Privacy Policy.

1.     Introduction

Information about GINION GROUP (Legal registered company of GMS)

GINION GROUP NV is a public limited company registered with the Crossroads Bank for Enterprises under number 0453.212.110, with its registered office at Robert Dansaertlaan 13L, 1702 Groot-Bijgaarden. It is a mobility solutions provider specialising in fleet and mobility management services for companies.

Within the framework of its activities and services, Ginion Group processes, among other things, the personal data of its Clients and its Clients’ employees (drivers). Concerning these processing activities, Ginion Group acts as a "data processor" and is responsible for protecting personal data. In this capacity, Ginion Group complies with the applicable data protection legislation, including, as of 25 May 2018, the European General Data Protection Regulation 2016/679 (the "Regulation" or "GDPR") and the applicable national laws implementing the EU Directive 95/46 on the processing of personal data or supplementing the GDPR.

Your privacy is a priority for us

Ginion Group aims to be your trusted partner and therefore does everything possible to respect and protect the Client’s data and Client’s employees’ data. This Privacy Policy seeks to explain how we collect, store, use and disclose personal data when using our products and services, applications, and websites or when interacting with us. This Privacy Policy also describes the rights and explains how an individual can exercise them.

In the sake of transparency, the Client must ensure that its employees are aware that their personal data are being processed by Ginion Group and that their consent to such processing, as described in this Privacy Policy, is obtained where appropriate.

The following principles are central to the way we process personal data

Transparency and fairness: when we collect and process your personal data, we tell you who collects and receives the data and why.

Legitimacy: Ginion Group does not collect and process personal data without legitimate reasons. Where required by law, we will always ask for your prior consent (for example, before launching a direct marketing campaign).

Purpose: We only use personal data for relevant business purposes (e.g. to provide our services, to manage customer relationships, to manage customer fleets, for billing purposes, to better serve customers, to conduct customer satisfaction surveys, to prepare reports and to comply with our legal obligations). We will never use personal data for purposes that are incompatible with the purposes described in this Privacy Policy or disclosed elsewhere.

Necessity and proportionality: we collect only the personal data that is necessary in accordance with this Privacy Policy. We only collect sensitive information where it is relevant. We take all reasonable steps to ensure that personal data is accurate, complete and up to date. We will only provide your data to business partners and suppliers where necessary to provide our services to you or to comply with legal obligations (e.g. Driver’s personal data for the police fines processing)

 These principles are detailed below.

2.    What activities are affected by the data collection?

This Policy covers all sources of data collected and processed by Ginion Group in the context of its various business activities, including fleet management, business car rental, various mobility solutions (apps, MaaS, bike rental, etc.), car sales, use of our websites or mobile applications, etc. The scope of the activities is described in each individual agreement with the Client.

3.    When do we collect personal data?

We may collect and process your personal data if you fall into at least one of the following categories:

-   Client’s representative (professional or private);

-   Employees of the Client or other persons authorised by the Client to benefit from a contract between the Client and Ginion Group (i.e. drivers of vehicles and users of bicycles, the user of the Federal Mobility Budget or other solutions);

-   Contact persons at Client's premises;

-   Fleet managers;

-   Leads;

-   Used car buyers;

-   Visitors/users of the website;

-   Company directors;

-   Shareholders;

-   etc.

4.    How do we collect your personal data?

Ginion Group may collect personal data in diverse ways.

  1. We collect your personal data directly from you, when we interact with you (for example, when you contact Ginion Group, Ginion Group may keep a record of this correspondence), when you fill in an online form (application form, order form, accident report form, etc.), when you create an account on one of our sites, etc.

  2. We may ask you to respond to surveys used for research or improvement purposes, although you are not obliged to respond.

  3. We may record certain details about your visits to our websites, including, but not limited to, traffic, location data, weblogs and other data about the communication and resources you access.

  4. We may collect information about your computer or device, including IP address, operating system or browser type. This information is collected to ensure the proper management and operation of our websites. Cookies are used to collect this information.

  5. We may receive personal data from your employer with whom Ginion Group has a contract (contact details, vehicle category, etc.).

  6. We may receive personal data about you from our suppliers providing services in the performance of any contract (e.g. fuel card supplier, etc.).

  7. We may receive your personal data from the authorities (e.g. in connection with fines).

 

5.    What types of personal data do we collect?

We may collect the following types of personal data. The exact type is specified in each contract. 

  • Identification and contact data, including your name, first name, address, telephone number and e-mail address;

  • Professional information, including your job title, department and business contact details;

  • Financial or credit information, including the date of acceptance of your credit(s) and information about your contract, bank account, loans, etc;

  • Personal characteristics, including your gender, date of birth, nationality, language, family situation, etc.;

  • Your voice, which can be recorded when you call Ginion Group customer service;

  • Data about you as a driver, such as a driver's licence number/duplicate or employee's driver code;

  • Data relating to vehicle operations and use, including information about the vehicle (e.g. vehicle registration number, date of last maintenance, etc.) and its use (e.g. fuel consumption);

  • Data on driver behaviour, such as information from the car (average speed...), taxes, fees and fines related to the use of the vehicle (parking fees and taxes...), and accident history.

  • We also sometimes collect sensitive data. For this data, we refer to section 12 below.

On this website, for the purpose of getting in touch, we collect first and last names and professional email address(es) through the online form.

6.     For what purposes do we use your personal data?

The purpose of processing the data is specified in each Agreement between Ginion Group and the Client and ensures that Ginion Group through GMS can execute its activities.  Ginion Group may process personal data for the following purposes, as appropriate, and for any other purpose consistent with these:

(i)  To undertake customer checks, credit checks and to know our customers via the “Know Your Customer” process: to process and undertake customer assessments before entering into a contract or prior to the sale of a used vehicle – as part of the Global Regulation to fight against Money Laundering (AML)

(ii) To comply with legal obligations and to protect the rights and property of Ginion Group or our suppliers: we will use personal data to respond to legitimate requests from supervisory and tax authorities, to detect and prevent money laundering, to conduct due diligence on a counterparty, etc.

(iii) To create and administer customer accounts.

(iv) To communicate with you: you can contact us by various means (via our website, by telephone, by e-mail, etc.) to ask questions, request information, make comments, etc. We will use your personal data to communicate with you or to answer your questions.

(v)  To provide you with vehicle and mobility services included in the (lease) contract:

  • vehicle control,

  • delivery of the vehicle,

  • repair, maintenance and tyres,

  • vehicle insurance,

  • accident management and repairs,

  • fuel card management,

  • roadside assistance,

  • replacement vehicle,

  • management of the return of the vehicle (car check, vehicle collection, etc.).

 

(vi) To provide drivers with driving control applications (eco-driving or safety program) or to provide managers with fleet management tools.

(vii) When using web portals and applications.

(viii) To produce fleet reports for customers, related to the use of vehicles (fuel consumption, mileage, accident history, etc.).

(ix)  For billing and accounting (invoicing, collection of payments, etc.).

(x) To manage conflicts (recovery of unpaid amounts, legal cases, etc.)

(xi) To manage fines and taxes, fees and administrative sanctions related to the use of the vehicle, including car park, as well as all traffic violations.

(xii) To inform customers of the results of satisfaction surveys.

(xiii) For administrative reporting, including audits, internal control, and data analysis.

(xiv) To maintain business and professional records for legal, administrative and audit purposes. We also use the information to meet legal, insurance and accounting requirements.

(xv) To manage access and security of Ginion Group premises and assets.

(xvi) For the sale of vehicles.

(xvii) For marketing purposes: if you provided your consent, we may use your information to contact you about new offers or services and special offers we think you may find useful, or to send you advertising messages or newsletters. We may analyse your profile and preferences as a customer, and undertake multi-channel advertising campaigns via automated tools, contact you by SMS, email or send you brochures.

(xviii) For customer/driver satisfaction surveys based on marketing tools and targeted analysis, we may send you qualitative surveys about our products and services.

(xix) For websites, cookies and newsletters: we may collect information via cookies to gain experience and give us a better idea of your browsing pattern, including storing your preferences and settings to save time (including language preferences), enable login, combat fraud and analyse the performance of our website and services. This information helps us to improve our websites and applications and to learn more about the products and services you use most.
While we may set functional cookies to make your visit to our websites or applications easier, you can indicate your preferences regarding cookies used for behaviourally targeted advertising using your browser's privacy settings choices to prevent the storage of information on the machine or the processing of information already on the machine, unless you enable the functionality to allow such storage or processing.

(xx) For profiling: so that we can learn more about your interests and concerns, we may use your personal data to improve our website and services, personalise your experience with us and tailor our marketing activities to your needs and interests.

7. Cookies and other tracking tools

To improve your experience, when you visit our websites and platforms, interact via email or use our mobile applications, we collect certain information through automated means, including cookies, tracking pixels, browser analysis tools, server logs and web beacons (e.g. Google Analytics). If you use our websites, we may collect information about the browser you use and your browsing behaviour. If you use our mobile application, we may collect your GPS location. We may also look at how often you use the application.

8.    On what basis do we process your personal data?

Ginion Group processes personal data on the following legal grounds, as applicable

(i) The execution of the contract you or your company have concluded with Ginion Group or the preparation of a contract you intend to conclude with Ginion Group;

(ii) prior consent, where required;

(iii) compliance with our legal obligations, in particular anti-money laundering legislation, article 67ter of the law of 16 March 1968 on the road traffic police, etc.

(iv) the legitimate interests of Ginion Group or a third party, insofar as these override your fundamental rights and freedoms, such as where applicable, detecting and preventing money laundering, conducting due diligence on a counterparty, providing you with useful information, etc.

 

9.    With whom do we share your personal data?

In order to provide our services, we sometimes need to use partners or processors for the purposes described above. We limit the sharing of your personal data to the following categories of recipients:

(i) Internal departments such as customer service, IT, support and maintenance, account and sales;

(ii) within the Ginion Group, the other entities of the group solely for the purpose of the execution of the services; 

(iii) the Client (i.e. your employer, if applicable);

(iv) Service providers such as credit insurers, vehicle insurers, data hosting providers, IT providers, call centres, and third parties conducting fittings, maintenance, mechanical repairs, tyre changes, damage surveys, damage repairs, roadside assistance, etc solely for the purpose of the execution of the services;

(v) Authorities when required by law, e.g. in response to subpoenas, including from law enforcement and courts, requests from tax authorities, etc solely for the purpose of the execution of the services;

(vi) when necessary to sell or transfer business assets, in a bankruptcy context, to enforce our rights, to protect your assets or the rights, property or safety of others, or as necessary to support external audit, compliance and corporate governance functions solely for the purpose of the execution of the services; 

We will never transfer your personal data directly to third parties for their marketing purposes without your prior consent. 

We may also use and disclose personal data about you that is not personally identifiable, that is, personal data in aggregate form that does not identify you.

10. How is your personal data stored and transferred?

Ginion Group makes every effort to ensure that personal data are protected against accidental or deliberate destruction/loss; properly used; and inaccessible to unauthorised persons.

All information you provide to us is stored on our secure servers located in Europe. Personal data is stored either in our databases or in the databases of our service providers.

We may also pass on your personal data to service providers involved in maintenance and support services or involved in the provision of any other tools used to process the personal data of our customers.

11.   How long do we keep your personal data?

In general, we will retain personal data for as long as necessary for the purposes described in the individual agreement with each Client, or as required by applicable law.

We will only keep your personal data for as long as is necessary for our business relationship and, if applicable, for the termination of that relationship, or as long as is necessary to comply with Ginion Group legal obligations.

Subject to the application of Ginion Group legal obligations, on completion of the provision of services relating to the processing of the data, Ginion Group undertakes to: (i) return the personal data to the Client or a data processor appointed by the Client, and (ii) delete all copies of the data in Ginion Group’s information systems and, once the data has been destroyed, provide the Client with written confirmation of the destruction.

In the event of a dispute, we may retain personal data until the dispute is fully resolved. We will delete or archive such data under applicable law.

12.  Sensitive data

We are sometimes required to process sensitive data, mainly judicial information, such as fines, traffic violations, and criminal data relating to accidents (police reports, etc.). We process this data exclusively for the following purposes:

(i) For the management of claims and related litigation (recovery of amounts in the context of claims incurred during the rental period, etc.).

If necessary, this data may be passed on to the Client (employer), to insurers and brokers involved in the handling of the claim, to professional experts commissioned by us or by them (lawyers, legal experts in charge of the case), to any subcontractors involved in the handling of claims, and to the authorities and courts

(ii) For the management of fines and administrative penalties and all offences related to the use of the hired vehicle, via the following procedures:

 1.      Use of the Fines Management Services (FMS) platform to transfer data to the Crossroads Vehicle Bank database. In this case, Ginion Group does not collect sensitive data.  The Federal Public Service Mobility and Transport, in collaboration with Renta Solutions SA and the Federal Police, has developed an IT platform called Fines Management Services (FMS) for the management of fines related to vehicles on short- or long-term leases in order to easily identify the usual driver of a vehicle belonging to a leasing or rental company.

This platform, managed by Renta Solutions SA, allows the authorities to collect the identification data of the usual driver of a vehicle via the database of the Crossroads Vehicle Bank ("Database"). The Database thus allows the competent authorities to contact potential offenders directly, without any involvement of Ginion Group or the employer of the person concerned, thus reinforcing his or her right to confidentiality.

In this respect, Ginion Group may transfer the following personal data of the driver to the FMS database: surname, first name, date of birth and licence plate number.

The Directorate-General for Road Transport and Road Safety of the FPS Mobility and Transport is the entity responsible for controlling the personal data contained in the database (Article 6 of the law of 19 May 2010 creating the Crossroads Bank for Vehicles). Renta ASBL is designated by law as the entity responsible for the initial collection and updating of these data in the database (Article 13 of the Royal Decree of 8 July 2013 implementing the law of 19 May 2010).

Ginion Group's role is limited to transmitting this data to the database via the FMS platform.

2.      Data not processed by FMS

In some cases, data concerning traffic fines and traffic violations are not processed through the FMS system. In these cases, as well as for administrative sanctions, FMS is not used by the authorities and Ginion Group, as well as its possible subcontractor in charge of the management of fines may be obliged to (i) process information on traffic fines, administrative penalties and traffic offences, including the location of the offence, the date and time, the offence itself and the amount to be paid; (ii) transmit personal data to the competent authorities for identification purposes (e.g. via www.amendesroutieres.be or via fax/e-mail); and (iii) transmit the data relating to the fine or administrative penalty to the client (often the driver's employer) to enable the fine or penalty to be managed and invoiced.

13.  How do we ensure the security and integrity of your personal data?

We protect your data with technical and organisational security measures against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access, and any other form of unlawful processing. Where we outsource data processing, we impose contractual obligations to protect your information.

Ginion Group has implemented and enforced all necessary organisational, procedural and technical security measures consistently and will maintain them about all IT systems and applications to guarantee confidentiality, compliance with legislation on the protection and processing of personal data, accuracy, availability and protection of the information processed or stored by these IT systems and applications. These measures are for example, but not limited to:

  •  IT network protected by a firewall, VPN and 2-factor authentication mechanism;

  • computers are protected with anti-virus and anti-malware;

  • encrypted hard drives and databases;

  • secured connections (HTTPS/SSH);

  • developer access lis imited to maintenance and debugging;

  • staging and testing are done on separate environments with no real client data;

  • no sharing of any raw data;

  • limited retention period of data (cfr Article 11.)

  • policies are enforced both on computers and smartphones;

  • data segregation is in place and access is restricted to the designated user (client team) with a logging mechanism

  • passwords are encrypted and never known to Ginion Group;

  • access to supplier platforms is protected and log-in details are encrypted are segregated so that only authorized users can access these. 

14. Notification of personal data breaches

GMS shall notify the Client of any personal data breach within a maximum of 72 hours of becoming aware of the breach. The notification shall be accompanied by any documentation to enable the Client to notify the competent supervisory authority of the breach within 72 hours of becoming aware of it, unless the violation in question is not likely to give rise to a risk.

15.  How can you control and indicate your preferences on the use of your personal data?

You may exercise several rights with respect to the processing of your personal data with respect to Ginion Group, to the extent that you have such rights under applicable data protection legislation, such as the GDPR. To exercise the rights set out in this section at any time, please contact the Ginion Group data protection contact person (see section 16) who will deal with your request.

Objection. You have the right to object at any time to the processing of your personal data based on a legitimate interest of Ginion Group, for example when it is used for (direct) marketing purposes, for profiling you in order to send you targeted advertisements or when sharing your data with third parties or other entities of the Ginion group.

Withdrawal. If you have previously consented to the processing of your personal data, you may withdraw this consent at any time. This does not affect the lawfulness of the processing based on the consent before the withdrawal.

Access You may request access to or a copy of the personal data we hold about you. You may also request information about the purposes of the processing, the categories of data, the categories of recipients, the terms of data retention, etc.

Portability. You may have the right to obtain a copy of any personal data we hold about you on file, in a compatible format to enable you to exercise your right to data portability.

Limitation. You have the right to request to limit the processing of your personal data in the following cases:

(i) for a period of time to allow Ginion Group to verify the accuracy of your personal data, in the event that you dispute the accuracy of your personal data;

(ii) if the processing is unlawful and you wish to restrict the use of your personal data rather than delete it;

(iii) if you want Ginion Group to keep your personal data because you need it to defend yourself in legal proceedings

(iv) if you have objected to the processing, but we need to verify whether the legitimate grounds for the processing outweigh your rights.

Rectification. You may also have the right to rectify inaccurate personal data and to complete incomplete personal data.

Deletion. You have the right to request the deletion of your personal data in the following cases:

(i) if your personal data is no longer necessary for the purposes for which it was collected or processed;

(ii) if you have withdrawn your consent and there is no other legal basis for the processing;

(iii) if you have objected to the processing of the data and there is no compelling legitimate reason for Ginion Group;

(iv) if the personal data have been processed unlawfully;

(v) if the personal data must be deleted to comply with a legal obligation to which Ginion Group is subject.

In the event of deletion, we will take all reasonable steps to inform other entities within the Ginion Group that may be involved in the processing of such data of the deletion.

Complaints. You also have the right to complain to the competent supervisory authority if you have any doubts about the way Ginion Group processes your personal data.

Data Protection Authority: Rue de la Presse 35, 1000 Brussels, Belgium, +32 (0)2 274 48 00, contact@apd-gba.be, www.autoriteprotectiondonnees.be.

16. Who should you contact if you have questions or concerns about the processing of your personal data?

Should you have any questions or concerns about the processing of your personal data, you can contact privacy@giniongroupe.be. This email address is the first point of contact for the Client for questions relating to the protection of personal data and the exercise of his rights.

17.  What happens when we amend this Privacy Policy?

Our Privacy Policy may change from time to time to reflect changes in the way we process your personal data and in the applicable legislation if any. Yet GMS and Ginion Group shall not materially decrease the current level of protection as described in this privacy notice.  We encourage you to check our websites regularly for the latest information on our data protection principles. We will notify you of any significant changes as required by law.