Updated in May 2024
Privacy Policy
1. Introduction and scope
This privacy policy aims to inform you about how Nine Engineering BV (“Nine Engineering”, “we”, “us”) collects and processes your personal data via our website (the "Website") and in the course of our (client) relationship. Nine Engineering respects your privacy and is committed to protecting your personal data and your privacy in accordance with Belgian and European data protection laws, including the EU General Data Protection Regulation 2016/679 (“GDPR”) as well as any applicable national implementing and supplementing laws. Please read this privacy policy carefully. It describes not only your rights, but also the way in which you can exercise these rights.By using our Website or by disclosing your personal data you acknowledge the manner in which Nine Engineering collects and processes your personal data as described in this privacy policy.
2. Who we are and how to contact us?
Nine Engineering is a company incorporated under Belgian law and acts as data controller in respect of the personal data collected via its Website or as otherwise set forth in this privacy policy:
- Company name: Nine Engineering BV
- Registered office: Stapelplein 70, bus 130, 9000, Ghent, Belgium
- Company number: 0752.969.527 (RPR Ghent, division Ghent)
We have appointed a Data Protection Officer, whom you can contact for questions about this privacy policy, your privacy and the processing of your personal data.
E-mail address DPO: privacy@nineid.com
What personal data do we process?
We processes different types of personal data; this depends on the functionalities you use on our Website, the services you wish to use and on the personal data you share with us.If we processes your personal data, it will be personal data of one of the categories listed below:
- Identification and contact details (such as name and first name, phone number, email address);
- Technical information (such as information about your computer, mobile and other devices (such as, your IP- address, user-ID, operating system, browser type);
- Professional information (such as profession, company you work for, job title, (company) address, company registration and VAT number);
- Usage information (such as information regarding your usage of our Website (such as, history, logs, date, time, location, frequency, duration of the pages you have viewed, consent preferences, information regarding consent(s) given by you (such as, the date and time of your consent));
- Any other categories of personal data as identified below under title 4.
Your personal data originates from you directly or is automatically collected by us (in case of technical or usage information).
4. For which purposes do we process personal data, on which legal basis and for how long?
4.1. General
Depending on your use of the Website, our services, the information you share with us and our (client) relationship, Nine Engineering processes personal data for the purposes specified in this section 4 (if and to the extent applicable to your situation). Please note that our Website and services may evolve and more functionalities may be added from time to time. In such event, we will update the below table as necessary and your additional consent (if and to the extent required) shall be requested.
For certain processing purposes, Nine Engineering requires your consent. The consent you give is always free and you have the right to withdraw it at any time. You can withdraw your consent by sending an email to: privacy@nineid.com. Your withdrawal of consent does not affect the processing of personal data prior to such withdrawal or our processing activities which are based on any other legal basis.
4.2. Website-users
| Purpose | Type of personal data | Legal basis | Retention period |
|---|---|---|---|
| To manage and respond to your contact requests and questions submitted via de Website (such as after you have submitted a contact form). | Identification and contact details Any feedback and information you choose to share with us during our contact | Performance of a contract | As long as necessary to contact you (with respect to a submitted contact request); Your identification and contact details will in any event be deleted no later than 2 year/ month after our last contact. |
| Management and booking of appointments, demo sessions and other meetings and to ensure a proper follow up (by sending related (background) information such as commercial offers). | Identification and contact details. Professional information. Technical information. Any feedback and information you choose to share with us during our meeting. | Legitimate interest or performance of a contract (as applicable) | As long as necessary to contact you and manage our appointments and meetings; Your identification and contact details will in any event be deleted no later than 2 year after our last contact. |
| To improve our Website, your user experience thereof and our product and service offering in general by gathering technical, analytical and statistical insights. | Usage information. Technical information. Any feedback you choose to provide us. | Consent The consent you give is always free. You have the right, at any time and free of charge, to withdraw your consent, by sending an email to: privacy@nineid.com. | The retention period varies from as long as the duration of a Website- visit, to as long as your consent is not withdrawn (as applicable); Reference is made to our cookie policy. |
| For direct marketing purposes (such as to send promotional emails and newsletters about our products and services, including about new features, functionalities, special offers, events and other information which we think might interest you). | Identification and contact details. Technical information. Usage information. | The consent you give is always free. You have the right, at any time and free of charge, to withdraw your consent and to object to the processing of your personal data for direct marketing purposes, by sending an email to: privacy@nineid.com. | As long as your consent is not withdrawn; In any event as soon as NineID notes that the contact details are out of use. |
4.3. Applicants
Nine Engineering may process personal data of applicants for the following purposes:
| Purpose | Type of personal data | Legal basis | Retention period |
|---|---|---|---|
| To carry out recruitment and selection activities for open positions at Nine Engineering. | Identification and contact details. Professional information. Any documents and information you choose to share with us during your application (such as CV, cover letter). | Legitimate interest or performance of a contract (as applicable) | Up to 6 months after notifying the last candidate that he/she is not retained for the job, unless a longer retention term applies in accordance with this policy. |
| To create a talent pool for future vacancies and recruitment purposes. | Identification and contact details. Professional information. Any documents and information you choose to share with us during your application (such as CV, cover letter). | The consent you give is always free. You have the right, at any time and free of charge, to withdraw your consent by sending an email to: privacy@nineid.com. | Up to 1 year after obtaining your consent. Your personal data will in any event be deleted in the event you withdraw your consent. |
4.5. Processing activities applicable to Website-users, Applicants
| Purpose | Type of personal data | Legal basis | Retention period |
|---|---|---|---|
| To comply with our legal obligations (including to respond to data subject requests, to respect your (consent) preferences, to protect the rights of others). | Identification and contact details. Usage information. Technical information. Any additional information you provide us or required to adhere to our legal obligations. | Legal obligation | The retention term varies from as long as the duration of a Website- to as long as required by law; Your personal data will in any event be deleted ten (10) years after the expiry or termination of our (client) relationship. |
| To execute our business administration (such as to manage our (client) relationship and to address potential complaints). | Identification and contact details. Information related to ordered products, software and services. Any additional information you provide us or which relates to our relationship. | Legitimate interest | As long as necessary for Nine Engineering’s legitimate interest(s); Your personal data will in any event be deleted ten (10) years after the expiry or termination of our (client) relationship. |
For more details about the retention period, you can always send an email to: privacy@nineid.com.
5. Do we use cookies?
Our Website uses cookies and similar technologies. For more information, we refer to our cookie policy.
6. With who do we share your personal data?
Nine Engineering may share your personal data, as required for the purposes set forth in section 4, with:
- third-party service providers (such as IT service providers, security providers, suppliers, communication and other software providers or hosting providers);
- professional advisers (such as lawyers or auditors);
- affiliated entities; and
Upon request, Nine Engineering shall, as soon as possible after the request, inform you of the third parties with whom your personal data have been shared by providing you a more detailed list.
In addition, we may disclose your personal information if required by law, or if we believe in good faith that such disclosure is necessary to comply with a judicial investigation, court order or to defend or safeguard our rights.
Processors and sub-processors of Nine Engineering always act under the responsibility of Nine Engineering. We always ensure that appropriate protective measures are taken when we transfer your personal data to third parties. If Nine Engineering engages (sub-)processors, this will always be done in accordance with a data processing agreement that meets the requirements of the GDPR. We require all our (sub-)processors to take appropriate technical and organizational (including security) measures to protect your personal data. In the event we disclose your personal data as described above, we will implement appropriate safeguards to ensure the integrity and confidentiality of your personal data.
Your personal data will only be made available to (sub-)processors, employees and other third parties on a “need-to-know” basis, limited to the extent necessary to perform their services.
7. Will your personal data be transferred to countries outside the EEA?
In principle, Nine Engineering does not transfer your personal data to third countries located outside the European Economic Area ("EEA") unless you are located outside the EEA (and are visiting our Website, use our services or otherwise provide personal data from outside the EEA).
Additionally, it is possible that Nine Engineering – through its (sub-)processors – does transfer your personal data to countries outside the EEA. In this event, Nine Engineering will only transfer your personal data outside the EEA in accordance with the applicable data protection legislation and subject to appropriate safeguards.
Please contact us if you want further information on the specific mechanism(s) used when transferring personal data outside the EEA.
8. Do we process your personal data for direct marketing purposes?
We may use your personal data for direct marketing purposes (including profiling). This enables us to keep you informed about our products, updates, events, etc. You give your explicit consent for this, but you may at any time, free of charge, withdraw your consent and object to the processing of your personal data for direct marketing purposes (including profiling), to the extent that it relates to such direct marketing, by sending an email to: privacy@nineid.com. Your withdrawal of consent does not affect the processing of personal data prior to such withdrawal or our processing activities which are based on any other legal basis.
9. How do we protect your personal data?
Nine Engineering is committed to trying to make sure that your personal data is secure and makes all reasonable and appropriate efforts to protect your personal data. We take appropriate technical and organizational security measures to ensure a level of security in accordance with the GDPR and appropriate to foreseeable risks. Nine Engineering has implemented measures to protect your personal data against destruction, loss, misuse, unauthorized alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
The measures taken by Nine Engineering include:
- Appointment of a Data Protection Officer and Chief Information Security Officer
- Implementation of an Information Security (ISMS) and Privacy Information Management System (PIMS) iaw ISO 27001:2013 and 27701:2013 standard, pursuant to which Nine Engineering holds the respective ISO certificates. The measures taken under these standard cover (non-exhaustive list):
- Encryption of the (personal) data;
- Awareness raising of personnel;
- Implementation of appropriate security policies;
- Implementation of a disaster recovery and backup plan;
- Implementation of a management plan in case of security incidents;
- Implementation of privacy & security-by-design principles;
- Execution of penetration testing; and
- Annual management reviews of information security.
Please contact us if you would like more information on the specific measures taken by sending an email to: privacy@nineid.com.
Despite the above measures taken by us, you should be aware that there are always risks associated with sending personal data over the internet. The security and protection of your personal data can never be fully guaranteed, nor can we guarantee that unauthorized third parties will never be able to defeat those measures or use your personal data for improper purposes.
10. How long do we keep your personal data?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes determined in section 4 of this privacy policy, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
The applicable retention periods are set out in the table under section 4.
11. What are your rights and how can you exercise them?
Within the limits defined in Articles 15-22 of the GDPR, you have the following legal rights in relation to your personal data:
- Right of access: you have the right to obtain confirmation from us as to whether or not we are processing your personal data, to access that personal data and how and why it is being processed, as well as to receive a copy of that data.
- Right to rectification: you have the right to obtain a rectification of your personal data or to request that we complete your personal data when you become aware that we are processing incorrect or incomplete data about you.
- Right to erasure ('right to be forgotten'): you have the right to obtain erasure of your personal data in certain specific cases.
- Right to restriction: You have the right to have the processing of your personal data restricted in certain specific cases.
- Right to portability: You have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable form, and to transfer (have transferred) that personal data to another controller.
- Right to object: You have the right to object to the processing of your personal data on the basis of our legitimate interest for reasons relating to your specific situation.
The exercise of these rights is in principle free of charge. Only in the event of unreasonable or repeated requests, we may charge a reasonable administrative fee. Nine Engineering will inform you of the applicable fee before charging it.
In your request, make sure to clearly specify which right you wish to exercise so we can help you as efficient as possible. Please note that in some case we may require you to give more information about yourself to ensure that we are dealing with the correct person.
If you contact us to exercise your rights we will respond within one month. Exceptionally this may take longer (up to three months), but then we will inform you within one month of the reasons why.
If and to the extent provided for in the applicable data protection legislation, you have the right to file a complaint with the competent supervisory authority if you consider that our processing of your personal data violates the applicable regulations. In Belgium the competent authority is the Data Protection Authority (“Gegevensbeschermingsautoriteit”):
Drukpersstraat 35, 1000 Brussels, Belgium
+32 (0)2 274 48 00
We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in first instance.
12. Are there any third party links on our Website?
Our Website may contain links to third party websites and/or applications. Nine Engineering is not responsible for the content of these websites and applications and is not responsible for the privacy standards and practices of such third parties. We recommend you to read the relevant privacy policies of these third parties and their websites before you accept their cookies and visit their website to ensure yourself that your personal data is sufficiently protected. Nonetheless, we seek to protect the integrity of our Website and welcome any feedback about these websites and/or applications.
13. Changes to the privacy policy
Nine Engineering may modify this privacy policy at any time. Any changes we may make to our privacy policy will be indicated on the Website and when proportionate and in line with the significance of the changes, may be notified to you by email or advised to you on your next Website-visit. The date of the last amended version is listed at the top of the privacy policy. Please review this privacy policy periodically to stay informed of changes that may affect you.
Amended versions of this privacy policy take effect ten (10) days after their publication on the Website, and/or other form of announcement and, if necessary, will always be submitted for approval if required under the GDPR, unless such modifications are necessary to comply with a legal requirement. In the latter case, such changes will take effect immediately.
14. Liability
If Nine Engineering has lawfully provided your personal data to a third party (other than a subprocessor), it will not be liable for the unlawful processing or use by that third party.
Nine Engineering is in any case only liable for the damage caused by the processing of personal data if it did not comply with its specific obligations under the GDPR and Nine Engineering’s liability shall not exceed an amount equal to the amounts actually paid out by our insurer for the damage causing event. Nine Engineering shall in no event be liable for any special, incidental, indirect or consequential losses or damages.
The foregoing exclusions and limitations shall only apply to the maximum extent permitted by applicable law.
15. Applicable law and competence
This privacy policy shall be governed, interpreted, and implemented in accordance with Belgian laws.
The Ghent courts (division Ghent) are exclusively competent to decide on any dispute that may arise from the interpretation or implementation of this privacy policy, without prejudice to the consumer’s right to present a dispute before a competent court on the basis of a mandatory statutory provision.