally, this will largely depend on the information you choose to provide to us in connection with your application. 

  • Personal details;

  • Work-related information;

  • Personality-related information;

  • Photographs.

  1. For what purposes do we process your data?

 Personal data is processed exclusively within the context of the company and, in particular, for the following purposes:

3.4. Core activities

In the context of our core activities: 

  • Personality Assessments, Questionnaire Data, Interview Reports

  • Compliance with administrative and tax obligations;

  • The operation of the website;

  • The processing of enquiries;

  • Communication with clients;

  • Employee recruitment procedures;

  • Operational, business, commercial and legal purposes.

4. On what legal grounds do we process your data? 

We process your data for the purposes described above and do not collect or process any data other than what is necessary for these purposes.
We process your data only to the extent that this is based on one of the legal grounds for processing set out in the GDPR, as outlined below.

4.1. Legal obligation

We process certain data in order to comply with legal or regulatory obligations imposed on us. For example, in relation to tax and accounting obligations or in the area of data protection.

4.2. Necessary for the performance of the contract

We process certain data because it is necessary for entering into, performing or terminating an agreement with you as the data subject. For example, for contacting you, scheduling appointments, responding to a request or requesting information in the context of entering into a contractual relationship, but also for the effective performance of the contractual agreement within the scope of our core business, in order to be able to provide you with our services.

4.3. Legitimate interest

We process certain data on the basis of our legitimate interest, which in specific cases outweighs any potential detriment to your rights. For example, to promote our activities to business contacts; to improve the quality of our services; to train staff; and to evaluate and maintain data and statistics relating to our activities in the broadest sense; retaining and using evidence in the context of liability, proceedings or disputes and for the purpose of archiving our activities; and ensuring security, both online on this website and within our business premises.

4.4. Consent

We process certain data on the basis of your consent. For example, to promote activities to potential business contacts or to use certain analytical or marketing cookies. Data relating to job canditates will only be retained after the recruitment process has been completed if consent has been given.

  • Source of the data

    Most of the data we process about you has been provided directly by you. As part of our services, we may obtain data about you from external service providers or public sources.
     
  • Who do we share your data with?

    We do not pass on your data to third parties, unless this is strictly necessary considering the purposes mentioned above, or if we are legally obliged to do so.

    Where necessary, we engage external service providers (processors) to support our operational purposes, such as the management of our websites and IT systems. These external service providers may carry out certain data processing activities on our behalf. We will only share your data with these external service providers to the extent necessary for the relevant purpose. They are not permitted to use the data for any other purposes. Furthermore, these service providers are contractually bound to ensure the confidentiality of your data through a “data processing agreement” entered into with these parties. 

    In practice, this means that we share your data, where relevant to your situation, with the following third parties for the following purposes, with these third parties acting as data processors on our behalf in certain cases:
     

    • Postal services, transport and delivery companies if we need to send you something by post;

    • Payment service providers if we receive payments from you, or vice versa;

    • External representatives and consultants or any other parties involved in the context of our main or ancillary activities;

    • The processors who assist us in the IT field in the operation of our organisation, with a view to secure and efficient digital data management within our organisation; 

    • Government bodies, judicial authorities and members of regulated professions such as accountants and lawyers, in order to comply with our legal obligations and defending our interests, to the extent required.

 5. How long do we keep your data?

We do not retain your data for longer than is necessary for the purpose for which the data was collected or is being processed. As the period for which data may be retained depends on the purposes for which it was collected, the retention period may vary in each situation. In some cases, specific legislation will require us to retain the data for a certain period. Our retention periods are always based on legal requirements and a balance between your rights and expectations and what is useful and necessary to fulfil the purposes. Once the retention period has expired, your data will be deleted or anonymised. 

6. Where do we store your data and how is it protected?

We implement appropriate technical and organisational security measures to prevent, within the scope of our activities, the destruction, loss, falsification, alteration, unauthorised access or unlawful disclosure to third parties, as well as any other unauthorised processing of this data. 

In addition, we ensure that the processors we engage also implement appropriate security measures to minimise the risk of incidents as much as possible.

The data we process remains within the European Economic Area (EEA) at all times.

7. What are your rights? 

You have various rights regarding the data we process about you. If you wish to exercise any of the following rights, please contact our GDPR Officer using the contact details provided under the first section of this Privacy Policy.

  • Right of access and to obtain a copy 

    You have the right to access your data and to receive a copy of it. This right also includes the option to request further information regarding the processing of your data, including details of the categories of data processed and the purposes for which this is done.
     

  • Right to rectification

    You have the right to have your data corrected or rectified if you believe that we have incorrect information.
     

  • Right to erasure (“right to be forgotten”)

    You have the right to request that we erase your data without undue delay. However, we will not always be able to comply with such a request, for example, when we still need the data in order to perform an ongoing contract, or when we are legally required to retain certain data for a specific period.
     

  • Right to restriction of processing 
     

  • You have the right to restrict the processing of your data. This means that processing will be temporarily suspended until, for example, the accuracy of the data has been verified.
     

  • Right to withdraw your consent

    If the processing of the data is based on your consent, you have the right to withdraw this consent at any time by contacting us. If you receive marketing messages from us via email based on your consent, you can easily withdraw this consent by clicking on the unsubscribe link at the bottom of such a message.
     

  • Right to object

    You have the right to object to the processing of your data where this is based on a legitimate interest. This must be done on the basis of specific reasons relating to your situation. You may also object to the use of your data for direct marketing purposes. Marketing messages sent by email will always include an opt-out option.
     

  • Right to data portability

    You have the right to receive the data you have provided to us, either with your consent or in fulfilment of a contract, in electronic form. This makes it easy to transfer the data to another company. You also have the right to ask us to transfer your data directly to another company, provided this is technically feasible.
     

  • Right to lodge a complaint with the supervisory authority

    If you believe that we are processing your data incorrectly, you always have the right to lodge a complaint with the data protection supervisory authority.

    Belgian Data Protection Authority (GBA)
    Drukpersstraat 35
    1000 Brussel
    contact@apd-gba.be
     

8. How can you exercise your rights? 

You can exercise your rights by contacting us, either by email at info@otolith.be or by post at Veldstraat 2, 8370 Beernem, provided you enclose a copy of the front of your identity card or another document that can be used to identify you. The copy will only be used to verify your identity in accordance with the GDPR.

9. Changes

We reserve the right to amend this Privacy Policy. The most recent version is available on our website at all times. The date on which this Privacy Policy was last amended can be found at the top of the page. In the event of a substantial change to the Privacy Policy, we will, where possible, inform those affected directly.