Who are we?
Securex Group vzw (non profit association), whose registered office is in Belgium, at 1040 Brussels, Tervurenlaan 43, VAT BE0419.678.319, Brussels RLP, and which can be contacted by telephone on + 32 2 729 92 11, and by email at info@securex.be.
Securex is an international player in the field of social and HR administration for private individuals, start-ups, self-employed people, SMEs, and large companies. As a full-service HR partner, we focus on the well-being and talent of employees, colleagues, customers, and self-employed people. Sustainable employability is important for everyone. This is why we develop a variety of solutions to provide preventive and proactive support.
Securex also develops and manages HR management solutions that help businesses and their employees to streamline their key HR processes.
We usually act as data controller for the processing of your personal data in the context of our service provision and the underlying processes. In this case, you should contact us if you have any questions or comments. When businesses and/or their employees use our solutions and applications and upload or process personal data in these solutions, we can also function as a data processor on behalf of our customers. In this event, your employer is your first point of contact for questions or comments about these data.
This privacy statement relates to the processing of personal data related to the use of Securex My Work and supplements the privacy policy of your employer, who should be regarded as the data controller for personal data in the context of payroll and social administration.
Securex may therefore act as both data controller and data processor for your employer in connection with the processing of your personal data. We always attach foremost importance in this context to the protection of your privacy and your personal data and to your feedback.
Purpose of processing personal data
Securex My Work is a complete and integrated tool for HR administration and payroll activities.
Personal data are processed in accordance with European Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR) in connection with the use of our services by you or your employer.
Your personal data are processed for the following purposes:
- To comply with laws, regulations, and instructions at the regional, federal, or international level regarding employment law, social security or tax legislation, including collective and individual labour contracts and your employer’s employment regulations
- To respond to your questions and requests
- Based on a legitimate interest on the part of the data controller or a third party in organising and/or improving the service
- Grounded on a legitimate interest on the part of the data controller in monitoring and assessing the ease of use and performance of the application in order to continuously improve the service and user experience.
More specifically, we are referring to the following possible purposes and processes:
- Your registration as a user of our tools and applications
- The management of your personnel file in the context of your labour contract
- Payroll administration
- Registration and processing operations within the framework of legally required declarations
- Recording presences and/or absences
- Planning and organisation of services
- Automating training management
- Performance monitoring and evaluations
- Monitoring of use and ease of use
- Integration and exchange with your employer’s various HR partners
- HR management reporting, insights, information, and advice for both the employer and the individual concerned
- Targeted (internal) communication
Legal basis for the processing
The legal basis for the processing of personal data of users of Securex My Work is:
- The performance of the contract between your employer and Securex
- The performance of the contract between you and your employer
- Your employer’s legal obligations under labour law and social security law
- Your request or permission to process or share data.
The legal basis for the processing of personal data in connection with the planning, organisation, and quality improvement of services, including by monitoring and evaluating performance and training, is the legitimate interest of your employer in
- organising and managing business operations optimally
- enabling employees to work in optimal conditions and pursue their self-development.
The legal basis for the analysis and evaluation of our tools and services by and with users is the legitimate interest of Securex in managing its services and products optimally and gaining insight into how they are experienced and used, so that ease of use and performance can be optimised.
Securex’s legitimate interest is also the legal basis for the processing of personal data of contact persons or representatives of the employer with regard to
- Customer contract and relation management: for business operations and their optimisation
- Direct marketing activities: to promote the services of ESPP Securex, as well as the services of the other Securex entities, to its customers.
Securex will only send you general newsletters and/or e-zines if you have granted your consent for this.
Categories of data subjects
Securex processes the personal data of users of the application and of contact persons of employers who use the application and/or who use this service.
Categories of processed data
Personal data can be defined as all information relating to an identified or identifiable natural person (data subject).
Securex processes or may process the following data, among other categories:
- Identification data
- Personal characteristics
- Financial & payroll data
- Contact details
- Family data
- Data relating to the position or job and/or career
- Data relating to performance and assessments
- Presence and absence data
- Training courses taken
- If applicable, data regarding certain opinions (relating to absence), memberships or other relevant administrative-medical data
- Registration numbers of vehicles and data about other benefits in kind
Some data are only processed in order to be able to grant you a benefit.
Personal data may be provided both by yourself or by or through your employer: your employer may either provide us with personal data directly or do so through integration with other HR partners or HR service providers.
Data retention period
Securex will store your data for no longer than is strictly necessary for the processing purposes and for as long as is required by law.
In the absence of any legal provision to the contrary, we keep your data for seven (7) years after the end of the financial year in which the last pay calculation was provided.
Confidentiality and data protection
In accordance with applicable legislation, Securex ensures an appropriate level of protection for personal data. The measures it has implemented include technical and organisational measures to protect personal data against accidental or unauthorised destruction, accidental loss, and against any modification of, access to or other unauthorised processing of the personal data.
Securex nevertheless wishes to point out that no security system can guarantee 100% security. However, you may contact us at any time with any questions about the confidentiality and security of your personal data.
Data recipients
Your personal data will only be processed and shared considering the intended purposes:
- Certain of your data may be passed on to subcontractors who provide given services in the strict context of a subcontracting agreement and for the sole purpose of providing Securex with the necessary technical assistance.
- Via the Securex My Work, your personal data in your personnel file may be shared with your employer, who is ultimately responsible for the processing and management of your personnel file.
- Depending on your employer’s choices and if this is consistent with the legal provisions, some data may also be shared with your colleagues or other third parties at the request of your employer or at your own request.
However, in exceptional cases Securex may be required to pass on certain personal data to the monitoring authorities, to our lawyers, to our experts or to judicial authorities.
Transfer of data to third countries
Securex does not transfer personal data outside the European Economic Area.
If a data transfer to a country outside the EEA is necessary in order to conduct its activities or services, Securex will implement appropriate safeguards in accordance with data protection legislation and ensure that enforceable rights and effective legal remedies are available to the data subjects.
To ensure that there are enforceable rights and effective legal remedies for data subjects, processing and transfer may only take place under one of the following conditions:
- the transfer takes place to countries that provide an appropriate level of protection based on adequacy decisions taken by the European Commission
- the transfer goes to a processor or sub-processor to which binding corporate rules apply. These corporate rules guarantee an appropriate level of protection
- the transfer is to a processor or sub-processor with whom a model agreement made available by the European Commission has also been concluded (Standard Contractual Clauses, cf. Commission Implementing Decision (EU) 2021/914 of 4 June 2021) and where an additional risk assessment has also been carried out beforehand. The contractual provisions and any additional measures following a prior risk assessment or data transfer impact assessment must then provide the necessary guarantees with regard to data protection.
If there are no appropriate guarantees regarding the level of protection, Securex will not transfer or allow the transfer of personal data to such third countries, unless it has the consent of the data subject.
Your rights
Via Securex My Work you may view your data and, where necessary and/or possible, correct them yourself.
You may view the data that Securex processes and, if need be, have them corrected by sending a dated and signed request, together with a copy of the front of your identity card, by email to privacy@securex.be or by post to Securex Group, Data Protection Officer, Tervurenlaan 43, 1040 Brussels.
In the same manner and within the limits of the GDPR, you may also object to your personal data being processed or ask that any such processing is limited. Furthermore, you may ask to have your data erased or transferred. More information can be obtained from the same address.
Although we take your rights and freedoms seriously, they therefore do not apply in all circumstances, and there may be circumstances where we cannot comply with your request, for example where doing so would mean that we would not be able to comply with our own legal or contractual obligations, e.g., towards your employer, as data controller. In such cases, we will always inform you of why we cannot adhere with your request and whether, for example, you need to contact your employer with regard to it.
If you believe that a violation has occurred with regard to the data processing or your rights, you may lodge a complaint to the Data Protection Authority.