Privacy notice

Responsible publisher

The responsible publisher of this Website is Contraste Europe SA, with head office established at 7, route d’Esch, L-1470 Luxembourg (registered for VAT under the number LU 159 770 15) and Belgian branch located Avenue Arianelaan N°5 - 1200 Brussels, Belgium (registred for VAT under the number is BE 451.992.086 Business number 0451.992.086). You can contact the company by phone +32 (0)2 730 79 80 or by mail ContrastePrivacy@contraste.com.

 

Privacy Policy

Contraste Europe is the data controller for the collected data on this Website. The Data Protection Officer of Contraste Europe is Jean-Paul Adans. You can contact him for privacy requests by mail ContrastePrivacy@contraste.com.

Contraste Europe is a group of companies proposing IT services and solutions to business clients. It is exclusively active in the B2B market and does not propose its services to individual persons.

The group consists of the following companies:

  • Amsit
  • Audaxis
  • Contrast Consulting
  • Contraste Europe
  • Contraste Luxembourg
  • Defimedia
  • Proxiel
  • The Digital Journey
     

The group is active in Luxembourg, Belgium, France, Switzerland and Tunisia.

In this policy, we'll use the name Contraste to designate all group companies.

This policy documents the policy of Contraste as a Data Controller, in other words all the aspects of the processing that Contraste applies to personal data it manages directly.

What personal data is collected about users on this Website?

Users can provide personal data to Contraste on this website by navigating, submitting an online application for a job or by using the contact Webform.

For all information about privacy concerning the online application, please check the specific privacy policy for candidates available on https://www.contraste.com/en/contraste-europe-privacy-policy-candidates

For each request made with the contact webform, Contraste Europe collects the following information:

  • Name
  • Firstname
  • Company
  • Email
  • Object
  • Message

During the navigation our server stores server log which consists of your IP address and the history of requests (as page requests for example).

Why Contraste stores and uses these personal data

Navigation

Contraste maintains server logs with the purpose to detect intrusion and resolve bugs on the website to guarantee the system security.

Online application

Contraste maintains records about professionals seeking work. These personal data are used with the main purpose to assess the candidate’s ability to take up a proposed job of Contraste or a Contraste client (qualification, experience…). More information on https://www.contraste.com/en/contraste-europe-privacy-policy-candidates

Contact Webform

The information the user provides with the Contact Webform are only used to answer the request of the user. With an explicit consent of the user, his personal data can also be used to send the user mailings about work-related topic (new service offering, participation to trade events...)

Data about users will only be used for these purposes.

How Contraste collects these personal data

Contraste creates and maintains records about users by means of the following information sources:

  • Users send a mail to join-us@contraste.com;
  • Users send a mail to the “info” mail of one company of the Contraste group;
  • Users apply online for a job using the Webform;
  • Users send a request using the Contact Webform;
  • Cookies
  • Server log
     

Who processes personal data about users?

Navigation

The IT department of Contraste (Controller) and Audaxis SAS (hosting company, processor) are the main recipients of user’s server log for the purpose described above. Access to server log is secured and supervised. Audaxis SAS, as data processor, guarantees to put in place all the technical and organizational measures to protect data as required by the new General Data Protection Regulation (GDPR) replacing the Data Protection Directive 95/46/EC.

Online application

The recruitment department of Contraste is the main recipient of candidate’s personal data for the purposes described in this privacy policy. During the recruitment process, candidate’s information will also be transferred to the sales in charge of the Contraste’s client and the Contraste’s client seeking for consultants. More information on: https://www.contraste.com/en/contraste-europe-privacy-policy-candidates

Contact Webform

The sales department of Contraste is the main recipient of user’s information collected by the Contact Webform for the purpose described above. Depending of the nature of the demand, user’s personal data can be transferred to other department/company of Contraste Europe concerned by the request (Recruitment, Marketing, IT, Admin…).

How Contraste collects and stores users consents

Each user is clearly informed about the use of his personal data as described in this privacy policy.

Consent are required only for candidates and prospects. After the first contact, the candidate/the prospect will be invited to give explicit consent for data processing via an online form. The consent is stored in the Contraste system. If Contraste doesn’t get the candidate’s/prospect's consent, candidate’s/prospect's information will not be stored and processed.

How long Contraste keeps personal data about users and what is the legal basis?

Navigation

Server log are stored for 6 months. Storing server log is legal until the user is well informed and if it is only with security purposes as intrusion and bugs detection/resolution.

Online application

After the candidate online opt-in, Contraste keeps data for 2 years according to the data privacy authorities' recommendations and only with the explicit consent of the candidate. On the basis of its legitimate interest, Contraste Europe will keep a minimum of personal information about the candidate (first name, last name, mail address, phone number) for the proper functioning of the recruitment department.

Contact Webform

Personal data from the contact Webform are stored the time needed to answer the user’s request. In this case, retention period is variable and depends of the complexity of the request. When a user submits a contact Webform, he can expect legitimately to receive an answer.

If the request is commercial, after the prospect opt-in, Contraste keeps data for 3 years after the last contact according to the privacy authorities recommendations and only with the explicit consent of the candidate.

Data subject’s rights about personal data

In respect of the new General Data Protection Regulation (GDPR), users have the following rights regarding their personal data stored by Contraste:

  • Right to access
  • Right of rectification
  • Right to erasure (right to be forgotten)
  • Right to restrict processing
  • Right of data portability
  • Right to object to processing

To claim one of these rights, users must send an email to ContrastePrivacy@contraste.com with the reason of the request. Contraste will provide any requested information in relation to any of the rights of data subjects with one calendar month of receiving the request. If Contraste receives large numbers of requests, or especially complex requests, the time limit may be extended by a maximum of two further months.

For a security reason, upon receipt of a request, Contraste will proceed to an identity verification of the requestor. To this end, the receipt acknowledge will include the invitation to do either one of the following:

  • Forward a scan of an official identification document (ID Card, Passport), along with a copy of a recent utility bill (telephone, electricity…) clearly stating the name and address of the individual involved.
  • Set up a telephone call, where a number of questions can be asked, the answers being compared with the personal data held in Contraste's database.

The request will be processed if and only if a positive authentication has been realised.

Data processor

Contraste never shares personal data with any other organisation outside of the Contraste Europe Group, with the exception of identified Data Processors. In the recruitment procedure context, data processors of candidate’s information are:

  • Contraste Clients seeking for consultants
  • Microsoft Dynamics CRM
  • Microsoft Office 365

For the web hosting of this Website the data processor is Audaxis SAS.

As data processor they guarantee to put in place all the technical and organizational measures to protect data as required by the new General Data Protection Regulation (GDPR) replacing the Data Protection Directive 95/46/EC.

Technical Information Security Measures

List of the security measures

Contraste Europe uses a networked IT infrastructure, allowing its staff to interact internally and with third parties, and to use applications and services. Contraste set up different security measures covering the following areas:

  • Raise awareness among users
  • Authenticate users
  • Manage authorizations
  • Trace access and manage incidents
  • Secure workstations
  • Securing mobile computing
  • Protect the computer network
  • Secure the servers
  • Secure websites
  • Save and plan for business continuity
  • Archiving securely
  • Supervise the maintenance and destruction of data
  • Manage outsourcing
  • Secure exchanges with other organizations
  • Protect the premises
  • Supervise IT developments
  • Encrypt, guarantee integrity or sign

Contraste tests and improves these security measures on a regular basis.

Security Breaches

Security Breach Detection

Any event that poses a possible threat to personal data is to be considered as a Security Breach. A threat can be of different natures: loss, modification, corruption, or exposition to third parties.

The events that must be considered as a threat include, for example:

  • Intrusion of a third party into the corporate network.
  • Infection of one or more devices by a malware, including a virus, rootkit, …
  • Loss of a USB key containing files with personal data.
  • Loss of a PC, tablet or smartphone that contains, or can access, files containing personal data.
  • Security breach at one of our Data Processors

Contraste has taken a number of measures to detect any of these events without delay.

Risk Evaluation

When conducting a risk analysis, Contraste first identify the potential harm (physical, material or moral damage) associated with a processing activity. Next, we evaluate the severity of harm that could result. Finally, Contraste assess the likelihood of the event by analyzing the vulnerabilities of their systems and operations as well as the nature of the threats. Risk are categorised by “high-risk”, “risk” and “low-risk”.

Security Breach Notification to Authorities

If the security breach could lead to a threat to subject individuals, such as, for example, identity theft, fraud, financial loss or impact on influence, then Contraste will notify the authorities.

This notification must occur within the 72 hours of the positive identification of the security threat. If this delay is exceeded, then the additional delay must be justified.

Security Breach Notification to Subject Individuals

If the risk for subject individuals is considered high, then they must also be informed. If there is a doubt about the degree of risk, then the authorities can be contacted for verification.

If the situation requires a notification to the subject individuals, than they must also be provided guidelines about how to mitigate the risk.

Definitions

  • Data controller

"Controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws.”

GDPR, Art.4 (7)

  • Data processor

"Processor means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.”

An employee of the data controller is not considered like a processor.

GDPR, Art.4 (8)

  • Processing

"Processing means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

GDPR, Art.4 (2)

  • Personal Data

"Personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.”

GDPR, Rec.26; Art.4 (1)

  • Sensitive Personal Data

“Sensitive Personal Data" are personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data. Data relating to criminal offences and convictions are addressed separately (as criminal law lies outside the EU's legislative competence).”

GDPR, Rec.10, 34, 35, 51; Art.9 (1)

Reference Documents

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) http://eur-lex.europa.eu/eli/reg/2016/679/oj

Data Privacy Authorities

Luxembourg

National Commission for Data Protection (CNDP)

1, avenue du Rock'n'Roll

L-4631 Esch-su-Alzette

Luxembourg

Telephone +352 26 10 60 1

https://cnpd.public.lu

Belgium

Data Protection Authority

Rue de la Presse, 35

B-1000 Brussels

Belgium

Telephone +32 2 274 48 00

www.dataprotectionauthority.be

contact@apd-gba.be

France

Commission Nationale de l'Informatique et des Libertés (CNIL)

3 Place de Fontenoy

TSA 80715

F-75334 Paris Cedex 07

France

Telephone +33 1 53 73 22 22

Europe

European Data Protection Supervisor

https://edps.europa.eu

Use of cookies

This site uses cookies. A “cookie” is a small file sent by our server which is stored on the hard disk of your computer.

Necessary Internal cookies

As a session cookie, these cookies are exempt from the consent requirement, in accordance with Article 129 of the LCE. See point 3.4. of the opinion 04/2012 of Group 29 (umbrella organization of European privacy commissions) on exceptions to the consent requirement for cookies.

Cookie name

Retention period

Description

SSESS

1 month

Session cookie (for connected users)

aucp13n

1 month

Cache system management

cookie-agreed

3 months

Remember if the user has accepted cookies

has_js

Time of session

Hold back if the user has javascript enabled

 

Cookie for audience measurement

In order to adapt the site to the requests of our visitors, we measure the number of visits, the number of pages viewed, the activity of visitors to the site and their frequency of return. Google Analytics is the statistical tool used by Contraste and generates the following cookies:

  • analytics.js

Cookie name

Retention period

Description

_ga

2 years

Used to distinguish users.

_gid

24 hours

Used to distinguish users.

_gat

1 minute

Used to throttle request rate.
  • ga.js

Cookie name

Retention period

Description

__utma

2 years from set/update

Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.

__utmt

10 minutes

Used to throttle request rate.

__utmb

30 minutes from set/update

Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.

__utmz

6 months from set/update

Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.

We also collect your IP address to determine the city from which you are connecting. This is immediately anonymized after use. Contraste cannot under any circumstances identify individuals through this means.

Information related to these cookies are not transferred to third parties or used for other purposes.

Google have implemented all the necessary security measures to guarantee the security of the data via its "Privacy Shield" membership whose certification is visible via this link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

You can choose to opt out of cookies and statistical analysis of your browsing data via the opt-out procedure available via this link: https://tools.google.com/dlpage/gaoptout?hl=en

Third-party cookies to improve the interactivity of the site

The website of Contraste uses the services offered by third parties to improve the interactivity of its site. This mainly concerns videos posted on the site via Youtube.)

Intellectual property

Texts, images and videos of this website are the intellectual property of Contraste Europe. The contents cannot be reused or copied, completely or partially, without authorization.