Hyperion Group cares about your privacy and always acts in this respect in accordance with the stipulations of privacy legislation, including the General Data Protection Regulation (GDPR). This privacy statement wishes to inform you about the processing of your personal data when visiting our website hereinafter referred to as “the Website”), making use of our services, disclosure and transfer of your personal data, and the rights you have with regards to the processing of your personal data.
For our privacy practices in relation to our services, we would like to refer to the agreement as may be conducted between us in addition to this privacy statement.
If you have any questions or comments on this privacy statement or about the protection of your personal data by Hyperion Group, please contact us through one of the channels mentioned in the next section.
Who are we?
“We”, “us” or “our” means:
Hyperion Group NV, with its registered offices at Veldkant 35C,
B‑2550 Kontich and with company number BE 0675.561.448.
We act as controller for the personal data we gather through your use of our website.
If you have any questions, concerns or complaints regarding this Privacy Statement or our processing of your personal data or you wish to submit a request to exercise your rights, you can contact us:
- Via-mail: dpo@hyperion.be, to the attention of our Data Protection Officer
- By post to: Hyperion Group NV, To the attention of the DPO, Veldkant 35C, 2550 Kontich – Belgium
Why do we process your personal data?
We primarily process your personal data when you give it to us (e.g. when visiting our website or contacting us). In addition, it is possible that we process your data because other people give it to us (e.g. your employer while professional our professional services). Where we need to process personal data to provide professional services, we ask our clients to only provide the necessary information to the data subjects regarding its use.
When you visit our website, we process the personal data that you provide voluntarily, e.g. when completing online forms or subscribing to a newsletter. The following data can be processed for the as forementioned purpose:
- Identification data (e.g. first and last name)
- Contact data (e.g. e‑mail address and phone number)
- Professional data (e.g. job title, education, company)
- Information required for fulfilling our services to you
- Any other personal data that you voluntarily choose to share with us
We will never process any sensitive categories of personal data unless you provide us with such data. If there are any free text boxes you are not required, and should not disclose, any type of sensitive personal information. If you do provide us with such sensitive data in this manner, you acknowledge consent to the processing of this data.
We also process certain personal data automatically when you visit our website. This data includes your IP address, pixel ID, device type, broad geographic location, …
In addition, our website also features certain social media plugins for Facebook and LinkedIn.
When you commission us to provide you with professional services, we process personal data when we have a compelling reason to do so with regards to those services. You can find an overview of our services on www.hyperion.be. In the context of providing professional services to customers, we also process personal data of individuals that are not directly our clients (e.g. employees, suppliers, …). The personal data that we process to provide our services is offered voluntarily by (or collected by us from third-party sources at the request of) our clients. This information can include:
- Identification data (e.g. first and last name)
- Contact data (e.g. e‑mail address and phone number)
- Professional data (e.g. job title, education, company)
- Financial information (e.g. payment information)
- Personal data relating to you or third parties that you provide us for the purpose of fulfilling our services
This personal data is used to provide you with the requested service, to administer and maintain contractual relations, marketing and business development, comply with legal obligations, exercise or defend legal rights, and/or accounting and tax purposes.
As part of the abovementioned professional services we provide to clients, we can also process personal data of individuals with whom we do not have a direct (contractual) relationship (e.g. employee data). In such case we seek the confirmation of our clients that they have the authority to provide personal data relating to the performance of the agreed services and that the personal data provided has been processed in accordance with applicable law. Given the variety of services we provide, the following personal data can be processed:
- Identification data (e.g. first and last name, age, gender, …)
- Contact data (e.g. e‑mail address and phone number, postal address)
- Professional data (e.g. job title, education, experience, company, …)
- Financial information (e.g. salary, payroll, benefits, …)
When you want to make use of our contact form we process the following personal data:
- Identification data: first and last name
- Contact data: e‑mail address and phone number
- Professional data: function and company
- We also process any personal data that you choose to put in the designated blank field (please do not provide us with any sensitive information, such as health information, information pertaining to criminal convictions, or credit card/account numbers).
If you subscribe to our newsletter you will also be asked to provide your e‑mail address.
Legal ground for processing your personal data
We process the personal data we receive from you via our contact form or subscription to our newsletter based on “consent”.
We use the personal data we receive from you via our contact form based on your implied consent. The user information we aggregate from your behavior on our website is processed in accordance with our legitimate interest. Your user information is used to make our users’ website experience as comfortable and safe as possible. In any case, we strive towards a balance between the legitimate interest and respecting your privacy.
Your personal data will also be used for direct marketing if you gave an explicit consent to do so. If you are already added to our mailing list to receive electronic marketing material, we can use your data to send marketing regarding our services. In the event the legal basis for the processing of your personal data is consent, you will, at all times, have the right to withdraw your consent. This will, however, not affect the lawfulness of any processing done prior to the withdrawal of consent. And in the event the legal basis for processing is our legitimate interest, you will have the right to object to such processing, as set out below.
Disclosure of your personal data to others
We only share your personal data with third parties if necessary, to carry out one or more of the as forementioned processing activities. To maintain and improve our services we sometimes invoke third parties, e.g. developers and service providers. Where necessary for the services provided by these third parties, your personal data may be transferred to them. We conclude contractual agreements with these third parties to ensure that they only process your personal data in accordance to our instructions and that they always meet the same degree of security and confidentiality as we do. We use the following categories of service providers:
- CMS System
- Google Analytics
We may also disclose your personal data in the event such disclosure is required or necessary to fulfil a legal obligation.
This Privacy statement is only applicable to us and our Website. The Website can include links to other websites, which we do not monitor. Subsequently, this Privacy Statement is not applicable to those websites.
We will not transfer your personal data outside of the European Economic Area.
Retention of your personal data
We commit ourselves not to retain your personal data longer than necessary for the specific processing activity or any retention period that is required by law.
Protection of your personal data
We make every effort to (continue to) guarantee the accessibility, confidentiality, and integrity of your personal data. To this end, we have taken the necessary steps to protect your personal data. This means, among other things, that the number of employees who have access to your personal data is carefully selected and strictly limited. In addition, the impact on your privacy is always analysed in detail to guarantee your rights, the security and protection of your personal data. In the event of an unforeseen incident involving your personal data, Hyperion Group will always inform you in accordance with the legal provisions.
Your rights and how to exercise them
To exercise any of your rights, please send us a written request through one of the channels mentioned at the top of this Privacy Statement. We will respond to your request without undue delay, but in any event within one month of the receipt of the request.
The right to access: You have the right to access all personal data that we process about you. You can also receive a copy of this data, which we will send to you on paper or digitally. You can do this by contacting our DPO by sending an email to dpo@hyperion.be.
The right to rectification: If the personal data we hold about you is inaccurate or incomplete, you have the right to have this information rectified or, considering the purposes of the processing, completed.
The right to erasure (right to be forgotten): You have the right to request the removal of your personal data if they are no longer necessary in the light of the purposes of this privacy statement or if you withdraw your consent to the processing. You can do this by contacting our DPO by sending an email to dpo@hyperion.be.
Please note: We are not obliged to remove your personal data if we have to or may keep that data because of a legal or contractual obligation.
The right to restrict processing: You have the right to restrict the processing of your personal data (meaning that the personal data may only be stored by us and may only be used for limited purposes), if:
(a) You contest the accuracy of the personal data (and only for as long as it takes to verify that accuracy);
(b) The processing is unlawful, and you request restriction (as opposed to exercising the right to erasure);
© We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; or,
(d) You have objected to processing, pending the verification of that objection.
In addition to our right to store your personal data, we may still otherwise process it but only:
(a) with your consent;
(b) for the establishment, exercise or defense of legal claims;
© for the protection of the rights of another natural or legal person; or,
(d) for reasons of important public interest.
We will inform you before we lift the restriction of processing.
The right to data portability: To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others. You also have the right to have your personal data transferred directly to another company, if this is technically possible, and/or to store your personal data for further personal use on a private device.
The right to object to processing: If you feel that we are not using your personal data correctly, you may object to such processing, such as processing in the context of newsletters or other processing that is not necessary in the context of our products and services. You can do this by contacting our DPO by sending an e‑mail to dpo@hyperion.be.
The right to complain to a supervisory authority: If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. In Belgium, you can submit a complaint to the Authority for the protection of personal data (Data Protection Authority), Drukpersstraat 35, 1000 Brussel (contact@apd-gba.be; https://www.dataprotectionauthority.be/citizen/actions/contact).
Amendments to the Privacy Statement
We reserve the right to modify this Privacy Statement at any time, and without prior notice, by posting an amended Privacy Statement on the website. You will always be able to consult the most recent version of the Privacy Statement on the website. This Privacy Statement was revised last on 03/08/2021, version nr. 2021/01.
Thanks for reading! We surely hope to actually talk to you soon, but that’s optional — it’s really up to you!